IETF Logo Mail Archive

Re: [Ice] 5245bis: STUN/TURN transaction timeout timer

Ari Keränen <ari.keranen@ericsson.com> Thu, 01 March 2018 07:47 UTC

Return-Path: <ari.keranen@ericsson.com>
X-Original-To: ice@ietfa.amsl.com
Delivered-To: ice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA1B11205D3 for <ice@ietfa.amsl.com>; Wed, 28 Feb 2018 23:47:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.32
X-Spam-Level:
X-Spam-Status: No, score=-4.32 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YpK7BZqBJg90 for <ice@ietfa.amsl.com>; Wed, 28 Feb 2018 23:47:35 -0800 (PST)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CE9712D7F5 for <ice@ietf.org>; Wed, 28 Feb 2018 23:47:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1519890452; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=c9v4vTQdfMpx7DyXKJrDB+xMfdKAfSNTG9CaeoSTuwg=; b=AYyKIzUAF6bqBb5ZyBHBzC7dI0RpMM84pURXJp/gBCMKM7eT4WNZBmX2B0T1enfi PjeZ1czfMc7syFdOZ0ElwmJaIHXxImWpuk7URuEHYVPuO5Y70ScV29kUY/01LqH4 9DR14GkcylNRQOloImf9UbMSwqN0jO0eZL+fXCzFzpU=;
X-AuditID: c1b4fb25-083ff70000002d5f-8e-5a97b0141d2c
Received: from ESESSHC014.ericsson.se (Unknown_Domain [153.88.183.60]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 2A.76.11615.410B79A5; Thu, 1 Mar 2018 08:47:32 +0100 (CET)
Received: from ESESSMB109.ericsson.se ([169.254.9.82]) by ESESSHC014.ericsson.se ([153.88.183.60]) with mapi id 14.03.0352.000; Thu, 1 Mar 2018 08:47:32 +0100
From: Ari Keränen <ari.keranen@ericsson.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>, "Black, David" <David.Black@dell.com>, "ice@ietf.org" <ice@ietf.org>, "jri@google.com" <jri@google.com>, Nils Ohlmeier <nohlmeier@mozilla.com>
CC: "draft-ietf-ice-rfc5245bis@ietf.org" <draft-ietf-ice-rfc5245bis@ietf.org>, "ice-chairs@ietf.org" <ice-chairs@ietf.org>
Thread-Topic: [Ice] 5245bis: STUN/TURN transaction timeout timer
Thread-Index: AdOuOI+oEAiBXZOTQm+Dl/LRxGi/pAA0o/rgAAMPdYAAAXfKMAACL39QAAosVoAAACltgAACbt+AAHQHYYA=
Date: Thu, 01 Mar 2018 07:47:31 +0000
Message-ID: <748F125A-EE65-49B9-99D9-C64AB428CD3A@ericsson.com>
References: <7594FB04B1934943A5C02806D1A2204B6C19C90C@ESESSMB109.ericsson.se> <CE03DB3D7B45C245BCA0D2432779493630022D46@MX307CL04.corp.emc.com> <D6B9E77B.2BA3D%christer.holmberg@ericsson.com> <CE03DB3D7B45C245BCA0D2432779493630022F21@MX307CL04.corp.emc.com> <7594FB04B1934943A5C02806D1A2204B6C1A8CC5@ESESSMB109.ericsson.se> <143496D8-1304-49C3-B12F-5EF3A116E1BD@mozilla.com> <CE03DB3D7B45C245BCA0D2432779493630024378@MX307CL04.corp.emc.com> <1A521409-0DF9-42B7-B1D9-0F8FB6FA7008@mozilla.com>
In-Reply-To: <1A521409-0DF9-42B7-B1D9-0F8FB6FA7008@mozilla.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [193.234.218.122]
Content-Type: multipart/signed; boundary="Apple-Mail=_21942CC5-508B-4B31-A609-D2CC0206CC7C"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrDIsWRmVeSWpSXmKPExsUyM2K7ja7IhulRBnv2q1p8nLWYxWL+yevM FhdnTWaz+Hah1mLS0YUsFtfnTWZ0YPOYNHMGs8eCTaUeS5b8ZPLoO9DFGsASxWWTkpqTWZZa pG+XwJWx+OZxloJHURWTPzYyNTD2BXYxcnJICJhI3O97wwxiCwkcZpR4flG4i5ELyF7EKDFp xh9WkASbgK3Ek9Z9rCAJEYFTjBJXvm1hB0kwC9RIXLu7H6xbWMBeYsWENkYQW0TAQeLBngYm CDtJYubJGWA1LAIqEjd617GA2LxA9btWb2GF2PaTWeLy9HawBk6gxPlLx8AGMQqISXw/tYYJ Ypm4xK0n85kgzhaReHjxNBuELSrx8vE/VghbWWLdgyeMIEOZBaYwSmzpmMsGsU1Q4uTMJywT GEVmIZk1C1ndLCR1EEXaEssWvmaGsDUl9ncvh4qbSrw++pERwraWmPHrIBuErSgxpfsh+wJG jlWMosWpxUm56UbGeqlFmcnFxfl5enmpJZsYgfF6cMtv1R2Ml984HmIU4GBU4uFVXzo9Sog1 say4MvcQowrQnEcbVl9glGLJy89LVRLhPb19WpQQb0piZVVqUX58UWlOavEhRmkOFiVx3jnC 7VFCAumJJanZqakFqUUwWSYOTqkGxljfyZ+eX0lviHFXTL72696id2/3l5XqtEisFYx55/f+ X2huwtY7nb0f55mUe2asmJXvoizhvmRO+X7b5MXP/TijHqwV0lnyeOPzJwXveSZP7OVZbyAw +fuRxze8nL6LLK65d3+W54Q7H3+tbmv8ePRdRuOy0xMkrpQFPF+o681gznrhTCRb4XolluKM REMt5qLiRAACMJWv3wIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ice/h5vE337Bo4Wcxe6KtywEvvTTxGk>
Subject: Re: [Ice] 5245bis: STUN/TURN transaction timeout timer
X-BeenThere: ice@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Interactive Connectivity Establishment \(ICE\)" <ice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ice>, <mailto:ice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ice/>
List-Post: <mailto:ice@ietf.org>
List-Help: <mailto:ice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ice>, <mailto:ice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Mar 2018 07:47:37 -0000

Hi,

I had a look at the Ti timer in 5389 (https://tools.ietf.org/search/rfc5389#section-7.2.2) and it seems that it is defined to be in line with the time it takes for (UDP) STUN transaction that includes all re-transmissions to timeout:
>    Reliability of STUN over TCP and TLS-over-TCP is handled by TCP
>    itself, and there are no retransmissions at the STUN protocol level.
>    However, for a request/response transaction, if the client has not
>    received a response by Ti seconds after it sent the SYN to establish
>    the connection, it considers the transaction to have timed out.


However the HTO timer is for transaction pacing and is roughly what one successful connectivity check should take (2*RTT). 

Therefore these are two different things and I don't think it make sense to mention Ti here at all. I suggest we remove the note completely.


Cheers,
Ari (hat off)

> On 27 Feb 2018, at 2.25, Nils Ohlmeier <nohlmeier@mozilla.com> wrote:
> 
> Yes you are right. Somehow I managed to read Christer’s Note the opposite way of what I now think he intends to point out.
> 
> Sorry for the confusion.
> 
>   Nils
> 
> 
>> On Feb 26, 2018, at 15:15, Black, David <David.Black@dell.com> wrote:
>> 
>> Isn’t it the other way around – ICE HTO is much shorter than STUN or TURN Ti?
>>  
>> Thanks, --David
>>  
>> From: Nils Ohlmeier [mailto:nohlmeier@mozilla.com] 
>> Sent: Monday, February 26, 2018 6:11 PM
>> To: Christer Holmberg <christer.holmberg@ericsson.com>
>> Cc: Black, David <david.black@emc.com>; ice@ietf.org; draft-ietf-ice-rfc5245bis@ietf.org; ice-chairs@ietf.org; jri@google.com
>> Subject: Re: [Ice] 5245bis: STUN/TURN transaction timeout timer
>>  
>>  
>> On Feb 26, 2018, at 07:48, Christer Holmberg <christer.holmberg@ericsson.com> wrote:
>>  
>> Maybe adding the following note to the existing Timer HTO definition:
>>  
>> Timer HTO:  The timeout timer for a given STUN or TURN transaction.
>>  
>>   “NOTE: When STUN and TURN are used with ICE, timer HTO is used instead of timer Ti [RFC5389] as transaction timeout timer.”
>>  
>> My initial thought was: yes sounds good.
>>  
>> But one of the side effects know from real world deployments is that results in the end-of-candidates indication coming in after a long time if one of the STUN or TURN servers is not reachable.
>> I don’t want to make this a last minute change, but your indication that Ti explicitly got made shorter made me wonder if everyone in WG is aware of this usage of the long HTO value.
>>  
>> Best
>>   Nils Ohlmeier
>> 
>> 
>>  
>> Regards,
>>  
>> Christer
>>  
>> From: Black, David [mailto:David.Black@dell.com] 
>> Sent: 26 February 2018 16:54
>> To: Christer Holmberg <christer.holmberg@ericsson.com>;ice@ietf.org; draft-ietf-ice-rfc5245bis@ietf.org; ice-chairs@ietf.org
>> Cc: jri@google.com; Black, David <David.Black@dell.com>
>> Subject: RE: 5245bis: STUN/TURN transaction timeout timer
>>  
>> That would be a fine thing to do, Thanks, --David
>>  
>> From: Christer Holmberg [mailto:christer.holmberg@ericsson.com] 
>> Sent: Monday, February 26, 2018 9:22 AM
>> To: Black, David <david.black@emc.com>; ice@ietf.org; draft-ietf-ice-rfc5245bis@ietf.org; ice-chairs@ietf.org
>> Cc: jri@google.com
>> Subject: Re: 5245bis: STUN/TURN transaction timeout timer
>>  
>> Hi,
>>  
>> >> But, still, is there a reason we couldn’t use ‘Ti’ also in 5245bis, and point out the big value difference when used with ICE?
>> > 
>> >Given the nearly 2-orders-of-magnitude difference in the time periods, I’d be concerned that using the same name risks leaving an incorrect impression on an implementer who
>> >is familiar with one protocol, but new to the other.   Different names may also improve clarity in other documents that describe how STUN and ICE work together.
>>  
>> Fair enough. But, should we then point out that Ti isn’t used with ICE?
>>  
>> Regards,
>>  
>> Christer
>>  
>>  
>>  
>> From: Christer Holmberg [mailto:christer.holmberg@ericsson.com] 
>> Sent: Sunday, February 25, 2018 8:00 AM
>> To: ice@ietf.org; draft-ietf-ice-rfc5245bis@ietf.org; ice-chairs@ietf.org
>> Cc: Black, David <david.black@emc.com>; jri@google.com
>> Subject: 5245bis: STUN/TURN transaction timeout timer
>>  
>> Hi,
>>  
>> In draft-5245bis, the name of the STUN/TURN transaction timeout timer is ‘HTO’.
>>  
>> As part of the IESG review, I have been asked what the ‘H’ stands for. After some digging in the mail archives (2016-09-14), I figured out it stands for “handshake”:
>>  
>> https://www.ietf.org/mail-archive/web/ice/current/msg00378.html
>>  
>>       “2.  A timeout for request packets, call it handshake timeout or HTO which SHOULD be 2*RTT if the RTT is known and 500ms otherwise.”
>>  
>> Now, in RFC 5389, the transaction timeout timer is called ‘Ti’. However, the default value for that SHOULD be 39,5 seconds – which is quite different from 500ms.
>>  
>> But, still, is there a reason we couldn’t use ‘Ti’ also in 5245bis, and point out the big value difference when used with ICE?
>>  
>> Regards,
>>  
>> Christer
>> _______________________________________________
>> Ice mailing list
>> Ice@ietf.org
>> https://www.ietf.org/mailman/listinfo/ice
>

v2.23.0 | Report a Bug | By Email