IETF Logo Mail Archive

Re: [MMUSIC] Updating the pacing of ICE connectivity checks

Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 14 February 2013 15:51 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3844B21F8726 for <mmusic@ietfa.amsl.com>; Thu, 14 Feb 2013 07:51:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.802
X-Spam-Level:
X-Spam-Status: No, score=-105.802 tagged_above=-999 required=5 tests=[AWL=0.447, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Va+5tGlpivb for <mmusic@ietfa.amsl.com>; Thu, 14 Feb 2013 07:51:18 -0800 (PST)
Received: from mailgw1.ericsson.se (mailgw1.ericsson.se [193.180.251.45]) by ietfa.amsl.com (Postfix) with ESMTP id 1045921F8444 for <mmusic@ietf.org>; Thu, 14 Feb 2013 07:51:14 -0800 (PST)
X-AuditID: c1b4fb2d-b7f316d0000028db-41-511d07f1c596
Received: from esessmw0247.eemea.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw1.ericsson.se (Symantec Mail Security) with SMTP id 9D.B2.10459.1F70D115; Thu, 14 Feb 2013 16:51:14 +0100 (CET)
Received: from [127.0.0.1] (153.88.115.8) by esessmw0247.eemea.ericsson.se (153.88.115.94) with Microsoft SMTP Server id 8.3.279.1; Thu, 14 Feb 2013 16:51:14 +0100
Message-ID: <511D07F1.3070808@ericsson.com>
Date: Thu, 14 Feb 2013 16:51:13 +0100
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-Version: 1.0
To: Emil Ivov <emcho@jitsi.org>
References: <511CEB64.6070306@ericsson.com> <05a401ce0ac6$db547230$91fd5690$@cisco.com> <511D03A7.1060008@ericsson.com> <511D0498.3030909@jitsi.org>
In-Reply-To: <511D0498.3030909@jitsi.org>
X-Enigmail-Version: 1.5
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBLMWRmVeSWpSXmKPExsUyM+Jvje4ndtlAg30/uSwuXnvIZLFm5wQW i6nLH7M4MHtM+b2R1WPJkp9MHv/fBAYwR3HZpKTmZJalFunbJXBlzNi4lL3gkUbFgq5ZzA2M sxS7GDk5JARMJGb0/2SHsMUkLtxbz9bFyMUhJHCSUeJK4zQWkISQwHJGidYj7iA2r4C2xOm/ t1hBbBYBVYn+E4sZQWw2AQuJmz8a2UBsUYFgiQ0HVzFB1AtKnJz5BGyOiIC8RHfbIrA4s0CV xI71z8EWCwu4SLxu+ga1eAqjxKYNz5m7GDk4OAU0JV4vEgExJQTEJda84YBo1ZOYcrWFEcKW l2jeOpsZ4kxtiYamDtYJjEKzkGyehaRlFpKWBYzMqxjZcxMzc9LLDTcxAkP34JbfujsYT50T OcQozcGiJM4b5nohQEggPbEkNTs1tSC1KL6oNCe1+BAjEwenVAOjthZrutXeeoVl3K6fNyVd XfdI38pvhc2tzdOtZApOlkyQFNAs+nMsfq+x1Ml71v1Lmz3UTzvcu3L97zvNuxuM+O5Ojdzo tv8sT8mesyxRmp+f6ppwnnNh7YyPr6rWytH0fqXUbP/m5XmP863WpglK3xJj4s6sVJy+yur7 l5SCfa+kLP5F/5yhxFKckWioxVxUnAgAsJP8jSsCAAA=
Cc: Ari Keränen <ari.keranen@ericsson.com>, 'mmusic' <mmusic@ietf.org>, Dan Wing <dwing@cisco.com>
Subject: Re: [MMUSIC] Updating the pacing of ICE connectivity checks
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Feb 2013 15:51:20 -0000

On 2013-02-14 16:36, Emil Ivov wrote:
> Any idea why there had to be different pacing for RTP and non-RTP flows
> in the first place?

I think our arguments where that in the context of a non-congestion
controlled voice application it would send with 20 ms interval anyway.
For other transports and protocols it was not obvious for what intended
environment it would be used. For example a low power network
application that sends beyond 30 kbps could be problematic. Thus we took
one of our conservative values from the transport books, i.e. 500 ms.

I would point out that this is a difficult transport issue. Compared to
TCP IW10, that burst occurs first after the initial handshake when one
has actually established that there is a responder.

With ICE there is a clear issue with an attacker bloating a offer/answer
with candidates that recreates the voice hammer attack using ICE's STUN
checks towards a target address or domain.

Also the STUN checks will have different source address pairs which in
it self could be an issue for attack prevention firewalls etc.

Thus I would be careful with speeding up Ta for RTP to much, and I think
someone needs to fine empiric data that it would work.

For the the 500 ms that can likely be significantly lowered without any
issues. But some considerations around the wider usage needs to be taken
into account.

Cheers

Magnus
One of the ADs responsible for the pacing in ICE.

> 
> Emil
> 
> On 14.02.13, 16:32, Ari Keränen wrote:
>> On 2/14/13 5:20 PM, Dan Wing wrote:
>>>> -----Original Message-----
>>>> From: mmusic-bounces@ietf.org [mailto:mmusic-bounces@ietf.org] On Behalf
>>>> Of Ari Keränen
>>>> Sent: Thursday, February 14, 2013 5:49 AM
>>>> To: mmusic
>>>> Subject: [MMUSIC] Updating the pacing of ICE connectivity checks
>>>>
>>>> Hi all,
>>>>
>>>> Updating the pacing parameter, Ta, of ICE for non-RTP traffic (for
>>>> background, see [1] and [2]), as discussed at the Atlanta meeting, will
>>>> be one of the important changes in the new version of ICE.
>>>>
>>>> Currently the RFC5245 says (for non-RTP traffic) "Ta SHOULD be
>>>> configurable, SHOULD have a default of 500 ms, and MUST NOT be
>>>> configurable to be less than 500 ms."
>>>>
>>>> This results in very slow pace of starting connectivity checks if ICE is
>>>> used with non-RTP traffic. With RTP, the Ta is calculated based on the
>>>> expected bandwidth used by the RTP stream and can be down to 20 ms.
>>>> Therefore, many current implementations apparently ignore the "MUST NOT"
>>>> above and set Ta to something lower.
>>>
>>> That would explain failures claimed to justify the desire for running
>>> over one port.
>>
>> Interesting point. Does anyone know what kind of pacing was actually 
>> used when these failures were observed?
>>
>>> The 20ms threshold for the initial connectivity checks is because some
>>> NATs could not create new mappings quickly.  This problems appears to
>>> persist today, considering that both Chrome and Windows 8 limit their
>>> number of outstanding DNS queries in an apparent attempt to work around
>>> that very same NAT UDP mapping behavior.
>>>
>>> If trying to create NAT mappings with 0ms pacing, it will certainly
>>> cause NAT mapping failures and force retries.
>>
>> Yes, definitely. So we shouldn't go below 20ms with non-RTP either. 
>> Perhaps need to add some more justification/warning text about this too.
>>
>>>> The quite conservative value of 500 ms was originally chosen because of
>>>> the fear of congesting the links with the connectivity check messages.
>>>> This is obviously still a valid concern, but would suggesting something
>>>> lower still make sense? How low would it be reasonably safe to go? What
>>>> is currently used in practice? Can we come up with a formula similar to
>>>> RTP (perhaps based on expected bandwidth usage)?
>>>
>>> A good question for the transport area, which is the origination of the
>>> suggestion to send ICE connectivity checks paced to not exceed the
>>> bandwidth of the subsequent media.  Perhaps the arguments that TCP
>>> IW=10 is not harmful could be brought to the party.
>>
>> FYI, I forwarded the original mail to the Transport ADs too.
>>
>>
>> Cheers,
>> Ari
>>
>>>>
>>>> [1] http://tools.ietf.org/html/rfc5245#appendix-B.1
>>>> [2] http://tools.ietf.org/html/rfc5245#section-16.2
>>>> _______________________________________________
>>>> mmusic mailing list
>>>> mmusic@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/mmusic
>>>
>>
>> _______________________________________________
>> mmusic mailing list
>> mmusic@ietf.org
>> https://www.ietf.org/mailman/listinfo/mmusic
>>
> 


-- 

Magnus Westerlund

----------------------------------------------------------------------
Multimedia Technologies, Ericsson Research EAB/TVM
----------------------------------------------------------------------
Ericsson AB                | Phone  +46 10 7148287
Färögatan 6                | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email