[rtcweb] [mmusic] TURN server address via DHCP, WGLC of draft-ietf-rtcweb-use-cases-and-requirements-11

"Karl Stahl" <karl.stahl@intertex.se> Tue, 01 October 2013 00:13 UTC

Return-Path: <karl.stahl@intertex.se>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 4531D21F9B6A for <rtcweb@ietfa.amsl.com>; Mon, 30 Sep 2013 17:13:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[AWL=0.062, BAYES_00=-2.599, HTML_MESSAGE=0.001, MSGID_MULTIPLE_AT=1.449, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id IYI1ijR2pEyQ for <rtcweb@ietfa.amsl.com>; Mon, 30 Sep 2013 17:13:21 -0700 (PDT)
Received: from smtp.it-norr.com (smtp.it-norr.com []) by ietfa.amsl.com (Postfix) with ESMTP id 4DDF721F87BB for <rtcweb@ietf.org>; Mon, 30 Sep 2013 17:13:17 -0700 (PDT)
Received: from ([]) by smtp.it-norr.com (Telecom3 SMTP service) with ASMTP id 201310010213135552; Tue, 01 Oct 2013 02:13:13 +0200
From: Karl Stahl <karl.stahl@intertex.se>
To: 'Bernard Aboba' <bernard_aboba@hotmail.com>, 'Harald Alvestrand' <harald@alvestrand.no>, 'Justin Uberti' <juberti@google.com>, "'Cullen Jennings (fluffy)'" <fluffy@cisco.com>, draft-ietf-rtcweb-use-cases-and-requirements@tools.ietf.org
References: <C5E08FE080ACFD4DAE31E4BDBF944EB11667BBA0@xmb-aln-x02.cisco.com>, <523c6d3d.c9d1440a.3b96.7499SMTPIN_ADDED_BROKEN@mx.google.com>, <CAD6AjGRXr5kPRQdN+4jkgXHciN3NE7HiRmsb7kaYuzwHEPa7ZA@mail.gmail.com>, <C5E08FE080ACFD4DAE31E4BDBF944EB1166CC702@xmb-aln-x02.cisco.com>, <5244104D.4010401@alvestrand.no>, <CABkgnnWyYCdpSxXyiYb+4BzMpME85671x5JzxJX08RiyQd+SFQ@mail.gmail.com> <BLU169-W98EC710F291837B36C14F0932B0@phx.gbl>
In-Reply-To: <BLU169-W98EC710F291837B36C14F0932B0@phx.gbl>
Date: Tue, 01 Oct 2013 02:13:15 +0200
Message-ID: <017f01cebe3b$06368fb0$12a3af10$@stahl>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0180_01CEBE4B.C9BF5FB0"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac68rJPGf1nVlxN8TCCe8Rc2sVrIsQBdij2Q
Content-Language: sv
Cc: rtcweb@ietf.org
Subject: [rtcweb] [mmusic] TURN server address via DHCP, WGLC of draft-ietf-rtcweb-use-cases-and-requirements-11
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2013 00:13:26 -0000

I happily withdraw my suggestion to use DHCP to find a network provider
offered TURN server in favor of the DNS-Based Service Discovery method
(inserted last below). The major problem with the DHCP usage was that you
then also have to do something similar for: RA - Router Advertisement - in
IPv6, addition to the IPCP protocol for PPPoE and something for the mobile
OTT channel – wherever DHCP is NOT the method to give you an IP address.



> On Thu, Sep 27, 2013 Justin Uberti wrote:

> Agree. I still think that extending PAC files to include TURN information
is the right way to go.

> PAC files can already be discovered via DHCP or DNS, there is no need to
reinvent this wheel.


>>On Thu, Sep 26, 2013 at 4:55 PM, Cullen Jennings (fluffy) <
<mailto:fluffy@cisco.com> fluffy@cisco.com> wrote:

>>I think we need to give some advise to the browsers vendors on what they
should implement to find turn servers


I Googled a bit on PAC and WPAD and saw that a HTTP proxy config JS file can
be picked up through a URL based on the device name. Similar could work for
finding a TURN server on a LAN, but what about the case with a network
provider offered TURN server? The network provider hands out an IP address
and wants to announce a related TURN server address: – Is there a “PAC-way”
to announce it to a device on a LAN (behind a NAT/firewall)? The device must
find such configuration file based on its public IP address (that he can
find using STUN as in the suggestion below).


But generally, finding a TURN-server is a network-thing, ICE (or even TURN
not using ICE), not a Web-thing, so for that reason the DNS-Based Service
Discovery method is at a better level. Such method could also be used by SIP
clients (even a Skype client could implement it to benefit from a real-time
path with better quality, if the network provider offers such path through
his TURN server).


The DNS-Based Service Discovery method should be easy to implement in a
WebRTC browser (doing complex ICE things anyway). The question is rather how
easy it is for the network provider to provision. Do they all do reverse DNS
like with found with mobile operators TeliaSonera and Tele2 in Sweden? Then
it should not be too difficult.


Or is there yet another better method to announce a TURN server address with
the IP address offered?





Från: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] För Bernard
Skickat: den 29 september 2013 02:41
Till: Harald Alvestrand
Kopia: rtcweb@ietf.org
Ämne: Re: [rtcweb] TURN server address via DHCP, WGLC of


On Sep 26, 2013 8:46 PM, "Harald Alvestrand" <harald@alvestrand.no> wrote:
"So far, neither the POSIX standard nor any OS vendor has offered a generic
facility to access information made available in DHCP packets."


[BA] The Windows DHCP client API does provide this: 



In particular, the SendParams argument to the DhcpRequestParams function can
be used to request a particular parameter (e.g. TURN server address), which
will then be returned in the RecdParams variable.  


Nevertheless, I still think that using DHCP to configure the TURN server
address in a browser isn't a good idea.  For one thing, since DHCP is
effectively unsecured, this mechanism could be used by a rogue DHCP server
to force traffic to a rogue turnserver.   Great for surveillance!



On Sep 27, 2013 1:27 AM, "Karl Stahl" < <mailto:karl.stahl@intertex.se>
karl.stahl@intertex.se> wrote:

Here comes the suggestion I got from my developer that would allow a network
provider to offer his TURN server for the WebRTC browser to use. This would
require NO new DHCP-options or similar, and NO OS changes (I do realize
those should be avoided if possible...).

The idea is still, that whoever is responsible for giving a device an IP
address (the network provider or a LAN administrator) can also announce a
TURN server for the WebRTC browser to use.

The suggestion is to use RFC6763 (DNS-Based Service Discovery, see chapter
11) where the network provider (the owner of the IP address) has set up a
DNS PTR record for the TURN server in the in-addr.arpa domain.

If the device got IP, then make a query for the PTR record
Then the SRV record would return the actual address to the TURN server (and
you may find several for load balancing and failover I guess)

If the device is on a LAN, the IP to query would be the WAN
IP you get via STUN in the ICE process. But if the LAN administrator
provides a local TURN server, then he also should have blocked STUN in the
firewall, and the browser should query the device's local host address (as
in the ICE procedure) and the local LAN DNS server should answer the query
to give the local TURN server address on the LAN.

Shouldn't this work to allow network provider to offer his TURN server
"automatically and generally"?

And wouldn't this work nicely for mobile devices, whenever the device is on
a "WebRTC-ready access" (actually good for everything using ICE), whether
fixed, WiFi or 3G/4G OTT, you get also a TURN server (and the network
provider hopefully offers a prioritized pipe there as one usage of this

Not to slow down every call setup by doing this in the ICE process, I guess
this could be done when starting the browser and when the device gets a new
IP address, to have the TURN server address ready for later use.