IETF Logo Mail Archive

Re: [Ice] ICE PAC: When to start the timer waiting for possible peer reflexive candidates?

Roman Shpount <roman@telurix.com> Mon, 29 April 2019 19:32 UTC

Return-Path: <roman@telurix.com>
X-Original-To: ice@ietfa.amsl.com
Delivered-To: ice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90FE51206D9 for <ice@ietfa.amsl.com>; Mon, 29 Apr 2019 12:32:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ay9JY1ctCPah for <ice@ietfa.amsl.com>; Mon, 29 Apr 2019 12:32:11 -0700 (PDT)
Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0C891206E2 for <ice@ietf.org>; Mon, 29 Apr 2019 12:32:03 -0700 (PDT)
Received: by mail-pf1-x436.google.com with SMTP id j11so5806042pff.13 for <ice@ietf.org>; Mon, 29 Apr 2019 12:32:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MaqcKZKGALvvnCUmTT5WpzlJorM1GQE9T+eslc6NUW0=; b=jZWdFVpBgMNP+xlAQLBhHvezcRsxW0v1uqWrW6pmOlV/6cd+asqYRSzluIaS8dRalh PYeCfu1cLaN8WxHDVG36HKChr9cSikwJtBiYIr5+lvb6zQRJTs+wNcKfIBSXADXdxbrL SYP4A+sz4g2rXw9/ZAtqWv68Qvm9iLmh2FDEZVRF0gwhTKivhODfiqkMiDdnWJHkpKBy lKN8j2sVymyemz8XOM3y0haPQJeoeYvS2LZTX8ebe/buK6Y9sa2a780tZrUoxOXvSEZf 2M0RWip77W0M/2fjAmgTrwNDnFc2PdUR7mg/KfgOOlo2rYIrnssx/ginltezrogj4Vu3 z6yQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MaqcKZKGALvvnCUmTT5WpzlJorM1GQE9T+eslc6NUW0=; b=BZ1Jww/WLUbI7ec9kE/FM2IJczVl51ymoWPnuyY+WVjggqqrHHJ4g3/s4bArQYDyop JMpO1uc/FPTnTxGN33G9GR+xeZuBDnhWjfRnfpG1sJN7ZJiVRiXeYHvUgLxiJfYCmP7B aZRvK4qfFIgjIe2uZYtAhEAdlTcdxg4StCRYUxP+rOP/WjVd+DfT9uA2Tc7vr5BEtzC5 3XvpbqLjb/shLDfP4PX7gT1G0aKFKmnUdWPbwas3sFpePsZJMYjDm4A6/UsZUIx0guJY QfbC5+0yABhOXBxh+dbo3CX7WKG6YxIrSx6eGFXXpkeOb5mmOGFXOiomyb6OQXISxuQ1 tC5Q==
X-Gm-Message-State: APjAAAVpCqhEqNXc1VwkRTwjmWBP+2Z7Hgq5GzMy/blF5nRDsyz0k3mm d1z9eyCbMBuQeAMIeVcuVkgpRuZPCbQ=
X-Google-Smtp-Source: APXvYqxqcL4mJ7aYneGGrlpGsk81aa9kLxjVfJesrHIQ7zWxmDHHWe+DFmALZ4bRp5YK3Wby6UkEaA==
X-Received: by 2002:a62:f24e:: with SMTP id y14mr65387208pfl.209.1556566323007; Mon, 29 Apr 2019 12:32:03 -0700 (PDT)
Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com. [209.85.215.181]) by smtp.gmail.com with ESMTPSA id e4sm22770340pfn.185.2019.04.29.12.32.01 for <ice@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 29 Apr 2019 12:32:01 -0700 (PDT)
Received: by mail-pg1-f181.google.com with SMTP id k19so5652883pgh.0 for <ice@ietf.org>; Mon, 29 Apr 2019 12:32:01 -0700 (PDT)
X-Received: by 2002:a62:5a42:: with SMTP id o63mr67892441pfb.170.1556566321548; Mon, 29 Apr 2019 12:32:01 -0700 (PDT)
MIME-Version: 1.0
References: <3A66B735-03C9-41FF-95AD-500B0D469C80@ericsson.com> <CAD5OKxsMgNTQPNP4Ni72H+yD4iUeyNK+x6CSvdBApGnPTpr_vg@mail.gmail.com> <A4EC3C01-4D7D-45DF-876D-E58706F74866@ericsson.com> <CAD5OKxt8tDemkK=v4X1gjwJGLYrxcd95S7uV53_fsga6grZ_rA@mail.gmail.com> <30518269-CA9D-4F50-8CE3-062A01DBCD7F@mozilla.com> <CAD5OKxvmRK8Xzu4FSRv3Lgdg-VrrufzGhjAdSmfcLLkrm-jtjw@mail.gmail.com> <0AD3077C-74FA-4585-942A-375B83B3A7A0@ericsson.com> <CAD5OKxsgpf7Hv_nxFOZFwfNk7-_xNRzmoPTA2bZCqZo3wzudKQ@mail.gmail.com> <HE1PR07MB316172053751D307F83DE0EB933E0@HE1PR07MB3161.eurprd07.prod.outlook.com> <CAD5OKxu332E8vzdc4dt09NxXGf9Cr2izwECDAQjc7V_YDx3r5w@mail.gmail.com> <HE1PR07MB316189447ED302BEC5021946933F0@HE1PR07MB3161.eurprd07.prod.outlook.com> <CAOJ7v-3Dv4N5j0KykxQf-gHQfvJ9x-VzbTTTcdJyfgYgcdYy5A@mail.gmail.com> <HE1PR07MB3161E4496E7BDC5FF419CCE793390@HE1PR07MB3161.eurprd07.prod.outlook.com> <CAOJ7v-3JkrYnWpghusRytVvTn1u7OibL9J3NyVh+ia9neSyuHA@mail.gmail.com>
In-Reply-To: <CAOJ7v-3JkrYnWpghusRytVvTn1u7OibL9J3NyVh+ia9neSyuHA@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
Date: Mon, 29 Apr 2019 15:31:50 -0400
X-Gmail-Original-Message-ID: <CAD5OKxs1cJ3rrOV1--NGO2SPsJu6WtjcNNqp_WUeS822vDtFoQ@mail.gmail.com>
Message-ID: <CAD5OKxs1cJ3rrOV1--NGO2SPsJu6WtjcNNqp_WUeS822vDtFoQ@mail.gmail.com>
To: Justin Uberti <juberti@google.com>
Cc: Christer Holmberg <christer.holmberg@ericsson.com>, Nils Ohlmeier <nohlmeier@mozilla.com>, "ice@ietf.org" <ice@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000aa55a30587b0564b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ice/sBkR4MVab2NOx3tAqS2jW7JUGhc>
Subject: Re: [Ice] ICE PAC: When to start the timer waiting for possible peer reflexive candidates?
X-BeenThere: ice@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Interactive Connectivity Establishment \(ICE\)" <ice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ice>, <mailto:ice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ice/>
List-Post: <mailto:ice@ietf.org>
List-Help: <mailto:ice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ice>, <mailto:ice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2019 19:32:14 -0000

Hi,
On Mon, Apr 29, 2019 at 2:08 PM Justin Uberti <juberti@google.com> wrote:

> On Mon, Apr 29, 2019 at 6:01 AM Christer Holmberg <
> christer.holmberg@ericsson.com> wrote:
>
>> In a non-trickle case, I think it would be very strange if the agent
>> didn’t get any candidates front the peer agent.
>>
>>
>> >I have just sent a message to the mmusic list regarding ice-sip-sdp and
>> offers with >no candidates. There is nothing that technically prohibits it
>> in RFC 5245, so I >thought it makes sense to add a note which explicitly
>> allows it in ice-sip-sdp.
>> >
>> >There is a valid use case for this, when client is behind NAT and it
>> would only >communicate with a server on public address. In such cases,
>> client does not need >to collect any candidates and simply send the offer.
>> Once it gets the answer from >the server with the public address, client
>> can send a STUN bind request to server >address using a local socket not
>> bound to any address, which will use default >route. There are multiple
>> benefits for implementing it this way, one of which >would be client
>> privacy.
>>
>> One option would then be to say that PAC only applies when an agent
>> actually has received some candidates from its peer.
>>
>> If an agent does NOT receive any candidates from the peer, it knows that
>> the only  candidates it will get are peer reflexive ones, and how long the
>> agent waits for those is an implementation issue.
>>
>> >Not sure that makes sense, that directly contradicts one of the examples
>> >in the actual PAC document.
>> >
>> >Overall I think the Firefox approach makes the most sense - the PAC
>> timer
>> >starts when you have either a local or remote candidate.
>>
>> That would mean that PAC becomes a the-maximum-time-to-run-ICE timer. If
>> that's what people want, fine.
>>
>
> Maybe this is what you meant, but I think it's a "minimum-time-to-run-ICE"
> timer.
>
>>
>> However, you can have a local candidate long before the remote peer gets
>> it, so starting the timer once you have a candidate sounds strange to me. I
>> think we should at least wait until the agent has sent the agent to the
>> peer.
>>
>
> This is an important observation - we don't want to start the timer until
> we think both us and the peer agent are running ICE processing (e.g., if we
> just gathered candidates but didn't send an offer, we shouldn't start the
> timer). I'm not totally sure what you meant above, but one way to ensure
> we're in the right state would be to start the timer when both of the below
> are true:
> 1) We have sent or received an answer.
> 2) Local candidate gathering has completed (including the case when zero
> candidates have been gathered).
>
> #2 may not be strictly necessary, but gives us more flexibility in trickle
> cases if gathering takes a very long time (10+ seconds) for some reason.
>

There are two approaches that we can take:

First would be "practical" approach. If we assume that number of candidates
is reasonable, local candidate collection takes less then 1-2 seconds, TURN
candidates are returned in couple of seconds, and signaling delays are less
then a second or two, then entire candidate collection and delivery to
remote agent should take less then few seconds. In this case, if minimal
ice time to run is set to reasonably large time (like STUN bind request
timeout, which is 32 sec), then it would give both agents more then enough
time to send a several connectivity checks on all potential ICE candidate
pairs. In any case, if entire procedure would take much longer caller will
hung up and walk away.

Another approach would be "formally correct" approach, which would try to
make sure that ICE nomination succeeds when a valid candidate pair exists.
It will need to deal with large numbers of local candidates (50 candidates
with only candidate 40-something having access to public internet), slow
TURN candidate allocation which takes tens of seconds, and signaling delays
that introduce tens of seconds delays on candidate delivery. If you need to
deal with such setups, then ICE nomination should only fail after the last
STUN binding request from remote agent have failed. In case of ice-sip-sdp,
this will require an additional signaling message. In case of WebRTC this
would mean ICE would never fail unless it was explicitly told to stop by an
application.

We can also try to address something in between and start ICE minimal
time-out after last candidate was sent to the remote agent, but, in cases
with reasonable assumptions this should not make any difference, and in
extreme cases this would not be enough.

My preference would be to go with reasonable assumptions and start the
timer when the last local candidate (or indication that there are no local
candidates) was sent to the remote party.

Regards,
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email