Re: [BEHAVE] WGLC: draft-ietf-behave-turn-tcp-04
Dave Thaler <dthaler@microsoft.com> Sat, 08 August 2009 18:29 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DDCEC3A6C39 for <behave@core3.amsl.com>; Sat, 8 Aug 2009 11:29:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.367
X-Spam-Level:
X-Spam-Status: No, score=-10.367 tagged_above=-999 required=5 tests=[AWL=0.232, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JiXNhZxAqu0G for <behave@core3.amsl.com>; Sat, 8 Aug 2009 11:29:39 -0700 (PDT)
Received: from smtp.microsoft.com (smtp.microsoft.com [131.107.115.214]) by core3.amsl.com (Postfix) with ESMTP id 65A543A6EE4 for <behave@ietf.org>; Sat, 8 Aug 2009 11:29:10 -0700 (PDT)
Received: from TK5EX14HUBC101.redmond.corp.microsoft.com (157.54.7.153) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.99.4; Sat, 8 Aug 2009 11:29:07 -0700
Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14HUBC101.redmond.corp.microsoft.com (157.54.7.153) with Microsoft SMTP Server id 14.0.621.7; Sat, 8 Aug 2009 11:29:07 -0700
Received: from TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com ([169.254.3.25]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi; Sat, 8 Aug 2009 11:29:05 -0700
From: Dave Thaler <dthaler@microsoft.com>
To: "draft-ietf-behave-turn-tcp@tools.ietf.org" <draft-ietf-behave-turn-tcp@tools.ietf.org>
Thread-Topic: [BEHAVE] WGLC: draft-ietf-behave-turn-tcp-04
Thread-Index: AcoQ8pHnO58KBYnbRjO0tt9j9fIZ2QHYMcMQ
Date: Sat, 08 Aug 2009 18:29:03 +0000
Message-ID: <E4561B14EE2A3E4E9D478EBFB5416E1B197488@TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com>
References: <0a9901ca10f2$93cdab60$5f7d150a@cisco.com>
In-Reply-To: <0a9901ca10f2$93cdab60$5f7d150a@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "behave@ietf.org" <behave@ietf.org>
Subject: Re: [BEHAVE] WGLC: draft-ietf-behave-turn-tcp-04
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Aug 2009 18:29:40 -0000
I have reviewed this doc and have a number of comments. A marked-up PDF with my full comments is at http://research.microsoft.com/en-us/um/people/dthaler/draft-ietf-behave-turn-tcp-04.pdf Summary of non-editorial-only comments: 1) Are data connections to be closed gracefully or abortively, and does this depend on how the corresponding (peer vs client) connection was closed? 2) When error 447 is returned, section 4.3 says the client MUST wait at least 10 seconds before retrying. I think this is for the _same_ destination IP/port, right? If the client has other destination IP/port pairs to try, they can be tried immediately, correct? 3) Section 4.6 notes that no keepalive mechanism is provided and an application can do this at a higher layer. For NATs between a TURN client and a TURN server, why wouldn't TCP keepalives be a possibility? 4) If I understand the 3rd paragraph of section 5.2, correctly, there's an important limitation/constraint that should be called out early (e.g. in the overview). Normally, TCP clients can open multiple parallel connections (e.g., to a web server) to the same destination address/port. To accomplish this with TURN, it seems that the client needs multiple control connections so it can get multiple allocations, since it can only have one connection to a given peer address/port per allocation, correct? 5) The 5th paragraph of Section 5.2 also implies that it's illegal for a TURN server to refuse to initiate connections based on the XOR-PEER-ADDRESS value. For example, if it refuses to initiate connections to 127.0.0.1 it would be violating a MUST. I'd like to see this relaxed. 6) The draft talks about timing out a peer connection after 30 seconds in section 5.3 if the client never does a ConnectionBind for a connection initiated by a peer. However, section 5.2 has no corresponding rule. This means a client can send a Connect request, and then never open a data connection, and the server will never time out the peer connection. The same rule needs to be added to 5.2 to address this. 7) Continuing on the same point, the security considerations section needs to add a discussion of a memory DoS attack due to the TURN server having to buffer data from a peer while waiting for a ConnectionBind (which may never happen). Currently it has references to docs that contain discussion of bandwidth DoS attacks, but not memory DoS attacks, as far as I can find. -Dave > -----Original Message----- > From: behave-bounces@ietf.org [mailto:behave-bounces@ietf.org] On > Behalf Of Dan Wing > Sent: Thursday, July 30, 2009 1:49 AM > To: behave@ietf.org > Cc: draft-ietf-behave-turn-tcp@tools.ietf.org; 'Behave Chairs' > Subject: [BEHAVE] WGLC: draft-ietf-behave-turn-tcp-04 > > BEHAVE is starting a 3 week working group last call (WGLC), ending > August 19, > for > > draft-ietf-behave-turn-tcp-04 > "Traversal Using Relays around NAT (TURN) Extensions for TCP > Allocations" > > Please send technical comments to the BEHAVE list, and editorial > comments to > the authors. > > Thanks, > -d > > _______________________________________________ > Behave mailing list > Behave@ietf.org > https://www.ietf.org/mailman/listinfo/behave
- [BEHAVE] WGLC: draft-ietf-behave-turn-tcp-04 Dan Wing
- Re: [BEHAVE] WGLC: draft-ietf-behave-turn-tcp-04 Alfred E. Heggestad
- Re: [BEHAVE] WGLC: draft-ietf-behave-turn-tcp-04 Simon Perreault
- Re: [BEHAVE] WGLC: draft-ietf-behave-turn-tcp-04 Dave Thaler
- Re: [BEHAVE] WGLC: draft-ietf-behave-turn-tcp-04 Ari Keranen
- Re: [BEHAVE] WGLC: draft-ietf-behave-turn-tcp-04 Simon Perreault
- Re: [BEHAVE] WGLC: draft-ietf-behave-turn-tcp-04 Dan Wing
- Re: [BEHAVE] WGLC: draft-ietf-behave-turn-tcp-04 Ari Keranen
- Re: [BEHAVE] WGLC: draft-ietf-behave-turn-tcp-04 Simon Perreault
- Re: [BEHAVE] WGLC: draft-ietf-behave-turn-tcp-04 Dave Thaler
- Re: [BEHAVE] WGLC: draft-ietf-behave-turn-tcp-04 Simon Perreault