IETF Logo Mail Archive

Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations

"Hutton, Andrew" <andrew.hutton@siemens-enterprise.com> Sun, 22 September 2013 20:57 UTC

Return-Path: <andrew.hutton@siemens-enterprise.com>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1512611E8150 for <pntaw@ietfa.amsl.com>; Sun, 22 Sep 2013 13:57:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.495
X-Spam-Level:
X-Spam-Status: No, score=-2.495 tagged_above=-999 required=5 tests=[AWL=-0.052, BAYES_00=-2.599, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uJ4AKYtNqoS9 for <pntaw@ietfa.amsl.com>; Sun, 22 Sep 2013 13:57:38 -0700 (PDT)
Received: from senmx11-mx.siemens-enterprise.com (senmx11-mx.siemens-enterprise.com [62.134.46.9]) by ietfa.amsl.com (Postfix) with ESMTP id 8E42511E814B for <pntaw@ietf.org>; Sun, 22 Sep 2013 13:57:38 -0700 (PDT)
Received: from MCHP01HTC.global-ad.net (unknown [172.29.42.234]) by senmx11-mx.siemens-enterprise.com (Server) with ESMTP id EAB6B1EB84AF; Sun, 22 Sep 2013 22:57:34 +0200 (CEST)
Received: from MCHP04MSX.global-ad.net ([169.254.1.31]) by MCHP01HTC.global-ad.net ([172.29.42.234]) with mapi id 14.03.0123.003; Sun, 22 Sep 2013 22:57:18 +0200
From: "Hutton, Andrew" <andrew.hutton@siemens-enterprise.com>
To: Oleg Moskalenko <mom040267@gmail.com>
Thread-Topic: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations
Thread-Index: AQHOty6dHXvkSE0Gr0i5b3/uOa64/JnSN+zQ
Date: Sun, 22 Sep 2013 20:57:18 +0000
Message-ID: <9F33F40F6F2CD847824537F3C4E37DDF17BD08EA@MCHP04MSX.global-ad.net>
References: <9F33F40F6F2CD847824537F3C4E37DDF17BCF3A5@MCHP04MSX.global-ad.net> <523CCD06.3030902@gmail.com> <BLU169-W136A55AC013DA147313576D93220@phx.gbl> <523CD42E.8070102@gmail.com> <BLU169-W82036280852F26ED26283C93230@phx.gbl> <523D4F17.2040202@gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF17BD01A8@MCHP04MSX.global-ad.net> <CALDtMrL5pT3MfbQufCphEKq0-pXj+JcfwW__wzG3T6wZ=TuWhg@mail.gmail.com>
In-Reply-To: <CALDtMrL5pT3MfbQufCphEKq0-pXj+JcfwW__wzG3T6wZ=TuWhg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.29.42.225]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Bernard Aboba <bernard_aboba@hotmail.com>, "pntaw@ietf.org" <pntaw@ietf.org>, Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Subject: Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Sep 2013 20:57:43 -0000

On: 22 September 2013 01:57 Oleg Moskalenko WroteL
> 
> HTTP Connect, indeed, may allow a similar functionality. But it will
> require two things: a proxy configuration in the browsers, and an HTTP
> Proxy set by enterprise IT department. That may be a challenge for a
> new WebRTC project in an enterprise environment.

[AndyH] - The case of an enterprise WebRTC project taking place under the control of the enterprise IT department although within scope is not the prime reason for wanting the HTTP Connect mechanism.  There are various options for this use case and the important thing is that the browser behavior is standardized and understood by the IT department.

Probably more important at least for early deployments is making sure that a WebRTC service external to the enterprise is accessible when there is no IT department or when the IT department is not WebRTC aware and just wants it to work.  The power of WebRTC is that it brings new type of media to the web and it just has to work by default with additional controls possible if the network administrator wants to use them. If an enterprise already has a Web/HTTP Proxy deployed and a firewall configured to allow web traffic to flow via the proxy then this should also work when accessing WebRTC services. This has nothing to do with an enterprise deploying WebRTC for its own use.


> This draft allows transparent connection and operation, unlike the HTTP
> proxy case.
> There are tools (websockify) which make possible to use this draft with
> the existing TURN servers. 
> Putting the burden on the TURN server
> provider and maintainer is easier in most cases than negotiating new IT
> requirements with the enterprise IT managers.

[AndyH] As I tried to explain above the use case of prime importance is getting WebRTC to work with existing infrastructure and without requiring an enterprise to deploy stuff just because an enterprise user wants to use a WebRTC service maybe on a single use basis such communicating with a suppliers call centre.


> Of course, advanced TURN servers may include it as part of the TURN
> server implementation.
> 
> Oleg
> 
> On Sat, Sep 21, 2013 at 3:48 PM, Hutton, Andrew <andrew.hutton@siemens-
> enterprise.com> wrote:
> 
> I just don't see any advantage in the TURN over Websockets approach
> over the HTTP Connect initiated tunnel which works without any new
> protocol and therefore works with existing TURN servers.
> 
> Andy
>

v2.23.0 | Report a Bug | By Email