Re: [AVT] Revised Consensus call - On Token approach for draft-ietf-avt-ports-for-ucast-mcast-rtp
Colin Perkins <csp@csperkins.org> Tue, 12 October 2010 11:32 UTC
Return-Path: <csp@csperkins.org>
X-Original-To: avt@core3.amsl.com
Delivered-To: avt@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7F61F3A67AE for <avt@core3.amsl.com>; Tue, 12 Oct 2010 04:32:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.065
X-Spam-Level:
X-Spam-Status: No, score=-103.065 tagged_above=-999 required=5 tests=[AWL=0.535, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dWHhx6CLDTku for <avt@core3.amsl.com>; Tue, 12 Oct 2010 04:32:43 -0700 (PDT)
Received: from lon1-msapost-2.mail.demon.net (lon1-msapost-2.mail.demon.net [195.173.77.181]) by core3.amsl.com (Postfix) with ESMTP id 671AB3A692B for <avt@ietf.org>; Tue, 12 Oct 2010 04:32:42 -0700 (PDT)
Received: from [12.159.134.153] (helo=[10.0.0.64]) by lon1-post-2.mail.demon.net with esmtpsa (AUTH csperkins-dwh) (TLSv1:AES128-SHA:128) (Exim 4.69) id 1P5d7D-0001GN-bz; Tue, 12 Oct 2010 11:33:56 +0000
Message-Id: <25C8F1CC-8CBD-4AE0-B3C7-DBEF7A960B6A@csperkins.org>
From: Colin Perkins <csp@csperkins.org>
To: "Van Caenegem, Tom (Tom)" <tom.van_caenegem@alcatel-lucent.com>
In-Reply-To: <EC3FD58E75D43A4F8807FDE0749175460E3D7631@FRMRSSXCHMBSB1.dc-m.alcatel-lucent.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Tue, 12 Oct 2010 07:33:51 -0400
References: <EDC0A1AE77C57744B664A310A0B23AE214D2A705@FRMRSSXCHMBSC3.dc-m.alcatel-lucent.com> <EDC0A1AE77C57744B664A310A0B23AE2170FB934@FRMRSSXCHMBSC3.dc-m.alcatel-lucent.com> <00d801cb55b7$ffb41840$ff1c48c0$@net> <04CAD96D4C5A3D48B1919248A8FE0D540D2D23B0@xmb-sjc-215.amer.cisco.com> <01ec01cb5630$1ebf65f0$5c3e31d0$@net> <042601cb663b$c5317ed0$4f947c70$%roni@huawei.com> <04ce01cb66c5$6f425640$4dc702c0$%roni@huawei.com> <5AF80FBB-63A8-4C1B-A5FA-57C00548BDC8@csperkins.org> <EC3FD58E75D43A4F8807FDE0749175460E3D7631@FRMRSSXCHMBSB1.dc-m.alcatel-lucent.com>
X-Mailer: Apple Mail (2.936)
Cc: 'Dan Wing' <dwing@cisco.com>, "DRAGE, Keith (Keith)" <keith.drage@alcatel-lucent.com>, 'IETF AVT WG' <avt@ietf.org>, Roni Even <Even.roni@huawei.com>
Subject: Re: [AVT] Revised Consensus call - On Token approach for draft-ietf-avt-ports-for-ucast-mcast-rtp
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Oct 2010 11:32:44 -0000
On 12 Oct 2010, at 06:23, Van Caenegem, Tom (Tom) wrote: > Hi Colin, > > See below, > Tom > > -----Original Message----- > From: avt-bounces@ietf.org [mailto:avt-bounces@ietf.org] On Behalf > Of Colin Perkins > Sent: maandag 11 oktober 2010 18:51 > To: Roni Even > Cc: DRAGE, Keith (Keith); 'IETF AVT WG'; 'Dan Wing' > Subject: Re: [AVT] Revised Consensus call - On Token approach for > draft-ietf-avt-ports-for-ucast-mcast-rtp > > On 8 Oct 2010, at 09:47, Roni Even wrote: >> There were some concerns about how we drafted the consensus call so I >> would like to try and give it another try. Sorry for the long >> message >> which I hope will clarify what are the proposed options. We would >> like >> to get feedback by October 18th. >> >> >> The Port Mapping Between Unicast and Multicast RTP Sessions described >> in >> http://tools.ietf.org/html/draft-ietf-avt-ports-for-ucast-mcast- >> rtp-02 >> was discussed for a couple of IETF meeting and on the list. The >> initial approach that was agreed after we had a breakout session in >> previous IETF meetings was to use a cookie based solution even though >> it required more messages and you needed a cookie for every RTP >> session. >> >> Before the last IETF meeting there were two proposals to update the >> solution to a token based approach. >> >> In the token approach: >> - Tokens are port-independent (cookies are port-dependent) and only >> depend on the client's IP. That is, once a client gets its token, it >> can use it with any of its ports and with any Feedback Target. >> - Tokens address the concern raised by Magnus >> (http://www.ietf.org/mail-archive/web/avt/current/msg12617.html >> ) >> - No need for keep-alives >> >> We had a discussion in Maastricht and the outcome is in the meeting >> minutes http://www.ietf.org/proceedings/78/minutes/avt.txt (see the >> section on draft-begen-avt-token-for-portmapping). The token draft >> has >> Dan Wing (who is also BEHAVE co-chair) as a co-author and he looked >> at >> the solution verifying that it will work well with NATs >> >> >> At the meeting the preference was for a token based solution but >> there >> are were two approaches discussed. >> >> 1. Use the token only solution >> >> 2. Use a combination when if the request has only an IP address the >> response will be a token and if it will have both IP address and port >> the response will be a cookie. >> >> According to the minutes the support was for the second approach. >> The major reason was a concern that carrier grade NATs can allocate >> more than one IP address as the public address. >> >> The authors of >> http://tools.ietf.org/html/draft-begen-avt-token-for-portmapping-01 >> suggest that they addressed the concerns about the token only >> solution >> (see section 9 of the draft) and prefer to have a token only >> solution. >> This is a change from the meeting minutes and this is the reason for >> the second question in this consensus call. >> >> So here are two questions for the group !!! >> >> 1. Do the people in the mailing list support the proposal to use a >> token based solution instead on the cookie one. (this was the >> preference in the consensus call in Maastricht) and we would like to >> confirm it on the list. >> >> 2. We have two options for the token approach, please give your >> preferences. >> >> 2.1 Token only solution as proposed in >> http://tools.ietf.org/html/draft-begen-avt-token-for-portmapping-01 >> 2.2 Token + cookie, in this case if the request will include only IP >> address the response is a token, if it also includes a port it will >> be >> a cookie. This approach is for cases were the NAT may use more than >> one IP address for mapping a local address. >> >> >> Please respond even if you did it on the previous consensus call. > > > The approach in draft-begen-avt-token-for-portmapping-01 looks to be > sufficient to allow a server to determine that multiple requests > come from the same client, provided the client isn't multi-homed and > isn't sharing an IP address with other clients. The problem > statement is not clear enough for me to be sure if that's sufficient. > > If it were important to do so, the server could distinguish multiple > clients sharing the same IP address if each client supplied a random > nonce that was taken into account when generating the token in > addition to the client's IP address. This may be an issue with use > of fractional IP addresses in future, and so might be something to > consider adding. > > > TOM: I think this is a good idea. The SSRC of the client associated > with the SSM RTP session that is present in the portmapping request > message could be used for that purpose (hence token is determined by > server on the basis of IP address, time stamp and client SSRC) No, because the SSRC can change, and this should be persistent per client. > Distinguishing multi-homed clients, or clients where requests come > from several different IP addresses, is more complex. Is this an > issue, or is it sufficient to assume that a client requests a new > token when changing the address it uses? > > TOM: IMO that will do..I think it is bad practice if a network stack > on a host device/ NAT device allocates different IP addresses > towards a application/end-host > > I'd also like to note that the port mapping operation is independent > of the RAMS drafts. It would be good if the draft the group ends up > with is written as a standalone mechanism, with RAMS described as > one example use case, rather than being written in a RAMS-specific > manner as are the current drafts. > > TOM: The text is meant to be (only) applicable to scenarios building > on SSM sessions with unicast feedback, no? We wanted a fast -inband- > way for a client to communicate the client receive port for a > unicast connection that is linked to such a SSM. In that case, the > text is sufficiently generic (e.g. RAMS is not even mentioned in the > text, whereas the example is about retransmissions). I take it that > any other parameter signaling (port, any attributes,..) for any > other scenario needs to leverage the SDP offer-answer model. > > Cheers, > Colin > > > -- > Colin Perkins > http://csperkins.org/ > > > > _______________________________________________ > Audio/Video Transport Working Group > avt@ietf.org > https://www.ietf.org/mailman/listinfo/avt > _______________________________________________ > Audio/Video Transport Working Group > avt@ietf.org > https://www.ietf.org/mailman/listinfo/avt -- Colin Perkins http://csperkins.org/
- [AVT] Consensus call - Token approach within draf… DRAGE, Keith (Keith)
- Re: [AVT] Consensus call - Token approach within … gerard.babonneau
- Re: [AVT] Consensus call - Token approach within … David R Oran
- Re: [AVT] Consensus call - Token approach within … DRAGE, Keith (Keith)
- Re: [AVT] Consensus call - Token approach withind… Ali C. Begen (abegen)
- Re: [AVT] Consensus call - Token approach within … Glen Zorn
- Re: [AVT] Consensus call - Token approach within … DRAGE, Keith (Keith)
- Re: [AVT] Consensus call - Token approach withind… Ali C. Begen (abegen)
- Re: [AVT] Consensus call - Token approach withind… DRAGE, Keith (Keith)
- Re: [AVT] Consensus call - Token approach within … Roni Even
- Re: [AVT] Consensus call - Token approach withind… Roni Even
- Re: [AVT] Consensus call - Token approach withind… Glen Zorn
- Re: [AVT] Consensus call - Token approach withind… Glen Zorn
- Re: [AVT] Consensus call - Token approach withind… Ali C. Begen (abegen)
- Re: [AVT] Consensus call - Token approach withind… DRAGE, Keith (Keith)
- Re: [AVT] Consensus call - Token approach within … Magnus Westerlund
- Re: [AVT] Consensus call - Token approach withind… Glen Zorn
- Re: [AVT] Consensus call - Token approach withind… Roni Even
- [AVT] Revised Consensus call - On Token approach … Roni Even
- Re: [AVT] Revised Consensus call - On Token appro… Colin Perkins
- Re: [AVT] Revised Consensus call - On Token appro… Van Caenegem, Tom (Tom)
- Re: [AVT] Revised Consensus call - On Token appro… Colin Perkins
- Re: [AVT] Revised Consensus call - On Token appro… Van Caenegem, Tom (Tom)