Re: [pntaw] Real-time media over TCP
Harald Alvestrand <harald@alvestrand.no> Sun, 10 November 2013 19:56 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7234E21E808A for <pntaw@ietfa.amsl.com>; Sun, 10 Nov 2013 11:56:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.505
X-Spam-Level:
X-Spam-Status: No, score=-110.505 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id elugNGfEOclw for <pntaw@ietfa.amsl.com>; Sun, 10 Nov 2013 11:56:00 -0800 (PST)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id B71AC21E8140 for <pntaw@ietf.org>; Sun, 10 Nov 2013 11:55:59 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id B686239E0FE; Sun, 10 Nov 2013 20:55:57 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 83LNyFmvTjP1; Sun, 10 Nov 2013 20:55:54 +0100 (CET)
Received: from [IPv6:2620:0:1008:100b:1557:8d5e:b224:830d] (unknown [IPv6:2620:0:1008:100b:1557:8d5e:b224:830d]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id D2B3539E03A; Sun, 10 Nov 2013 20:55:52 +0100 (CET)
Message-ID: <527FE4C6.7070903@alvestrand.no>
Date: Sun, 10 Nov 2013 20:55:50 +0100
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: "Ravindran, Parthasarathi (NSN - IN/Bangalore)" <parthasarathi.ravindran@nsn.com>
References: <CAGTXFp92jSzQz05uHngzscz88n=fT_JPbEvQRxgeUUqPVRQUyQ@mail.gmail.com> <004e01cec5df$cf8daaf0$6ea900d0$@co.in> <E44893DD4E290745BB608EB23FDDB7620A0E2DC6@008-AM1MPN1-043.mgdnok.nokia.com> <9F33F40F6F2CD847824537F3C4E37DDF17BEFB3E@MCHP04MSX.global-ad.net> <BLU402-EAS357ECBFC621A567B9D3A7B4931A0@phx.gbl> <525C148F.8070502@gmail.com> <00d401cec90e$d688d5a0$839a80e0$@co.in> <A51F486D-3BC0-4090-80CD-B4A15AC3EE69@cisco.com> <913383AAA69FF945B8F946018B75898A2000EB57@xmb-rcd-x10.cisco.com> <8F31D947-AB62-431A-875D-FCBAA2D38290@cisco.com> <525E806B.5060401@alvestrand.no> <000801cecdae$f6713160$e3539420$@co.in> <CAOJ7v-3W7Kj_Bn7pTPs+ =-wPZRSvC1DzAHB9=2cnK8 JiAoK3ug@mail.gmail.com> <E44893DD4E290745BB608EB23FDDB7620A10CA55@008-AM1MPN1-041.mgdnok.nokia.com> <CAOJ7v-3E8a9ayfbvk1tN6pqBn-U1tjQ=id1MtYaESB1BnH+sGQ@mail.gmail.com> <008801cedd31$e0031f00$a0095d00$@co.in> <527EB59F.5060108@alvestrand.no> <40AFDF4AF1909E4CB42B6D91CE6C419D19C62108@SGSIMBX006.nsn-intra.net>
In-Reply-To: <40AFDF4AF1909E4CB42B6D91CE6C419D19C62108@SGSIMBX006.nsn-intra.net>
X-Enigmail-Version: 1.6
Content-Type: multipart/alternative; boundary="------------040201010105020606000700"
Cc: "pntaw@ietf.org" <pntaw@ietf.org>
Subject: Re: [pntaw] Real-time media over TCP
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Nov 2013 19:56:05 -0000
On 11/10/2013 06:31 PM, Ravindran, Parthasarathi (NSN - IN/Bangalore) wrote: > > Hi Harald, > > > > Even though there is a note in Sec 3.4.3.1 for ability to traverse > very restrictive FWs, there is no additional requirement because of > this usecase. I attached the exact note and relevant requirement in > the mail for easy reference. > You're right - this note was a leftover when the requirements in section 3.1 were factored out to be "applicable to all scenarios". The relevant point in 3.1 is: o Clients can be on firewalled networks with no UDP allowed So are you saying that we should add a requirement in 3.1 to say * Clients can be on firewalled network with no UDP or incoming TCP allowed ? > Also, there is no additional requirement as part of Sec 3.4.1 > (Telephony terminal) or Sec 3.4.2 (WebEx call) w.r.t to traverse very > restrictive FW. I’m requesting for adding the explicit additional > requirement in Sec 3.4.3.1 or Sec 3.4.2.2 or Sec 3.4.3.3 to provide > the better clarity between ICE-TCP based solution and TURN based > solution. The requirement shall be in the line of: > > > > “The browser should be able to send streams and data to a peer in the > presence of NATs and FWs that block UDP traffic and incoming TCP > connection.” > > > > I have mailed these requirement change as part of > http://www.ietf.org/mail-archive/web/rtcweb/current/msg09101.html in > IETF RTCWeb WG. The requirement difference in this mail and archive is > that “should” is mentioned here whereas “must” was mentioned earlier. > Also update the existing NAT/FW requirement is to state both browser > behind firewall scenario as follows: > > > > “The browser must be able to send streams and data to a peer in the > presence of NATs and FWs that block UDP traffic and incoming TCP > connection in both browser side as well as in the peer side” (TURN > only works) > > > > Thanks > > Partha > > > > Note: Sec 3.4.3.1 note - > > This use-case adds requirements on support for fast stream > > switches F7, on encryption of media and on ability to traverse very > > restrictive FWs. There exist several solutions that enable the > > server to forward one high resolution and several low resolution > > video streams: a) each browser could send a high resolution, but > > scalable stream, and the server could send just the base layer for > > the low resolution streams, b) each browser could in a simulcast > > fashion send one high resolution and one low resolution stream, and > > the server just selects or c) each browser sends just a high > > resolution stream, the server transcodes into low resolution streams > > as required. > > *3.4.3.2* > <http://tools.ietf.org/html/draft-ietf-rtcweb-use-cases-and-requirements-12#section-3.4.3.2>*. > Additional Requirements* > > > > > > F17 > > > > A17 > > > > Browser requirement: > > -- > > F17 The browser must be able to mix several > > audio streams. > > > > F7 The browser must support insertion of reference frames > > in outgoing media streams when requested by a peer. > > > > > > > > *From:*pntaw-bounces@ietf.org [mailto:pntaw-bounces@ietf.org] *On > Behalf Of *ext Harald Alvestrand > *Sent:* Sunday, November 10, 2013 3:52 AM > *To:* Parthasarathi R; 'Justin Uberti'; Markus.Isomaki@nokia.com > *Cc:* pntaw@ietf.org > *Subject:* Re: [pntaw] Real-time media over TCP > > > > On 11/09/2013 10:55 AM, Parthasarathi R wrote: > > Hi Justin, Markus & all, > > > > It is good to know that conference server usecase as well for > ICE-TCP usage. I think that it is better to request for adding > conference/IVR Server/Gateway with firewall usecases explicitly in > the RTCWeb usecase & requirement document in case there is no > other objection in this mail thread. > > > Section 3.4.3 "Video conferencing system with central server" seems to > already cover this case. > > In particular (from -12): > > Note: This use-case adds requirements on ..... ability to traverse very > restrictive FWs. > > > > > Thanks > > Partha > > > > *From:*pntaw-bounces@ietf.org <mailto:pntaw-bounces@ietf.org> > [mailto:pntaw-bounces@ietf.org] *On Behalf Of *Justin Uberti > *Sent:* Saturday, November 09, 2013 7:27 AM > *To:* Markus.Isomaki@nokia.com <mailto:Markus.Isomaki@nokia.com> > *Cc:* Harald Tveit Alvestrand; pntaw@ietf.org <mailto:pntaw@ietf.org>; > Parthasarathi R > *Subject:* Re: [pntaw] Real-time media over TCP > > > > > > > > On Fri, Nov 8, 2013 at 3:58 PM, <Markus.Isomaki@nokia.com > <mailto:Markus.Isomaki@nokia.com>> wrote: > > Hi Justin, > > > > It’s great to hear that at least one browser will be able to do > ICE-TCP. It is an optimization, but definitely a useful one for > certain central server and gateway situations. I have heard also from > other service/gateway providers that they want to avoid the TURN-TCP > “hop” for the same reasons you state. After listening to them, I’d say > ICE-TCP ought to be rather a “SHOULD” instead of “MAY” in the RTCWeb > NAT traversal framework. > > > > Sounds good. > > > > I suppose that when real-time media runs over TCP, it is in > general best to avoid bundling, but to run the different medias > over separate TCP connections. That way a single lost packet only > affects the rate of one of the medias instead of the aggregate. > > > > That is an interesting idea, but I think it is probably difficult to > make work because the BUNDLE decision happens separately from ICE > candidate pair selection. > > > > I think what we really want is some sort of multi-TCP transport, where > we can open several simultaneous TCP connections and rotate between > them. Or maybe a Minion TCP-based approach. These would have their own > issues, but be conceptually simpler. > > > > I wonder if you already have a plan in Chrome if and how to deal > with HTTP (and TLS) restricted firewalls. Are you OK with the idea > of connecting to a TURN server with HTTP CONNECT, or do you see > some issues with that? > > > > We already use HTTP CONNECT with ICE-TCP, TURN-TCP, and TURN-TLS. It > works. > > > > Markus > > > > > > *From:*pntaw-bounces@ietf.org <mailto:pntaw-bounces@ietf.org> > [mailto:pntaw-bounces@ietf.org <mailto:pntaw-bounces@ietf.org>] > *On Behalf Of *ext Justin Uberti > *Sent:* 09 November, 2013 01:33 > *To:* Parthasarathi R > *Cc:* Harald Alvestrand; pntaw@ietf.org <mailto:pntaw@ietf.org> > > > *Subject:* Re: [pntaw] Real-time media over TCP > > > > FWIW: we use ICE-TCP to connect to a conferencing server, instead > of TURN-TCP, to avoid the extra TURN hop and the whole TURN > credentials business. It's an optimization for sure, but a useful one. > > > > I don't think ICE-TCP will be all that useful for P2P connectivity > in the near future. The scenarios that require ICE-TCP are the > exact ones where simultaneous open will probably be impossible. > > > > On Sun, Oct 20, 2013 at 9:10 AM, Parthasarathi R > <partha@parthasarathi.co.in <mailto:partha@parthasarathi.co.in>> > wrote: > > Hi Harald & all, > > I agree that ICE-TCP qualifies for "MAY" requirement in case both > browsers > are behind firewall. ICE-TCP is good for usecase wherein only one > of the > browsers is behind firewall. Existing WebRTC usecase namely FedEx > call is > good example for only one browser behind firewall wherein IVR is > not going > to be behind UDP blocking firewall. In those usecases, ICE-TCP > candidates > has merits over TURN relay candidates. IMO, ICE-TCP MUST be > considered. > > The current WebRTC FW usecase is (accidentially) inline with one > of the > browser behind firewall scenario as mentioned in sec 3.3.2.1 of > draft-ietf-rtcweb-use-cases-and-requirements-12: > > > "The difference is that one of the users is behind a NAT that > blocks UDP > traffic." > > Thanks > Partha > > > > -----Original Message----- > > From: pntaw-bounces@ietf.org <mailto:pntaw-bounces@ietf.org> > [mailto:pntaw-bounces@ietf.org <mailto:pntaw-bounces@ietf.org>] On > Behalf > > > Of Harald Alvestrand > > Sent: Wednesday, October 16, 2013 5:33 PM > > To: pntaw@ietf.org <mailto:pntaw@ietf.org> > > Subject: Re: [pntaw] Real-time media over TCP > > > > On 10/15/2013 06:15 PM, Dan Wing wrote: > > > On Oct 14, 2013, at 11:02 PM, Tirumaleswar Reddy (tireddy) > > <tireddy@cisco.com <mailto:tireddy@cisco.com>> wrote: > > > > > >>> -----Original Message----- > > >>> From: pntaw-bounces@ietf.org <mailto:pntaw-bounces@ietf.org> > [mailto:pntaw-bounces@ietf.org <mailto:pntaw-bounces@ietf.org>] On > > Behalf Of Dan > > >>> Wing (dwing) > > >>> Sent: Tuesday, October 15, 2013 5:31 AM > > >>> To: Markus.Isomaki@nokia.com <mailto:Markus.Isomaki@nokia.com> > > >>> Cc: pntaw@ietf.org <mailto:pntaw@ietf.org>; > partha@parthasarathi.co.in <mailto:partha@parthasarathi.co.in> > > >>> Subject: Re: [pntaw] Real-time media over TCP > > >>> > > >>> > > >>> On Oct 14, 2013, at 12:06 PM, Markus.Isomaki@nokia.com > <mailto:Markus.Isomaki@nokia.com> wrote: > > >>> > > >>>> Hi, > > >>>> > > >>>> In practice I doubt you find many situations where UDP is > > completely blocked > > >>> but incoming TCP connections from anywhere are allowed. > > >>> > > >>> Agreed. > > >>> > > >>> But if both ends are trying to communicate with each other, > their > > >>> communications will appear as a TCP simultaneous-open. That > could > > (in fact, > > >>> "should") work across a firewall because the firewall will > see an > > outbound SYN > > >>> to a host/port after which it will see an inbound SYN from that > > same > > >>> host/port. > > >> But firewall TCP inspection causes the inbound SYN from the same > > host/port to be dropped (Firewalls typically do not permit TCP > > simultaneous-open). Even with NAT as per the survey results in > ICE TCP > > (http://tools.ietf.org/html/rfc6544#appendix-A) TCP > simultaneous-open > > worked only in roughly 45% of the cases. > > > If avoiding TURN improves the user experience, and IT policy > says TCP > > is allowed, I expect firewall vendors would make sure TCP > simultaneous > > open works. > > > > > > > > If something improves the user experience if it is possible to > do it, > > but the basic functionality works without it, and it's unclear > whether > > the special circumstances under which it's going to improve the user > > experience in fact exist in the field, I think that's perfect > for a MAY > > implement. > > > > _______________________________________________ > > pntaw mailing list > > pntaw@ietf.org <mailto:pntaw@ietf.org> > > https://www.ietf.org/mailman/listinfo/pntaw > > _______________________________________________ > pntaw mailing list > pntaw@ietf.org <mailto:pntaw@ietf.org> > https://www.ietf.org/mailman/listinfo/pntaw > > > > > > > > > -- > Surveillance is pervasive. Go Dark. -- Surveillance is pervasive. Go Dark.
- [pntaw] Real-time media over TCP Victor Pascual Avila
- Re: [pntaw] Real-time media over TCP Harald Alvestrand
- Re: [pntaw] Real-time media over TCP Bernard Aboba
- Re: [pntaw] Real-time media over TCP Bernard Aboba
- Re: [pntaw] Real-time media over TCP Harald Alvestrand
- Re: [pntaw] Real-time media over TCP Dan Wing
- Re: [pntaw] Real-time media over TCP Harald Alvestrand
- Re: [pntaw] Real-time media over TCP Dan Wing
- Re: [pntaw] Real-time media over TCP Parthasarathi R
- Re: [pntaw] Real-time media over TCP Bernard Aboba
- Re: [pntaw] Real-time media over TCP Dan Wing
- Re: [pntaw] Real-time media over TCP Michael Tuexen
- Re: [pntaw] Real-time media over TCP Dan Wing
- Re: [pntaw] Real-time media over TCP Harald Alvestrand
- Re: [pntaw] Real-time media over TCP Harald Alvestrand
- Re: [pntaw] Real-time media over TCP Michael Tuexen
- Re: [pntaw] Real-time media over TCP Dan Wing
- Re: [pntaw] Real-time media over TCP Parthasarathi R
- Re: [pntaw] Real-time media over TCP Simon Perreault
- Re: [pntaw] Real-time media over TCP Paul Kyzivat
- Re: [pntaw] Real-time media over TCP Parthasarathi R
- Re: [pntaw] Real-time media over TCP Markus.Isomaki
- Re: [pntaw] Real-time media over TCP Markus.Isomaki
- Re: [pntaw] Real-time media over TCP Paul Kyzivat
- Re: [pntaw] Real-time media over TCP Chenxin (Xin)
- Re: [pntaw] Real-time media over TCP Parthasarathi R
- Re: [pntaw] Real-time media over TCP Chenxin (Xin)
- Re: [pntaw] Real-time media over TCP Markus.Isomaki
- Re: [pntaw] Real-time media over TCP Hutton, Andrew
- Re: [pntaw] Real-time media over TCP Bernard Aboba
- Re: [pntaw] Real-time media over TCP Sergio Garcia Murillo
- Re: [pntaw] Real-time media over TCP Parthasarathi R
- Re: [pntaw] Real-time media over TCP Parthasarathi R
- Re: [pntaw] Real-time media over TCP Markus.Isomaki
- Re: [pntaw] Real-time media over TCP Paul Kyzivat
- Re: [pntaw] Real-time media over TCP Dan Wing
- Re: [pntaw] Real-time media over TCP Dan Wing
- Re: [pntaw] Real-time media over TCP Ted Hardie
- Re: [pntaw] Real-time media over TCP Dan Wing
- Re: [pntaw] Real-time media over TCP Tirumaleswar Reddy (tireddy)
- Re: [pntaw] Real-time media over TCP Dan Wing
- Re: [pntaw] Real-time media over TCP Harald Alvestrand
- Re: [pntaw] Real-time media over TCP Parthasarathi R
- Re: [pntaw] Real-time media over TCP Justin Uberti
- Re: [pntaw] Real-time media over TCP Markus.Isomaki
- Re: [pntaw] Real-time media over TCP Justin Uberti
- Re: [pntaw] Real-time media over TCP Parthasarathi R
- Re: [pntaw] Real-time media over TCP Harald Alvestrand
- Re: [pntaw] Real-time media over TCP Ravindran, Parthasarathi (NSN - IN/Bangalore)
- Re: [pntaw] Real-time media over TCP Harald Alvestrand
- Re: [pntaw] Real-time media over TCP Ravindran, Parthasarathi (NSN - IN/Bangalore)
- Re: [pntaw] Real-time media over TCP Markus.Isomaki
- Re: [pntaw] Real-time media over TCP Justin Uberti