IETF Logo Mail Archive

Re: [AVT] Revised Consensus call - On Token approach for draft-ietf-avt-ports-for-ucast-mcast-rtp

Colin Perkins <csp@csperkins.org> Tue, 12 October 2010 11:32 UTC

Return-Path: <csp@csperkins.org>
X-Original-To: avt@core3.amsl.com
Delivered-To: avt@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7F61F3A67AE for <avt@core3.amsl.com>; Tue, 12 Oct 2010 04:32:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.065
X-Spam-Level:
X-Spam-Status: No, score=-103.065 tagged_above=-999 required=5 tests=[AWL=0.535, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dWHhx6CLDTku for <avt@core3.amsl.com>; Tue, 12 Oct 2010 04:32:43 -0700 (PDT)
Received: from lon1-msapost-2.mail.demon.net (lon1-msapost-2.mail.demon.net [195.173.77.181]) by core3.amsl.com (Postfix) with ESMTP id 671AB3A692B for <avt@ietf.org>; Tue, 12 Oct 2010 04:32:42 -0700 (PDT)
Received: from [12.159.134.153] (helo=[10.0.0.64]) by lon1-post-2.mail.demon.net with esmtpsa (AUTH csperkins-dwh) (TLSv1:AES128-SHA:128) (Exim 4.69) id 1P5d7D-0001GN-bz; Tue, 12 Oct 2010 11:33:56 +0000
Message-Id: <25C8F1CC-8CBD-4AE0-B3C7-DBEF7A960B6A@csperkins.org>
From: Colin Perkins <csp@csperkins.org>
To: "Van Caenegem, Tom (Tom)" <tom.van_caenegem@alcatel-lucent.com>
In-Reply-To: <EC3FD58E75D43A4F8807FDE0749175460E3D7631@FRMRSSXCHMBSB1.dc-m.alcatel-lucent.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Tue, 12 Oct 2010 07:33:51 -0400
References: <EDC0A1AE77C57744B664A310A0B23AE214D2A705@FRMRSSXCHMBSC3.dc-m.alcatel-lucent.com> <EDC0A1AE77C57744B664A310A0B23AE2170FB934@FRMRSSXCHMBSC3.dc-m.alcatel-lucent.com> <00d801cb55b7$ffb41840$ff1c48c0$@net> <04CAD96D4C5A3D48B1919248A8FE0D540D2D23B0@xmb-sjc-215.amer.cisco.com> <01ec01cb5630$1ebf65f0$5c3e31d0$@net> <042601cb663b$c5317ed0$4f947c70$%roni@huawei.com> <04ce01cb66c5$6f425640$4dc702c0$%roni@huawei.com> <5AF80FBB-63A8-4C1B-A5FA-57C00548BDC8@csperkins.org> <EC3FD58E75D43A4F8807FDE0749175460E3D7631@FRMRSSXCHMBSB1.dc-m.alcatel-lucent.com>
X-Mailer: Apple Mail (2.936)
Cc: 'Dan Wing' <dwing@cisco.com>, "DRAGE, Keith (Keith)" <keith.drage@alcatel-lucent.com>, 'IETF AVT WG' <avt@ietf.org>, Roni Even <Even.roni@huawei.com>
Subject: Re: [AVT] Revised Consensus call - On Token approach for draft-ietf-avt-ports-for-ucast-mcast-rtp
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Oct 2010 11:32:44 -0000

On 12 Oct 2010, at 06:23, Van Caenegem, Tom (Tom) wrote:

> Hi Colin,
>
> See below,
> Tom
>
> -----Original Message-----
> From: avt-bounces@ietf.org [mailto:avt-bounces@ietf.org] On Behalf  
> Of Colin Perkins
> Sent: maandag 11 oktober 2010 18:51
> To: Roni Even
> Cc: DRAGE, Keith (Keith); 'IETF AVT WG'; 'Dan Wing'
> Subject: Re: [AVT] Revised Consensus call - On Token approach for  
> draft-ietf-avt-ports-for-ucast-mcast-rtp
>
> On 8 Oct 2010, at 09:47, Roni Even wrote:
>> There were some concerns about how we drafted the consensus call so I
>> would like to try and give it another try.  Sorry for the long  
>> message
>> which I hope will clarify what are the proposed options. We would  
>> like
>> to get feedback by October 18th.
>>
>>
>> The Port Mapping Between Unicast and Multicast RTP Sessions described
>> in
>> http://tools.ietf.org/html/draft-ietf-avt-ports-for-ucast-mcast- 
>> rtp-02
>> was discussed for a couple of IETF meeting and on the list. The
>> initial approach that was agreed after we had a breakout session in
>> previous IETF meetings was to use a cookie based solution even though
>> it required more messages and you needed a cookie for every RTP
>> session.
>>
>> Before the last IETF meeting there were two proposals to update the
>> solution to a token based approach.
>>
>> In the token approach:
>> - Tokens are port-independent (cookies are port-dependent) and only
>> depend on the client's IP. That is, once a client gets its token, it
>> can use it with any of its ports and with any Feedback Target.
>> - Tokens address the concern raised by Magnus
>> (http://www.ietf.org/mail-archive/web/avt/current/msg12617.html
>> )
>> - No need for keep-alives
>>
>> We had a discussion in Maastricht and the outcome is in the meeting
>> minutes http://www.ietf.org/proceedings/78/minutes/avt.txt (see the
>> section on draft-begen-avt-token-for-portmapping). The token draft  
>> has
>> Dan Wing (who is also BEHAVE co-chair) as a co-author and he looked  
>> at
>> the solution verifying that it will work well with NATs
>>
>>
>> At the meeting the preference was for a token based solution but  
>> there
>> are were two approaches discussed.
>>
>> 1. Use the token only solution
>>
>> 2. Use a combination when if the request has only an IP address the
>> response will be a token and if it will have both IP address and port
>> the response will be a  cookie.
>>
>> According to the minutes the support was for the second approach.
>> The major reason was a concern that carrier grade NATs can allocate
>> more than one IP address as the public address.
>>
>> The authors of
>> http://tools.ietf.org/html/draft-begen-avt-token-for-portmapping-01
>> suggest that they addressed the concerns about the token only  
>> solution
>> (see section 9 of the draft) and prefer to have a token only  
>> solution.
>> This is a change from the meeting minutes and this is the reason for
>> the second question in this consensus call.
>>
>> So here are two questions for the group !!!
>>
>> 1. Do the people in the mailing list support the proposal to use a
>> token based solution instead on the cookie one. (this was the
>> preference in the consensus call in Maastricht) and we would like to
>> confirm it on the list.
>>
>> 2. We have two options for the token approach, please give your
>> preferences.
>>
>> 2.1 Token only solution as proposed in
>> http://tools.ietf.org/html/draft-begen-avt-token-for-portmapping-01
>> 2.2 Token + cookie, in this case if the request will include only IP
>> address the response is a token, if it also includes a port it will  
>> be
>> a cookie. This approach is for cases were the NAT may use more than
>> one IP address for mapping a local address.
>>
>>
>> Please respond even if you did it on the previous consensus call.
>
>
> The approach in draft-begen-avt-token-for-portmapping-01 looks to be  
> sufficient to allow a server to determine that multiple requests  
> come from the same client, provided the client isn't multi-homed and  
> isn't sharing an IP address with other clients. The problem  
> statement is not clear enough for me to be sure if that's sufficient.
>
> If it were important to do so, the server could distinguish multiple  
> clients sharing the same IP address if each client supplied a random  
> nonce that was taken into account when generating the token in  
> addition to the client's IP address. This may be an issue with use  
> of fractional IP addresses in future, and so might be something to  
> consider adding.
>
>
> TOM: I think this is a good idea. The SSRC of the client associated  
> with the SSM RTP session that is present in the portmapping request  
> message could be used for that purpose (hence token is determined by  
> server on the basis of IP address, time stamp  and client SSRC)

No, because the SSRC can change, and this should be persistent per  
client.


> Distinguishing multi-homed clients, or clients where requests come  
> from several different IP addresses, is more complex. Is this an  
> issue, or is it sufficient to assume that a client requests a new  
> token when changing the address it uses?
>
> TOM: IMO that will do..I think it is bad practice if a network stack  
> on a host device/ NAT device allocates different IP addresses  
> towards a application/end-host
>
> I'd also like to note that the port mapping operation is independent  
> of the RAMS drafts. It would be good if the draft the group ends up  
> with is written as a standalone mechanism, with RAMS described as  
> one example use case, rather than being written in a RAMS-specific  
> manner as are the current drafts.
>
> TOM: The text is meant to be (only) applicable to scenarios building  
> on SSM sessions with unicast feedback, no? We wanted a fast -inband-  
> way for a client to communicate the client receive port for a  
> unicast connection that is linked to such a SSM. In that case, the  
> text is sufficiently generic (e.g. RAMS is not even mentioned in the  
> text, whereas the example is about retransmissions). I take it that  
> any other parameter signaling (port, any attributes,..) for any  
> other scenario needs to leverage the SDP offer-answer model.
>
> Cheers,
> Colin
>
>
> -- 
> Colin Perkins
> http://csperkins.org/
>
>
>
> _______________________________________________
> Audio/Video Transport Working Group
> avt@ietf.org
> https://www.ietf.org/mailman/listinfo/avt
> _______________________________________________
> Audio/Video Transport Working Group
> avt@ietf.org
> https://www.ietf.org/mailman/listinfo/avt



-- 
Colin Perkins
http://csperkins.org/

v2.23.0 | Report a Bug | By Email