Re: [AVT] Open issues in the PortMapping draft
"Ali C. Begen (abegen)" <abegen@cisco.com> Sat, 22 May 2010 00:23 UTC
Return-Path: <abegen@cisco.com>
X-Original-To: avt@core3.amsl.com
Delivered-To: avt@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B76F83A69A1 for <avt@core3.amsl.com>; Fri, 21 May 2010 17:23:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.95
X-Spam-Level:
X-Spam-Status: No, score=-8.95 tagged_above=-999 required=5 tests=[AWL=-0.951, BAYES_50=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4UVdDeItutsX for <avt@core3.amsl.com>; Fri, 21 May 2010 17:23:12 -0700 (PDT)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by core3.amsl.com (Postfix) with ESMTP id A30AD3A699D for <avt@ietf.org>; Fri, 21 May 2010 17:23:11 -0700 (PDT)
Authentication-Results: sj-iport-5.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAIfA9kurR7H+/2dsb2JhbACeGHGlHJlGhRIEg0E
X-IronPort-AV: E=Sophos;i="4.53,281,1272844800"; d="scan'208";a="201053890"
Received: from sj-core-2.cisco.com ([171.71.177.254]) by sj-iport-5.cisco.com with ESMTP; 22 May 2010 00:23:05 +0000
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-2.cisco.com (8.13.8/8.14.3) with ESMTP id o4M0N5hf012014; Sat, 22 May 2010 00:23:05 GMT
Received: from xmb-sjc-215.amer.cisco.com ([171.70.151.169]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 21 May 2010 17:23:05 -0700
X-Mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 21 May 2010 17:22:49 -0700
Message-ID: <04CAD96D4C5A3D48B1919248A8FE0D540C3022E4@xmb-sjc-215.amer.cisco.com>
In-Reply-To: <EC3FD58E75D43A4F8807FDE0749175460A2231D5@FRMRSSXCHMBSB1.dc-m.alcatel-lucent.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [AVT] Open issues in the PortMapping draft
Thread-Index: Acr20MmIp/ZnqMixR3CHXdy8LNu1OAAilCvwAGJRzLAAF3MKAA==
References: <04CAD96D4C5A3D48B1919248A8FE0D540C2620A1@xmb-sjc-215.amer.cisco.com> <04CAD96D4C5A3D48B1919248A8FE0D540C262294@xmb-sjc-215.amer.cisco.com> <EC3FD58E75D43A4F8807FDE0749175460A2231D5@FRMRSSXCHMBSB1.dc-m.alcatel-lucent.com>
From: "Ali C. Begen (abegen)" <abegen@cisco.com>
To: "Van Caenegem, Tom (Tom)" <tom.van_caenegem@alcatel-lucent.com>, IETF AVT WG <avt@ietf.org>
X-OriginalArrivalTime: 22 May 2010 00:23:05.0495 (UTC) FILETIME=[F27E8270:01CAF944]
Subject: Re: [AVT] Open issues in the PortMapping draft
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 May 2010 00:23:13 -0000
Hi Tom, > -----Original Message----- > From: Van Caenegem, Tom (Tom) [mailto:tom.van_caenegem@alcatel-lucent.com] > Sent: Friday, May 21, 2010 9:23 AM > To: Ali C. Begen (abegen); IETF AVT WG > Subject: RE: [AVT] Open issues in the PortMapping draft > > Hi Ali, > > Some comments : > -related to your question 5: it makes more sense to include in the portmapping response message a > response field that could be used to contain error codes similar as was defined for RAMS-I. I do not > think you can impose timing requirements to an RS when responding to a port mapping response, other > than the usual RTP AVPF timing rules. > -I would favour to keep "port mapping response" message as a name, whereas a new message is defined, > entitled e.g. "port mapping cookie" , to transfer the cookie along with a RAMS-R or NACK. The only > difference may be the response field presence, but it makes it easier to present this solution. OK, any other opinions on this? > -If the port mapping request is sent several times by the RTP receiver (redundancy reasons), how > should the RS react? You should also state that the random number inside the port mapping request must > then be kept the same. Thinking more about this, I don’t think we need to have a random number and we can safely remove it from the cookie. > Then a comment with the risk of being criticised as counter-productive.;-) > > I notice that you know stipulate that the SSRC name in SDES message accompanying RTCP messages in the > primary RTP ssm session and accompanying the RTCP messages in the unicast RTP retransmission sessions > must be used by the RS to associate them together. For this reason you also submitted the draft-begen- > avt-rtp-cnames, an effort I applaude! Thanks, that should resolve the CNAME issues. But on the cookie side, I don't think we need CNAMEs in the hashing, either. > But... The reason why the simpler non-cookie solution I proposed to enable the port mapping, was > turned down in Anaheim was exactly because the association of the RTCP messages in the two sessions > had to be done via C-NAME, but as it could not be guaranteed that C-NAMES were unique, the solution > could not be guaranteed to work well in all cases. > > Because the cookie-based solution clearly has some disadvantages compared to not using cookies > (additional RTT impacting channel change time, server that needs to generate cookies, need for a keep- > alive mechanism and additional security threats like stealing cookies etc ) I wonder what the > remaining rationale is for not defining the non-cookie approach in IETF for RAMS and retransmissions. I believe we can combine your http://www.ietf.org/proceedings/77/slides/avt-10.pdf idea with the cookie proposal. This will avoid sending the keep-alives, while still getting the security benefit of the cookies proving return routability (which prevents the attack Magnus described in http://www.ietf.org/mail-archive/web/avt/current/msg12617.html). This way, the client needs only a single cookie (can obtain at boot time) regardless of how many different local ports it uses (in the current scheme we need one cookie per local port). I'll email you offline to set up a time to talk. -acbegen > Regards > Tom
- [AVT] Open issues in the PortMapping draft Ali C. Begen (abegen)
- Re: [AVT] Open issues in the PortMapping draft Jinwei Xia
- Re: [AVT] Open issues in the PortMapping draft Ingemar Johansson S
- Re: [AVT] Open issues in the PortMapping draft Ali C. Begen (abegen)
- Re: [AVT] Open issues in the PortMapping draft Roni Even
- Re: [AVT] Open issues in the PortMapping draft Van Caenegem, Tom (Tom)
- Re: [AVT] Open issues in the PortMapping draft Ali C. Begen (abegen)