IETF Logo Mail Archive

Re: [Ice] ICE PAC: When to start the timer waiting for possible peer reflexive candidates? - discussion restart

Harald Alvestrand <harald@alvestrand.no> Sun, 07 July 2019 07:25 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: ice@ietfa.amsl.com
Delivered-To: ice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17C0D1200E7 for <ice@ietfa.amsl.com>; Sun, 7 Jul 2019 00:25:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T0GUYgCZIUI6 for <ice@ietfa.amsl.com>; Sun, 7 Jul 2019 00:25:56 -0700 (PDT)
Received: from mork.alvestrand.no (mork.alvestrand.no [158.38.152.117]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD1FA12002E for <ice@ietf.org>; Sun, 7 Jul 2019 00:25:55 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mork.alvestrand.no (Postfix) with ESMTP id 9A5687C32BA; Sun, 7 Jul 2019 09:25:52 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at alvestrand.no
Received: from mork.alvestrand.no ([127.0.0.1]) by localhost (mork.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CrkW59XjM8Fv; Sun, 7 Jul 2019 09:25:51 +0200 (CEST)
Received: from [192.168.8.108] (46.66.146.252.tmi.telenormobil.no [46.66.146.252]) by mork.alvestrand.no (Postfix) with ESMTPSA id 33E077C0775; Sun, 7 Jul 2019 09:25:51 +0200 (CEST)
To: Christer Holmberg <christer.holmberg@ericsson.com>, Roman Shpount <roman@telurix.com>
Cc: "ice@ietf.org" <ice@ietf.org>
References: <AFCE8799-8865-454F-8478-81CE11E9B454@ericsson.com> <1aa5aac7-af59-4e3b-8651-18f6e6431a2d@alvestrand.no> <66678ADA-7C02-4D9D-B9D2-308873BC0125@ericsson.com> <7a829bc0-d066-a3be-b7be-9b39ce799821@alvestrand.no> <CAJrXDUHZJURLvzBYX2MGcMsrFgyOagW5=s1OSXwDmTZpsruD0A@mail.gmail.com> <VI1PR07MB3167F21EF7A1009B8EB9948B93FB0@VI1PR07MB3167.eurprd07.prod.outlook.com> <ae88593c-633f-8c18-eac6-82ba3673dce7@alvestrand.no> <HE1PR07MB31614FEC9997294294BB63A393F40@HE1PR07MB3161.eurprd07.prod.outlook.com> <CAD5OKxt_nvwYEDNEFtRSrdDK2BOoTWOL52_5mz99o7M3=5q6kA@mail.gmail.com> <HE1PR07MB3161B5D8D93E3335AB4A81C093F40@HE1PR07MB3161.eurprd07.prod.outlook.com>
From: Harald Alvestrand <harald@alvestrand.no>
Openpgp: preference=signencrypt
Autocrypt: addr=harald@alvestrand.no; prefer-encrypt=mutual; keydata= mQINBFRpbhYBEADXu8uE7LDQgrEB/zclYiwWRb50FnuJjIdK5Q7t68tSxx+LU8HTfxwOgHo9 vMyQvntoRBOHQZDJzvdAnZj/7vtl9RDfWvhUz+o9jSMyORzrt0kiW2QNICVkOkc0ZbI14Rn8 EjFRinK5m5+PXrng3PwZgK+sQJ1nzUxjE9oGTWClsAEqJw62z7JmzNqaEwAyHoHAZ1JAptSP ak91dUxjueJ2R+rFUBl6ParRZ2de7QKr3rN5Jbu/ikjHsAeTSo0R0BPKbzU23tXXxQ/dADvM V/PZp3hRFmXT7x05Q82O6k6hsGd5fJToBDRrlsC3jwWWhDhFhsWcdYKxFbYUsJVetPrWDtD4 6sjrbsQ+7kWRYgQWvL2EJ0s7QGpLxitopoISUEt0MlCcJhq7ZxiWhGnwM3GgADn+9W+aqwuk Y1tlUbdw0qdHyU0WM0k/yPd/eOghk3PLtlOizg4Q22VqfzNRXd3pwUmVjPYHQS0PwIjzuTEI em03qlVeJ8xn0X9W90E8PEnxZmREZBI90qCcUrxWOywEcLq21eLXurRzwnbY3oi6NxmSedcL xDWFdrVTHfPNNqh8zqXV/z9Ezz+7kSwgRygpG5+/sHfFq/YivoSHJdkL8xDzlNiqYCs8EL4A ipQWlKIuFH1F/pXLmXZlcDExw6aTlAP2rR+rw4Lc7kENZlMMMwARAQABtC9IYXJhbGQgQWx2 ZXN0cmFuZCAoMjAxNCkgPGhhcmFsZEBhbHZlc3RyYW5kLm5vPokCPgQTAQIAKAUCVO3uHAIb IwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQawFW3omifDRKiA/+KtWpGwNa EaMMjxuVhdvMkQ6cS362iWydVbha03TBf/7HM380nO+2/t4S0kiSRtX89bY9lvrjS5oHd0tZ qS14vwBn8ZKbZl+k/NRiFlNNxhBx1PDRni1lfh/lU4xJraKI17h2h9mVJbMGk0kFuLqDUwMc 18mZZcfJEeUxSVUCndFMab4LQWSvRaqcwGrpDXuCxmWzMxtRjZzS2vkNX0oiBO7/NuEdQZL8 /CM3/GTqEd6kqY5Rkddvhr21KqhDyNT0NYRLgQ4yToTRDeXrHkjDD8cIQJhOHSNm6/3tuHB1 Bunxg1If3oEZxZirTGiuNZfBUAuXXJa//wEqhS+28/iQc6RE4bQXh2TyqtHs1mn3VDeKqbp7 lp31FfQ6GVGUaVfKfhg6UPSeczHTKWG3vX5UL7SOLXyaSniuYDkPIV/YR46GFPNhSsQ9YccU 5zAbn8ZhyONwO7524WjhIHgITiPVnCiSIHQKOw0S3+Ns0/5TIUgEc6+M97vsJTxTOqKfPthj xkHckF7VUFzu9ee6IMupJJp1wxVjpPQpJTjUG2aDnWk+E2OArulIjHER2dj0DEiOuqjjwTQH CKfrsWUMIs6TJ9jIKEfOSVOz5opGKLimQaOJ8Y1NYZKOy7fyJjofcC+dkAIpYBRzQTdDXm0A 4eryQBqLSpRldX4rvnU77i2/ryG5Ag0EVGluFgEQAK2r1cmzqfJzOIielYx4OGVWlh3TmGdI mPgYI8yx/W8Uyvwknto7Qm5HaBBy9/33usNiovygYLFr7X5U/+ynXClkpAHaPOzS+bMCybpd UsS9Yq/jPmyq0Tlqn6b1tjSjFwysTiUVRS6nHufRlHQEOyxlYAjmePfjJI85g9J3iOa3eY87 +YSlF/rzhPrlvW0yD1YBGBmtuDdRnd4qSof8pcVmiN91QylbnTO5+/VtQtZydk2couaBHkf+ h0eDlJLB7igJ6Ks0ae2UoUNOBv2F1roQ1jZC8yMPScXygmjsoBSuTUirHatyR7AUiCHNymB+ EdhK4Vl+ZVHdCY9l269g5ocw0y6BZofHpqhE9K3RGBWQjWKTXuOk1fVjLfAum3wQqztYEhlD uKZgfEn7reDuzBq4cqzUe7CI6lZwCU7DnA0Dz2vBaqBhrZb7eKfTqmXddNm/dXmPn1nB554N fxWoxb3L8fHXwLgJiBgxLM6OYhJM51PxwW1qoQM1ax6gu+H101uEE4ZZq+s7c301HqwFwGMi SMmn1oJ7/+OquMkYHjeVAhxRE6blcRH2cmqxFSrpHsHgpXMVyWgTZRZsMmQathzCTUWKf5hC EOzwb4rp/UvU1LUHo1uPqbBafW62VB+iUaFp/zOg69Wo8/Z6urM5m+ldiWTbx+ivxKlPQDEA 332dABEBAAGJAiUEGAECAA8FAlRpbhYCGwwFCQlmAYAACgkQawFW3omifDRKhg//eHcjvxcA ENNe66f5R3ULi5pMbrHGLMGirVX9pHTRf5+5OFaGr8bwXeYkCHpptpxr2Kk/PUzpUWOL2uvL lh7QhPw3+GoEWubXOAgHiQW5iIzkA9wYw/nctZ+5veHN7InVqJ7djhtTN7K9Luj4nDR1T7Vf 61zpCKLlEW6W5MAp4slRVzRiFfaMfMYkxLm6MBxC961j8Lrqx2XNMGugaYh1QzcFYTbFmGKX 5SY4EQsETiB0PeE3IBVtXfiabrk8YX2IuL9BrEgD6GngXTd78hUMnZeqjvnS772bjRgwLCz7 Hab6hQESrFCNXfxzb39y5DLHwXtB/HruYqVD48XvPnNV0UNsWcS+7rtPFMmkd3MTvoAOWjkV zeQHpvF71IlwWginXbkf9aR/QsAbMIQDZWhsd+ma67V6g6KH41r6mNXAgK2JlA1CqgblM7iB hl01vL0V5bkbInZq2sB505Hn1DSc4NoP2WHlwe8Bm8vVG5oyfyPw9ReS9WLVY9w7fK4EKOgk VnOsIQuE0WIPT0Ak+hJ0UigOduuCX7s7NIVaOgWQe1q4Xytgj1RHjg9qlA6eQiTUrAx7Mu7s eliWCFuWsQXoaktVEDjoWVbP9dgozanL5kwWh/sJNtHVQbgu3IG4w8D3QvvOE83+jAdzgOzv pqHJkrqlWu+R9ZqBucZLqjQvQZk=
Message-ID: <1863af99-4a20-c9c0-f472-6bbca406c9ae@alvestrand.no>
Date: Sun, 07 Jul 2019 09:25:49 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1
MIME-Version: 1.0
In-Reply-To: <HE1PR07MB3161B5D8D93E3335AB4A81C093F40@HE1PR07MB3161.eurprd07.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/ice/wtDiY0-FqSNe1WzrhjGcNYYks1Y>
Subject: Re: [Ice] ICE PAC: When to start the timer waiting for possible peer reflexive candidates? - discussion restart
X-BeenThere: ice@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Interactive Connectivity Establishment \(ICE\)" <ice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ice>, <mailto:ice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ice/>
List-Post: <mailto:ice@ietf.org>
List-Help: <mailto:ice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ice>, <mailto:ice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Jul 2019 07:25:58 -0000

On 7/6/19 11:50 PM, Christer Holmberg wrote:
> Hi,
>
> ...
>
>> If there are remote candidates to check, then ICE should continue checking them. Part of the problem is that when ICE is starting, it is unclear 
>> if remote candidate have not been received yet, no usable remote candidates where received, or remote candidates are not going to be sent 
>> at all.  Also, checking remote candidates can end very quickly if remote candidates are unreachable (fail immediately with ICMP remote address unreachable message). 
> Ok, let's assume we DO have remote candidates, and the timer expires. We discard the fact that the timer expires, and go on checking the remote candidates, as you suggested.
>
> Then, at some point we have checked all remote candidates, but we have NOT found successful pairs for all streams. So, since the timer already expired, we declare ICE failure.
>
> I thought the whole idea was to still wait for some time after we have tried all remote candidates, in case we will receive peer reflexive candidates, before we declare ICE failure.

The scenario that I saw starting this debate was:

- Offer/answer happens

- Either some candidate pairs are formed, or no candidate pair are formed

- All the candidate pairs formed can be discarded very quickly (because
they are the wrong protocol, or non-routable addresses)

- Failure is declared

- ICE BIND requests from the other side arrive, giving peer-reflexive
candidates, but ICE connection is already closed

The arrival time of the ICE BIND requests from the other side is
independent of the length of the local candidate pair list, it depends
on the length of the remote candidate pair list, which is unknowable on
the local side. The most likely time is "really fast".

>
> But, as I said earlier, I am fine doing as you and others suggest. All I am saying is that the draft needs to describe what to do if the timer expires while there are still untested remote candidates. If the solution is to discard the timer expiration, then it needs to be documented.

Saying that the timer and pair testing proceeds in parallel is all that
needs to be said, I think.
Declaring failure requires BOTH the timer to have expired AND testing of
candidate pairs to complete.

The timer is a hack that can be applied by one side to fix the problem
for the 99% case.

A more architectural approach would be a way to pass (over the
signalling channel) a message saying "I have now sent all the BIND
requests I intend to send, if you haven't received any of them, please
give up now". But that requires both sides to update code and signalling
paths to be redesigned.

Let's deliver this document.

>
> Regards,
>
> Christer
>
>

-- 
Surveillance is pervasive. Go Dark.

v2.23.0 | Report a Bug | By Email