Re: [AVT] Revised Consensus call - On Token approach for draft-ietf-avt-ports-for-ucast-mcast-rtp
"Van Caenegem, Tom (Tom)" <tom.van_caenegem@alcatel-lucent.com> Tue, 12 October 2010 12:07 UTC
Return-Path: <tom.van_caenegem@alcatel-lucent.com>
X-Original-To: avt@core3.amsl.com
Delivered-To: avt@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6E6223A6909 for <avt@core3.amsl.com>; Tue, 12 Oct 2010 05:07:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.8
X-Spam-Level:
X-Spam-Status: No, score=-2.8 tagged_above=-999 required=5 tests=[AWL=-0.551, BAYES_00=-2.599, HELO_EQ_FR=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SSLHNcy1EP3N for <avt@core3.amsl.com>; Tue, 12 Oct 2010 05:07:10 -0700 (PDT)
Received: from smail6.alcatel.fr (smail6.alcatel.fr [64.208.49.42]) by core3.amsl.com (Postfix) with ESMTP id 25D0A3A67D3 for <avt@ietf.org>; Tue, 12 Oct 2010 05:07:09 -0700 (PDT)
Received: from FRMRSSXCHHUB04.dc-m.alcatel-lucent.com (FRMRSSXCHHUB04.dc-m.alcatel-lucent.com [135.120.45.64]) by smail6.alcatel.fr (8.14.3/8.14.3/ICT) with ESMTP id o9CC7Woc005854 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Tue, 12 Oct 2010 14:07:37 +0200
Received: from FRMRSSXCHMBSB1.dc-m.alcatel-lucent.com ([135.120.45.41]) by FRMRSSXCHHUB04.dc-m.alcatel-lucent.com ([135.120.45.64]) with mapi; Tue, 12 Oct 2010 14:06:55 +0200
From: "Van Caenegem, Tom (Tom)" <tom.van_caenegem@alcatel-lucent.com>
To: Colin Perkins <csp@csperkins.org>
Date: Tue, 12 Oct 2010 14:06:54 +0200
Thread-Topic: [AVT] Revised Consensus call - On Token approach for draft-ietf-avt-ports-for-ucast-mcast-rtp
Thread-Index: ActqAWg8OfwvyeXDQFqiWlE1VfhuLQAA/wtA
Message-ID: <EC3FD58E75D43A4F8807FDE0749175460E3D76C9@FRMRSSXCHMBSB1.dc-m.alcatel-lucent.com>
References: <EDC0A1AE77C57744B664A310A0B23AE214D2A705@FRMRSSXCHMBSC3.dc-m.alcatel-lucent.com> <EDC0A1AE77C57744B664A310A0B23AE2170FB934@FRMRSSXCHMBSC3.dc-m.alcatel-lucent.com> <00d801cb55b7$ffb41840$ff1c48c0$@net> <04CAD96D4C5A3D48B1919248A8FE0D540D2D23B0@xmb-sjc-215.amer.cisco.com> <01ec01cb5630$1ebf65f0$5c3e31d0$@net> <042601cb663b$c5317ed0$4f947c70$%roni@huawei.com> <04ce01cb66c5$6f425640$4dc702c0$%roni@huawei.com> <5AF80FBB-63A8-4C1B-A5FA-57C00548BDC8@csperkins.org> <EC3FD58E75D43A4F8807FDE0749175460E3D7631@FRMRSSXCHMBSB1.dc-m.alcatel-lucent.com> <25C8F1CC-8CBD-4AE0-B3C7-DBEF7A960B6A@csperkins.org>
In-Reply-To: <25C8F1CC-8CBD-4AE0-B3C7-DBEF7A960B6A@csperkins.org>
Accept-Language: nl-NL, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: nl-NL, en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.64 on 155.132.188.84
Cc: 'Dan Wing' <dwing@cisco.com>, "DRAGE, Keith (Keith)" <keith.drage@alcatel-lucent.com>, 'IETF AVT WG' <avt@ietf.org>, Roni Even <Even.roni@huawei.com>
Subject: Re: [AVT] Revised Consensus call - On Token approach for draft-ietf-avt-ports-for-ucast-mcast-rtp
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Oct 2010 12:07:12 -0000
Yes, you are right on SSRC. A dedicated random nonce will be required. Are you OK with my view on how wide (or narrow) the cookie method can be used? Tom -----Original Message----- From: Colin Perkins [mailto:csp@csperkins.org] Sent: dinsdag 12 oktober 2010 13:34 To: Van Caenegem, Tom (Tom) Cc: Roni Even; DRAGE, Keith (Keith); 'IETF AVT WG'; 'Dan Wing' Subject: Re: [AVT] Revised Consensus call - On Token approach for draft-ietf-avt-ports-for-ucast-mcast-rtp On 12 Oct 2010, at 06:23, Van Caenegem, Tom (Tom) wrote: > Hi Colin, > > See below, > Tom > > -----Original Message----- > From: avt-bounces@ietf.org [mailto:avt-bounces@ietf.org] On Behalf Of > Colin Perkins > Sent: maandag 11 oktober 2010 18:51 > To: Roni Even > Cc: DRAGE, Keith (Keith); 'IETF AVT WG'; 'Dan Wing' > Subject: Re: [AVT] Revised Consensus call - On Token approach for > draft-ietf-avt-ports-for-ucast-mcast-rtp > > On 8 Oct 2010, at 09:47, Roni Even wrote: >> There were some concerns about how we drafted the consensus call so I >> would like to try and give it another try. Sorry for the long >> message which I hope will clarify what are the proposed options. We >> would like to get feedback by October 18th. >> >> >> The Port Mapping Between Unicast and Multicast RTP Sessions described >> in >> http://tools.ietf.org/html/draft-ietf-avt-ports-for-ucast-mcast- >> rtp-02 >> was discussed for a couple of IETF meeting and on the list. The >> initial approach that was agreed after we had a breakout session in >> previous IETF meetings was to use a cookie based solution even though >> it required more messages and you needed a cookie for every RTP >> session. >> >> Before the last IETF meeting there were two proposals to update the >> solution to a token based approach. >> >> In the token approach: >> - Tokens are port-independent (cookies are port-dependent) and only >> depend on the client's IP. That is, once a client gets its token, it >> can use it with any of its ports and with any Feedback Target. >> - Tokens address the concern raised by Magnus >> (http://www.ietf.org/mail-archive/web/avt/current/msg12617.html >> ) >> - No need for keep-alives >> >> We had a discussion in Maastricht and the outcome is in the meeting >> minutes http://www.ietf.org/proceedings/78/minutes/avt.txt (see the >> section on draft-begen-avt-token-for-portmapping). The token draft >> has Dan Wing (who is also BEHAVE co-chair) as a co-author and he >> looked at the solution verifying that it will work well with NATs >> >> >> At the meeting the preference was for a token based solution but >> there are were two approaches discussed. >> >> 1. Use the token only solution >> >> 2. Use a combination when if the request has only an IP address the >> response will be a token and if it will have both IP address and port >> the response will be a cookie. >> >> According to the minutes the support was for the second approach. >> The major reason was a concern that carrier grade NATs can allocate >> more than one IP address as the public address. >> >> The authors of >> http://tools.ietf.org/html/draft-begen-avt-token-for-portmapping-01 >> suggest that they addressed the concerns about the token only >> solution (see section 9 of the draft) and prefer to have a token only >> solution. >> This is a change from the meeting minutes and this is the reason for >> the second question in this consensus call. >> >> So here are two questions for the group !!! >> >> 1. Do the people in the mailing list support the proposal to use a >> token based solution instead on the cookie one. (this was the >> preference in the consensus call in Maastricht) and we would like to >> confirm it on the list. >> >> 2. We have two options for the token approach, please give your >> preferences. >> >> 2.1 Token only solution as proposed in >> http://tools.ietf.org/html/draft-begen-avt-token-for-portmapping-01 >> 2.2 Token + cookie, in this case if the request will include only IP >> address the response is a token, if it also includes a port it will >> be a cookie. This approach is for cases were the NAT may use more >> than one IP address for mapping a local address. >> >> >> Please respond even if you did it on the previous consensus call. > > > The approach in draft-begen-avt-token-for-portmapping-01 looks to be > sufficient to allow a server to determine that multiple requests come > from the same client, provided the client isn't multi-homed and isn't > sharing an IP address with other clients. The problem statement is not > clear enough for me to be sure if that's sufficient. > > If it were important to do so, the server could distinguish multiple > clients sharing the same IP address if each client supplied a random > nonce that was taken into account when generating the token in > addition to the client's IP address. This may be an issue with use of > fractional IP addresses in future, and so might be something to > consider adding. > > > TOM: I think this is a good idea. The SSRC of the client associated > with the SSM RTP session that is present in the portmapping request > message could be used for that purpose (hence token is determined by > server on the basis of IP address, time stamp and client SSRC) No, because the SSRC can change, and this should be persistent per client. > Distinguishing multi-homed clients, or clients where requests come > from several different IP addresses, is more complex. Is this an > issue, or is it sufficient to assume that a client requests a new > token when changing the address it uses? > > TOM: IMO that will do..I think it is bad practice if a network stack > on a host device/ NAT device allocates different IP addresses towards > a application/end-host > > I'd also like to note that the port mapping operation is independent > of the RAMS drafts. It would be good if the draft the group ends up > with is written as a standalone mechanism, with RAMS described as one > example use case, rather than being written in a RAMS-specific manner > as are the current drafts. > > TOM: The text is meant to be (only) applicable to scenarios building > on SSM sessions with unicast feedback, no? We wanted a fast -inband- > way for a client to communicate the client receive port for a unicast > connection that is linked to such a SSM. In that case, the text is > sufficiently generic (e.g. RAMS is not even mentioned in the text, > whereas the example is about retransmissions). I take it that any > other parameter signaling (port, any attributes,..) for any other > scenario needs to leverage the SDP offer-answer model. > > Cheers, > Colin > > > -- > Colin Perkins > http://csperkins.org/ > > > > _______________________________________________ > Audio/Video Transport Working Group > avt@ietf.org > https://www.ietf.org/mailman/listinfo/avt > _______________________________________________ > Audio/Video Transport Working Group > avt@ietf.org > https://www.ietf.org/mailman/listinfo/avt -- Colin Perkins http://csperkins.org/
- [AVT] Consensus call - Token approach within draf… DRAGE, Keith (Keith)
- Re: [AVT] Consensus call - Token approach within … gerard.babonneau
- Re: [AVT] Consensus call - Token approach within … David R Oran
- Re: [AVT] Consensus call - Token approach within … DRAGE, Keith (Keith)
- Re: [AVT] Consensus call - Token approach withind… Ali C. Begen (abegen)
- Re: [AVT] Consensus call - Token approach within … Glen Zorn
- Re: [AVT] Consensus call - Token approach within … DRAGE, Keith (Keith)
- Re: [AVT] Consensus call - Token approach withind… Ali C. Begen (abegen)
- Re: [AVT] Consensus call - Token approach withind… DRAGE, Keith (Keith)
- Re: [AVT] Consensus call - Token approach within … Roni Even
- Re: [AVT] Consensus call - Token approach withind… Roni Even
- Re: [AVT] Consensus call - Token approach withind… Glen Zorn
- Re: [AVT] Consensus call - Token approach withind… Glen Zorn
- Re: [AVT] Consensus call - Token approach withind… Ali C. Begen (abegen)
- Re: [AVT] Consensus call - Token approach withind… DRAGE, Keith (Keith)
- Re: [AVT] Consensus call - Token approach within … Magnus Westerlund
- Re: [AVT] Consensus call - Token approach withind… Glen Zorn
- Re: [AVT] Consensus call - Token approach withind… Roni Even
- [AVT] Revised Consensus call - On Token approach … Roni Even
- Re: [AVT] Revised Consensus call - On Token appro… Colin Perkins
- Re: [AVT] Revised Consensus call - On Token appro… Van Caenegem, Tom (Tom)
- Re: [AVT] Revised Consensus call - On Token appro… Colin Perkins
- Re: [AVT] Revised Consensus call - On Token appro… Van Caenegem, Tom (Tom)