Re: [rtcweb] DSCP marking for STUN packets
"Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com> Wed, 12 March 2014 09:06 UTC
Return-Path: <mperumal@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41F781A0937 for <rtcweb@ietfa.amsl.com>; Wed, 12 Mar 2014 02:06:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.048
X-Spam-Level:
X-Spam-Status: No, score=-15.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q6oXKIWosTDw for <rtcweb@ietfa.amsl.com>; Wed, 12 Mar 2014 02:06:19 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id BBC551A091D for <rtcweb@ietf.org>; Wed, 12 Mar 2014 02:06:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5773; q=dns/txt; s=iport; t=1394615174; x=1395824774; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=4kIYc9OWMqlhfOMPa4Bti7d8BwZ6OfwAKO1xlsdK1/I=; b=bFeycbvR+lhGlIuQY3S+HJtkpuYB0ckeyCu1hNWcp+NAAQvfYKRdekFB CBsLvXmB7TzORFz0R1okQDbMRnUiIk1DWdqRhJocJO2aOjMO0JG4AiOwm if5oQGSGyL+OSeFQJt6i/Dt6otFKIi/jORlhegMU/QMd7FaG9DutFK72p 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhYFANsiIFOtJV2d/2dsb2JhbABagwY7V7ohhmFPgRkWdIIlAQEBBAEBAQliCwwCAgIBCBEEAQELHQcbDAsUCQgBAQQBDQUIh3EN0VYTBASOJzEHBoMegRQEiRmhWYMtgis
X-IronPort-AV: E=Sophos;i="4.97,636,1389744000"; d="scan'208";a="309728313"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-5.cisco.com with ESMTP; 12 Mar 2014 09:06:13 +0000
Received: from xhc-rcd-x12.cisco.com (xhc-rcd-x12.cisco.com [173.37.183.86]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id s2C96DSg018206 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 12 Mar 2014 09:06:13 GMT
Received: from xmb-rcd-x02.cisco.com ([169.254.4.166]) by xhc-rcd-x12.cisco.com ([173.37.183.86]) with mapi id 14.03.0123.003; Wed, 12 Mar 2014 04:06:13 -0500
From: "Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>, Justin Uberti <juberti@google.com>, Simon Perreault <simon.perreault@viagenie.ca>
Thread-Topic: [rtcweb] DSCP marking for STUN packets
Thread-Index: Ac85vcTs78cs2C8tSs2+vLGf/NxF+AEC/C2eAACAeTA=
Date: Wed, 12 Mar 2014 09:06:12 +0000
Message-ID: <E721D8C6A2E1544DB2DEBC313AF54DE22E31358D@xmb-rcd-x02.cisco.com>
References: <E721D8C6A2E1544DB2DEBC313AF54DE22E30E33C@xmb-rcd-x02.cisco.com> <CAOJ7v-2jnBAPEhkxjgRtNyntWPL6KBB-PQSLkUPUu91QHoPr3g@mail.gmail.com> <201403102057.s2AKv90t026761@rcdn-core-5.cisco.com> <531F176C.2070305@viagenie.ca> <CAOJ7v-1ZaDjOMFAXiW6yzCcQCrUE5sbY1kaNUT7L4kmwVs8NyQ@mail.gmail.com> <532014C8.2050908@ericsson.com>
In-Reply-To: <532014C8.2050908@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [72.163.189.166]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/58TGyoWyyoNhT46HdW7VrMQeaUo
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] DSCP marking for STUN packets
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Mar 2014 09:06:24 -0000
I think we are discussing two different problems: 1. Determining what DSCP actually works over the Internet, by using ICE. 2. For one or more DSCPs an endpoint uses for a traffic flow, what DSCP ICE needs to use. In the case of #2, the endpoint uses those DSCPs because the network is provisioned that way by the network admin or the service provider. This could possibly be achieved through a combination of some browser configuration and JS input. For this case, using the highest DSCP value among those that are used for a given media or data-channel flow for ICE connectivity/consent checks makes sense to me. On this other hand, #1 looks a bigger problem. In the absence of any information, starting with BE or not setting anything in the packet looks a good option to me. Muthu |-----Original Message----- |From: rtcweb [mailto:rtcweb-bounces@ietf.org] On Behalf Of Magnus Westerlund |Sent: Wednesday, March 12, 2014 1:33 PM |To: Justin Uberti; Simon Perreault |Cc: rtcweb@ietf.org |Subject: Re: [rtcweb] DSCP marking for STUN packets | |On 2014-03-12 04:53, Justin Uberti wrote: |> |> |> |> On Tue, Mar 11, 2014 at 7:02 AM, Simon Perreault |> <simon.perreault@viagenie.ca <mailto:simon.perreault@viagenie.ca>> wrote: |> |> Le 2014-03-10 16:57, James Polk a écrit : |> > At 12:16 AM 3/10/2014, Justin Uberti wrote: |> >> I think that the existing guidance should be sufficient in |> >> non-multiplexing cases (i.e. BUNDLE). For consent checks, I think the |> >> same DSCP markings as any other ICE connectivity checks should be |> >> used; for ICE-for-SCTP checks, the same DSCP markings as media |> packets |> >> (i.e. the SCTP traffic) should be used. |> >> |> >> If multiplexing is being performed, the connectivity checks probably |> >> should use the highest DSCP value being used by the multiplexed |> media. |> > |> > why is (seemingly) everyone's default position "use the highest DSCP |> > available" for signaling packets? |> > |> > You just need to make sure the packets aren't starved or dropped by/at |> > congestion points. |> |> The underlying principle is that connectivity checks need to *check |> connectivity* (duh!). That's why you use the same DSCP as the media. |> Connectivity is affected by the DSCP. For example some DSCPs could be |> filtered, or could be placed in a low-priority queue and get dropped |> such that connectivity fails. |> |> >From this principle follows this conclusion: on a given 5-tuple, if |> your |> media uses different DSCPs, you need to check connectivity for all those |> DSCPs. That is, you would send multiple connectivity checks, one for |> each DSCPs in the set used on this 5-tuple. Yeah, it sucks, so we might |> need an alternative heuristic: try the lowest-priority DSCP, and assume |> that if that one works, the higher-priority ones should work as well. |> (Note that Justin suggested the contrary.) |> |> What you want to avoid is STUN packets getting through but not the |> corresponding media. That is an unworkable situation. The reverse is not |> ideal either (you think you have no connectivity when in fact you do), |> but at least ICE can work around it (by picking a different candidate). |> |> |> We also need to consider the scenario of STUN consent checks, which will |> need to get through reliably even when media marked with DSCP is already |> flowing. In this case I think that using the highest DSCP value for STUN |> is unavoidable. |> | |(as individual) | |Sorry, I don't understand your reasoning here. Is it to provide the |lowest possible drop probability, i.e. using the AFx class that has |least drop probability? | |If there exist nodes that stomp on some DSCP markings, and not only |remark them to Best Effort (BE), and instead drop then. Then, it is not |obvious that that an AFx class is the most appropriate to use. In that |case using BE might be more suitable for the consent freshness. | |I would also point out that highest DSCP value isn't clear. We are |talking about forwarding behavior and I don't see how Expedited |Forwarding (EF) can be compared with AF for example. | |I think we have to consider what our goals are here. To determine if we |can get any packets through or determine if a particular 6-tuple (Source |Address, Destination Address, Source Port, Destination Port, Protocol, |and DSCP value) works? If it is the later then I think we need to have |checks running on all the 6-tuples in use. This clearly have overhead |concerns and helps worsening the ICE The Voice Hammer Attack (See |section 18.5.1. of RFC 5245). | |If the goal is the first, isn't using BE a reasonable choice. Yes, it |might have higher drop probability than AF, but it is likely to be |robuster in general deployments and it determine if the peer is there or |not. Dealing with broken 6-tuples needs to be a separate issue. | |Cheers | |Magnus Westerlund | |---------------------------------------------------------------------- |Services, Media and Network features, Ericsson Research EAB/TXM |---------------------------------------------------------------------- |Ericsson AB | Phone +46 10 7148287 |Färögatan 6 | Mobile +46 73 0949079 |SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com |---------------------------------------------------------------------- | |_______________________________________________ |rtcweb mailing list |rtcweb@ietf.org |https://www.ietf.org/mailman/listinfo/rtcweb
- [rtcweb] DSCP marking for STUN packets Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] DSCP marking for STUN packets Justin Uberti
- Re: [rtcweb] DSCP marking for STUN packets Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] DSCP marking for STUN packets Dave Taht
- Re: [rtcweb] DSCP marking for STUN packets Magnus Westerlund
- Re: [rtcweb] DSCP marking for STUN packets James Polk
- Re: [rtcweb] DSCP marking for STUN packets Simon Perreault
- Re: [rtcweb] DSCP marking for STUN packets Harald Alvestrand
- Re: [rtcweb] DSCP marking for STUN packets Dave Taht
- Re: [rtcweb] DSCP marking for STUN packets Justin Uberti
- Re: [rtcweb] DSCP marking for STUN packets Justin Uberti
- Re: [rtcweb] DSCP marking for STUN packets Magnus Westerlund
- Re: [rtcweb] DSCP marking for STUN packets Dave Taht
- Re: [rtcweb] DSCP marking for STUN packets Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] DSCP marking for STUN packets Justin Uberti
- Re: [rtcweb] DSCP marking for STUN packets Magnus Westerlund
- Re: [rtcweb] DSCP marking for STUN packets Justin Uberti
- Re: [rtcweb] DSCP marking for STUN packets Harald Alvestrand
- Re: [rtcweb] DSCP marking for STUN packets Dave Taht