Re: [pntaw] TURN over websockets or just TURN.
Oleg Moskalenko <mom040267@gmail.com> Thu, 26 September 2013 06:41 UTC
Return-Path: <mom040267@gmail.com>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA43311E8159 for <pntaw@ietfa.amsl.com>; Wed, 25 Sep 2013 23:41:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.511
X-Spam-Level:
X-Spam-Status: No, score=-2.511 tagged_above=-999 required=5 tests=[AWL=0.088, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id clxDdRvb7W2J for <pntaw@ietfa.amsl.com>; Wed, 25 Sep 2013 23:41:11 -0700 (PDT)
Received: from mail-pa0-x22a.google.com (mail-pa0-x22a.google.com [IPv6:2607:f8b0:400e:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id DE90111E8163 for <pntaw@ietf.org>; Wed, 25 Sep 2013 23:41:08 -0700 (PDT)
Received: by mail-pa0-f42.google.com with SMTP id lj1so877538pab.29 for <pntaw@ietf.org>; Wed, 25 Sep 2013 23:41:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=I3WBDYYyNYlTBWglVGrwVLn5Xyw58U51uxXE2XUVEBs=; b=hVMarj9qstRp6Nfjo+k2lcBaTY8z59xtV+Rf3Uwoh6MVwc0UM1jJoKNEBOTb6eqBeC 4Ubp7u6271gawwJB8mbdAdYYjqKluYadXnWyyYEACHZ7H4ZbuIKpIO1PcHxCUKPnSohg J+r27yTD6I4qqYL8vT/P5pULKVfKfn3f8E5OTgjX6ek3o2mrJVJu19A7n/U7hT6LT8EW uj5I6PjgYe8om3qe/4fqJ+D0VAEFZ+vjBqX6l3ZYSGcr6PS6U7ZT6z5G/Uafu0eQUb0B M1Vi4Gof9YeVk/3hHMu5Y3zje1MM36Tx1rxZQ54p85ITHzJu1zOzp85by2SolInjYfh7 /2PQ==
MIME-Version: 1.0
X-Received: by 10.68.26.202 with SMTP id n10mr37301177pbg.97.1380177668507; Wed, 25 Sep 2013 23:41:08 -0700 (PDT)
Received: by 10.68.91.163 with HTTP; Wed, 25 Sep 2013 23:41:08 -0700 (PDT)
In-Reply-To: <913383AAA69FF945B8F946018B75898A1907F780@xmb-rcd-x10.cisco.com>
References: <9F33F40F6F2CD847824537F3C4E37DDF17BD44F6@MCHP04MSX.global-ad.net> <CALDtMrK9K-zSUd6-cLeRkkb0zixE=CDKKmOkfRCHNP-CZcriXg@mail.gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF17BD53FD@MCHP04MSX.global-ad.net> <CALDtMrLfg3AJFOr=DYSGkhxrwuTA=LY3F6k9AJN7NCKCY+B0ZQ@mail.gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF17BD5567@MCHP04MSX.global-ad.net> <CALDtMrL=CA8Y8urr+p2=AOFEWA-2Wn0BcoSc37foM1KOFinAmQ@mail.gmail.com> <52434A18.3080707@gmail.com> <913383AAA69FF945B8F946018B75898A1907F780@xmb-rcd-x10.cisco.com>
Date: Wed, 25 Sep 2013 23:41:08 -0700
Message-ID: <CALDtMrLy8O52k16zxtKiW6mUAC4XMEv87AxVQ7-afKELM-v7rA@mail.gmail.com>
From: Oleg Moskalenko <mom040267@gmail.com>
To: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
Content-Type: multipart/alternative; boundary="bcaec520e515a8917504e743a7f1"
Cc: "pntaw@ietf.org" <pntaw@ietf.org>, Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Subject: Re: [pntaw] TURN over websockets or just TURN.
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Sep 2013 06:41:13 -0000
Hi Tiru thanks for the info ! What is your opinion, do we have to add something to the draft to improve our interoperability with Secaas systems ? We are pretty much concentrating on two major aspects: 1) Connectivity 2) Ability for the network managers to set the access policies. Regards, Oleg On Wed, Sep 25, 2013 at 8:26 PM, Tirumaleswar Reddy (tireddy) < tireddy@cisco.com> wrote: > Hi Oleg,**** > > ** ** > > Please see inline [TR]**** > > ** ** > > *From:* pntaw-bounces@ietf.org [mailto:pntaw-bounces@ietf.org] *On Behalf > Of *Sergio Garcia Murillo > *Sent:* Thursday, September 26, 2013 2:10 AM > *To:* pntaw@ietf.org > > *Subject:* Re: [pntaw] TURN over websockets or just TURN.**** > > ** ** > > El 25/09/2013 21:18, Oleg Moskalenko escribió:**** > > Andy, see below:**** > > ** ** > > On Wed, Sep 25, 2013 at 12:03 PM, Hutton, Andrew < > andrew.hutton@siemens-enterprise.com> wrote:**** > > > [AndyH] True I was considering that as the simple case and of course there > is no HTTP CONNECT in that scenario. So are you saying that when there is > no proxy then a websockets connection is more likely to work than a > TURN/TCP or TURN/TLS connection. I would be interested in whether there is > evidence of that I am not sure whether it is true or not certainly in the > encrypted case I don't see how this can be but I am not an expert on this. > **** > > ** ** > > I cannot say that I am exactly an expert in IT firewall world, too. But I > personally observed a rather strict corporate environments where a strict > firewall is used without explicit HTTP proxy. Also, I heard from our TURN > server users the stories about similar cases. The usual story was that the > firewall blocks the outgoing TURN TCP connection unless it is destined to > 80/443 port and it has an HTTP handshake.**** > > ** ** > > Exactly the same case here. I have (had) a "potential" customer that is > using a cloud based network filtering solution, and SIP over secure > websockets works but TURN over TLS on port 443 doesn't. I yet have to > double check my TURN TLS settings to see if everything is correctly > configured and working correctly with chrome.**** > > ** ** > > [TR] Various Enterprises in addition to firewalls are also using cloud > connector which re-directs HTTP/HTTPS traffic to cloud based "Security As A > Service" (SecaaS) for DPI, reputation based filtering etc > http://www.gartner.com/technology/reprints.do?id=1-1FVA8PB&ct=130603&st=sb. > SecaaS can also do HTTPS inspection by acting as HTTPS proxy. **** > > ** ** > > -Tiru. > > Best regards > Sergio**** > > _______________________________________________ > pntaw mailing list > pntaw@ietf.org > https://www.ietf.org/mailman/listinfo/pntaw > >
- Re: [pntaw] TURN over websockets or just TURN. Sergio Garcia Murillo
- [pntaw] TURN over websockets or just TURN. Hutton, Andrew
- Re: [pntaw] TURN over websockets or just TURN. Markus.Isomaki
- Re: [pntaw] TURN over websockets or just TURN. Markus.Isomaki
- Re: [pntaw] TURN over websockets or just TURN. Hutton, Andrew
- Re: [pntaw] TURN over websockets or just TURN. Sergio Garcia Murillo
- Re: [pntaw] TURN over websockets or just TURN. Oleg Moskalenko
- Re: [pntaw] TURN over websockets or just TURN. Hutton, Andrew
- Re: [pntaw] TURN over websockets or just TURN. Hutton, Andrew
- Re: [pntaw] TURN over websockets or just TURN. Oleg Moskalenko
- Re: [pntaw] TURN over websockets or just TURN. Hutton, Andrew
- Re: [pntaw] TURN over websockets or just TURN. Oleg Moskalenko
- Re: [pntaw] TURN over websockets or just TURN. Sergio Garcia Murillo
- Re: [pntaw] TURN over websockets or just TURN. Tirumaleswar Reddy (tireddy)
- Re: [pntaw] TURN over websockets or just TURN. Oleg Moskalenko
- Re: [pntaw] TURN over websockets or just TURN. Tirumaleswar Reddy (tireddy)