IETF Logo Mail Archive

Re: [MMUSIC] m= line protocol in case of ICE

Roman Shpount <roman@telurix.com> Thu, 17 November 2016 03:05 UTC

Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6FA4129654 for <mmusic@ietfa.amsl.com>; Wed, 16 Nov 2016 19:05:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_SPAM=0.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SryvU0qq-Kzo for <mmusic@ietfa.amsl.com>; Wed, 16 Nov 2016 19:05:56 -0800 (PST)
Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCB4E129478 for <mmusic@ietf.org>; Wed, 16 Nov 2016 19:05:55 -0800 (PST)
Received: by mail-qk0-x22a.google.com with SMTP id n204so202247867qke.2 for <mmusic@ietf.org>; Wed, 16 Nov 2016 19:05:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ck3lAiZ5hXQwvFScIAzWNVLdcA/S4QXG17y4Ofb2t2U=; b=yh/GNpEonz6MDaww1iqCw0AiMoxR2yE10+LAPHntb9G3CZzLqHy+lV2vq23Zr4tflZ hn3DuRQy+va4tLK9h5flKPwHUKNIDvVbTbZlK5wi0Nf6gymCCvTCYz7+f22Pl3MuaAtT idbrLXOO0ohUfHloGyj8PZ+m/NaapecoJwA5j/0b0N8Fos5jK0xxnwKdNx5pibizqYxQ RlcPDVM39AWXLI+m6VFwAyswKVsCCsUYI11m33UluCP1iMF9Zk9+WXkTcfDUPJiPlmLF R2NxnWq511HfgorlGkZV2v7XnsaQ1dbKbXA1+bbDy345L0phUcxZ2m3xfjtVA+US2WT8 /mUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ck3lAiZ5hXQwvFScIAzWNVLdcA/S4QXG17y4Ofb2t2U=; b=Okzt6/LRQI4qFUBsUa3sLPv3hmKjbPcCQQ/qy+jXRIDIjai2Y1gwrlGIsL7b9OPa54 VQQPb7+wvnPVu1hcRU+P/Te1yr+nN+pk6tT44nopa2TGapf8i4VlKIwmM/eOuFgpfVTT Jl9TQTcDJ4fEKfX4A45NELsaTKvTS9t1vOFR1cQ7x6E18xgyjs+01evl6V1TstjUWKXw F9OhK7NjGuCSLSd+kkiz2553WJbHmP0ljyKN4Mq7QReImsMRfMHudZEQOP+POEhRApHV NrjMuQcQrzP/vO2360pihHZuiv9bsh/2GvQofbqWBRIFzDZJcYx4D6562nRVML4gCAYY iNHQ==
X-Gm-Message-State: AKaTC02s78OlHDyvfNk/asGGO5SqDYW1LuRXmWBSMscYDeNcsmYQFjqSKLzneAwJg6D8nw==
X-Received: by 10.55.220.69 with SMTP id v66mr893695qki.264.1479351955005; Wed, 16 Nov 2016 19:05:55 -0800 (PST)
Received: from mail-qk0-f174.google.com (mail-qk0-f174.google.com. [209.85.220.174]) by smtp.gmail.com with ESMTPSA id x123sm457437qkx.46.2016.11.16.19.05.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Nov 2016 19:05:54 -0800 (PST)
Received: by mail-qk0-f174.google.com with SMTP id n21so202100680qka.3; Wed, 16 Nov 2016 19:05:54 -0800 (PST)
X-Received: by 10.55.6.14 with SMTP id 14mr904719qkg.167.1479351954205; Wed, 16 Nov 2016 19:05:54 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.135.243 with HTTP; Wed, 16 Nov 2016 19:05:53 -0800 (PST)
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B4BE3AE83@ESESSMB209.ericsson.se>
References: <CAD5OKxuhvCz82+7JK8QrArtrYcjV9+b7vWMpWRnCjNbrL++srA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B4BE3AE83@ESESSMB209.ericsson.se>
From: Roman Shpount <roman@telurix.com>
Date: Wed, 16 Nov 2016 22:05:53 -0500
X-Gmail-Original-Message-ID: <CAD5OKxu15YgYO0xyWMYXv7VTAVVQ71iJhH_txt31BV0CvCSjqg@mail.gmail.com>
Message-ID: <CAD5OKxu15YgYO0xyWMYXv7VTAVVQ71iJhH_txt31BV0CvCSjqg@mail.gmail.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Content-Type: multipart/alternative; boundary="001a114d7564ba76f705417677a2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/r4tMqMteJN8cGra-lUmLU9-Cswk>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>, ice@ietf.org
Subject: Re: [MMUSIC] m= line protocol in case of ICE
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2016 03:05:57 -0000

Adding ICE group to this message.

The approach always was that tcp candidates can potentially go only as far
as SBC and then be terminated by UDP transport. Because of this everything
transmitted over tcp candidate was still considered to be transmitted over
the unreliable out-of-order transport. It is also assumed that candidates
can switch from UDP to TCP based candidate during nomination. This is why,
for instance, we run DTLS with RFC4571 framing over tcp candidates, not
TLS. Because of this I always thought that ICE is UDP first with additional
TCP transports for situation when UDP will not work. So, as a result, I
think ICE-bis should specify that UDP MUST be supported and default
candidate MUST be UDP. ICE SDP can reflect this, but I think this is the
underlying protocol requirement.

I also wanted to add that BFCP needs to examine how ICE support is
implemented by this protocol. I think it is not covered in the current
drafts. I also think I do not think it is possible for TCP/BFCP to run over
ICE. On the other hand UDP/DTLS/BFCP and TCP/DTLS/BFCP would trivial based
on current DTLS work.

Regards,
_____________
Roman Shpount

On Wed, Nov 16, 2016 at 8:44 PM, Christer Holmberg <
christer.holmberg@ericsson.com> wrote:

> I have no problem with Roman’s must-support-UDP suggestion. I guess the
> question is whether the BFCP folks could accept that. Cullen did say that
> TCP-based BFCP deployments have been around for a decade. But, do they
> support ICE?
>
>
>
> If we decide to move forward with such approach, we need to ask ourselves
> whether must-support-UDP should be an ICE requirement (in which case the
> suggestion should be brought to the ICE WG) or whether it should only be an
> ICE-using-SIP-SDP requirement.
>
>
>
> Regards,
>
>
>
> Christer
>
>
>
> *From:* mmusic [mailto:mmusic-bounces@ietf.org] *On Behalf Of *Roman
> Shpount
> *Sent:* 17 November 2016 00:52
> *To:* mmusic@ietf.org
> *Subject:* [MMUSIC] m= line protocol in case of ICE
>
>
>
> Hi All,
>
>
>
> I just wanted to return to the m= line protocol issue that Christer raised
> during the last MMUSIC session.
>
>
>
> All the ICE implementations I've seen are primarily UDP based with support
> for tcp host candidates which are primarily used to connect to end points
> on public IP. If all ICE implementations are continue to be primarily UDP
> based, then the simplest solution would be to require UDP support when any
> given protocol is implemented over ICE. DTLS and RTP are already primarily
> UDP based so this is a non-requirement. Even more, all protocols that are
> implemented on top of ICE must assume that underling transports (including
> tcp candidates) are unreliable, since candidate pair can change at any time
> between reliable and unreliable transports, so this makes them different
> from protocols implemented on plain TCP or TLS.
>
>
>
> So the first question I wanted to ask is anybody interested in TCP only
> ICE implementation where the protocol running on top of such implementation
> relies on the reliable delivery of underlying messages? By this I mean,
> does anybody wants implement TCP based ICE, with simultaneous open,
> reflexive and relay candidates in such a way that ICE implementation will
> run from behind NAT without ever needing a UDP candidate?
>
>
>
> I understand that BFCP was used for a long time, but I do not think
> TCP/BFCP or TCP/TLS/BFCP can even be used with ICE. I think only UDP/BFCP,
> UDP/DTLS/BFCP and TCP/DTLS/BFCP can even support ICE.
>
>
>
> I think both rfc4582bis and rfc4583bis need a careful review and
> additional sections that describe ICE considerations. I think the most
> obvious thing would be to specify that ICE can only be supported by
> UDP/BFCP, UDP/DTLS/BFCP and TCP/DTLS/BFCP. It will also mean in which case
> RFC4571 is used when tcp candidates are used. Furthermore, when tcp
> candidate is selected with UDP/BFCP transport, it is not the same thing as
> using TCP/BFCP and will need a different transport tag (something like
> TCP/UDP/BFCP). Alternatively we can require that only secure versions of
> BFCP are used with ICE and only allow ICE usage for UDP/DTLS/BFCP and
> TCP/DTLS/BFCP.
>
>
>
> To conclude, I would argue that the simplest solution would be that for
> all protocols implemented on top of ICE, UDP MUST be supported and default
> candidates MUST be UDP based. This avoids building uncomfortable artificial
> constructs to avoid ICE mismatch and requires minimal changes to existing
> specifications.
>
>
>
> Regards,
>
> _____________
> Roman Shpount
>

v2.23.0 | Report a Bug | By Email