IETF Logo Mail Archive

Re: [AVT] Token draft rev'ed (other than security)

Jonathan Lennox <jonathan@vidyo.com> Tue, 09 November 2010 03:25 UTC

Return-Path: <jonathan@vidyo.com>
X-Original-To: avt@core3.amsl.com
Delivered-To: avt@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BC96E28C178 for <avt@core3.amsl.com>; Mon, 8 Nov 2010 19:25:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gZI0UnJ1M6iI for <avt@core3.amsl.com>; Mon, 8 Nov 2010 19:25:43 -0800 (PST)
Received: from mx1.myoutlookonline.com (mx1.myoutlookonline.com [64.95.72.238]) by core3.amsl.com (Postfix) with ESMTP id F372328C2B1 for <avt@ietf.org>; Mon, 8 Nov 2010 19:25:40 -0800 (PST)
Received: from st022.mx1.myoutlookonline.com (localhost [127.0.0.1]) by mx1.myoutlookonline.com (Postfix) with ESMTP id 532C378C125; Mon, 8 Nov 2010 22:26:03 -0500 (EST)
X-Virus-Scanned: by SpamTitan at mail.lan
Received: from mx1.myoutlookonline.com (unknown [10.110.2.1]) by mx1.myoutlookonline.com (Postfix) with ESMTP id C4DDD78C084; Mon, 8 Nov 2010 22:26:02 -0500 (EST)
Received: from BH015.mail.lan ([10.110.21.115]) by mx1.myoutlookonline.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 8 Nov 2010 22:24:06 -0500
Received: from HUB015.mail.lan ([10.110.17.15]) by BH015.mail.lan with Microsoft SMTPSVC(6.0.3790.3959); Mon, 8 Nov 2010 22:24:05 -0500
Received: from BE235.mail.lan ([10.110.32.235]) by HUB015.mail.lan ([10.110.17.15]) with mapi; Mon, 8 Nov 2010 22:24:06 -0500
From: Jonathan Lennox <jonathan@vidyo.com>
To: "Ali C. Begen (abegen)" <abegen@cisco.com>
Date: Mon, 08 Nov 2010 22:25:58 -0500
Thread-Topic: [AVT] Token draft rev'ed (other than security)
Thread-Index: Act/vY/c5yuxkjl+SpGd4GE0faJvZw==
Message-ID: <A1173081-5ECA-42F5-8063-E097F53E20D5@vidyo.com>
References: <04CAD96D4C5A3D48B1919248A8FE0D540D9B42E4@xmb-sjc-215.amer.cisco.com> <03350E41-ADE3-4FB8-AC73-6BDF387531BF@vidyo.com> <04CAD96D4C5A3D48B1919248A8FE0D540D9B46A1@xmb-sjc-215.amer.cisco.com>
In-Reply-To: <04CAD96D4C5A3D48B1919248A8FE0D540D9B46A1@xmb-sjc-215.amer.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 09 Nov 2010 03:24:05.0616 (UTC) FILETIME=[9044B700:01CB7FBD]
Cc: "avt@ietf.org" <avt@ietf.org>
Subject: Re: [AVT] Token draft rev'ed (other than security)
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2010 03:25:44 -0000

On Nov 9, 2010, at 11:06 AM, Ali C. Begen (abegen) wrote:

>> This is a failure case that clients may need to be prepared to deal with.  If this happens, the client needs to send a new port
>> mapping request.  It might be a good idea to say that in this case the client SHOULD send the new port mapping request from
>> *c1, and use it before *c1's NAT bindings expire.  (Essentially, behind an Arbitrary Address Pooling NAT, the client will end up
>> behaving as though Tokens were really Cookies, as a fallback mechanism following failures.)
> 
> Rather than saying like this, we encouraged to have ct=c0=c1. Is not this a better approach? It deals with this problem in the first place.

I think "send the port mapping request from c1" and "ct=c1" are two ways of saying the same thing.  The one tricky thing is that if you got your (now-expired) Token from a previous session with the same server, your new c0=c1 is different than your old c0=c1, I think.

The other issue that for fully BEHAVE-compliant NATs, ct=c0=c1 is simply good practice in order to reduce the number of NAT bindings; however, for non- or conditionally-BEHAVE compliant NATs, there are cases where it's actually required.  It's possibly worth explicating this in the draft, probably in terms of the RFC 4787 language.


>> If your NAT has both Arbitrary Address Pooling and Address and Port-Dependent Mapping, though, this still may not work if
>> PT != P3.  (Such a NAT is not BEHAVE-compliant, since Endpoint-Independent Mapping is a MUST in RFC 4787.)  Does PT = P3
>> therefore need to be SHOULD strength, rather than MAY?  At any rate, this should probably be pointed out.
> 
> I am fine with making it SHOULD, but if the NAT is not compliant, who knows what other stupid things it will do. One thing we need to note is that P3 is (often) different for different unicast sessions (the feedback target on the server), so in this case, the port in the "a=portmapping-req" line will be equal to the port in the "a=rtcp:" line for the SSM session (which is fine of course).

I don't quite follow this, but I guess your point is that (at least in some architectures) different sessions should have different P3 values, but share the same PT value?  I see how that complicates things.

Fair point about stupid NATs.

I think that this draft achieves the goal of "simple topologies with well-behaved NATs work well; broken NATs or overly-complicated architectures work no worse than Cookies."  So that's good. 

--
Jonathan Lennox
jonathan@vidyo.com

v2.23.0 | Report a Bug | By Email