IETF Logo Mail Archive

Re: Using QUIC to traverse NATs

David Schinazi <dschinazi.ietf@gmail.com> Tue, 18 July 2023 20:31 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C839C14F73E for <quic@ietfa.amsl.com>; Tue, 18 Jul 2023 13:31:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.093
X-Spam-Level:
X-Spam-Status: No, score=-2.093 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YyZC-j9FHv8S for <quic@ietfa.amsl.com>; Tue, 18 Jul 2023 13:31:32 -0700 (PDT)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F76BC1516F2 for <quic@ietf.org>; Tue, 18 Jul 2023 13:31:32 -0700 (PDT)
Received: by mail-lf1-x12a.google.com with SMTP id 2adb3069b0e04-4fb863edcb6so10314025e87.0 for <quic@ietf.org>; Tue, 18 Jul 2023 13:31:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689712290; x=1692304290; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=cE9OD/phemHUT4NFeBjSez16QWitF4yD2eW02VPUgZE=; b=MWvzd0fSVfx855PkQixsv1js1+oz/21o/5E+6hDJWZM0nFApT1LWKZeSqS9j/pOYQ8 TNm7YO/EyDntkzKsrYxUVU5+tIsYC5gPiLQ8i4+pfnkmB2RGOdw/edbDicerno5YUGmc C389UzUZgyoycNwPLelyN6/wDyze+1ncKzQtcYwtgXZ0JSs7ICKxp5lxsdtYhCiIQNNs f6YCb9fomj9IxuvovlmfTGiwrsmyJVdvnmxFrQ7Go8QLVHE2I8xueq+2TKDpz/m+U/yk EOpemp+P5Wbf5Q5+C8DHmPJ6XQI2F8jgczerVgtWjbbNtbibABUgXGbFemN+KeBQHmxI 6ZHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689712290; x=1692304290; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=cE9OD/phemHUT4NFeBjSez16QWitF4yD2eW02VPUgZE=; b=U3DTdBOZ1dYNCBDqs13kdDq1/K5TGOw25Ufbdm/Yyx3CIuGJSVQAW/oTCkYBdLGQk+ Owpnq7GPBfYMVpwlYpq8Dl0sbAVd40ZPcSCa/IERmYUiZJFWOfRSk0g+8Bqf4HpN6owr 2DfVuwFpUFYS2mbYajb2vmKudLHXn1rKWb+2TQY1Q5p4MgsO/O22bAt64CxiO9LQGI5l 1IL/bQGGKMLcaE100L9qqX6ypACA6dgj6Ite6NIR9k7aeRBLWbGgxmZDUIv337boXFXJ g7XuMjf2Jj/v7hKBbVS6tcetkMHNB/r2JnluKebP9Eoo/Juy6A6kDQIan3EY/pr9kaUS ix3g==
X-Gm-Message-State: ABy/qLYW33TQvoB49xheQL1XJKVHEClvJJIrvDCf5mxrEWL248dkn4vz zic9r2qzFwNNhHSPCaS6qtS7B7M1GUbiueLmekJu6zratus=
X-Google-Smtp-Source: APBJJlExfrZnYWWuQPXjeYXpH9yx9jKLcQoVEkEppow+3DnM1zQ5u6EKUQknnlzwPoKWZn2cs2CjeNYFlnBrOy4t65U=
X-Received: by 2002:a05:6512:3713:b0:4fa:5255:4fa3 with SMTP id z19-20020a056512371300b004fa52554fa3mr2418781lfr.5.1689712289676; Tue, 18 Jul 2023 13:31:29 -0700 (PDT)
MIME-Version: 1.0
References: <7d70026e-c8ea-d28d-5a5f-c2804b9dba73@in.tum.de> <0DF55C22-9D76-490C-9C85-6B639306190B@huitema.net>
In-Reply-To: <0DF55C22-9D76-490C-9C85-6B639306190B@huitema.net>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Tue, 18 Jul 2023 13:31:18 -0700
Message-ID: <CAPDSy+6XH5Ysio2pqdtKyj1LzirFdUR5TXwFdp_5C-buGxmmJA@mail.gmail.com>
Subject: Re: Using QUIC to traverse NATs
To: Christian Huitema <huitema@huitema.net>
Cc: Joerg Ott <ott@in.tum.de>, Marten Seemann <martenseemann@gmail.com>, QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000cc81ca0600c8ccd0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/hV3HSTjjbEeYwV7GyyP2fx4NhgU>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jul 2023 20:31:36 -0000

Overall this sounds like it could be useful for P2P QUIC, though the
presence of multiple modes sounds like the use-cases haven't been fleshed
out enough. What's the goal here?

Also, for this to work P2P, we'd need QUIC server migration since preferred
address doesn't let you try a list of ICE candidates. That or pull out the
multipath hammer.

FWIW, Tommy Chris and Eric had written up the address signaling part up one
pandemic ago:
https://datatracker.ietf.org/doc/draft-pauly-quic-address-extension/

David

On Tue, Jul 18, 2023 at 9:34 AM Christian Huitema <huitema@huitema.net>
wrote:

> I think that adding a Stun function to QUIC is very straightforward: add a
> frame "i see you from this address", have peers send it in connection
> responses or with path responses. That goes very well with the multipath
> extensions.
>
> Adding an address announce frame to Quic is also straightforward. It is
> also very useful in multipath operations: "you can contact me at this
> alternate address".
>
> After that, the missing part for ICE is the bidirectional probe. We can
> debate which is more complex, adding the function to Quic or coordinating
> ICE and Quic.
>
> -- Christian Huitema
>
> > On Jul 18, 2023, at 8:37 AM, Joerg Ott <ott@in.tum.de> wrote:
> >
> > Hi Marten,
> >
> > good writeup, thanks much; I am with Dan that the geenral direction
> > makes sense.  (We've been looking at the interaction with ICE for RTP-
> > over-QUIC).
> >
> > One bit I always struggle with ICE when using it together with a
> > powerful transport is not the initial setup but the subsequent
> > operation.
> >
> > When two ICE agents negotiate some addresses (and possibly do their path
> > probing), they will then hand over the transport addresses to be used
> > for the QUIC connection.  At this point, the state within ICE and the
> > state within QUIC agree.
> >
> > There are reasons for QUIC to update address information (take a NAT
> > rebinding or a preferred server address), but those won't necessarily
> > be propagated back to the ICE state machine, so the states start to
> > diverge.
> >
> > If you use ICE with plain old UDP, it'd be up to ICE to discover
> > changes and reconfigure address pairs, including probing.
> >
> > This doesn't have to be a issue but it may be useful to document how
> > ICE and QUIC are supposed to interact for error conditions and address
> > changes.
> >
> > Cheers,
> > Jörg
> >
> >> On 11.07.23 07:20, Marten Seemann wrote:
> >> I just submitted a new draft that describes how to do NAT traversal
> using QUIC:
> >> https://datatracker.ietf.org/doc/draft-seemann-quic-nat-traversal/ <
> https://datatracker.ietf.org/doc/draft-seemann-quic-nat-traversal/>
> >> The document defines 3 distinct modes. The first mode is the simplest
> one, first running ICE to completion to find a suitable path between two
> nodes, and then establishing a QUIC connection on that path.
> >> The other two modes use a proxied QUIC connection to do the ICE
> signaling (potentially using one of the protocols defined by the MASQUE
> WG), and then make use of QUIC connection migration to migrate to a better
> / direct path.
> >> This is an early draft version, and I wouldn’t be surprised if it
> wasn’t actually implementable, most likely due to my limited familiarity
> with ICE. I’d appreciate feedback if the general direction makes sense.
> >> Cheers,
> >> Marten
> >
>
>

v2.23.0 | Report a Bug | By Email