Re: [pntaw] Real-time media over TCP

<Markus.Isomaki@nokia.com> Thu, 14 November 2013 11:49 UTC

Return-Path: <Markus.Isomaki@nokia.com>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9063B21E821E for <pntaw@ietfa.amsl.com>; Thu, 14 Nov 2013 03:49:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.533
X-Spam-Level:
X-Spam-Status: No, score=-6.533 tagged_above=-999 required=5 tests=[AWL=0.065, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kdo9Nit98Gyi for <pntaw@ietfa.amsl.com>; Thu, 14 Nov 2013 03:49:44 -0800 (PST)
Received: from mgw-da02.nokia.com (smtp.nokia.com [147.243.128.26]) by ietfa.amsl.com (Postfix) with ESMTP id 1021C21E81EE for <pntaw@ietf.org>; Thu, 14 Nov 2013 03:49:28 -0800 (PST)
Received: from smtp.mgd.nokia.com ([65.54.30.60]) by mgw-da02.nokia.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id rAEBdDQe000459 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=OK); Thu, 14 Nov 2013 13:39:14 +0200
Received: from 008-AM1MPN1-043.mgdnok.nokia.com ([169.254.3.74]) by 008-AM1MMR1-005.mgdnok.nokia.com ([65.54.30.60]) with mapi id 14.03.0136.001; Thu, 14 Nov 2013 11:39:12 +0000
From: <Markus.Isomaki@nokia.com>
To: <juberti@google.com>
Thread-Topic: [pntaw] Real-time media over TCP
Thread-Index: AQHOpWlrwk9eq/rvIEmYBkw2NSNGdZmyI/aAgACifgCAAN6pAIAApSuAgAAM8oCAACMQgIA1SsoAgAAHUgCAAYcrAIAACRcAgAF6zgCAAAPgcIAAkKAAgAEIx4CAAS4k0IAE5epggAAK6QCAAA3RgIAAMVCAgAAA0lCAAFToAIAAZOYAgACrYYCAAUudgIAGjqCAgB5XvICAAAImwIAAJg0AgAh4fuA=
Date: Thu, 14 Nov 2013 11:39:12 +0000
Message-ID: <E44893DD4E290745BB608EB23FDDB7620A117700@008-AM1MPN1-043.mgdnok.nokia.com>
References: <CAGTXFp92jSzQz05uHngzscz88n=fT_JPbEvQRxgeUUqPVRQUyQ@mail.gmail.com> <00ca01cec387$f881cae0$e98560a0$@co.in> <BLU406-EAS274696C3D9DFE505F96B8E393130@phx.gbl> <004201cec44f$381a47f0$a84ed7d0$@co.in> <52544E0E.5080405@viagenie.ca> <003b01cec511$27e1abe0$77a503a0$@co.in> <E44893DD4E290745BB608EB23FDDB7620A0D672F@008-AM1MPN1-042.mgdnok.nokia.com> <9E34D50A21D1D1489134B4D770CE039768081AC9@SZXEMA504-MBX.china.huawei.com> <004e01cec5df$cf8daaf0$6ea900d0$@co.in> <E44893DD4E290745BB608EB23FDDB7620A0E2DC6@008-AM1MPN1-043.mgdnok.nokia.com> <9F33F40F6F2CD847824537F3C4E37DDF17BEFB3E@MCHP04MSX.global-ad.net> <BLU402-EAS357ECBFC621A567B9D3A7B4931A0@phx.gbl> <525C148F.8070502@gmail.com> <00d401cec90e$d688d5a0$839a80e0$@co.in> <A51F486D-3BC0-4090-80CD-B4A15AC3EE69@cisco.com> <913383AAA69FF945B8F946018B75898A2000EB57@xmb-rcd-x10.cisco.com> <8F31D947-AB62-431A-875D-FCBAA2D38290@cisco.com> <525E806B.5060401@alvestrand.no> <000801cecdae$f6713160$e3539420$@co.in> <CAOJ7v-3W7Kj_Bn7pTPs+=-wPZRSvC1DzAHB9=2cnK8JiAoK3ug@mail.gmail.com> <E44893DD4E290745BB608EB23FDDB7620A10CA55@008-AM1MPN1-041.mgdnok.nokia.com> <CAOJ7v-3E8a9ayfbvk1tN6pqBn-U1tjQ=id1MtYaESB1BnH+sGQ@mail.gmail.com>
In-Reply-To: <CAOJ7v-3E8a9ayfbvk1tN6pqBn-U1tjQ=id1MtYaESB1BnH+sGQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tituslabs-classifications-30: TLPropertyRoot=Nokia; Confidentiality=Nokia Internal Use Only; Project=None;
x-titus-version: 3.5.9.3
x-headerinfofordlp: None
x-tituslabs-classificationhash-30: VgNFIFU9Hx+/nZJb9Kg7IhueGIqUfGX1Vo3TN0QuXNLYJ0nYlxFdLFJ5gcB/PGe53F84VK518ganGlutIy+o0MU6sTNCUH7/ZKSzG1tsY08YZ1WSe3114qbZYLHJo/sijV3LmoKgzfDvxeg6LXMqY0XjGFDVD13ObRalSFs0aBBTUObDVKdYN/pUpib2TAy6Ie0vW48/ap31ZEtJhVVVpx2PW4Gb8laD1xJakbzopy9luigbwLJJQAWEdev5+7Kn
x-originating-ip: [10.163.169.10]
Content-Type: multipart/alternative; boundary="_000_E44893DD4E290745BB608EB23FDDB7620A117700008AM1MPN1043mg_"
MIME-Version: 1.0
X-Nokia-AV: Clean
Cc: harald@alvestrand.no, pntaw@ietf.org, partha@parthasarathi.co.in
Subject: Re: [pntaw] Real-time media over TCP
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Nov 2013 11:49:49 -0000

Justin,

One more clarification:
[Markus] I wonder if you already have a plan in Chrome if and how to deal with HTTP (and TLS) restricted firewalls. Are you OK with the idea of connecting to a TURN server with HTTP CONNECT, or do you see some issues with that?
[Justin] We already use HTTP CONNECT with ICE-TCP, TURN-TCP, and TURN-TLS. It works.

[Markus] So you use HTTP CONNECT to open the TCP connections for ICE-TCP too? And in this way you will basically never need to use TURN for the conference server or gateway type of case where the other peer is reachable by TCP? That would be cool. Now we would have to get this standardized somehow or just convince other browsers to do the same, as the standards path seems tricky and lengthy. Could you tell how you decide if HTTP CONNECT is needed or not? Do you do some connectivity tests in the background and cache the result, or do you do it for each RTCPeerConnection? Or do you just follow the HTTP proxy configuration rules and apply them to ICE-TCP and TURN?

Markus


From: ext Justin Uberti [mailto:juberti@google.com]
Sent: 09 November, 2013 03:57
To: Isomaki Markus (Nokia-CIC/Espoo)
Cc: Parthasarathi R; Harald Tveit Alvestrand; pntaw@ietf.org
Subject: Re: [pntaw] Real-time media over TCP



On Fri, Nov 8, 2013 at 3:58 PM, <Markus.Isomaki@nokia.com<mailto:Markus.Isomaki@nokia.com>> wrote:
Hi Justin,

It’s great to hear that at least one browser will be able to do ICE-TCP. It is an optimization, but definitely a useful one for certain central server and gateway situations. I have heard also from other service/gateway providers that they want to avoid the TURN-TCP “hop” for the same reasons you state. After listening to them, I’d say ICE-TCP ought to be rather a “SHOULD” instead of “MAY” in the RTCWeb NAT traversal framework.

Sounds good.

I suppose that when real-time media runs over TCP, it is in general best to avoid bundling, but to run the different medias over separate TCP connections. That way a single lost packet only affects the rate of one of the medias instead of the aggregate.

That is an interesting idea, but I think it is probably difficult to make work because the BUNDLE decision happens separately from ICE candidate pair selection.

I think what we really want is some sort of multi-TCP transport, where we can open several simultaneous TCP connections and rotate between them. Or maybe a Minion TCP-based approach. These would have their own issues, but be conceptually simpler.

I wonder if you already have a plan in Chrome if and how to deal with HTTP (and TLS) restricted firewalls. Are you OK with the idea of connecting to a TURN server with HTTP CONNECT, or do you see some issues with that?

We already use HTTP CONNECT with ICE-TCP, TURN-TCP, and TURN-TLS. It works.

Markus


From: pntaw-bounces@ietf.org<mailto:pntaw-bounces@ietf.org> [mailto:pntaw-bounces@ietf.org<mailto:pntaw-bounces@ietf.org>] On Behalf Of ext Justin Uberti
Sent: 09 November, 2013 01:33
To: Parthasarathi R
Cc: Harald Alvestrand; pntaw@ietf.org<mailto:pntaw@ietf.org>

Subject: Re: [pntaw] Real-time media over TCP

FWIW: we use ICE-TCP to connect to a conferencing server, instead of TURN-TCP, to avoid the extra TURN hop and the whole TURN credentials business. It's an optimization for sure, but a useful one.

I don't think ICE-TCP will be all that useful for P2P connectivity in the near future. The scenarios that require ICE-TCP are the exact ones where simultaneous open will probably be impossible.

On Sun, Oct 20, 2013 at 9:10 AM, Parthasarathi R <partha@parthasarathi.co.in<mailto:partha@parthasarathi.co.in>> wrote:
Hi Harald & all,

I agree that ICE-TCP qualifies for "MAY" requirement in case both browsers
are behind firewall. ICE-TCP is good for usecase wherein only one of the
browsers is behind firewall. Existing WebRTC usecase namely FedEx call is
good example for only one browser behind firewall wherein IVR is not going
to be behind UDP blocking firewall. In those usecases, ICE-TCP candidates
has merits over TURN relay candidates. IMO, ICE-TCP MUST be considered.

The current WebRTC FW usecase is (accidentially) inline with one of the
browser behind firewall scenario as mentioned in sec 3.3.2.1 of
draft-ietf-rtcweb-use-cases-and-requirements-12:

"The difference is that one of the users is behind a NAT that blocks UDP
traffic."
Thanks
Partha

> -----Original Message-----
> From: pntaw-bounces@ietf.org<mailto:pntaw-bounces@ietf.org> [mailto:pntaw-bounces@ietf.org<mailto:pntaw-bounces@ietf.org>] On Behalf
> Of Harald Alvestrand
> Sent: Wednesday, October 16, 2013 5:33 PM
> To: pntaw@ietf.org<mailto:pntaw@ietf.org>
> Subject: Re: [pntaw] Real-time media over TCP
>
> On 10/15/2013 06:15 PM, Dan Wing wrote:
> > On Oct 14, 2013, at 11:02 PM, Tirumaleswar Reddy (tireddy)
> <tireddy@cisco.com<mailto:tireddy@cisco.com>> wrote:
> >
> >>> -----Original Message-----
> >>> From: pntaw-bounces@ietf.org<mailto:pntaw-bounces@ietf.org> [mailto:pntaw-bounces@ietf.org<mailto:pntaw-bounces@ietf.org>] On
> Behalf Of Dan
> >>> Wing (dwing)
> >>> Sent: Tuesday, October 15, 2013 5:31 AM
> >>> To: Markus.Isomaki@nokia.com<mailto:Markus.Isomaki@nokia.com>
> >>> Cc: pntaw@ietf.org<mailto:pntaw@ietf.org>; partha@parthasarathi.co.in<mailto:partha@parthasarathi.co.in>
> >>> Subject: Re: [pntaw] Real-time media over TCP
> >>>
> >>>
> >>> On Oct 14, 2013, at 12:06 PM, Markus.Isomaki@nokia.com<mailto:Markus.Isomaki@nokia.com> wrote:
> >>>
> >>>> Hi,
> >>>>
> >>>> In practice I doubt you find many situations where UDP is
> completely blocked
> >>> but incoming TCP connections from anywhere are allowed.
> >>>
> >>> Agreed.
> >>>
> >>> But if both ends are trying to communicate with each other, their
> >>> communications will appear as a TCP simultaneous-open.  That could
> (in fact,
> >>> "should") work across a firewall because the firewall will see an
> outbound SYN
> >>> to a host/port after which it will see an inbound SYN from that
> same
> >>> host/port.
> >> But firewall TCP inspection causes the inbound SYN from the same
> host/port to be dropped (Firewalls typically do not permit TCP
> simultaneous-open). Even with NAT as per the survey results in ICE TCP
> (http://tools.ietf.org/html/rfc6544#appendix-A) TCP simultaneous-open
> worked only in roughly 45% of the cases.
> > If avoiding TURN improves the user experience, and IT policy says TCP
> is allowed, I expect firewall vendors would make sure TCP simultaneous
> open works.
> >
> >
> If something improves the user experience if it is possible to do it,
> but the basic functionality works without it, and it's unclear whether
> the special circumstances under which it's going to improve the user
> experience in fact exist in the field, I think that's perfect for a MAY
> implement.
>
> _______________________________________________
> pntaw mailing list
> pntaw@ietf.org<mailto:pntaw@ietf.org>
> https://www.ietf.org/mailman/listinfo/pntaw

_______________________________________________
pntaw mailing list
pntaw@ietf.org<mailto:pntaw@ietf.org>
https://www.ietf.org/mailman/listinfo/pntaw