[AVTCORE] Security/Performance issue in circuit breakers
Magnus Westerlund <magnus.westerlund@ericsson.com> Fri, 28 March 2014 08:20 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 096B41A07F6 for <avt@ietfa.amsl.com>; Fri, 28 Mar 2014 01:20:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.64
X-Spam-Level:
X-Spam-Status: No, score=-0.64 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, HOST_MISMATCH_NET=0.311, J_CHICKENPOX_12=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3MsJK-fPJk7b for <avt@ietfa.amsl.com>; Fri, 28 Mar 2014 01:19:58 -0700 (PDT)
Received: from sessmg20.mgmt.ericsson.se (sessmg20.ericsson.net [193.180.251.50]) by ietfa.amsl.com (Postfix) with ESMTP id 370B61A082B for <avt@ietf.org>; Fri, 28 Mar 2014 01:19:57 -0700 (PDT)
X-AuditID: c1b4fb32-b7f4c8e0000012f5-e6-533530ab040f
Received: from ESESSHC024.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg20.mgmt.ericsson.se (Symantec Mail Security) with SMTP id 62.70.04853.BA035335; Fri, 28 Mar 2014 09:19:55 +0100 (CET)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.92) with Microsoft SMTP Server id 14.2.347.0; Fri, 28 Mar 2014 09:19:54 +0100
Message-ID: <533530AA.2020806@ericsson.com>
Date: Fri, 28 Mar 2014 09:19:54 +0100
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: IETF AVTCore WG <avt@ietf.org>, draft-ietf-avtcore-rtp-circuit-breakers@tools.ietf.org
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrLJMWRmVeSWpSXmKPExsUyM+Jvje5qA9Ngg70bFS1e9qxkt7ixeQGT A5PHkiU/mTy+XP7MFsAUxWWTkpqTWZZapG+XwJXxYkY/c8FsvorWC2uYGxhPc3cxcnJICJhI LD/+nAnCFpO4cG89WxcjF4eQwAlGic7GBcwQznJGieutFxlBqngFtCUa315g7WLk4GARUJU4 PLESJMwmYCFx80cjG4gtKhAssXTOYhaIckGJkzOfgNkiAnESd1dtBhsjLGAusfzOFUaQMRIC 4hI9jUEgYWYBPYkpV1sYIWx5ieats5lBbCGgrQ1NHawTGPlnIZk6C0nLLCQtCxiZVzFKFqcW F+emGxno5abnluilFmUmFxfn5+kVp25iBAbhwS2/jXYwntxjf4hRmoNFSZz3OmtNkJBAemJJ anZqakFqUXxRaU5q8SFGJg5OqQbGnGjHqYwzOKeu7/ldwZrRu3rPwuoDhzdNcqqM14xuFvJ9 WuK4x9Vvien8utwzqlxK584dVfyru6yI5/L6tY4ZHwNYV5zV9GHRUu7y41ercWO/UMDit1T2 4efLmu23RKPMvzBzcuj9iJhS8/ebr5U+34+rh7mjZs98s+DVIgnpR6elL+217rmvxFKckWio xVxUnAgASHPAuxACAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/avt/d5sTpia81NZNSfT148pID4ljORg
Subject: [AVTCORE] Security/Performance issue in circuit breakers
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Mar 2014 08:20:00 -0000
Hi, In a discussion in the RTCWEB around consent and circuit breakers I made a realization that there exist a significant issue in circuit breakers that isn't document nor dealt with. This has to do with the configuration of the RTCP bandwidth. If a malicious user of circuit breakers wants to make it really inefficient one can achieve that by configuring the RTCP bandwidth really low. So assuming b=RR and b=RS exists in an implementation that has circuit breakers. The method for making it inefficient and not affect the traffic pattern is to set the RTCP bandwidth really low. Using an RR=1 bps would mean that the Td deterministic reporting interval would be ~45 min. Thus, putting all of these limits on traffic to be no reactive until roughly 2-3 reporting interval, i.e. 1.5-2.25 hours have passed. Which is longer duration than many real-time interactive media sessions are to start with. I think we need to ensure that RTCP reporting is not happening less often than what the fixed minimal interval (5s) will mean. Thus, I see that including circuit breaker would require a hard requirement that one configure the RTCP bandwidth to allow for at least each SSRC reporting each 5 seconds. This also needs to go into the security consideration section to make clear that this is an issue. Cheers Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- [AVTCORE] Security/Performance issue in circuit b… Magnus Westerlund
- Re: [AVTCORE] Security/Performance issue in circu… Harald Alvestrand