IETF Logo Mail Archive

Re: [rtcweb] DSCP marking for STUN packets

"Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com> Wed, 12 March 2014 09:06 UTC

Return-Path: <mperumal@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41F781A0937 for <rtcweb@ietfa.amsl.com>; Wed, 12 Mar 2014 02:06:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.048
X-Spam-Level:
X-Spam-Status: No, score=-15.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q6oXKIWosTDw for <rtcweb@ietfa.amsl.com>; Wed, 12 Mar 2014 02:06:19 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id BBC551A091D for <rtcweb@ietf.org>; Wed, 12 Mar 2014 02:06:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5773; q=dns/txt; s=iport; t=1394615174; x=1395824774; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=4kIYc9OWMqlhfOMPa4Bti7d8BwZ6OfwAKO1xlsdK1/I=; b=bFeycbvR+lhGlIuQY3S+HJtkpuYB0ckeyCu1hNWcp+NAAQvfYKRdekFB CBsLvXmB7TzORFz0R1okQDbMRnUiIk1DWdqRhJocJO2aOjMO0JG4AiOwm if5oQGSGyL+OSeFQJt6i/Dt6otFKIi/jORlhegMU/QMd7FaG9DutFK72p 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhYFANsiIFOtJV2d/2dsb2JhbABagwY7V7ohhmFPgRkWdIIlAQEBBAEBAQliCwwCAgIBCBEEAQELHQcbDAsUCQgBAQQBDQUIh3EN0VYTBASOJzEHBoMegRQEiRmhWYMtgis
X-IronPort-AV: E=Sophos;i="4.97,636,1389744000"; d="scan'208";a="309728313"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-5.cisco.com with ESMTP; 12 Mar 2014 09:06:13 +0000
Received: from xhc-rcd-x12.cisco.com (xhc-rcd-x12.cisco.com [173.37.183.86]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id s2C96DSg018206 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 12 Mar 2014 09:06:13 GMT
Received: from xmb-rcd-x02.cisco.com ([169.254.4.166]) by xhc-rcd-x12.cisco.com ([173.37.183.86]) with mapi id 14.03.0123.003; Wed, 12 Mar 2014 04:06:13 -0500
From: "Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>, Justin Uberti <juberti@google.com>, Simon Perreault <simon.perreault@viagenie.ca>
Thread-Topic: [rtcweb] DSCP marking for STUN packets
Thread-Index: Ac85vcTs78cs2C8tSs2+vLGf/NxF+AEC/C2eAACAeTA=
Date: Wed, 12 Mar 2014 09:06:12 +0000
Message-ID: <E721D8C6A2E1544DB2DEBC313AF54DE22E31358D@xmb-rcd-x02.cisco.com>
References: <E721D8C6A2E1544DB2DEBC313AF54DE22E30E33C@xmb-rcd-x02.cisco.com> <CAOJ7v-2jnBAPEhkxjgRtNyntWPL6KBB-PQSLkUPUu91QHoPr3g@mail.gmail.com> <201403102057.s2AKv90t026761@rcdn-core-5.cisco.com> <531F176C.2070305@viagenie.ca> <CAOJ7v-1ZaDjOMFAXiW6yzCcQCrUE5sbY1kaNUT7L4kmwVs8NyQ@mail.gmail.com> <532014C8.2050908@ericsson.com>
In-Reply-To: <532014C8.2050908@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [72.163.189.166]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/58TGyoWyyoNhT46HdW7VrMQeaUo
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] DSCP marking for STUN packets
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Mar 2014 09:06:24 -0000

I think we are discussing two different problems:
1. Determining what DSCP actually works over the Internet, by using ICE.
2. For one or more DSCPs an endpoint uses for a traffic flow, what DSCP ICE needs to use.

In the case of #2, the endpoint uses those DSCPs because the network is provisioned that way by the network admin or the service provider. This could possibly be achieved through a combination of some browser configuration and JS input. For this case, using the highest DSCP value among those that are used for a given media or data-channel flow for ICE connectivity/consent checks makes sense to me.

On this other hand, #1 looks a bigger problem. In the absence of any information, starting with BE or not setting anything in the packet looks a good option to me.

Muthu

|-----Original Message-----
|From: rtcweb [mailto:rtcweb-bounces@ietf.org] On Behalf Of Magnus Westerlund
|Sent: Wednesday, March 12, 2014 1:33 PM
|To: Justin Uberti; Simon Perreault
|Cc: rtcweb@ietf.org
|Subject: Re: [rtcweb] DSCP marking for STUN packets
|
|On 2014-03-12 04:53, Justin Uberti wrote:
|>
|>
|>
|> On Tue, Mar 11, 2014 at 7:02 AM, Simon Perreault
|> <simon.perreault@viagenie.ca <mailto:simon.perreault@viagenie.ca>> wrote:
|>
|>     Le 2014-03-10 16:57, James Polk a écrit :
|>     > At 12:16 AM 3/10/2014, Justin Uberti wrote:
|>     >> I think that the existing guidance should be sufficient in
|>     >> non-multiplexing cases (i.e. BUNDLE). For consent checks, I think the
|>     >> same DSCP markings as any other ICE connectivity checks should be
|>     >> used; for ICE-for-SCTP checks, the same DSCP markings as media
|>     packets
|>     >> (i.e. the SCTP traffic) should be used.
|>     >>
|>     >> If multiplexing is being performed, the connectivity checks probably
|>     >> should use the highest DSCP value being used by the multiplexed
|>     media.
|>     >
|>     > why is (seemingly) everyone's default position "use the highest DSCP
|>     > available" for signaling packets?
|>     >
|>     > You just need to make sure the packets aren't starved or dropped by/at
|>     > congestion points.
|>
|>     The underlying principle is that connectivity checks need to *check
|>     connectivity* (duh!). That's why you use the same DSCP as the media.
|>     Connectivity is affected by the DSCP. For example some DSCPs could be
|>     filtered, or could be placed in a low-priority queue and get dropped
|>     such that connectivity fails.
|>
|>     >From this principle follows this conclusion: on a given 5-tuple, if
|>     your
|>     media uses different DSCPs, you need to check connectivity for all those
|>     DSCPs. That is, you would send multiple connectivity checks, one for
|>     each DSCPs in the set used on this 5-tuple. Yeah, it sucks, so we might
|>     need an alternative heuristic: try the lowest-priority DSCP, and assume
|>     that if that one works, the higher-priority ones should work as well.
|>     (Note that Justin suggested the contrary.)
|>
|>     What you want to avoid is STUN packets getting through but not the
|>     corresponding media. That is an unworkable situation. The reverse is not
|>     ideal either (you think you have no connectivity when in fact you do),
|>     but at least ICE can work around it (by picking a different candidate).
|>
|>
|> We also need to consider the scenario of STUN consent checks, which will
|> need to get through reliably even when media marked with DSCP is already
|> flowing. In this case I think that using the highest DSCP value for STUN
|> is unavoidable.
|>
|
|(as individual)
|
|Sorry, I don't understand your reasoning here. Is it to provide the
|lowest possible drop probability, i.e. using the AFx class that has
|least drop probability?
|
|If there exist nodes that stomp on some DSCP markings, and not only
|remark them to Best Effort (BE), and instead drop then. Then, it is not
|obvious that that an AFx class is the most appropriate to use. In that
|case using BE might be more suitable for the consent freshness.
|
|I would also point out that highest DSCP value isn't clear. We are
|talking about forwarding behavior and I don't see how Expedited
|Forwarding (EF) can be compared with AF for example.
|
|I think we have to consider what our goals are here. To determine if we
|can get any packets through or determine if a particular 6-tuple (Source
|Address, Destination Address, Source Port, Destination Port, Protocol,
|and DSCP value) works? If it is the later then I think we need to have
|checks running on all the 6-tuples in use. This clearly have overhead
|concerns and helps worsening the ICE The Voice Hammer Attack (See
|section 18.5.1. of RFC 5245).
|
|If the goal is the first, isn't using BE a reasonable choice. Yes, it
|might have higher drop probability than AF, but it is likely to be
|robuster in general deployments and it determine if the peer is there or
|not. Dealing with broken 6-tuples needs to be a separate issue.
|
|Cheers
|
|Magnus Westerlund
|
|----------------------------------------------------------------------
|Services, Media and Network features, Ericsson Research EAB/TXM
|----------------------------------------------------------------------
|Ericsson AB                 | Phone  +46 10 7148287
|Färögatan 6                 | Mobile +46 73 0949079
|SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
|----------------------------------------------------------------------
|
|_______________________________________________
|rtcweb mailing list
|rtcweb@ietf.org
|https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email