Re: [bfcpbis] [MMUSIC] m= line protocol in case of ICE

"Charles Eckel (eckelcu)" <eckelcu@cisco.com> Tue, 29 November 2016 17:48 UTC

Return-Path: <eckelcu@cisco.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CD9A12955D; Tue, 29 Nov 2016 09:48:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.018
X-Spam-Level:
X-Spam-Status: No, score=-16.018 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.497, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Aa5NTHMNhzMR; Tue, 29 Nov 2016 09:48:31 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BD57129464; Tue, 29 Nov 2016 09:48:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=30350; q=dns/txt; s=iport; t=1480441700; x=1481651300; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=TiuFCVcjlcGi384Y+O/fCUBI2oa0yd5yk+b6zu8i2jw=; b=JpHLghisojiLYBiVJzTqDplKQfC8scBg8pwLIHa3iFJHOXFwGTZfVC3d 562leQLj47iwNihiZEduPHJl1ldBKmI5JmyuN+YEeGu3PXRZqP4QnFKZA Sc5mJQ4KTm32UV7jE4CU/1ar05F5uOG4HKHcpdlLFHrBBtqRYFxqP5bf4 s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AhAQBQvj1Y/4wNJK1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgnM3DgEBAQEBH1iBAweNPJchh3KNA4IHHgEKhS9KAhqBVT8UAQI?= =?us-ascii?q?BAQEBAQEBYiiEaAEBAQQBAQEgSQILEAIBCBEDAQEBKAMCAgIfBgsUCQgCBAENB?= =?us-ascii?q?RuIOAMXDqwFgikvhxUNg3cBAQEBAQEBAQEBAQEBAQEBAQEBAQEXBYg7gl6CSII?= =?us-ascii?q?hFoJOLYIwBYk/hTOFeoU0NQGJV4NYg1aQMolAhDGECwEeN4EXIg4BAYMnHIFdc?= =?us-ascii?q?ocAgQ0BAQE?=
X-IronPort-AV: E=Sophos;i="5.31,717,1473120000"; d="scan'208,217";a="174989161"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 29 Nov 2016 17:48:18 +0000
Received: from XCH-ALN-018.cisco.com (xch-aln-018.cisco.com [173.36.7.28]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id uATHmIGY014650 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 29 Nov 2016 17:48:18 GMT
Received: from xch-aln-018.cisco.com (173.36.7.28) by XCH-ALN-018.cisco.com (173.36.7.28) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 29 Nov 2016 11:48:18 -0600
Received: from xch-aln-018.cisco.com ([173.36.7.28]) by XCH-ALN-018.cisco.com ([173.36.7.28]) with mapi id 15.00.1210.000; Tue, 29 Nov 2016 11:48:18 -0600
From: "Charles Eckel (eckelcu)" <eckelcu@cisco.com>
To: Alan Ford <alan.ford@gmail.com>, Roman Shpount <roman@telurix.com>
Thread-Topic: [bfcpbis] [MMUSIC] m= line protocol in case of ICE
Thread-Index: AQHSQFwSEnIqX9JFq0OJWjTO/qYWEKDczAiAgAAW2ICAAXMeAIAR2UqA
Date: Tue, 29 Nov 2016 17:48:18 +0000
Message-ID: <D0210B5A-138A-4C86-8D14-6E1FEC011E33@cisco.com>
References: <CAD5OKxuhvCz82+7JK8QrArtrYcjV9+b7vWMpWRnCjNbrL++srA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B4BE3AE83@ESESSMB209.ericsson.se> <CAD5OKxu15YgYO0xyWMYXv7VTAVVQ71iJhH_txt31BV0CvCSjqg@mail.gmail.com> <F96AC385-2721-4652-98F5-1BF92F06214A@gmail.com>
In-Reply-To: <F96AC385-2721-4652-98F5-1BF92F06214A@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.1b.0.161010
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.20.182.35]
Content-Type: multipart/alternative; boundary="_000_D0210B5A138A4C868D146E1FEC011E33ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/bfcpbis/-jYAp4r2J7ttaZ2oGt7V-T1xXmk>
Cc: "bfcpbis@ietf.org" <bfcpbis@ietf.org>, Christer Holmberg <christer.holmberg@ericsson.com>, "mmusic@ietf.org" <mmusic@ietf.org>, "ice@ietf.org" <ice@ietf.org>
Subject: Re: [bfcpbis] [MMUSIC] m= line protocol in case of ICE
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2016 17:48:41 -0000

It seems to me that the most straightforward approach would be to mandate support for BFCP over UDP when using ICE, use UDP as the default candidate, and signal the BFCP m-line as if it is BFCP over UDP. If we can mandate the use of DTLS, that would be even better.
Thoughts?

Charles

From: bfcpbis <bfcpbis-bounces@ietf.org> on behalf of Alan Ford <alan.ford@gmail.com>
Date: Thursday, November 17, 2016 at 5:14 PM
To: Roman Shpount <roman@telurix.com>
Cc: "bfcpbis@ietf.org" <bfcpbis@ietf.org>rg>, "ice@ietf.org" <ice@ietf.org>rg>, "mmusic@ietf.org" <mmusic@ietf.org>rg>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Re: [bfcpbis] [MMUSIC] m= line protocol in case of ICE

Adding bfcpbis.

You raise a good point Roman - there’s no definition of how to actually use ICE with BFCP at the protocol level - this only came up in some very late reviews of 4582bis. The initial suggestion was to use the same text as in draft-ietf-mmusic-sctp-sdp-19, but it then raised the point that, given BFCP does not have a MTI protocol, if the offerer supported both they would include their preferred option, but if the receiver supported the other variant, there’s no way to immediately negotiate that without a re-INVITE.

Christer’s suggestion to relax the requirement that the m-line protocol in the answer matches one of the ICE candidates would support the case where the offerer supports both but prefers UDP, but the answerer only supports TCP. Although no implementations currently do ICE here, this relaxation would leave the door open to gaining this negotiation flexibility in bfcpbis implementations. There seems no reason to have this requirement applied to the answer in the first place.

I don’t understand the comment about SBCs; today, tcp candidates are used for media and data channels end-to-end in WebRTC, to name but one implementation.

Regards,
Alan

On 17 Nov 2016, at 03:05, Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>> wrote:

Adding ICE group to this message.

The approach always was that tcp candidates can potentially go only as far as SBC and then be terminated by UDP transport. Because of this everything transmitted over tcp candidate was still considered to be transmitted over the unreliable out-of-order transport. It is also assumed that candidates can switch from UDP to TCP based candidate during nomination. This is why, for instance, we run DTLS with RFC4571 framing over tcp candidates, not TLS. Because of this I always thought that ICE is UDP first with additional TCP transports for situation when UDP will not work. So, as a result, I think ICE-bis should specify that UDP MUST be supported and default candidate MUST be UDP. ICE SDP can reflect this, but I think this is the underlying protocol requirement.

I also wanted to add that BFCP needs to examine how ICE support is implemented by this protocol. I think it is not covered in the current drafts. I also think I do not think it is possible for TCP/BFCP to run over ICE. On the other hand UDP/DTLS/BFCP and TCP/DTLS/BFCP would trivial based on current DTLS work.

Regards,
_____________
Roman Shpount

On Wed, Nov 16, 2016 at 8:44 PM, Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> wrote:
I have no problem with Roman’s must-support-UDP suggestion. I guess the question is whether the BFCP folks could accept that. Cullen did say that TCP-based BFCP deployments have been around for a decade. But, do they support ICE?

If we decide to move forward with such approach, we need to ask ourselves whether must-support-UDP should be an ICE requirement (in which case the suggestion should be brought to the ICE WG) or whether it should only be an ICE-using-SIP-SDP requirement.

Regards,

Christer

From: mmusic [mailto:mmusic-bounces@ietf.org<mailto:mmusic-bounces@ietf.org>] On Behalf Of Roman Shpount
Sent: 17 November 2016 00:52
To: mmusic@ietf.org<mailto:mmusic@ietf.org>
Subject: [MMUSIC] m= line protocol in case of ICE

Hi All,

I just wanted to return to the m= line protocol issue that Christer raised during the last MMUSIC session.

All the ICE implementations I've seen are primarily UDP based with support for tcp host candidates which are primarily used to connect to end points on public IP. If all ICE implementations are continue to be primarily UDP based, then the simplest solution would be to require UDP support when any given protocol is implemented over ICE. DTLS and RTP are already primarily UDP based so this is a non-requirement. Even more, all protocols that are implemented on top of ICE must assume that underling transports (including tcp candidates) are unreliable, since candidate pair can change at any time between reliable and unreliable transports, so this makes them different from protocols implemented on plain TCP or TLS.

So the first question I wanted to ask is anybody interested in TCP only ICE implementation where the protocol running on top of such implementation relies on the reliable delivery of underlying messages? By this I mean, does anybody wants implement TCP based ICE, with simultaneous open, reflexive and relay candidates in such a way that ICE implementation will run from behind NAT without ever needing a UDP candidate?

I understand that BFCP was used for a long time, but I do not think TCP/BFCP or TCP/TLS/BFCP can even be used with ICE. I think only UDP/BFCP, UDP/DTLS/BFCP and TCP/DTLS/BFCP can even support ICE.

I think both rfc4582bis and rfc4583bis need a careful review and additional sections that describe ICE considerations. I think the most obvious thing would be to specify that ICE can only be supported by UDP/BFCP, UDP/DTLS/BFCP and TCP/DTLS/BFCP. It will also mean in which case RFC4571 is used when tcp candidates are used. Furthermore, when tcp candidate is selected with UDP/BFCP transport, it is not the same thing as using TCP/BFCP and will need a different transport tag (something like TCP/UDP/BFCP). Alternatively we can require that only secure versions of BFCP are used with ICE and only allow ICE usage for UDP/DTLS/BFCP and TCP/DTLS/BFCP.

To conclude, I would argue that the simplest solution would be that for all protocols implemented on top of ICE, UDP MUST be supported and default candidates MUST be UDP based. This avoids building uncomfortable artificial constructs to avoid ICE mismatch and requires minimal changes to existing specifications.

Regards,
_____________
Roman Shpount

_______________________________________________
mmusic mailing list
mmusic@ietf.org<mailto:mmusic@ietf.org>
https://www.ietf.org/mailman/listinfo/mmusic