Re: [pntaw] Real-time media over TCP

"Ravindran, Parthasarathi (NSN - IN/Bangalore)" <parthasarathi.ravindran@nsn.com> Tue, 12 November 2013 18:30 UTC

Return-Path: <parthasarathi.ravindran@nsn.com>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3383011E810B for <pntaw@ietfa.amsl.com>; Tue, 12 Nov 2013 10:30:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A5lJWut42dD8 for <pntaw@ietfa.amsl.com>; Tue, 12 Nov 2013 10:30:14 -0800 (PST)
Received: from demumfd002.nsn-inter.net (demumfd002.nsn-inter.net [93.183.12.31]) by ietfa.amsl.com (Postfix) with ESMTP id 9A55B11E811B for <pntaw@ietf.org>; Tue, 12 Nov 2013 10:30:13 -0800 (PST)
Received: from demuprx017.emea.nsn-intra.net ([10.150.129.56]) by demumfd002.nsn-inter.net (8.12.11.20060308/8.12.11) with ESMTP id rACIU8rv006838 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 12 Nov 2013 19:30:09 +0100
Received: from SGSIHTC001.nsn-intra.net ([10.159.225.18]) by demuprx017.emea.nsn-intra.net (8.12.11.20060308/8.12.11) with ESMTP id rACIU5cj027296 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 12 Nov 2013 19:30:06 +0100
Received: from SGSIHTC006.nsn-intra.net (10.159.225.23) by SGSIHTC001.nsn-intra.net (10.159.225.18) with Microsoft SMTP Server (TLS) id 14.3.123.3; Wed, 13 Nov 2013 02:30:05 +0800
Received: from SGSIMBX006.nsn-intra.net ([169.254.6.69]) by SGSIHTC006.nsn-intra.net ([10.159.225.23]) with mapi id 14.03.0123.003; Wed, 13 Nov 2013 02:30:04 +0800
From: "Ravindran, Parthasarathi (NSN - IN/Bangalore)" <parthasarathi.ravindran@nsn.com>
To: ext Harald Alvestrand <harald@alvestrand.no>
Thread-Topic: [pntaw] Real-time media over TCP
Thread-Index: AQHOpWmJoXR5LyIBqkutwD94W/nxsZmxndmAgACifwCAAN6pAIAApSqAgAAM8oCAACMQgIA1SssAgAAHUgCAAYcqAIAACRcAgAF6zgCAAAgMAIAAjHQAgAEIyICAATlMgIAE3kSAgAAHZwCAAA3RgIAAMVCAgAADQICAAFJ5AIAAZOYAgACrYYCAAUuegIAGjqCAgB5Xu4CAAAcwAIAAIQQAgACF4ACAANCdgIABrjzw//+7JwCAA5GMIA==
Date: Tue, 12 Nov 2013 18:30:04 +0000
Message-ID: <40AFDF4AF1909E4CB42B6D91CE6C419D19C63181@SGSIMBX006.nsn-intra.net>
References: <CAGTXFp92jSzQz05uHngzscz88n=fT_JPbEvQRxgeUUqPVRQUyQ@mail.gmail.com> <004e01cec5df$cf8daaf0$6ea900d0$@co.in> <E44893DD4E290745BB608EB23FDDB7620A0E2DC6@008-AM1MPN1-043.mgdnok.nokia.com> <9F33F40F6F2CD847824537F3C4E37DDF17BEFB3E@MCHP04MSX.global-ad.net> <BLU402-EAS357ECBFC621A567B9D3A7B4931A0@phx.gbl> <525C148F.8070502@gmail.com> <00d401cec90e$d688d5a0$839a80e0$@co.in> <A51F486D-3BC0-4090-80CD-B4A15AC3EE69@cisco.com> <913383AAA69FF945B8F946018B75898A2000EB57@xmb-rcd-x10.cisco.com> <8F31D947-AB62-431A-875D-FCBAA2D38290@cisco.com> <525E806B.5060401@alvestrand.no> <000801cecdae$f6713160$e3539420$@co.in> <CAOJ7v-3W7Kj_Bn7pTPs+ =-wPZRSvC1DzAHB9=2cnK8 JiAoK3ug@mail.gmail.com> <E44893DD4E290745BB608EB23FDDB7620A10CA55@008-AM1MPN1-041.mgdnok.nokia.com> <CAOJ7v-3E8a9ayfbvk1tN6pqBn-U1tjQ=id1MtYaESB1BnH+sGQ@mail.gmail.com> <008801cedd31$e0031f00$a0095d00$@co.in> <527EB59F.5060108@alvestrand.no> <40AFDF4AF1909E4CB42B6D91CE6C419D19C62108@SGSIMBX006.nsn-intra.net> <527FE4C6.7070903@alvestrand.no>
In-Reply-To: <527FE4C6.7070903@alvestrand.no>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.159.225.119]
Content-Type: multipart/alternative; boundary="_000_40AFDF4AF1909E4CB42B6D91CE6C419D19C63181SGSIMBX006nsnin_"
MIME-Version: 1.0
X-purgate-type: clean
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate-size: 64346
X-purgate-ID: 151667::1384281009-00005753-3299A893/0-0/0-0
Cc: "pntaw@ietf.org" <pntaw@ietf.org>
Subject: Re: [pntaw] Real-time media over TCP
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Nov 2013 18:30:19 -0000

Hi Harald,

Please read inline.

Thanks
Partah

From: ext Harald Alvestrand [mailto:harald@alvestrand.no]
Sent: Monday, November 11, 2013 1:26 AM
To: Ravindran, Parthasarathi (NSN - IN/Bangalore)
Cc: pntaw@ietf.org
Subject: Re: [pntaw] Real-time media over TCP

On 11/10/2013 06:31 PM, Ravindran, Parthasarathi (NSN - IN/Bangalore) wrote:
Hi Harald,

Even though there is a note  in Sec 3.4.3.1  for ability to traverse very restrictive FWs, there is no additional requirement because of this usecase. I attached the exact note and relevant requirement in the mail for easy reference.

You're right - this note was a leftover when the requirements in section 3.1 were factored out to be "applicable to all scenarios".

The relevant point in 3.1 is:

   o  Clients can be on firewalled networks with no UDP allowed


So are you saying that we should add a requirement in 3.1 to say

 * Clients can be on firewalled network with no UDP or incoming TCP allowed

?
<Partha>  In sec 3.1, the requirement has to be updated as below for more clarity


1)       Clients can be on firewalled network with no UDP allowed and no incoming TCP allowed (ICE-TCP solution)

2)       Both clients in the session can be on firewalled network with no UDP allowed and no incoming TCP allowed

Also, firewall related requirement in the draft has to be updated as per the above.

</Partha>

Also, there is no additional requirement as part of Sec 3.4.1 (Telephony terminal) or Sec 3.4.2 (WebEx call) w.r.t to traverse very restrictive FW. I’m requesting for adding the explicit additional requirement in Sec 3.4.3.1 or  Sec 3.4.2.2 or Sec 3.4.3.3 to provide the better clarity between ICE-TCP based solution and TURN based solution. The requirement shall be in the line of:


“The browser should be able to send streams and data to a peer in the presence of NATs and FWs that block UDP traffic and incoming TCP connection.”

I have mailed these requirement change as part of http://www.ietf.org/mail-archive/web/rtcweb/current/msg09101.html in IETF RTCWeb WG. The requirement difference in this mail and archive is that “should” is mentioned here whereas “must” was mentioned earlier. Also update the existing NAT/FW requirement is to state both browser behind firewall scenario as follows:

“The browser must be able to send streams and data to a peer in the presence of NATs and FWs that block UDP traffic and incoming TCP connection in both browser side as well as in the peer side” (TURN only works)

Thanks
Partha

Note: Sec 3.4.3.1 note -
   This use-case adds requirements on support for fast stream
   switches F7, on encryption of media and on ability to traverse very
   restrictive FWs.  There exist several solutions that enable the
   server to forward one high resolution and several low resolution
   video streams: a) each browser could send a high resolution, but
   scalable stream, and the server could send just the base layer for
   the low resolution streams, b) each browser could in a simulcast
   fashion send one high resolution and one low resolution stream, and
   the server just selects or c) each browser sends just a high
   resolution stream, the server transcodes into low resolution streams
   as required.
3.4.3.2<http://tools.ietf.org/html/draft-ietf-rtcweb-use-cases-and-requirements-12#section-3.4.3.2>;.  Additional Requirements


   F17

   A17

Browser requirement:
--
 F17     The browser must be able to mix several
           audio streams.

F7      The browser must support insertion of reference frames
           in outgoing media streams when requested by a peer.



From: pntaw-bounces@ietf.org<mailto:pntaw-bounces@ietf.org> [mailto:pntaw-bounces@ietf.org] On Behalf Of ext Harald Alvestrand
Sent: Sunday, November 10, 2013 3:52 AM
To: Parthasarathi R; 'Justin Uberti'; Markus.Isomaki@nokia.com<mailto:Markus.Isomaki@nokia.com>
Cc: pntaw@ietf.org<mailto:pntaw@ietf.org>
Subject: Re: [pntaw] Real-time media over TCP

On 11/09/2013 10:55 AM, Parthasarathi R wrote:
Hi Justin,  Markus & all,

It is good to know that conference server usecase as well for ICE-TCP usage. I think that it is better to request for adding conference/IVR Server/Gateway with firewall usecases explicitly in the RTCWeb usecase & requirement document in case there is no other objection in this mail thread.

Section 3.4.3 "Video conferencing system with central server" seems to already cover this case.

In particular (from -12):

   Note: This use-case adds requirements on ..... ability to traverse very
   restrictive FWs.




Thanks
Partha

From: pntaw-bounces@ietf.org<mailto:pntaw-bounces@ietf.org> [mailto:pntaw-bounces@ietf.org] On Behalf Of Justin Uberti
Sent: Saturday, November 09, 2013 7:27 AM
To: Markus.Isomaki@nokia.com<mailto:Markus.Isomaki@nokia.com>
Cc: Harald Tveit Alvestrand; pntaw@ietf.org<mailto:pntaw@ietf.org>; Parthasarathi R
Subject: Re: [pntaw] Real-time media over TCP



On Fri, Nov 8, 2013 at 3:58 PM, <Markus.Isomaki@nokia.com<mailto:Markus.Isomaki@nokia.com>> wrote:
Hi Justin,

It’s great to hear that at least one browser will be able to do ICE-TCP. It is an optimization, but definitely a useful one for certain central server and gateway situations. I have heard also from other service/gateway providers that they want to avoid the TURN-TCP “hop” for the same reasons you state. After listening to them, I’d say ICE-TCP ought to be rather a “SHOULD” instead of “MAY” in the RTCWeb NAT traversal framework.

Sounds good.

I suppose that when real-time media runs over TCP, it is in general best to avoid bundling, but to run the different medias over separate TCP connections. That way a single lost packet only affects the rate of one of the medias instead of the aggregate.

That is an interesting idea, but I think it is probably difficult to make work because the BUNDLE decision happens separately from ICE candidate pair selection.

I think what we really want is some sort of multi-TCP transport, where we can open several simultaneous TCP connections and rotate between them. Or maybe a Minion TCP-based approach. These would have their own issues, but be conceptually simpler.

I wonder if you already have a plan in Chrome if and how to deal with HTTP (and TLS) restricted firewalls. Are you OK with the idea of connecting to a TURN server with HTTP CONNECT, or do you see some issues with that?

We already use HTTP CONNECT with ICE-TCP, TURN-TCP, and TURN-TLS. It works.

Markus


From: pntaw-bounces@ietf.org<mailto:pntaw-bounces@ietf.org> [mailto:pntaw-bounces@ietf.org<mailto:pntaw-bounces@ietf.org>] On Behalf Of ext Justin Uberti
Sent: 09 November, 2013 01:33
To: Parthasarathi R
Cc: Harald Alvestrand; pntaw@ietf.org<mailto:pntaw@ietf.org>

Subject: Re: [pntaw] Real-time media over TCP

FWIW: we use ICE-TCP to connect to a conferencing server, instead of TURN-TCP, to avoid the extra TURN hop and the whole TURN credentials business. It's an optimization for sure, but a useful one.

I don't think ICE-TCP will be all that useful for P2P connectivity in the near future. The scenarios that require ICE-TCP are the exact ones where simultaneous open will probably be impossible.

On Sun, Oct 20, 2013 at 9:10 AM, Parthasarathi R <partha@parthasarathi.co.in<mailto:partha@parthasarathi.co.in>> wrote:
Hi Harald & all,

I agree that ICE-TCP qualifies for "MAY" requirement in case both browsers
are behind firewall. ICE-TCP is good for usecase wherein only one of the
browsers is behind firewall. Existing WebRTC usecase namely FedEx call is
good example for only one browser behind firewall wherein IVR is not going
to be behind UDP blocking firewall. In those usecases, ICE-TCP candidates
has merits over TURN relay candidates. IMO, ICE-TCP MUST be considered.

The current WebRTC FW usecase is (accidentially) inline with one of the
browser behind firewall scenario as mentioned in sec 3.3.2.1 of
draft-ietf-rtcweb-use-cases-and-requirements-12:

"The difference is that one of the users is behind a NAT that blocks UDP
traffic."
Thanks
Partha

> -----Original Message-----
> From: pntaw-bounces@ietf.org<mailto:pntaw-bounces@ietf.org> [mailto:pntaw-bounces@ietf.org<mailto:pntaw-bounces@ietf.org>] On Behalf
> Of Harald Alvestrand
> Sent: Wednesday, October 16, 2013 5:33 PM
> To: pntaw@ietf.org<mailto:pntaw@ietf.org>
> Subject: Re: [pntaw] Real-time media over TCP
>
> On 10/15/2013 06:15 PM, Dan Wing wrote:
> > On Oct 14, 2013, at 11:02 PM, Tirumaleswar Reddy (tireddy)
> <tireddy@cisco.com<mailto:tireddy@cisco.com>> wrote:
> >
> >>> -----Original Message-----
> >>> From: pntaw-bounces@ietf.org<mailto:pntaw-bounces@ietf.org> [mailto:pntaw-bounces@ietf.org<mailto:pntaw-bounces@ietf.org>] On
> Behalf Of Dan
> >>> Wing (dwing)
> >>> Sent: Tuesday, October 15, 2013 5:31 AM
> >>> To: Markus.Isomaki@nokia.com<mailto:Markus.Isomaki@nokia.com>
> >>> Cc: pntaw@ietf.org<mailto:pntaw@ietf.org>; partha@parthasarathi.co.in<mailto:partha@parthasarathi.co.in>
> >>> Subject: Re: [pntaw] Real-time media over TCP
> >>>
> >>>
> >>> On Oct 14, 2013, at 12:06 PM, Markus.Isomaki@nokia.com<mailto:Markus.Isomaki@nokia.com> wrote:
> >>>
> >>>> Hi,
> >>>>
> >>>> In practice I doubt you find many situations where UDP is
> completely blocked
> >>> but incoming TCP connections from anywhere are allowed.
> >>>
> >>> Agreed.
> >>>
> >>> But if both ends are trying to communicate with each other, their
> >>> communications will appear as a TCP simultaneous-open.  That could
> (in fact,
> >>> "should") work across a firewall because the firewall will see an
> outbound SYN
> >>> to a host/port after which it will see an inbound SYN from that
> same
> >>> host/port.
> >> But firewall TCP inspection causes the inbound SYN from the same
> host/port to be dropped (Firewalls typically do not permit TCP
> simultaneous-open). Even with NAT as per the survey results in ICE TCP
> (http://tools.ietf.org/html/rfc6544#appendix-A) TCP simultaneous-open
> worked only in roughly 45% of the cases.
> > If avoiding TURN improves the user experience, and IT policy says TCP
> is allowed, I expect firewall vendors would make sure TCP simultaneous
> open works.
> >
> >
> If something improves the user experience if it is possible to do it,
> but the basic functionality works without it, and it's unclear whether
> the special circumstances under which it's going to improve the user
> experience in fact exist in the field, I think that's perfect for a MAY
> implement.
>
> _______________________________________________
> pntaw mailing list
> pntaw@ietf.org<mailto:pntaw@ietf.org>
> https://www.ietf.org/mailman/listinfo/pntaw

_______________________________________________
pntaw mailing list
pntaw@ietf.org<mailto:pntaw@ietf.org>
https://www.ietf.org/mailman/listinfo/pntaw







--

Surveillance is pervasive. Go Dark.




--

Surveillance is pervasive. Go Dark.