Re: [dispatch] New Version Notification for draft-kinamdar-dispatch-sip-auto-peer-00.txt - SIP OPTIONS?
Christer Holmberg <christer.holmberg@ericsson.com> Mon, 23 September 2019 14:15 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82EBC120843 for <dispatch@ietfa.amsl.com>; Mon, 23 Sep 2019 07:15:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ptfoHz44EGP2 for <dispatch@ietfa.amsl.com>; Mon, 23 Sep 2019 07:15:43 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0618.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe02::618]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC5BE120831 for <dispatch@ietf.org>; Mon, 23 Sep 2019 07:15:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FDTEM2nOmEErp787eWvIBhmGvWvFlfQYieVpEO7fBX5Y814VzyVRzZZH4Sjbkcyg6VuhwfUsb4u/yAR/Ykndm5NljdZ0no4mzG4+PV4Lu6ohYArYnDGOn8t4okKqJGXC9Qr/6l3JeW76BUN6tYN6dSEnWF/9itxIIIGyj7dE4MczFEDySX0yHcYog0dkMYjP6dXQu5eZWXvjOfh2K4pJ3hVsK/6olNh1BJCOg5LQXnqjuEviyk9KE7ZYjrS02tA1b3/a9mqYVSr9gsIEgATsT46I79eXW80o/lN2X+mw9caUHWxgMgYPYMjwCP8COn1ttsBWBcIFQTOQJ4OV2MGPIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=woW9ctmcb0Bn55dLkD/083YP3f1EnUXvOZevnZWvIQk=; b=meMOLVCcCjxYHnvZtBxDb34mPoeN1yWfHvHizF+SVQRBj+v5SrrdmItwQlQ0nlulbnvKKZDFQ1HLiFx4wEuekiLGrFwf/tY8VfT/j/2r+HH1iwb0QHFiFXMKXuLV59oTtHGTnISvVqQtjhZVcbx2TK04QmnsJccNSYzTHA41mXISlNKnT6suwh65nQu3G3xbvmd2tCIjLKtAPJgsC/sJ2fgmu8WknBl5k+m97n80HOAAMB6mFIXkarp5eOKBllAHia5o1m0dSP0/Hoi0wVbjR2BDGZ+Upa+i2D10mSV5/ktdMTUH3hUKSYbWLty1wxJcQB65dSbmsTUMeCcWRJ07CA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=woW9ctmcb0Bn55dLkD/083YP3f1EnUXvOZevnZWvIQk=; b=emgzgeHAa6O4+NyhlXkp2qHxm95sYuFZ7qhdPnhrllGGnafbJ1L2evyxl/8hqAG05iDgsxTNyC8tBdx5zDVFHoZuNZpeurl7R4by346YZrTfGulVC5XL7mSt+uWy8xVcmkhBRye0amp9DOdEMUCFZ+UClgtF037bVtxkVpMFTH8=
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3434.eurprd07.prod.outlook.com (10.170.247.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.14; Mon, 23 Sep 2019 14:15:40 +0000
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::14d0:5c4f:26b7:b6e9]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::14d0:5c4f:26b7:b6e9%3]) with mapi id 15.20.2305.013; Mon, 23 Sep 2019 14:15:40 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "Kaustubh Inamdar (kinamdar)" <kinamdar@cisco.com>, "dispatch@ietf.org" <dispatch@ietf.org>
Thread-Topic: New Version Notification for draft-kinamdar-dispatch-sip-auto-peer-00.txt - SIP OPTIONS?
Thread-Index: AdVxfq9wFrFr77tER/CboD8MoyGfMA==
Date: Mon, 23 Sep 2019 14:15:40 +0000
Message-ID: <HE1PR07MB316171FA68306AB55169656F938A0@HE1PR07MB3161.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1b.0.190715
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [89.166.49.243]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 533d0aa6-32a0-469f-ebf9-08d740308390
x-ms-traffictypediagnostic: HE1PR07MB3434:
x-microsoft-antispam-prvs: <HE1PR07MB3434BEFE0529C06A6FF7780793850@HE1PR07MB3434.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0169092318
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(396003)(39860400002)(346002)(366004)(136003)(189003)(199004)(66446008)(14444005)(64756008)(81166006)(81156014)(76116006)(8936002)(478600001)(3846002)(25786009)(74316002)(58126008)(6116002)(71200400001)(7736002)(71190400001)(14454004)(66556008)(66476007)(66946007)(256004)(44832011)(8676002)(110136005)(5660300002)(305945005)(99286004)(53546011)(7696005)(6506007)(316002)(52536014)(9686003)(55016002)(6436002)(33656002)(476003)(186003)(102836004)(26005)(2906002)(2501003)(86362001)(66066001)(15650500001)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3434; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5p/RO71FYCJ+9xvLKnp2qCXKMfNAxuDfXLvr9uGb/w0P+1T9t+IR+O7G02dQrffFqkjNQ3h5/Sv1F0d9t3Ltdmveu4vLZZVi9gE+6SP07kvYITBkGPAEW/TiE47Po2DYEk3m6jWjgMFyXoqWUzgup3ylD+Zrrghq8EmSQNskE77F6hMt3e71vRtzu+lIQVXAYw3XKOtRD2zNiYYg3SIKdyahTc9UsC37pY7NP1QcaL54rp0fVHFTsHp/jlXO28tIJyqbUgZmJZSe59srScVRxphXLYw+8Ji6wG+72dNLa9FaR0z49p2ySfQ6RygtbOBGfZzpTpo6lXPMt5PNTQ7VYAA6bMfK0V2Q/zf2aqHLDnFjNxlpxwoKRuhiz3AxHDkFUbZm+05QlvxxXTvl2CxYZcUVsGuT593bko9UndGkH6s=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <21CB8AA08130C544966CB12BEF7AFC2B@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 533d0aa6-32a0-469f-ebf9-08d740308390
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Sep 2019 14:15:40.5065 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: JmATrdfvr5enT3QKUy4aIWHKVI7iuYHPVHG7zGp8gnmcX9zBrPdwebsLvLj14zJismUlLPy1Y1HlvDoa2DHtL/DxKU1GQQ7P5W2M/iotnRs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3434
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/NGXxMuE29Y2wUn3ixQH4wmnHD7s>
Subject: Re: [dispatch] New Version Notification for draft-kinamdar-dispatch-sip-auto-peer-00.txt - SIP OPTIONS?
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2019 14:15:56 -0000
Hi Kaustubh, Thank You for the reply! Please see inline. >>> Constructs in SIP such as NOTIFY and OPTIONS may be used to achieve the end goal - which is to have the SIP service provider offload its set of capabilities. >>> However, with I see a couple of challenges with using OPTIONS… >>> >>> 1. It is entirely plausible for the SIP service provider to offload >>> different capability set documents to different enterprises or different sites within an enterprise. Accordingly, it would be a challenge to fine tune the OPTIONS response on a per enterprise/site basis. >> >> I assume the service provider will have to know from which enterprise network the OPTIONS request comes from - similar to the HTTPS GET in the draft. > >Kaustubh: The point of contention isn’t how the service provider determines “where” the OPTIONS request came in from. This can be done by examining SIP header fields or the source IP address of the >request. The point I was trying to make was two-fold: >1. Service providers would have to upgrade their SIP stacks to handle this new response type in the body of the OPTIONS response. > >2. I don’t know if it would be very simple to handle customised capability set responses based on enterprise identity at the SIP layer - even if it is, it is >needlessly a lot of work for something that can be accomplished much more easily using an alternate mechanism. I don't understand how it would be "must more easily". In both cases the server is adding the capabilities in the response of a request (SIP OPTIONS or HTTP GET), and in both cases the server needs to implement the support for that. >While I completely get that SIP OPTIONS was designed for the purpose of probing a remote entity for its capabilities, the path of least disruption seems to be to use HTTPS. One of the draft co-authors also co-authored the RIPP draft, which is kind of going in that direction (at least for a specific use-case). But, at least in the draft you are marketing this as a SIP feature :) --- >>> 2. OPTIONS could and in many cases today is used as a keep alive >>> mechanism between the enterprise and service provider network. Wouldn’t it be overkill to have the service provider >>> embed the capability set document in every response? Unless, there is some way for the enterprise to indicate a >>> keep alive OPTIONS request and a capability set soliciting OPTIONS request. >> >> I don't think it justifies to define a new capability indication mechanism just because people are misusing the current one. >> >> However, if the community thinks OPTIONS is a good mechanism for keep-alives, I am sure it would be possible to define >> some type of keep-alive indicator. But, what type of keep-alives are OPTIONS used for? Registration keep-alives? Session >> keep-alives? Something else? > > Kaustubh: Registration keepalives are handled using the Expires header field value of the response to the REGISTER message(200 OK). > By Session, I assume you mean calls…in which case session freshness is handled using the guidelines of RFC 4028. OPTIONS as it > relates to keepalives on the other hand is used for target monitoring. In the sense that whether the target to which the OPTIONS is > sent is capable of handling requests. For example, SBC——SIP——Group of 3 Call Servers. The SBC would send OPTIONS at regular > intervals to all three call servers. Depending on the response code or lack thereof, one, two or all three call servers can be > as “up” - capable of handling further requests or “down” - not a viable destination to send requests to until it/they start responding > to OPTIONS again. Thanks for clarifying. In this case I guess you could define a target keep-alive mode for OPTIONS, where it does not include the whole capability set in the response. Alternatively, if you are only interested in getting *A* response from the target, you could send OPTIONS with Require:fake-option-tag, which should trigger a 4xx response :) --- >>> 3. In most cases, SIP service providers would probably not respond to >>> OPTIONS unless a SIP trunk is registered to them. If a trunk is >>> registered, it explicitly means that the enterprise is ready to >>> incoming calls. To register a trunk, then get an OPTIONS response with the capability set and >>> then configure the edge element(and perhaps other devices for features with an end-to-end bearing) >>> would leave the enterprise network vulnerable to call failure/unexpected call handling for a certain lapse of time. >> >> If the service provider is going to respond to HTTPS GET requests, I would assume they could also response to pre-registration SIP OPTIONS requests? > > Kaustubh: This is highly unlikely. I don’t think service providers would respond to OPTIONS sourced from a trunk until the trunk > is registered. In situations where the OPTIONS is sent prior to trunk registration, I think either the request is ignored (no response whatsoever) or > responded to with a 403/5XX response without a message body. Isn't this an SLA issue? Because, I doubt a service provider would send its capabilities in a HTTPS GET response unless there is some kind of business agreement with the sender (enterprise network) of the GET request and the service provider. >>> Also, to be able to send SIP OPTIONS, the enterprise ought to know the >>> transport address of the OPTIONS target. The transport address of the target is something that is included in the capability set document. >> >> The enterprise would have to know where to send the HTTPS GET too. > > Kaustubh: How would the enterprise network know which transport protocol to use for the OPTIONS request? > Assuming it is TLS, would the request have to cycle through UDP, TCP and then TLS? Well, you have the same question when you are sending a REGISTER, an initial INVITE or a MESSAGE, don't you? Again, I think this is an SLA issue. > To summarise, deployment realities preclude the smooth use of a SIP based mechanism for obtaining the capability set. If we were talking about > two simple SIP UAs, then OPTIONS is the best and easiest way of probing remote caps. However, in the context of SIP trunking, this doesn’t seem > feasible and was one of the strongest reasons we chose to use HTTP. In that case, I think you should describe that in the draft. Currently it doesn't even mention OPTIONS (unless I've missed it), which I think it is strange considering that it is *THE* SIP mechanism for querying capabilities :) Regards, Christer On 19/09/19, 12:23 PM, "Christer Holmberg" <christer.holmberg@ericsson.com> wrote: Hi Kaustubh, > Constructs in SIP such as NOTIFY and OPTIONS may be used to achieve the end goal - which is to have the SIP service provider offload its set of capabilities. > However, with I see a couple of challenges with using OPTIONS… > > 1. It is entirely plausible for the SIP service provider to offload different capability set documents to different enterprises or different sites within an > enterprise. Accordingly, it would be a challenge to fine tune the OPTIONS response on a per enterprise/site basis. I assume the service provider will have to know from which enterprise network the OPTIONS request comes from - similar to the HTTPS GET in the draft. --- > 2. OPTIONS could and in many cases today is used as a keep alive mechanism between the enterprise and service provider network. Wouldn’t it be overkill to have the service > provider embed the capability set document in every response? Unless, there is some way for the enterprise to indicate a keep alive OPTIONS request and a capability set soliciting OPTIONS request. I don't think it justifies to define a new capability indication mechanism just because people are misusing the current one. However, if the community thinks OPTIONS is a good mechanism for keep-alives, I am sure it would be possible to define some type of keep-alive indicator. But, what type of keep-alives are OPTIONS used for? Registration keep-alives? Session keep-alives? Something else? --- > 3. In most cases, SIP service providers would probably not respond to OPTIONS unless a SIP trunk is registered to them. If a trunk is registered, it explicitly > means that the enterprise is ready to incoming calls. To register a trunk, then get an OPTIONS response with the capability set and then configure the edge > element(and perhaps other devices for features with an end-to-end bearing) would leave the enterprise network vulnerable to call failure/unexpected call > handling for a certain lapse of time. If the service provider is going to respond to HTTPS GET requests, I would assume they could also response to pre-registration SIP OPTIONS requests? > Also, to be able to send SIP OPTIONS, the enterprise ought to know the transport address of the OPTIONS target. The transport address of the target is something > that is included in the capability set document. The enterprise would have to know where to send the HTTPS GET too. Regards, Christer
- Re: [dispatch] New Version Notification for draft… Christer Holmberg
- Re: [dispatch] New Version Notification for draft… Cullen Jennings