Re: [bfcpbis] [MMUSIC] m= line protocol in case of ICE

"Charles Eckel (eckelcu)" <eckelcu@cisco.com> Tue, 10 January 2017 20:17 UTC

Return-Path: <eckelcu@cisco.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5562C129443; Tue, 10 Jan 2017 12:17:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.72
X-Spam-Level:
X-Spam-Status: No, score=-17.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VkvwU9YiBm78; Tue, 10 Jan 2017 12:17:05 -0800 (PST)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6591F120727; Tue, 10 Jan 2017 12:17:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=47598; q=dns/txt; s=iport; t=1484079425; x=1485289025; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=XWhq5eaa9K+x4mckfiOdKk/oFpuV31hCuixldInHA9k=; b=TT1HCXDYBGWYvv1Cs0WrXD5NSu2MAl1t8rHsU6nthovoHhar2a9YzTdf Cu2ESx5vypj6YtT98VPN13VuU3x54sK5XegmvQHtJw57Sk6hrRbeda+xH 4WgXVGt4hsyUW3ZtbOp9th/OAG6yCRntq1Gi2LvlTgB06QYdVaRYGTygD 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AmAQA2QHVY/40NJK1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgnFJAQEBAQEfX4ENB4NIigiSKId/jSiCCAMfAQqFLkoCGoFpPxQ?= =?us-ascii?q?BAgEBAQEBAQFjKIRpAQEBBAEBIUsLEAIBCBEDAQIhAQYDAgICHwYLFAkIAgQBD?= =?us-ascii?q?QUbiDoDGA6wU4IlK4cXDYJIAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWIRwiBUYE?= =?us-ascii?q?Ggk6BVEQWglItgjEFlSOFSDgBhlqGeIN/CoFtjmqIEIF7hECEEgEfOIFAFTgQA?= =?us-ascii?q?YYccwGGKIEwgQ0BAQE?=
X-IronPort-AV: E=Sophos;i="5.33,344,1477958400"; d="scan'208,217";a="370875217"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 10 Jan 2017 20:17:04 +0000
Received: from XCH-ALN-012.cisco.com (xch-aln-012.cisco.com [173.36.7.22]) by alln-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id v0AKH4DH026005 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 10 Jan 2017 20:17:04 GMT
Received: from xch-aln-018.cisco.com (173.36.7.28) by XCH-ALN-012.cisco.com (173.36.7.22) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 10 Jan 2017 14:17:03 -0600
Received: from xch-aln-018.cisco.com ([173.36.7.28]) by XCH-ALN-018.cisco.com ([173.36.7.28]) with mapi id 15.00.1210.000; Tue, 10 Jan 2017 14:17:03 -0600
From: "Charles Eckel (eckelcu)" <eckelcu@cisco.com>
To: Roman Shpount <roman@telurix.com>, Alan Ford <alan.ford@gmail.com>, "Tom Kristensen (tomkrist)" <tomkrist@cisco.com>, Tom Kristensen <2mkristensen@gmail.com>
Thread-Topic: [bfcpbis] [MMUSIC] m= line protocol in case of ICE
Thread-Index: AQHSZhtknFAwOo6gtkq09SOaLvmbNKEyD0MA
Date: Tue, 10 Jan 2017 20:17:03 +0000
Message-ID: <E141AB90-8F35-4786-B443-DF7682F3D5FA@cisco.com>
References: <CAD5OKxuhvCz82+7JK8QrArtrYcjV9+b7vWMpWRnCjNbrL++srA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B4BE3AE83@ESESSMB209.ericsson.se> <CAD5OKxu15YgYO0xyWMYXv7VTAVVQ71iJhH_txt31BV0CvCSjqg@mail.gmail.com> <F96AC385-2721-4652-98F5-1BF92F06214A@gmail.com> <D0210B5A-138A-4C86-8D14-6E1FEC011E33@cisco.com> <CAD5OKxuzpVRsR0cMeUyhe35sA9W6bL=p1=0RUpTqwpQDyinwDA@mail.gmail.com> <16B5D8FF-F132-4B09-84D6-AE964CA7858D@cisco.com> <CAD5OKxsAHCykObDwZ2_n+XH7brkCz9yLbZFr9-MCQwzkn4uUmg@mail.gmail.com> <64E8A5CF-89ED-4673-AF23-2C960395C3EF@cisco.com> <633D3491-83B1-421F-B48C-0A61B1314E99@cisco.com> <CAD5OKxsAKOw4K_2rC-hQXHtZLQ2=8mv7hzW_mtpemuKyV+-+rw@mail.gmail.com> <739486DE-BDFA-48FD-ACBA-41E45D208748@gmail.com> <CAD5OKxs80RumMCZ9X8V=ENv6p0bwf=iNh0G2FqQqw6EJtfWGAw@mail.gmail.com>
In-Reply-To: <CAD5OKxs80RumMCZ9X8V=ENv6p0bwf=iNh0G2FqQqw6EJtfWGAw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.1d.0.161209
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.156.130.222]
Content-Type: multipart/alternative; boundary="_000_E141AB908F354786B443DF7682F3D5FAciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/bfcpbis/L0sssgQ6NNlnK6ByB3k4ktLlCH8>
Cc: "ice@ietf.org" <ice@ietf.org>, "bfcpbis@ietf.org" <bfcpbis@ietf.org>, "mmusic@ietf.org" <mmusic@ietf.org>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Re: [bfcpbis] [MMUSIC] m= line protocol in case of ICE
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2017 20:17:08 -0000

Roman,

Thanks for sharing this very clear proposal. Unless someone sees an issue with it, I think it should be incorporated into draft-ietf-bfcpbis-rfc4583bis. Support for DTLS is required by draft-ietf-bfcpbis-rfc4582bis for transport of BFCP over UDP, so requiring support for UDP/DTLS/BFCP as the default candidate when using ICE and DTLS and requiring support for UDP/BFCP as the default candidate otherwise should be fine.

I believe the changes required to add your proposal are limited to draft-ietf-bfcpbis-rfc4583bis. Roman, can you work with Tom Kristensen to make sure your proposal is captured correctly in update to draft-ietf-bfcpbis-rfc4583bis?

Cheers,
Charles

From: Roman Shpount <roman@telurix.com>
Date: Tuesday, January 3, 2017 at 3:44 PM
To: Alan Ford <alan.ford@gmail.com>
Cc: Charles Eckel <eckelcu@cisco.com>om>, "bfcpbis@ietf.org" <bfcpbis@ietf.org>rg>, Christer Holmberg <christer.holmberg@ericsson.com>om>, "mmusic@ietf.org" <mmusic@ietf.org>rg>, "ice@ietf.org" <ice@ietf.org>
Subject: Re: [bfcpbis] [MMUSIC] m= line protocol in case of ICE

Alan,

TCP/BFCP and TLS/BFCP will not work with ICE. Or, to be more precise, will not work without some specification changes either in ICE tcp or in BFCP.

One pair of protocols which will work with ICE is UDP/DTLS/BFCP and TCP/DTLS/BFCP. It will support both tcp and udp candidates. I think this pair should be recommended since it provides encryption.

Another pair that will work with ICE is UDP/BFCP and TCP/UDP/BFCP. It will also support tcp and udp candidates. It is not something I would use over public internet since it will transmit data in the clear text.

Finally, I prefer that any end point which implement BFCP and supports ICE and DTLS, MUST support UDP/DTLS/BFCP and use it for default candidate. Any endpoint which implements BFCP and ICE, but does not support DTLS, MUST support UDP/BFCP and use it as a default candidate.

Once the ICE candidate pair is selected, the transport matching the selected candidate pair should be used in the SDP.

There is no practical need for the asymmetric transport tags. I think the whole thing is coming from  the confusion that TCP/BFCP can be used with ICE tcp candidates. It cannot without some specification changes. Also, there is no reason to use TCP/DTLS/BFCP or TCP/UDP/BFCP, unless ICE is used. Because of this, there is no reason to use either of those transports for default candidate, since default candidate is selected for interop with end points not supporting ICE.

Regards,

_____________
Roman Shpount

On Tue, Jan 3, 2017 at 6:23 PM, Alan Ford <alan.ford@gmail.com<mailto:alan.ford@gmail.com>> wrote:
Roman,

Do any of those work for having both tcp and udp ICE candidates? I assume any with ICE (+ 4571 framing) would be acceptable for that case?

Ideally we need to support the case where an answer’s m-line protocol does not match any of the candidates, so that an answer could only support TCP (say) when the offerer supported both (and used a UDP m-line protocol). If Christer’s proposed change which permitted an answer not to match the m-line protocol in the ICE candidates was accepted, that would resolve this case. Do you see any problems here?

Regards,
Alan

On 3 Jan 2017, at 20:08, Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>> wrote:

Charles,

I do not think not supporting ICE tcp candidates will quite work since it will reduce the usability considerably. The simplest way to move forward is to define a different transport tag for BFCP  with RFC 4571 over TCP not to confuse it with TCP/BFCP. It can be TCP/UDP/BFCP (I know this looks strange and I am open to other suggestions, such as calling all packet based protocols DBFCP).

In general what I am proposing is:

TCP/BFCP -- existing BFCP over TCP
TLS/BFCP -- exisitng BFCP over TLS
UDP/BFCP -- BFCP over UDP or ICE udp candidates
TCP/UDP/BFCP -- BFCP with RFC 4571 framing over TCP or over ICE tcp candidates
UDP/DTLS/BFCP -- BFCP over DTLS or over ICE udp candidates
TCP/DTLS/BFCP -- BFCP over DTLS with RFC 4571 framing over TCP or over ICE tcp candidates

Legacy BFCP over TCP or TLS cannot work with ICE or NAT. Other protocols can work with NAT or ICE using normal ICE procedures.

If we call all packet based protocols DBFCP then transport tags will be:

TCP/BFCP -- existing BFCP over TCP
TLS/BFCP -- exisitng BFCP over TLS
UDP/DBFCP -- DBFCP over UDP or ICE udp candidates
TCP/DBFCP -- DBFCP with RFC 4571 framing over TCP or over ICE tcp candidates
UDP/DTLS/DBFCP -- DBFCP over DTLS or over ICE udp candidates
TCP/DTLS/DBFCP -- DBFCP over DTLS with RFC 4571 framing over TCP or over ICE tcp candidates

Since BFCP over UDP (or other packet based protocols) is quite different due to timers and transmission restrictions, it can have a different transport tag and even be defined in a separate RFC.

Regards,

_____________
Roman Shpount

On Tue, Jan 3, 2017 at 2:43 PM, Charles Eckel (eckelcu) <eckelcu@cisco.com<mailto:eckelcu@cisco.com>> wrote:
Crickets…
If no one is or has plans for using ICE with TCP/BFCP, perhaps it is best to state that as of this rev of the BFCP spec, BFCP with TCP candidates is not defined. Future updates to the spec may define this usage.

Cheers,
Charles

From: mmusic <mmusic-bounces@ietf.org<mailto:mmusic-bounces@ietf.org>> on behalf of Charles Eckel <eckelcu@cisco.com<mailto:eckelcu@cisco.com>>
Date: Friday, December 2, 2016 at 4:01 PM
To: Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>>
Cc: "ice@ietf.org<mailto:ice@ietf.org>" <ice@ietf.org<mailto:ice@ietf.org>>, "bfcpbis@ietf.org<mailto:bfcpbis@ietf.org>" <bfcpbis@ietf.org<mailto:bfcpbis@ietf.org>>, Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>>, "mmusic@ietf.org<mailto:mmusic@ietf.org>" <mmusic@ietf.org<mailto:mmusic@ietf.org>>
Subject: Re: [MMUSIC] [bfcpbis] m= line protocol in case of ICE

I have no experience with ICE with TCP candidates so hopefully others can chime in as to what they think is a workable solution.

Cheers,
Charles

From: Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>>
Date: Thursday, December 1, 2016 at 12:34 PM
To: Charles Eckel <eckelcu@cisco.com<mailto:eckelcu@cisco.com>>
Cc: Alan Ford <alan.ford@gmail.com<mailto:alan.ford@gmail.com>>, "bfcpbis@ietf.org<mailto:bfcpbis@ietf.org>" <bfcpbis@ietf.org<mailto:bfcpbis@ietf.org>>, "ice@ietf.org<mailto:ice@ietf.org>" <ice@ietf.org<mailto:ice@ietf.org>>, "mmusic@ietf.org<mailto:mmusic@ietf.org>" <mmusic@ietf.org<mailto:mmusic@ietf.org>>, Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>>
Subject: Re: [bfcpbis] [MMUSIC] m= line protocol in case of ICE

Charles,

RFC 6544 Sending Media (https://tools.ietf.org/html/rfc6544#section-10.1) says that "The framing defined in RFC 4571<https://tools.ietf.org/html/rfc4571> MUST be used when sending media." This means the protocol used is not TCP/BFCP which is using application level framing. I believe that STUN/Media demultiplexing requirements would prevent using TCP/BFCP directly with ice tcp candidates without redesign of either ICE TCP or TCP/BFCP.

Furthermore there are other implied ICE requirements that I outlined before (switching between udp and tpc candidates, existence of SBC which terminate ICE only but do not support the embedded protocol) because of which ice tcp is considered unreliable transport and will require fragmentation support and re-transmit timers that are not part of TCP/BFCP.

Regards,

_____________
Roman Shpount

On Thu, Dec 1, 2016 at 3:17 PM, Charles Eckel (eckelcu) <eckelcu@cisco.com<mailto:eckelcu@cisco.com>> wrote:
Roman,

Why would selecting TCP/BFCP as transport violate RFC 6544? Perhaps it does, but after a quick scan I am not sure why.

Cheers,
Charles

From: Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>>
Date: Tuesday, November 29, 2016 at 10:38 AM
To: Charles Eckel <eckelcu@cisco.com<mailto:eckelcu@cisco.com>>
Cc: Alan Ford <alan.ford@gmail.com<mailto:alan.ford@gmail.com>>, "bfcpbis@ietf.org<mailto:bfcpbis@ietf.org>" <bfcpbis@ietf.org<mailto:bfcpbis@ietf.org>>, "ice@ietf.org<mailto:ice@ietf.org>" <ice@ietf.org<mailto:ice@ietf.org>>, "mmusic@ietf.org<mailto:mmusic@ietf.org>" <mmusic@ietf.org<mailto:mmusic@ietf.org>>, Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>>
Subject: Re: [bfcpbis] [MMUSIC] m= line protocol in case of ICE

On Tue, Nov 29, 2016 at 12:48 PM, Charles Eckel (eckelcu) <eckelcu@cisco.com<mailto:eckelcu@cisco.com>> wrote:
It seems to me that the most straightforward approach would be to mandate support for BFCP over UDP when using ICE, use UDP as the default candidate, and signal the BFCP m-line as if it is BFCP over UDP. If we can mandate the use of DTLS, that would be even better.
Thoughts?


I agree.

The only issue that I still have, if DTLS is not used, what protocol is used when ICE tcp candidate is selected for transport. Is this TCP/BFCP (which goes against RFC6544)  or is it UDP/BFCP with RFC4571 framing? If it is UDP/BFCP with RFC4571 framing, what transport tag should be used in the re-INVITE which is sent after ICE nomination with only selected candidate? Should it be TCP/UDP/BFCP or something similar?

Regards,
_____________
Roman Shpount



_______________________________________________
bfcpbis mailing list
bfcpbis@ietf.org<mailto:bfcpbis@ietf.org>
https://www.ietf.org/mailman/listinfo/bfcpbis