Re: [bfcpbis] [MMUSIC] m= line protocol in case of ICE

Roman Shpount <roman@telurix.com> Tue, 22 November 2016 20:43 UTC

Return-Path: <roman@telurix.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29BF3129B9C for <bfcpbis@ietfa.amsl.com>; Tue, 22 Nov 2016 12:43:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_SPAM=0.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tsiw98Dj7kpk for <bfcpbis@ietfa.amsl.com>; Tue, 22 Nov 2016 12:43:35 -0800 (PST)
Received: from mail-qt0-x229.google.com (mail-qt0-x229.google.com [IPv6:2607:f8b0:400d:c0d::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86E05129464 for <bfcpbis@ietf.org>; Tue, 22 Nov 2016 12:43:32 -0800 (PST)
Received: by mail-qt0-x229.google.com with SMTP id w33so20306850qtc.3 for <bfcpbis@ietf.org>; Tue, 22 Nov 2016 12:43:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=3iKSBzFQaKMjedQ3r42H65d//wDAyff7B7Du8hxDSyM=; b=cFd7CzaB2LLmCw2V2MbJ0mZFYUwb4XUChOEpR9oGbbiRAb+X26e2o2LV7tnejSIB0m 5XWotjAKII0CgR/T96/oZCsoUa+qeFvbGewsg1paEplmtcm78s1lmN4taUb4jgC9uSPb jcdNojYMnmMhxTNXPQs69zap/st7usb0NzSMsYzDiQTYxgRFUl6Uujf4ixwoUoKDXXvm 35sioseqZqrFRnRSVIifAVTymiqVZ9lnEkMImGrkYaNn9INyAAOIzX7S3+UcaIGRh+Ek B3aEIPz0ZuO/Dz8nmf+47jOVoV9uqasgRrMLVookU6t0DGyVfvZOa6dMi110VGVmb6M6 n6CQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=3iKSBzFQaKMjedQ3r42H65d//wDAyff7B7Du8hxDSyM=; b=ioHCWAuh2jpFoF286aNn3d7nsoapX57F/BpXeFS7uabDVjagzhPLcxKbjPV53CdrP+ NMzkXgyLL7Yh2xU8ZiHd7LWU6o8UGQebQDG30rsay/Ywfy4+AiwLdrGsotfeP0EoftRa TT3W4WnSMVLOa/KLvAJQSfLKGxqPgv8u03yztc7UHcSalqBqWk1SCHLOK4WjI8OuVF3l kgvWcfoH1tLtmSfEaPfWoJIuQU7wHI2NxmtOM7HuK+TN5LRpCDZqResOLuC+QDopOnR/ lltUxPIGu74+vip+3Q7kyhgxmI6i4X04y7yTmz+xJYi5Hbv8GDwotEpnB1nXP9UeuZ9V e+1A==
X-Gm-Message-State: AKaTC00WBesoXym73/eTPbGiD8aGPDRl35xLUa4lLBafT7Fnp67HxHjr575nKMGFDHOA8g==
X-Received: by 10.200.52.143 with SMTP id w15mr12531379qtb.187.1479847411491; Tue, 22 Nov 2016 12:43:31 -0800 (PST)
Received: from mail-qt0-f180.google.com (mail-qt0-f180.google.com. [209.85.216.180]) by smtp.gmail.com with ESMTPSA id 96sm14571503qkz.40.2016.11.22.12.43.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 Nov 2016 12:43:30 -0800 (PST)
Received: by mail-qt0-f180.google.com with SMTP id n6so20491181qtd.1; Tue, 22 Nov 2016 12:43:30 -0800 (PST)
X-Received: by 10.200.56.88 with SMTP id r24mr14801386qtb.39.1479847410534; Tue, 22 Nov 2016 12:43:30 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.135.243 with HTTP; Tue, 22 Nov 2016 12:43:30 -0800 (PST)
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B4BE823C9@ESESSMB209.ericsson.se>
References: <CAD5OKxuhvCz82+7JK8QrArtrYcjV9+b7vWMpWRnCjNbrL++srA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B4BE3AE83@ESESSMB209.ericsson.se> <CAD5OKxu15YgYO0xyWMYXv7VTAVVQ71iJhH_txt31BV0CvCSjqg@mail.gmail.com> <F96AC385-2721-4652-98F5-1BF92F06214A@gmail.com> <CAD5OKxsyEpeOTDYNjkxz0AEM8UELGhbrC0dWgUh2VTR9oyaOrA@mail.gmail.com> <CAD5OKxuFK_R8d=VYS6WSF87zhce4OEFtiJUqhi5sQB8rp9BCYA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B4BE823C9@ESESSMB209.ericsson.se>
From: Roman Shpount <roman@telurix.com>
Date: Tue, 22 Nov 2016 15:43:30 -0500
X-Gmail-Original-Message-ID: <CAD5OKxsrzfpGaTK6f03VUCijCaZe=ddbTAmxN+CwNg50cap8TQ@mail.gmail.com>
Message-ID: <CAD5OKxsrzfpGaTK6f03VUCijCaZe=ddbTAmxN+CwNg50cap8TQ@mail.gmail.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Content-Type: multipart/alternative; boundary="001a113ce4763a35620541e9d344"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bfcpbis/gulLYrVPnRx88Ru-ImCaviC4TT8>
Cc: "bfcpbis@ietf.org" <bfcpbis@ietf.org>, "ice@ietf.org" <ice@ietf.org>, "mmusic@ietf.org" <mmusic@ietf.org>, Alan Ford <alan.ford@gmail.com>
Subject: Re: [bfcpbis] [MMUSIC] m= line protocol in case of ICE
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Nov 2016 20:43:39 -0000

Christer,

I think this is another way around -- BFCP would have to use RFC 4571
framing when using tcp candidates.

There is deployed equipment (SBC) that rely on the fact that RFC 4571
framing is used by tcp candidates in ICE. I am not sure there are ICE
implementations of BFCP. I think new implementation should be updated to
comply with existing standards, not another way around.

Can someone provide some insight regarding BFCP with UDP and ICE
implementation? Are there implementations of either? I see the RFC for
TCP/BFCP, but it looks like UDP/BFCP and BFCP with ICE only exist in drafts.

My proposal either to limit ICE support to UDP/DTLS/BFCP and TCP/DTLS/BFCP,
or define new transport tag DBFCP (datagram BFCP), and define ICE support
for UDP/DBFCP and TCP/DBFCP, where UDP version of BFCP is used over udp and
tcp ICE candidates, with  RFC 4571 framing used in case of tcp candidates.

If this is done, we can make UDP/DTLS/BFCP MUST implement if ICE is
supported for encrypted (and UDP/DBFCP for non-encrypted), make default
candidate UDP, and all the ICE problems disappear.

Not sure about the current state of MSRP and ICE, but I do not think there
are any implementations of it. Probably the best way to implement it now
would be over datachannel or quick.

Regards,

_____________
Roman Shpount

On Mon, Nov 21, 2016 at 4:25 AM, Christer Holmberg <
christer.holmberg@ericsson.com> wrote:

> Hi Roman,
>
>
>
> Good catch.
>
>
>
> That basically means that bfcpbis would have to document the usage of
> framing for BFCP-TCP – assuming they want BFCP-TCP to work with ICE.
>
>
>
> I assume the same applies to MSRP (when not using an MSRP relay).
>
>
>
> Regards,
>
>
>
> Christer
>
>
>
>
>
> *From:* Roman Shpount [mailto:roman@telurix.com]
> *Sent:* 21 November 2016 01:23
> *To:* Alan Ford <alan.ford@gmail.com>
> *Cc:* Christer Holmberg <christer.holmberg@ericsson.com>; mmusic@ietf.org;
> ice@ietf.org; bfcpbis@ietf.org
> *Subject:* Re: [MMUSIC] m= line protocol in case of ICE
>
>
>
> Hi All,
>
>
>
> I just wanted to add to my previous email, that according to RFC
> 6544 protocols running over tcp candidates MUST use  RFC 4571 framing (
> https://tools.ietf.org/html/rfc6544#section-10.1). This means that BFCP
> running over tcp candidate is not TCP/BFCP and will require a different
> transport tag.
>
>
>
> Regards,
>
>
> _____________
> Roman Shpount
>
>
>
> On Thu, Nov 17, 2016 at 9:13 PM, Roman Shpount <roman@telurix.com> wrote:
>
> Hi All,
>
>
>
> There are three comments I wanted to make regarding general nature of all
> existing protocols designed to work ICE
>
>
>
> 1. Protocols running on top of ICE assume that regardless what candidate
> pair is used, including tcp candidates, the underlying network transport is
> unordered and unreliable. During nomination, including continuous
> nomination, candidate pairs can switch, including switching from udp to tcp
> or from tcp to udp. This typically means that protocol re-transmit timers
> are operational, packets are re-ordered at the protocol level, and
>  UDP-friendly packet sizes are used even when packets are sent over tcp
> candidates. For instance DTLS and SCTP re-transmit timers, reordering, and
> fragmentation support are still running when tcp candidates are used.
>
>
>
> 2. Protocols do not assume that particular candidate network transport
> runs all the way from origination to final destination of the protocol
> packets. For instance there are SBC which only handle ICE. These SBC run
> the ICE state machine and then transmit the underlying protocol data to the
> final destination using public IP. Because of this, it is not unusual for
> RTP to run over tcp candidate until SBC and then run over UDP to the final
> destination. This is one more reason why re-transmit timers and other
> mechanisms used to deal with UDP are still running over tcp candidates.
>
>
>
> 3. I am not aware of any current protocol running over ICE tcp candidates
> which is not using RFC4571 framing. For instance DTLS could have been
> implemented using DTLS protocol framing without RFC4571 over tcp
> candidates, but this was not the case. This is partially done to simplify
> implementation of SBC which terminate ICE and transmit protocol data using
> UDP. By using RFC 4571 framing, SBC can packetize/de-packetize data
> transmitted over tcp candidates without knowing protocol details.
>
>
>
> To conclude, up until this point ICE tcp candidates were not treated as
> reliable transport and served simply as another way to transmit UDP packets
> through firewalls. Because of this, I would argue that BFCP running over
> tcp candidate is not the same as TCP/BFCP, in the same way as DTLS running
> over tcp candidate is not TLS.
>
>
>
> I would also argue that any protocol running over ICE is, in essence, a
> UDP based protocol, using tcp candidates only as a fall back mechanism for
> firewall traversal, same way as when data is relayed over TURN TCP, it is
> still considered sent over UDP at the protocol level.
>
>
>
> If ICE group agrees, I think this should be documented by saying that UDP
> is a MUST implement for any protocol using ICE and that default candidate
> should be UDP based.
>
>
>
> Regards,
>
> _____________
> Roman Shpount
>
>
>
> On Thu, Nov 17, 2016 at 8:14 PM, Alan Ford <alan.ford@gmail.com> wrote:
>
> Adding bfcpbis.
>
>
>
> You raise a good point Roman - there’s no definition of how to actually
> use ICE with BFCP at the protocol level - this only came up in some very
> late reviews of 4582bis. The initial suggestion was to use the same text as
> in draft-ietf-mmusic-sctp-sdp-19, but it then raised the point that,
> given BFCP does not have a MTI protocol, if the offerer supported both they
> would include their preferred option, but if the receiver supported the
> other variant, there’s no way to immediately negotiate that without a
> re-INVITE.
>
>
>
> Christer’s suggestion to relax the requirement that the m-line protocol *in
> the answer* matches one of the ICE candidates would support the case
> where the offerer supports both but prefers UDP, but the answerer only
> supports TCP. Although no implementations currently do ICE here, this
> relaxation would leave the door open to gaining this negotiation
> flexibility in bfcpbis implementations. There seems no reason to have this
> requirement applied to the answer in the first place.
>
>
>
> I don’t understand the comment about SBCs; today, tcp candidates are used
> for media and data channels end-to-end in WebRTC, to name but one
> implementation.
>
>
>
> Regards,
>
> Alan
>
>
>
> On 17 Nov 2016, at 03:05, Roman Shpount <roman@telurix.com> wrote:
>
>
>
> Adding ICE group to this message.
>
>
>
> The approach always was that tcp candidates can potentially go only as far
> as SBC and then be terminated by UDP transport. Because of this everything
> transmitted over tcp candidate was still considered to be transmitted over
> the unreliable out-of-order transport. It is also assumed that candidates
> can switch from UDP to TCP based candidate during nomination. This is why,
> for instance, we run DTLS with RFC4571 framing over tcp candidates, not
> TLS. Because of this I always thought that ICE is UDP first with additional
> TCP transports for situation when UDP will not work. So, as a result, I
> think ICE-bis should specify that UDP MUST be supported and default
> candidate MUST be UDP. ICE SDP can reflect this, but I think this is the
> underlying protocol requirement.
>
>
>
> I also wanted to add that BFCP needs to examine how ICE support is
> implemented by this protocol. I think it is not covered in the current
> drafts. I also think I do not think it is possible for TCP/BFCP to run over
> ICE. On the other hand UDP/DTLS/BFCP and TCP/DTLS/BFCP would trivial based
> on current DTLS work.
>
>
>
> Regards,
>
> _____________
> Roman Shpount
>
>
>
> On Wed, Nov 16, 2016 at 8:44 PM, Christer Holmberg <
> christer.holmberg@ericsson.com> wrote:
>
> I have no problem with Roman’s must-support-UDP suggestion. I guess the
> question is whether the BFCP folks could accept that. Cullen did say that
> TCP-based BFCP deployments have been around for a decade. But, do they
> support ICE?
>
>
>
> If we decide to move forward with such approach, we need to ask ourselves
> whether must-support-UDP should be an ICE requirement (in which case the
> suggestion should be brought to the ICE WG) or whether it should only be an
> ICE-using-SIP-SDP requirement.
>
>
>
> Regards,
>
>
>
> Christer
>
>
>
> *From:* mmusic [mailto:mmusic-bounces@ietf.org] *On Behalf Of *Roman
> Shpount
> *Sent:* 17 November 2016 00:52
> *To:* mmusic@ietf.org
> *Subject:* [MMUSIC] m= line protocol in case of ICE
>
>
>
> Hi All,
>
>
>
> I just wanted to return to the m= line protocol issue that Christer raised
> during the last MMUSIC session.
>
>
>
> All the ICE implementations I've seen are primarily UDP based with support
> for tcp host candidates which are primarily used to connect to end points
> on public IP. If all ICE implementations are continue to be primarily UDP
> based, then the simplest solution would be to require UDP support when any
> given protocol is implemented over ICE. DTLS and RTP are already primarily
> UDP based so this is a non-requirement. Even more, all protocols that are
> implemented on top of ICE must assume that underling transports (including
> tcp candidates) are unreliable, since candidate pair can change at any time
> between reliable and unreliable transports, so this makes them different
> from protocols implemented on plain TCP or TLS.
>
>
>
> So the first question I wanted to ask is anybody interested in TCP only
> ICE implementation where the protocol running on top of such implementation
> relies on the reliable delivery of underlying messages? By this I mean,
> does anybody wants implement TCP based ICE, with simultaneous open,
> reflexive and relay candidates in such a way that ICE implementation will
> run from behind NAT without ever needing a UDP candidate?
>
>
>
> I understand that BFCP was used for a long time, but I do not think
> TCP/BFCP or TCP/TLS/BFCP can even be used with ICE. I think only UDP/BFCP,
> UDP/DTLS/BFCP and TCP/DTLS/BFCP can even support ICE.
>
>
>
> I think both rfc4582bis and rfc4583bis need a careful review and
> additional sections that describe ICE considerations. I think the most
> obvious thing would be to specify that ICE can only be supported by
> UDP/BFCP, UDP/DTLS/BFCP and TCP/DTLS/BFCP. It will also mean in which case
> RFC4571 is used when tcp candidates are used. Furthermore, when tcp
> candidate is selected with UDP/BFCP transport, it is not the same thing as
> using TCP/BFCP and will need a different transport tag (something like
> TCP/UDP/BFCP). Alternatively we can require that only secure versions of
> BFCP are used with ICE and only allow ICE usage for UDP/DTLS/BFCP and
> TCP/DTLS/BFCP.
>
>
>
> To conclude, I would argue that the simplest solution would be that for
> all protocols implemented on top of ICE, UDP MUST be supported and default
> candidates MUST be UDP based. This avoids building uncomfortable artificial
> constructs to avoid ICE mismatch and requires minimal changes to existing
> specifications.
>
>
>
> Regards,
>
> _____________
> Roman Shpount
>
>
>
> _______________________________________________
> mmusic mailing list
> mmusic@ietf.org
> https://www.ietf.org/mailman/listinfo/mmusic
>
>
>
>
>
>
>