IETF Logo Mail Archive

Re: [MMUSIC] FQDN support in ice-sip-sdp

Roman Shpount <roman@telurix.com> Wed, 10 April 2019 18:24 UTC

Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3AC612004E for <mmusic@ietfa.amsl.com>; Wed, 10 Apr 2019 11:24:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RpUUYjAC1Ah6 for <mmusic@ietfa.amsl.com>; Wed, 10 Apr 2019 11:24:07 -0700 (PDT)
Received: from mail-pg1-x52e.google.com (mail-pg1-x52e.google.com [IPv6:2607:f8b0:4864:20::52e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3289120049 for <mmusic@ietf.org>; Wed, 10 Apr 2019 11:24:07 -0700 (PDT)
Received: by mail-pg1-x52e.google.com with SMTP id i2so2028299pgj.11 for <mmusic@ietf.org>; Wed, 10 Apr 2019 11:24:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=S5jaImk6Q5LpOkhlXctuu9ua03gMXWvCeXkVXcSc7A4=; b=R1PoL9aIcXBvV+wLppWVwBgeOubm+gOrF5pseAcXRyD6FiY9uKizT5doWDnAV++uV5 oiOlGV9s6QXA2PW/wpb+cgyBbONKSWJItLlamcE+imuYhFo2cIC3NX18MUApOOqyNq5P JlhnnWr6LUjTKYQ3uhReXHCFw8TBMM85YTiK+yU1mNPCZusI3mbU/U7Jo23jQ418ANV+ 39OdJggZz7009Y2GdyEOEwqhx4zH6nme5XJBJ675ar6fCLJe9TQzw/Gwiv0I0zN45Lnk ivso/7T2HcOpDcpv/8us8rlWE2FsPKVCAWlCIbKT68+zPCOqI79YKMY2IwTAn/+MeV+R 8huw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=S5jaImk6Q5LpOkhlXctuu9ua03gMXWvCeXkVXcSc7A4=; b=ewUMcXADgQgGJ9Xp0JJA5VgHBUt1f/tE46LoMjXxL2Q6XD+wCFCy8xUP1oPX9eFDjk amyNNhouuJL4Pz1k5+04D53IsUCMoWDZxtLIhZOqUh1CmNYjoXkue/itusTiurVxTxcQ 1T3i72EAoLBoU8mQ5a8wYerUIhCTQkjL+a+JAzHNAzuKHxulswz75Y49wlmNb93GM7Dd sXMHwal99MdiqVNxsMvJ8c/KGyQKiNrw6LuUZlGtirrTY3riTkucZkhIDKq6SGNiSsdQ ze0yvQCv8pjzPxVjj90AIn0UT9AT0dVQVPLk6kiQVDZnRqd6aKLwyWOSqOPJMtO5Fexw C/+A==
X-Gm-Message-State: APjAAAXplNJxeoKgjoMIHaj0/JWG+f9e2YVzWZzd1oo0Bbtwd+dpwt4O IGGeBhEfgK3k1+jsXvrbhVAowMtYcBg=
X-Google-Smtp-Source: APXvYqy3eSANmTcnvxUxjquP2iqcLSQy9G5W3ZDMeAxbL6hDNf23VnA9mrAkVUkbVm056mQIveNpgw==
X-Received: by 2002:a63:ff26:: with SMTP id k38mr42265475pgi.123.1554920646786; Wed, 10 Apr 2019 11:24:06 -0700 (PDT)
Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com. [209.85.215.173]) by smtp.gmail.com with ESMTPSA id c3sm69864119pfg.88.2019.04.10.11.24.05 for <mmusic@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Apr 2019 11:24:05 -0700 (PDT)
Received: by mail-pg1-f173.google.com with SMTP id y3so2025235pgk.12 for <mmusic@ietf.org>; Wed, 10 Apr 2019 11:24:05 -0700 (PDT)
X-Received: by 2002:a62:4602:: with SMTP id t2mr44716647pfa.26.1554920645517; Wed, 10 Apr 2019 11:24:05 -0700 (PDT)
MIME-Version: 1.0
References: <CAD5OKxux4s=4TtA7vQT0X-u+3RS+MVHG=RjgGDHWQ5H1k0OdLg@mail.gmail.com> <CAMRcRGTmYB-CMXA5ToPhdPtLrTeKmdeZCLT-ecxfTYGHEh-HMQ@mail.gmail.com>
In-Reply-To: <CAMRcRGTmYB-CMXA5ToPhdPtLrTeKmdeZCLT-ecxfTYGHEh-HMQ@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
Date: Wed, 10 Apr 2019 14:23:51 -0400
X-Gmail-Original-Message-ID: <CAD5OKxsPDagYEFFMhxGnm3H+gAWEsKmt41rw44GCmorneVytzQ@mail.gmail.com>
Message-ID: <CAD5OKxsPDagYEFFMhxGnm3H+gAWEsKmt41rw44GCmorneVytzQ@mail.gmail.com>
To: Suhas Nandakumar <suhasietf@gmail.com>
Cc: mmusic WG <mmusic@ietf.org>, Flemming Andreasen <fandreas@cisco.com>, Christer Holmberg <christer.holmberg@ericsson.com>
Content-Type: multipart/alternative; boundary="000000000000bae8a60586312c6c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/acyJjrGobTIi5FR8wHtpKqvovD0>
Subject: Re: [MMUSIC] FQDN support in ice-sip-sdp
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2019 18:24:11 -0000

Hi Suhas & Chairs,

Limiting FQDN scope to resolving to just one address is an unimplementable
requirement. Currently on large number of devices, FQDN which is supposed
to resolve to IPv4 address only, will resolve to both IPv6 and IPv4
addresses. For instance on virtually all IOS and most of the Android
devices on mobile networks FQDN pointing to IPv4 returns results for IPv6
as well. Essentially what we are specifying now is that ICE candidates with
FQDN address MUST be ignored.

I think if no feedback is provided regarding this issue this is exactly
what we should do in the specification and say something like:

<connection-address>: :: is taken from RFC 4566 <<RFC4566>>.
It is the IP address of the candidate, allowing for IPv4 addresses, IPv6
addresses, and fully
qualified domain names (FQDNs).  When parsing this field, an agent can
differentiate
an IPv4 address and an IPv6 address by presence of a colon in its value -
the presence of a
colon indicates IPv6.  An agent MUST ignore candidate lines that include
candidates with

FQDN or IP address versions that are not supported or recognized.  Handling
of FQDN addresses
in candidate can be defined in the future specification.


Regards,
_____________
Roman Shpount


On Wed, Apr 10, 2019 at 1:40 AM Suhas Nandakumar <suhasietf@gmail.com>
wrote:

> Hi Roman & Chairs
>
> Thanks for the text
>
> I feel we should restrict the scope for FQDN resolution to just one
> address for this specification. Future specifications may define handling
> of multiple resolutions (or  DNS64/NAT64 ) scenarios
>
> If others are fine with this, I would want to get an updated draft and
> move this forward
>
>
> Please let  me know
>
> Thanks
> Suhas
>
> On Wed, Apr 3, 2019 at 9:47 AM Roman Shpount <roman@telurix.com> wrote:
>
>> Reposting er Flemming's advise as a new thread:
>>
>> Hi All,
>>
>> I have created a pull request to ice-sip-sdp (
>> https://github.com/suhasHere/ice-sip-sdp/pull/1), which among other
>> things added back support for FQDN to ice-sip-sdp.
>>
>> In order to do this, I've done the following:
>>
>> 1. I have changed "IP address" to "connection address" throughout the
>> document whenever address in c= line or ICE candidate attribute is
>> mentioned. I hope this is not controversial since it matches ABNF.
>>
>> 2. I have changed the definition of <connection-address>
>>
>> Old:
>>
>> <connection-address>: :: is taken from RFC 4566 <<RFC4566>>.
>> It is the IP address of the candidate. When parsing this field, an agent
>> can differentiate
>> an IPv4 address and an IPv6 address by presence of a colon in its value
>> -- the presence of
>> a colon indicates IPv6. An agent MUST ignore candidate lines that include
>> candidates with
>> IP address versions that are not supported or recognized.
>>
>>
>> New:
>>
>> <connection-address>: :: is taken from RFC 4566 <<RFC4566>>.
>> It is the IP address of the candidate, allowing for IPv4 addresses, IPv6
>> addresses, and fully
>> qualified domain names (FQDNs).  When parsing this field, an agent can
>> differentiate
>> an IPv4 address and an IPv6 address by presence of a colon in its value -
>> the presence of a
>> colon indicates IPv6.  An agent MUST ignore candidate lines that include
>> candidates with
>> IP address versions that are not supported or recognized.  An IP address
>> SHOULD be used,
>> but an FQDN MAY be used in place of an IP address.  In that case, when
>> receiving an
>> offer or answer containing an FQDN in an a=candidate attribute, the FQDN
>> is looked up in
>> the DNS first using both AAAA record (assuming the agent supports IPv6),
>> and using an A
>> record (assuming the agent supports IPv4). If, and only if, the DNS query
>> returns
>> only one IP address it is then used for the remainder of ICE processing.
>> If DNS query
>> returned more then one result, including situation where single IPv4 and
>> single IPv6
>> results are returned, an agent MUST ignore the candidate. Handling of
>> multiple DNS
>> results for a candidate can be defined in the future specification. If
>> candidate
>> with FQDN <connection-address> is the default destination/candidate, the
>> the "c="
>> address type MUST be set the IP address family for the FQDN DNS
>> resolution result
>> and the "c=" connection address MUST be set to FQDN.
>>
>>
>>
>> This change reflects what was discussed previously.. I am, personally,
>> less then happy with this change. My biggest issue is requirement for FQDN
>> to resolve to a single address or be ignored. In practice, this is
>> problematic when things like DNS64/NAT64 are used. When DNS64 is used, even
>> when FQDN was supposed to only resolve to IPv4, AAAA will also return
>> result which will point to the NAT64 gateway. Based on the current
>> language, this will result in candidate being ignored even though it should
>> work with either IPv4 or IPv6 address. Most immediately, this will mean
>> FQDN resolving to IPv4 will be ignored on a lot of mobile networks.
>>
>> I have also added language that defines what is supposed to be placed in
>> c= line when default candidate is an FQDN candidate. What happens when FQDN
>> resolution result and address family in c= line do not match was not
>> specified.
>>
>> To summarize, this no worse then RFC 5245, but still fairly messy. I see
>> two possible ways to clean this up:
>>
>> a. Add a candidate extension which specifies candidate address type,
>> something like addrtype which can be set to "inipv4" or "inipv6". If IP
>> address is used and it does not match the addrtype candidate extension,
>> this candidate is ignored. When FQDN is used, it is resolved using A DNS
>> request when addrtype is inipv4 or not present and using AAAA DNS request
>> when addrtype is inipv6. Address family in c= line, when FQDN is a default
>> candidate must be IN IPV4 if addrtype is inipv4 or not present, and must be
>> IP IPV6 if addrtype is inipv6
>>
>> b. Specify that during ICE nomination all DNS resolution results for the
>> candidate should be added as separate candidates to the candidate list.
>> This is likely to cause more problems then option a. One of these problems
>> that I see is priority values for these candidates. Candidate priorities
>> should be different for all of them but only one value is specified in SDP
>> candidate attribute.
>>
>> In order to simplify tracking changes, I will write different emails
>> about other changes I've done in the pull request.
>>
>> I have also included people who shown previous interest in this topic.
>> Please let me know if I need to cross post to rtcweb and ice WG.
>>
>> Thank you for your attention,
>> _____________
>> Roman Shpount
>> _______________________________________________
>> mmusic mailing list
>> mmusic@ietf.org
>> https://www.ietf.org/mailman/listinfo/mmusic
>>
>

v2.23.0 | Report a Bug | By Email