IETF Logo Mail Archive

Re: [rtcweb] [mmusic] TURN server address via DHCP, WGLC of draft-ietf-rtcweb-use-cases-and-requirements-11

Justin Uberti <juberti@google.com> Tue, 08 October 2013 06:17 UTC

Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C1E821E8145 for <rtcweb@ietfa.amsl.com>; Mon, 7 Oct 2013 23:17:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LdkoMx7FCDt8 for <rtcweb@ietfa.amsl.com>; Mon, 7 Oct 2013 23:17:26 -0700 (PDT)
Received: from mail-ve0-x22c.google.com (mail-ve0-x22c.google.com [IPv6:2607:f8b0:400c:c01::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 2F99921E813F for <rtcweb@ietf.org>; Mon, 7 Oct 2013 23:17:26 -0700 (PDT)
Received: by mail-ve0-f172.google.com with SMTP id oz11so4318359veb.3 for <rtcweb@ietf.org>; Mon, 07 Oct 2013 23:17:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=we+vOkLAXpxUEQw6tKyfonM3AerdiretkXBcU5c70ZI=; b=Dz7peiQQsLZr0BX6hD1PMm9tyQcTZsq5l7N22J7KmafaTAyphYyALJfUKJy4+B1ls8 9lPmsLRa6sPwmjJny8rWU8083yTAnBED6GZ6bB1fJQJWNw8KlJi3lzd7Bkmov+5PKU2V yXcGB6467iEHGzLAuNjQEVh6IYWJO8tT9erlJv/VLJq39ouKwvsGUTFj7SRe/TWx4fcM ealaZTqPJeDLupROs9T84bzT1ek96RDdDJWMaDZT9auSWz86iaOs9BXUNSzwozzLGvgk +TWwjN107GXBRfHOshSWhPsuH0ijF254J+sK1mSlYJ2KWnr9f95M6qpmQr7IxLazRblx jzNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=we+vOkLAXpxUEQw6tKyfonM3AerdiretkXBcU5c70ZI=; b=hLxZ6FTXU+XEjbP+U2Pyp9QbudJt5BTZD1qMD7+Fl4UYA9JkvmwwYEKUUJXqGDmhYc P0pf4UQAL2grqNuB1HMRG9Q9kZrqpRYR02HDQyg8HXGTuzQdbvToO5EqAEy9Yp6szOwO SARIw0W/K9OskGf9TjY2dxC8JnzR13wik8gwY4eYoKVbkftzF2RWy3HrrgMLyGlMo6+j paT/dbbc1X8KMCmm2+lpkuiKqIqd+1krzaq3JyHLR/Quue/mpIcp2JWoVmJSVXEzw1Xn fvcd8aWkZiBTftg071JQFBCfZaHU2A5r5D3k6vEyYMHBtxs6m4CneEJgU4IN+pvLukfT tN5g==
X-Gm-Message-State: ALoCoQky7mmZyCVhO/nOq+s8UfYEx7yZIJMGLZEPgiveWD+p8uv73YESkGqH9RSxjMs/rWEjJLvBI7Vgt/IbeWEDEA5FYwtegI0oOMqR/kGK7sxUJHPLU10L/GDSJXVJ4B7ZEMkPhfiZ9+TFuVn09o4MuT862xYTYEpeiWEU9BotNZeugsnKdvpYL5hHz9MODeJ7U5/zh3ZL
X-Received: by 10.58.245.169 with SMTP id xp9mr7709vec.60.1381213045449; Mon, 07 Oct 2013 23:17:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.110.101 with HTTP; Mon, 7 Oct 2013 23:17:04 -0700 (PDT)
In-Reply-To: <5252b565.2913980a.7a03.ffff8dd3SMTPIN_ADDED_BROKEN@mx.google.com>
References: <C5E08FE080ACFD4DAE31E4BDBF944EB11667BBA0@xmb-aln-x02.cisco.com> <523c6d3d.c9d1440a.3b96.7499SMTPIN_ADDED_BROKEN@mx.google.com> <CAD6AjGRXr5kPRQdN+4jkgXHciN3NE7HiRmsb7kaYuzwHEPa7ZA@mail.gmail.com> <C5E08FE080ACFD4DAE31E4BDBF944EB1166CC702@xmb-aln-x02.cisco.com> <5244104D.4010401@alvestrand.no> <CABkgnnWyYCdpSxXyiYb+4BzMpME85671x5JzxJX08RiyQd+SFQ@mail.gmail.com> <BLU169-W98EC710F291837B36C14F0932B0@phx.gbl> <524a139b.e37e700a.694f.ffffae7bSMTPIN_ADDED_BROKEN@mx.google.com> <CAOJ7v-0nTR4U8muY_XCDnSWH_Ff1Ad0E+j6CUeus9zsbZFuZfQ@mail.gmail.com> <5252b565.2913980a.7a03.ffff8dd3SMTPIN_ADDED_BROKEN@mx.google.com>
From: Justin Uberti <juberti@google.com>
Date: Mon, 07 Oct 2013 23:17:04 -0700
Message-ID: <CAOJ7v-0mWXEJJUN8d-8-RARmadyx8fxvHF3qEvHFdeaoNmkFkA@mail.gmail.com>
To: Karl Stahl <karl.stahl@intertex.se>
Content-Type: multipart/alternative; boundary="047d7b873d66ef115b04e834b812"
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>, draft-ietf-rtcweb-use-cases-and-requirements@tools.ietf.org, "Cullen Jennings (fluffy)" <fluffy@cisco.com>
Subject: Re: [rtcweb] [mmusic] TURN server address via DHCP, WGLC of draft-ietf-rtcweb-use-cases-and-requirements-11
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2013 06:17:28 -0000

On Mon, Oct 7, 2013 at 6:21 AM, Karl Stahl <karl.stahl@intertex.se> wrote:

> So the WPAD-way of getting a network provider’s TURN server address for
> the real (white, global) IP address he has handed out to a user, the
> browser would:****
>
> - Use STUN to find the global IP address (done anyway in ICE)
>

How does this get bootstrapped? That is, how is the STUN server found?


> ****
>
> - Do a reverse DNS lookup (instead of the DNS-Based Service Discovery that
> is not yet deployed)****
>
> - Make a URL based on the hostname from the reverse DNS lookup, e.g. from
> 179.sub-174-252-35.myvzw.com, make h ttp://turnad.myvzw.com
>

I was hoping we could do something simpler, such as using the ISP's
configured domain search list, to determine the domain.


> ****
>
> - And there find a list (in JS) of TURN server addresses for the network
> provider’s IP addresses****
>
>  Or would an alternative be to add your own IP address to the URL and get
> only your specific TURN server address?****
>
> ** **
>
> Doing it at this Web level, I think we also should consider clients using
> ICE/TURN, but not having the luxury of a JS engine: Would e.g. a SIP client
> be able to parse a “JS table” to find his TURN server address easily? Also,
> are there long time-outs to be considered when there is no h ttp://
> turned.myvzw.com to be found?
>
****
>
> ** **
>
> This method may be easier for a network provider to deploy (I don’t know,
> but for local use on a LAN I guess it is). On the other hand, the DNS-Based
> Service Discovery method is quick and easy for a WebRTC browser, so that
> may be tried as well.****
>
> ** **
>
> Independent of how we find the network provided TURN server, one advantage
> with it is the authentication: The network provider simply sets up the TURN
> for usage from the IP addresses he has handed out.****
>
> ** **
>
> /Karl****
>
> ** **
>
> *Från:* Justin Uberti [mailto:juberti@google.com]
> *Skickat:* den 3 oktober 2013 20:59
> *Till:* Karl Stahl
> *Kopia:* Bernard Aboba; Harald Alvestrand; Cullen Jennings (fluffy);
> draft-ietf-rtcweb-use-cases-and-requirements@tools.ietf.org;
> rtcweb@ietf.org
> *Ämne:* Re: [rtcweb] [mmusic] TURN server address via DHCP, WGLC of
> draft-ietf-rtcweb-use-cases-and-requirements-11****
>
> ** **
>
> WPAD already supports DNS-based discovery (in addition to DHCP). If you
> have host-95-199-196-65.mobileonline.telia.com as your endpoint hostname,
> it will try to get a PAC file from wpad.mobileonline.telia.com.****
>
> ** **
>
> Since for all practical purposes, TURN is a "UDP proxy", I think it should
> be handled similar to other proxy autoconfig mechanisms.****
>
> ** **
>
> On Mon, Sep 30, 2013 at 5:13 PM, Karl Stahl <karl.stahl@intertex.se>
> wrote:****
>
> I happily withdraw my suggestion to use DHCP to find a network provider
> offered TURN server in favor of the DNS-Based Service Discovery method
> (inserted last below). The major problem with the DHCP usage was that you
> then also have to do something similar for: RA - Router Advertisement - in
> IPv6, addition to the IPCP protocol for PPPoE and something for the mobile
> OTT channel – wherever DHCP is NOT the method to give you an IP address.**
> **
>
>  ****
>
> Further:****
>
> > On Thu, Sep 27, 2013 Justin Uberti wrote:****
>
> > Agree. I still think that extending PAC files to include TURN
> information is the right way to go.****
>
> > PAC files can already be discovered via DHCP or DNS, there is no need to
> reinvent this wheel.****
>
>  ****
>
> >>On Thu, Sep 26, 2013 at 4:55 PM, Cullen Jennings (fluffy) <
> fluffy@cisco.com> wrote:****
>
> >>I think we need to give some advise to the browsers vendors on what they
> should implement to find turn servers****
>
>  ****
>
> I Googled a bit on PAC and WPAD and saw that a HTTP proxy config JS file
> can be picked up through a URL based on the device name. Similar could work
> for finding a TURN server on a LAN, but what about the case with a network
> provider offered TURN server? The network provider hands out an IP address
> and wants to announce a related TURN server address: – Is there a “PAC-way”
> to announce it to a device on a LAN (behind a NAT/firewall)? The device
> must find such configuration file based on its public IP address (that he
> can find using STUN as in the suggestion below).****
>
>  ****
>
> But generally, finding a TURN-server is a network-thing, ICE (or even TURN
> not using ICE), not a Web-thing, so for that reason the DNS-Based Service
> Discovery method is at a better level. Such method could also be used by
> SIP clients (even a Skype client could implement it to benefit from a
> real-time path with better quality, if the network provider offers such
> path through his TURN server).****
>
>  ****
>
> The DNS-Based Service Discovery method should be easy to implement in a
> WebRTC browser (doing complex ICE things anyway). The question is rather
> how easy it is for the network provider to provision. Do they all do
> reverse DNS like with found with mobile operators TeliaSonera and Tele2 in
> Sweden? Then it should not be too difficult.****
>
>  ****
>
> Or is there yet another better method to announce a TURN server address
> with the IP address offered?****
>
>  ****
>
> /Karl****
>
>  ****
>
>  ****
>
> *Från:* rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] *För *Bernard
> Aboba
> *Skickat:* den 29 september 2013 02:41
> *Till:* Harald Alvestrand
> *Kopia:* rtcweb@ietf.org****
>
>
> *Ämne:* Re: [rtcweb] TURN server address via DHCP, WGLC of
> draft-ietf-rtcweb-use-cases-and-requirements-11****
>
>  ****
>
> On Sep 26, 2013 8:46 PM, "Harald Alvestrand" <harald@alvestrand.no> wrote:
> ****
>
>
> "So far, neither the POSIX standard nor any OS vendor has offered a
> generic facility to access information made available in DHCP packets."***
> *
>
>  ****
>
> [BA] The Windows DHCP client API does provide this: ****
>
>
> http://msdn.microsoft.com/en-us/library/windows/desktop/aa363351(v=vs.85).aspx
> ****
>
>  ****
>
> In particular, the SendParams argument to the DhcpRequestParams
> function can be used to request a particular parameter (e.g. TURN server
> address), which will then be returned in the RecdParams variable.  ****
>
>  ****
>
> Nevertheless, I still think that using DHCP to configure the TURN server
> address in a browser isn't a good idea.  For one thing, since DHCP is
> effectively unsecured, this mechanism could be used by a rogue DHCP server
> to force traffic to a rogue turnserver.   Great for surveillance!****
>
>  ****
>
>  ****
>
> On Sep 27, 2013 1:27 AM, "Karl Stahl" <karl.stahl@intertex.se> wrote:****
>
> Here comes the suggestion I got from my developer that would allow a
> network
> provider to offer his TURN server for the WebRTC browser to use. This would
> require NO new DHCP-options or similar, and NO OS changes (I do realize
> those should be avoided if possible...).
>
> The idea is still, that whoever is responsible for giving a device an IP
> address (the network provider or a LAN administrator) can also announce a
> TURN server for the WebRTC browser to use.
>
> The suggestion is to use RFC6763 (DNS-Based Service Discovery, see chapter
> 11) where the network provider (the owner of the IP address) has set up a
> DNS PTR record for the TURN server in the in-addr.arpa domain.
>
> If the device got IP 173.164.252.149, then make a query for the PTR record
> for:
> _turn._udp.149.252.164.173.in-addr.arpa.
> Then the SRV record would return the actual address to the TURN server (and
> you may find several for load balancing and failover I guess)
>
> If the device is on a LAN, the IP 173.164.252.149 to query would be the WAN
> IP you get via STUN in the ICE process. But if the LAN administrator
> provides a local TURN server, then he also should have blocked STUN in the
> firewall, and the browser should query the device's local host address (as
> in the ICE procedure) and the local LAN DNS server should answer the query
> to give the local TURN server address on the LAN.
>
> Shouldn't this work to allow network provider to offer his TURN server
> "automatically and generally"?
>
> And wouldn't this work nicely for mobile devices, whenever the device is on
> a "WebRTC-ready access" (actually good for everything using ICE), whether
> fixed, WiFi or 3G/4G OTT, you get also a TURN server (and the network
> provider hopefully offers a prioritized pipe there as one usage of this
> mechanism).****
>
> Not to slow down every call setup by doing this in the ICE process, I guess
> this could be done when starting the browser and when the device gets a new
> IP address, to have the TURN server address ready for later use.****
>
> /Karl****
>
> ** **
>

v2.23.0 | Report a Bug | By Email