Re: [AVTCORE] IP address/port number handling in "RTP-in-QUIC" encapsulation layer
Martin Thomson <mt@lowentropy.net> Thu, 12 May 2022 01:03 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8093EC15E6E1 for <avt@ietfa.amsl.com>; Wed, 11 May 2022 18:03:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=Vgq4mX4g; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Fj1Pm5MI
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oTHCr77SWRfn for <avt@ietfa.amsl.com>; Wed, 11 May 2022 18:03:22 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F02C0C157B33 for <avt@ietf.org>; Wed, 11 May 2022 18:03:21 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 0AC3E5C0174 for <avt@ietf.org>; Wed, 11 May 2022 21:03:21 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute3.internal (MEProxy); Wed, 11 May 2022 21:03:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm2; t=1652317401; x=1652403801; bh=IAsU89nqFh WYr4jMwNrIiYc7QmxQXHNuh6EDVuJ5eTI=; b=Vgq4mX4gVu5xGoGE3GukrlHSHi BjmstTT790TytessA0D9ELu1pg3eSNXrTdmFdUBqD21fqN0SKWlmf5BRJf/GLRht 6MVMsybr8t1jt+DmbKlbhGyaM+jE6Zpgev1Ykqesn92YbqIUcMEyB0RtGBS5zRRB tqYxuaA5TGk5D+bGu9Hf9rgaupPb91lVax1lBfSRLhjRGpjiK73LyfADsDU1p0YF sKp2WCaF8SmpCu2pEpyKP+zBI5PZVFl4niR3ssPM9d2BKVg8ZpJ7Y4FHsATAMzWc yqjFJWjNYKJacrJiPODdhu505lJtaHLa7poZUJQ7ti8WfSXx4uD3UWPHMG4g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1652317401; x= 1652403801; bh=IAsU89nqFhWYr4jMwNrIiYc7QmxQXHNuh6EDVuJ5eTI=; b=F j1Pm5MIG7M+1EGJlsIhkBZh3c798hjZwOZnRyOtbGLbC+eP7+qHiXmpQ9EW3nNKM HtF+YPcmNs+jYBWj0+yBHtFrlBQ/USGnfWamVyMPqrSZZmXOKVmKNY5zUT47L06l ObjPi62hdW6SE5hkQl7WyZUJezXG0PJybITE/mbwGVInIE3pryC8qcnyOuFi+CnD S3DFg5IoxVk/fz1QlTgio2RXCFXDTouKkpWZdIGHyccsl739b9bPYQt+TCEVJVtQ 1WRuJxgBZvRpbLUzJunsHIr7x53NjlhyAHg/hCxlxe02eC/QPeKZ2bFh4kF11hjO 1S+oxCBy2JE43ubYT2NUA==
X-ME-Sender: <xms:2Fx8YgTLzxYb7ZvsBrZSfTj8kHgU5bTI2qqMUsnL-O1qsP8O9SpoZA> <xme:2Fx8YtwkhU5Xx-Cdi3Vh6ZFEU0URrshpiXhQMN8G7S88xJXlWMwj-t91HogYR0khH 2nZ1QdsmjvxFF3D1ec>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrgeeigdegudcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepffevkeegtedvueevtdevve dtueelgeevjefhhefgteffieeigfevfeelffetueelnecuffhomhgrihhnpehgihhthhhu sgdrtghomhdpihgvthhfrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrg hmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:2Fx8Yt2x_sci1GGRxvZ1RNABFjGIZsAZ0a-6hp9f9gttbMlmfJBo1Q> <xmx:2Fx8YkC13d16J7e24eZsgmtqAdHHCmfzl7GBWRW5H1gCqbUxBJiDig> <xmx:2Fx8YphwgXsveogeSc_gH7BtVf3BUYojwxhtQeaOX96nMIbxF0sSEw> <xmx:2Vx8YksSxV_9bZsPmQHkuSe9oSvAhUxYv1tni2PoZoXAo5S_lrUoKQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id BA5F32340067; Wed, 11 May 2022 21:03:20 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-591-gfe6c3a2700-fm-20220427.001-gfe6c3a27
Mime-Version: 1.0
Message-Id: <a0d8bc0f-1b95-4291-9758-36a84870a1d8@beta.fastmail.com>
In-Reply-To: <CAKKJt-cqGP8cFPrZAa4k1kb2HYceRvK7vrzwTAGOyCy6Xdu20w@mail.gmail.com>
References: <CAKKJt-cqGP8cFPrZAa4k1kb2HYceRvK7vrzwTAGOyCy6Xdu20w@mail.gmail.com>
Date: Thu, 12 May 2022 11:03:00 +1000
From: Martin Thomson <mt@lowentropy.net>
To: avt@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/Y1IefPQOFvFKdXs-F6clgBJVw0Q>
Subject: Re: [AVTCORE] IP address/port number handling in "RTP-in-QUIC" encapsulation layer
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 May 2022 01:03:26 -0000
For me, this is as much a conversation about ICE as it is about QUIC. In my imagination, QUIC over ICE works without connection IDs ... if you want it to. You only need connection IDs at the point where you have an endpoint that wants to multiplex multiple QUIC connections on the same IP+port on its end (servers being sort of natural users of this). In that model, you establish a QUIC connection over an ICE session and have at it. QUIC does have an understanding of the path it flows over, but you can essentially suppress all of that. ICE is responsible for managing the details of selecting a path, establishing reachability, obtaining consent to send, and all that stuff. If that is where you end up, the system you build with QUIC isn't too dissimilar to the current one. Of course, there are ...properties, which might be drawbacks. Two big ones: - QUIC uses path information to determine a bunch of different things and you are making it ignorant of those details. Now you don't get a new congestion controller or RTT estimator when you change paths. This might be good in the sense that you were really talking to the same endpoint anyway and the path properties are essentially the same; or it could be very bad in the sense that now you have a new path and you are sending at a rate that will overload that new path. - QUIC has a nice design for maintaining privacy across these migrations, whereby it rotates the connection IDs in ways that make traffic across different paths unlinkable. By making QUIC ignorant of path changes, you now make flows linkable. It's quite possible (I haven't checked) that ICE already leaked that information though, so maybe that's not something you need to concern yourself with. Alternatively, a design where you maintain awareness of different paths in QUIC is also possible. Current implementations only handle one path at a time, but that's probably workable for most applications. You let QUIC know about new paths and let it deal with that. There is *some* redundancy (QUIC will validate paths that ICE already validated), but you get the opposite end of each of the above trade-offs. In either case, maybe this is an opportunity to improve the privacy characteristics of ICE. On Thu, May 12, 2022, at 09:35, Spencer Dawkins at IETF wrote: > We've had some pretty interesting observations in > https://github.com/SpencerDawkins/sdp-rtp-quic-issues/issues/4 about > our observation that RTP/RTCP knows about IP addresses and port > numbers, but QUIC applications only use IP addresses and port numbers > when establishing connections, and after that, QUIC applications are > using connection IDs, even if underlying IP addresses change because of > NAT rebinding or the QUIC implementation itself performs connection > migration. > > This is obviously part of a larger question about RTP-in-QUIC > encapsulation layer functionality, but it's interesting now, because > * if an encapsulation layer can handle all the vagaries of ports and > IP addresses, the application doesn't have to > * if an application is talking to a single IP address/port number, the > encapsulation layer can continue to present that interface to the > application, no matter what else happens below the encapsulation layer. > * If the IP address/port numbers are "virtual", the underlying IP > addresses need not even be the same IP address family. If an > application thinks it's talking to an IPv4 endpoint even if the > underlying network supports IPv6, this could remove some impediments to > IPv6 migration. > * If the QUIC connection ID is the same for all the m=lines, this > might provide bundling functionality as well. > Obviously, this will require more thought (Suhas suggested "design > session" in one of the comments), but does it seem interesting and/or > useful? > > Best, > > Spencer > _______________________________________________ > Audio/Video Transport Core Maintenance > avt@ietf.org > https://www.ietf.org/mailman/listinfo/avt
- [AVTCORE] IP address/port number handling in "RTP… Spencer Dawkins at IETF
- Re: [AVTCORE] IP address/port number handling in … Martin Thomson
- Re: [AVTCORE] IP address/port number handling in … Colin Perkins
- Re: [AVTCORE] [EXTERNAL] Re: IP address/port numb… Asveren, Tolga
- Re: [AVTCORE] [EXTERNAL] Re: IP address/port numb… Bernard Aboba
- Re: [AVTCORE] [EXTERNAL] Re: IP address/port numb… Asveren, Tolga