Re: [core] RFC 7252 - 8.2 - Multicast - Request / Response Layer, page 67, top

Esko Dijk <esko.dijk@iotconsultancy.nl> Tue, 31 March 2020 10:32 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F07323A1F9D for <core@ietfa.amsl.com>; Tue, 31 Mar 2020 03:32:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.011
X-Spam-Level:
X-Spam-Status: No, score=0.011 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancynl.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lMN_0Ov5Zt-w for <core@ietfa.amsl.com>; Tue, 31 Mar 2020 03:32:29 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10122.outbound.protection.outlook.com [40.107.1.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57F6B3A1F85 for <core@ietf.org>; Tue, 31 Mar 2020 03:32:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZAmmo+v0IEVESRaTl6V+x1bKtJFV4pid3o5t8RQ7kvwdX/6aec+JfJ1uSL2P8CWTqqDLGWvwIQ03UzAtcBqz/Tg5xh6Bq44H0tWhNvM2+mFOsCwaNRe6m+cTcY0pgoEDvOZcC8n49lkW5LeBngwOn306TJGdbxNDWdaAsn0veRVZmbAOD4OKxHUbSy8XdePYLJ4T3wlWb9mZoNAFUKVtIJ/TPNMb30VRNGV1TAjFEhDB/mfPwlNOQAMlLBfIQa1cj5mbz61EzwBcJhiy5G6l6eD8cbiTKHdj+RZPcaVyNZO+DgctmLOXQ4Pi+6kjs0n9M1UyKA+xCidb/f+nsY7jLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ja+XXmKnm0mPRGjQ0U4xmJrKddrw0slK231JXC0w5Bc=; b=QLsUPNjVbxWPqOJzbXjsdP5bPXdeOjT6EbXPF8wUwQJCl8GfATnNYyK6UWs61P5tH/MWxMRtMt0eskm+LKC1SlUchSHLA5YwX5Rz0rD+fN48He2N7w0y2KclX7qtikZXZWbIj1J+3b0L9qLKP8aqDdVzd7Q15SCEUQsSlL2pb3pgGyWFlx6SPsF+0pGG6QDBsR7t9/YLjgasdMKyJM7A5tBeRR+yfBdy6cdLqh/7F7/uO8HV77Jt++5gCJczvD5xCMCe6vvKdQ+2TzJrKHwedyS6jmxcGdRfjFwAOU+GRFFcArezvoh8OgTH/4Fi+7VFqXPeFqEaXFHbxb4m3m4uZQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancynl.onmicrosoft.com; s=selector2-iotconsultancynl-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ja+XXmKnm0mPRGjQ0U4xmJrKddrw0slK231JXC0w5Bc=; b=ph+juzcn3WjdoJku53NHK96wTcAWc6h3fPT9mECrCfRXjSAgM8XMSPf/WBmaBT7gjnQMT0XxWv38VLoG8qU7qFyVGeV6NSoJ2Jd2FtQxIFo8mxVd/3YKm4UchEWlS70czZy1D6fB6coZgUUt4/4ibv+qAP65lHz7AK/XjMSiZbM=
Received: from AM5P190MB0275.EURP190.PROD.OUTLOOK.COM (10.161.62.28) by AM5P190MB0339.EURP190.PROD.OUTLOOK.COM (10.161.89.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.20; Tue, 31 Mar 2020 10:32:25 +0000
Received: from AM5P190MB0275.EURP190.PROD.OUTLOOK.COM ([fe80::8c96:a66b:e170:bf8f]) by AM5P190MB0275.EURP190.PROD.OUTLOOK.COM ([fe80::8c96:a66b:e170:bf8f%3]) with mapi id 15.20.2856.019; Tue, 31 Mar 2020 10:32:24 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Achim Kraus <achimkraus@gmx.net>, Jim Schaad <ietf@augustcellars.com>, "core@ietf.org" <core@ietf.org>
Thread-Topic: [core] RFC 7252 - 8.2 - Multicast - Request / Response Layer, page 67, top
Thread-Index: AQHWBAJ4QQxxhgNVoE6+AM1rLNkaVahcnYmAgAAdZICABcLe8A==
Date: Tue, 31 Mar 2020 10:32:24 +0000
Message-ID: <AM5P190MB027536259A44102F7AB9E058FDC80@AM5P190MB0275.EURP190.PROD.OUTLOOK.COM>
References: <580bb0f4-89c4-2d11-b17b-520ddfe89c33@gmx.net> <000501d60452$c96cfa00$5c46ee00$@augustcellars.com> <1e74313a-d258-622f-d43e-ff1fa8f7d06d@gmx.net>
In-Reply-To: <1e74313a-d258-622f-d43e-ff1fa8f7d06d@gmx.net>
Accept-Language: en-US, nl-NL
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=esko.dijk@iotconsultancy.nl;
x-originating-ip: [85.147.167.236]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b0a9eae3-cbc9-4be1-bfc8-08d7d55ecda1
x-ms-traffictypediagnostic: AM5P190MB0339:
x-microsoft-antispam-prvs: <AM5P190MB0339DD424A91833B58BB8774FDC80@AM5P190MB0339.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0359162B6D
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM5P190MB0275.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(10019020)(39830400003)(346002)(376002)(396003)(136003)(366004)(9686003)(26005)(186003)(44832011)(5660300002)(66574012)(81156014)(81166006)(2906002)(71200400001)(8936002)(110136005)(8676002)(64756008)(66446008)(6506007)(55016002)(86362001)(33656002)(316002)(53546011)(966005)(52536014)(7696005)(66476007)(76116006)(66946007)(66556008)(508600001); DIR:OUT; SFP:1102;
received-spf: None (protection.outlook.com: iotconsultancy.nl does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: mnf9cDyMx49BOMR0g2MmLYFXYZsD/W39CpWqxfG0FT2I/WZLBgHlf269vm2S9jKqazgYvlC9vpaqBjg2DTcAYUgQaoXp7oHld93wZT8UHNvju0HgTT/XwdXH8JsLRhwnFlNQv+KEMQh9Mnf3ImiYEpWPmHXsrBfNcU+Yld+ydmFDW3QI4l/ocoWTEz3TcugJog7iLFGPqyhC1QvXil8AUmPR59CQgSRzwJ3oQ1ahD7C+p1CmAULRHcPF6x+2QsQR3a2oiyPXpbqRMd/hxjAq1WNAwtw79d/UUot1mDje5zuFje7nDh5mKxNMDsEavFw2UkDx6W0yRTsNcypbW3Bu5Xb5rBDrvKcdDZxwv69jPvn5NtG/GXzybWkvkPOOus5FXCrJWpBEEoeczfoe/t35XJz1uqhn1x/gkojC81fWj0fLhThPNXaQDen8wiucnlkqx2Ti2lVTzW2QDuc48rdH6D7szdjsI+NmnFEMXTShQCvcbkdkNRl8awJOxqjB0XvsXy2TcHgMH1esPHwT9UXvIA==
x-ms-exchange-antispam-messagedata: wuwaMCXKebr2eDgedHospd39XrXAI3SgdWOYrW3eX7M+73jLxhJlYkXFgKE8MFEF3RNlYT43eGaGJhdP0olWh9EcUrTsh6fzuxb+TZE6iHUUmLmUukxfMFXUl11WxHl2Tok/SjGTZwBy6KV8XG8xIw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-Network-Message-Id: b0a9eae3-cbc9-4be1-bfc8-08d7d55ecda1
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Mar 2020 10:32:24.8728 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tuqsCO9AXcTrHmG3LYhIiEobJsoBwUuJweLBhptTcirYKkKqW6DvNAZPeM9z00A0pe8xBr7ICk+R9B/u7CGay0lNqtxsohuBBsm+OBHUZGo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5P190MB0339
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/ssFrNmTP-vcYkSg96GF1JiOlTJg>
Subject: Re: [core] RFC 7252 - 8.2 - Multicast - Request / Response Layer, page 67, top
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2020 10:32:32 -0000

Hi Achim, Jim,

CoAP did not define (for multicast) that the *matching* done on the client is based on the source endpoint of the response, you're right about this.
However CoAP does define that a Server responds from the same endpoint that received the request, I believe. See below text quotes and analysis.

In Section 2.1:
  The CoAP messaging model is based on the exchange of messages over UDP between endpoints.
[seems to hint at 2 endpoints. Although more would be possible.]

And Section 1.2:

  Endpoint
      An entity participating in the CoAP protocol.  Colloquially, an
      endpoint lives on a "Node", although "Host" would be more
      consistent with Internet standards usage, and is further
      identified by transport-layer multiplexing information that can
      include a UDP port number and a security association
      (Section 4.1).
[this defers to Section 4.1 and seems to hint that different UDP port numbers define different endpoints.]

   Server
      The destination endpoint of a request; the originating endpoint of
      a response.
[this seems intended as one endpoint on which the server lives; see below]

And in 4.1.  Messages and Endpoints:

   A CoAP endpoint is the source or destination of a CoAP message.  The
   specific definition of an endpoint depends on the transport being
   used for CoAP.  For the transports defined in this specification, the
   endpoint is identified depending on the security mode used (see
   Section 9): With no security, the endpoint is solely identified by an
   IP address and a UDP port number.  With other security modes, the
   endpoint is identified as defined by the security mode.
[this mentions UDP port number defines endpoints, in case of no-security mode i.e. multicast CoAP + UDP usage]

So what this tells me is that the server lives at a specific endpoint (identified by IP address and port) that receives a request, and will respond from that same endpoint. (Otherwise it would be a different server responding, living at a different endpoint!)
Or turning it around: if the server would be allowed to respond from another port number, it implies that there is one CoAP server residing on multiple endpoints.  And that seems to go against server as "destination endpoint of a request; the originating endpoint of a response" , or not?
I would interpret this as a server being on only one endpoint.  Because if not, then also for the unicast case  the server could be allowed to respond from a different endpoint because that server lives on multiple endpoints then.

Note there is slightly more information that adds to RFC 7252 in the draft section https://tools.ietf.org/html/draft-ietf-core-groupcomm-bis-00#section-2.3.1. But it does not explain the present issue, though, only details the matching at the client side.
Feel free to challenge my RFC 7252 interpretation, maybe I overlooked something.

Best regards
Esko


-----Original Message-----
From: core <core-bounces@ietf.org> On Behalf Of Achim Kraus
Sent: Friday, March 27, 2020 19:00
To: Jim Schaad <ietf@augustcellars.com>; core@ietf.org
Subject: Re: [core] RFC 7252 - 8.2 - Multicast - Request / Response Layer, page 67, top

Hi Jim,

thanks for the fast answer!

 > The unicast responder does not need to be on the default COAP port
number.

It's more the destination port of the request than the default CoAP port.

 > This would be especially true if you had two different server running
 > on the same piece of hardware. I find this to be very common for me in
 > testing because I am running 10 different CoAP servers on my laptop
 > and while they can share the multicast addresses, they need to end up
 > on different unicast ports.

OK, I see. Interesting. Using  different ports for multicast and unicast
makes it also easier to distinguish multicast from unicast.

(On the other side, it kills somehow the idea of a "service, bound to a
port" and it makes tracking the traffic with wireshark harder :-).
I will see, when I can spend some time into adjust the server-side
according this idea in your answer.)

best regards
Achim


Am 27.03.20 um 17:14 schrieb Jim Schaad:
>
>
> -----Original Message-----
> From: core <core-bounces@ietf.org> On Behalf Of Achim Kraus
> Sent: Thursday, March 26, 2020 11:39 PM
> To: core@ietf.org
> Subject: [core] RFC 7252 - 8.2 - Multicast - Request / Response Layer, page
> 67, top
>
> Hi list,
>
> RFC 7252 - 8.2 - Multicast - Request / Response Layer, page 67, top
>
> "When matching a response to a multicast request, only the token MUST match;
> the source endpoint of the response does not need to (and will
> not) be the same as the destination endpoint of the original request."
>
> (4.1. Messages and Endpoint, "With no security, the endpoint is solely
> identified by an IP address and a UDP port number")
>
> Though it is obvious, that the IP address part is changing (from multicast
> destination to a unicast source), I 'm not sure, why the port should be
> considered to change as well.
>
>
> example:
> 192.168.1.50:15683 -> 224.0.1.187:5683   (multicast request)
>
> 192.168.1.50:15683 <- 192.168.1.40:5683  (unicast response, I would expect)
>
> 192.168.1.50:15683 <- 192.168.1.40:7843  (unicast response, the spec.
> also allows)
>
> So,
>
> - was a change of the port (2. example response) considered when writting
> that definition?
> - if yes, what was the reason to do so?
>
> [JLS] My response would be that the answer is yes.  The unicast responder
> does not need to be on the default COAP port number.  This would be
> especially true if you had two different server running on the same piece of
> hardware.   I find this to be very common for me in testing because I am
> running 10 different CoAP servers on my laptop and while they can share the
> multicast addresses, they need to end up on different unicast ports.
>
> Jim Schaad
>
>
> best regards
> Achim Kraus
>
> _______________________________________________
> core mailing list
> core@ietf.org
> https://www.ietf.org/mailman/listinfo/core
>

_______________________________________________
core mailing list
core@ietf.org
https://www.ietf.org/mailman/listinfo/core