IETF Logo Mail Archive

Re: [pntaw] Real-time media over TCP

Harald Alvestrand <harald@alvestrand.no> Sat, 09 November 2013 22:22 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C38911E819C for <pntaw@ietfa.amsl.com>; Sat, 9 Nov 2013 14:22:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.598
X-Spam-Level:
X-Spam-Status: No, score=-110.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iwCxrGjZ7fmI for <pntaw@ietfa.amsl.com>; Sat, 9 Nov 2013 14:22:32 -0800 (PST)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 0628611E8189 for <pntaw@ietf.org>; Sat, 9 Nov 2013 14:22:32 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 17F2539E474; Sat, 9 Nov 2013 23:22:30 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2uyulc-ZSGBb; Sat, 9 Nov 2013 23:22:27 +0100 (CET)
Received: from [10.199.3.179] (209-82-80-116.dedicated.allstream.net [209.82.80.116]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id 543A639E062; Sat, 9 Nov 2013 23:22:26 +0100 (CET)
Message-ID: <527EB59F.5060108@alvestrand.no>
Date: Sat, 09 Nov 2013 23:22:23 +0100
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Parthasarathi R <partha@parthasarathi.co.in>, 'Justin Uberti' <juberti@google.com>, Markus.Isomaki@nokia.com
References: <CAGTXFp92jSzQz05uHngzscz88n=fT_JPbEvQRxgeUUqPVRQUyQ@mail.gmail.com> <9E34D50A21D1D1489134B4D770CE039768081AC9@SZXEMA504-MBX.china.huawei.com> <004e01cec5df$cf8daaf0$6ea900d0$@co.in> <E44893DD4E290745BB608EB23FDDB7620A0E2DC6@008-AM1MPN1-043.mgdnok.nokia.com> <9F33F40F6F2CD847824537F3C4E37DDF17BEFB3E@MCHP04MSX.global-ad.net> <BLU402-EAS357ECBFC621A567B9D3A7B4931A0@phx.gbl> <525C148F.8070502@gmail.com> <00d401cec90e$d688d5a0$839a80e0$@co.in> <A51F486D-3BC0-4090-80CD-B4A15AC3EE69@cisco.com> <913383AAA69FF945B8F946018B75898A2000EB57@xmb-rcd-x10.cisco.com> <8F31D947-AB62-431A-875D-FCBAA2D38290@cisco.com> <525E806B.5060401@alvestrand.no> <000801cecdae$f6713160$e3539420$@co.in> <CAOJ7v-3W7Kj_Bn7pTPs+ =-wPZRSvC1DzAHB9=2cnK8 JiAoK3ug@mail.gmail.com> <E44893DD4E290745BB608EB23FDDB7620A10CA55@008-AM1MPN1-041.mgdnok.nokia.com> <CAOJ7v-3E8a9ayfbvk1tN6pqBn-U1tjQ=id1MtYaESB1BnH+sGQ@mail.gmail.com> <008801cedd31$e0031f00$a0095d00$@co.in>
In-Reply-To: <008801cedd31$e0031f00$a0095d00$@co.in>
X-Enigmail-Version: 1.6
Content-Type: multipart/alternative; boundary="------------070501060308050002060300"
Cc: pntaw@ietf.org
Subject: Re: [pntaw] Real-time media over TCP
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Nov 2013 22:22:37 -0000

On 11/09/2013 10:55 AM, Parthasarathi R wrote:
>
> Hi Justin,  Markus & all,
>
>  
>
> It is good to know that conference server usecase as well for ICE-TCP
> usage. I think that it is better to request for adding conference/IVR
> Server/Gateway with firewall usecases explicitly in the RTCWeb usecase
> & requirement document in case there is no other objection in this
> mail thread.
>

Section 3.4.3 "Video conferencing system with central server" seems to
already cover this case.

In particular (from -12):

   Note: This use-case adds requirements on ..... ability to traverse very
   restrictive FWs.

>  
>
> Thanks
>
> Partha
>
>  
>
> *From:*pntaw-bounces@ietf.org [mailto:pntaw-bounces@ietf.org] *On
> Behalf Of *Justin Uberti
> *Sent:* Saturday, November 09, 2013 7:27 AM
> *To:* Markus.Isomaki@nokia.com
> *Cc:* Harald Tveit Alvestrand; pntaw@ietf.org; Parthasarathi R
> *Subject:* Re: [pntaw] Real-time media over TCP
>
>  
>
>  
>
>  
>
> On Fri, Nov 8, 2013 at 3:58 PM, <Markus.Isomaki@nokia.com
> <mailto:Markus.Isomaki@nokia.com>> wrote:
>
> Hi Justin,
>
>  
>
> It’s great to hear that at least one browser will be able to do
> ICE-TCP. It is an optimization, but definitely a useful one for
> certain central server and gateway situations. I have heard also from
> other service/gateway providers that they want to avoid the TURN-TCP
> “hop” for the same reasons you state. After listening to them, I’d say
> ICE-TCP ought to be rather a “SHOULD” instead of “MAY” in the RTCWeb
> NAT traversal framework.  
>
>  
>
> Sounds good. 
>
>      
>
>     I suppose that when real-time media runs over TCP, it is in
>     general best to avoid bundling, but to run the different medias
>     over separate TCP connections. That way a single lost packet only
>     affects the rate of one of the medias instead of the aggregate.
>
>      
>
> That is an interesting idea, but I think it is probably difficult to
> make work because the BUNDLE decision happens separately from ICE
> candidate pair selection.
>
>  
>
> I think what we really want is some sort of multi-TCP transport, where
> we can open several simultaneous TCP connections and rotate between
> them. Or maybe a Minion TCP-based approach. These would have their own
> issues, but be conceptually simpler.
>
>  
>
>     I wonder if you already have a plan in Chrome if and how to deal
>     with HTTP (and TLS) restricted firewalls. Are you OK with the idea
>     of connecting to a TURN server with HTTP CONNECT, or do you see
>     some issues with that?  
>
>  
>
> We already use HTTP CONNECT with ICE-TCP, TURN-TCP, and TURN-TLS. It
> works. 
>
>      
>
>     Markus
>
>      
>
>      
>
>     *From:*pntaw-bounces@ietf.org <mailto:pntaw-bounces@ietf.org>
>     [mailto:pntaw-bounces@ietf.org <mailto:pntaw-bounces@ietf.org>]
>     *On Behalf Of *ext Justin Uberti
>     *Sent:* 09 November, 2013 01:33
>     *To:* Parthasarathi R
>     *Cc:* Harald Alvestrand; pntaw@ietf.org <mailto:pntaw@ietf.org>
>
>
>     *Subject:* Re: [pntaw] Real-time media over TCP
>
>      
>
>     FWIW: we use ICE-TCP to connect to a conferencing server, instead
>     of TURN-TCP, to avoid the extra TURN hop and the whole TURN
>     credentials business. It's an optimization for sure, but a useful one.
>
>      
>
>     I don't think ICE-TCP will be all that useful for P2P connectivity
>     in the near future. The scenarios that require ICE-TCP are the
>     exact ones where simultaneous open will probably be impossible.
>
>      
>
>     On Sun, Oct 20, 2013 at 9:10 AM, Parthasarathi R
>     <partha@parthasarathi.co.in <mailto:partha@parthasarathi.co.in>>
>     wrote:
>
>     Hi Harald & all,
>
>     I agree that ICE-TCP qualifies for "MAY" requirement in case both
>     browsers
>     are behind firewall. ICE-TCP is good for usecase wherein only one
>     of the
>     browsers is behind firewall. Existing WebRTC usecase namely FedEx
>     call is
>     good example for only one browser behind firewall wherein IVR is
>     not going
>     to be behind UDP blocking firewall. In those usecases, ICE-TCP
>     candidates
>     has merits over TURN relay candidates. IMO, ICE-TCP MUST be
>     considered.
>
>     The current WebRTC FW usecase is (accidentially) inline with one
>     of the
>     browser behind firewall scenario as mentioned in sec 3.3.2.1 of
>     draft-ietf-rtcweb-use-cases-and-requirements-12:
>
>
>     "The difference is that one of the users is behind a NAT that
>     blocks UDP
>     traffic."
>
>     Thanks
>     Partha
>
>
>     > -----Original Message-----
>     > From: pntaw-bounces@ietf.org <mailto:pntaw-bounces@ietf.org>
>     [mailto:pntaw-bounces@ietf.org <mailto:pntaw-bounces@ietf.org>] On
>     Behalf
>
>     > Of Harald Alvestrand
>     > Sent: Wednesday, October 16, 2013 5:33 PM
>     > To: pntaw@ietf.org <mailto:pntaw@ietf.org>
>     > Subject: Re: [pntaw] Real-time media over TCP
>     >
>     > On 10/15/2013 06:15 PM, Dan Wing wrote:
>     > > On Oct 14, 2013, at 11:02 PM, Tirumaleswar Reddy (tireddy)
>     > <tireddy@cisco.com <mailto:tireddy@cisco.com>> wrote:
>     > >
>     > >>> -----Original Message-----
>     > >>> From: pntaw-bounces@ietf.org <mailto:pntaw-bounces@ietf.org>
>     [mailto:pntaw-bounces@ietf.org <mailto:pntaw-bounces@ietf.org>] On
>     > Behalf Of Dan
>     > >>> Wing (dwing)
>     > >>> Sent: Tuesday, October 15, 2013 5:31 AM
>     > >>> To: Markus.Isomaki@nokia.com <mailto:Markus.Isomaki@nokia.com>
>     > >>> Cc: pntaw@ietf.org <mailto:pntaw@ietf.org>;
>     partha@parthasarathi.co.in <mailto:partha@parthasarathi.co.in>
>     > >>> Subject: Re: [pntaw] Real-time media over TCP
>     > >>>
>     > >>>
>     > >>> On Oct 14, 2013, at 12:06 PM, Markus.Isomaki@nokia.com
>     <mailto:Markus.Isomaki@nokia.com> wrote:
>     > >>>
>     > >>>> Hi,
>     > >>>>
>     > >>>> In practice I doubt you find many situations where UDP is
>     > completely blocked
>     > >>> but incoming TCP connections from anywhere are allowed.
>     > >>>
>     > >>> Agreed.
>     > >>>
>     > >>> But if both ends are trying to communicate with each other,
>     their
>     > >>> communications will appear as a TCP simultaneous-open.  That
>     could
>     > (in fact,
>     > >>> "should") work across a firewall because the firewall will
>     see an
>     > outbound SYN
>     > >>> to a host/port after which it will see an inbound SYN from that
>     > same
>     > >>> host/port.
>     > >> But firewall TCP inspection causes the inbound SYN from the same
>     > host/port to be dropped (Firewalls typically do not permit TCP
>     > simultaneous-open). Even with NAT as per the survey results in
>     ICE TCP
>     > (http://tools.ietf.org/html/rfc6544#appendix-A) TCP
>     simultaneous-open
>     > worked only in roughly 45% of the cases.
>     > > If avoiding TURN improves the user experience, and IT policy
>     says TCP
>     > is allowed, I expect firewall vendors would make sure TCP
>     simultaneous
>     > open works.
>     > >
>     > >
>     > If something improves the user experience if it is possible to
>     do it,
>     > but the basic functionality works without it, and it's unclear
>     whether
>     > the special circumstances under which it's going to improve the user
>     > experience in fact exist in the field, I think that's perfect
>     for a MAY
>     > implement.
>     >
>     > _______________________________________________
>     > pntaw mailing list
>     > pntaw@ietf.org <mailto:pntaw@ietf.org>
>     > https://www.ietf.org/mailman/listinfo/pntaw
>
>     _______________________________________________
>     pntaw mailing list
>     pntaw@ietf.org <mailto:pntaw@ietf.org>
>     https://www.ietf.org/mailman/listinfo/pntaw
>
>      
>
>  
>


-- 
Surveillance is pervasive. Go Dark.

v2.23.0 | Report a Bug | By Email