[rtcweb] some thoguhts on draft draft-hutton-rtcweb-nat-firewall-considerations-00
"Chenxin (Xin)" <hangzhou.chenxin@huawei.com> Tue, 19 March 2013 07:36 UTC
Return-Path: <hangzhou.chenxin@huawei.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFABA21F89C3 for <rtcweb@ietfa.amsl.com>; Tue, 19 Mar 2013 00:36:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.442
X-Spam-Level:
X-Spam-Status: No, score=-6.442 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D32S8BTj2neM for <rtcweb@ietfa.amsl.com>; Tue, 19 Mar 2013 00:36:30 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) by ietfa.amsl.com (Postfix) with ESMTP id 10E4521F89A6 for <rtcweb@ietf.org>; Tue, 19 Mar 2013 00:36:28 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml203-edg.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.5-GA FastPath queued) with ESMTP id AQU88902; Tue, 19 Mar 2013 07:36:25 +0000 (GMT)
Received: from LHREML403-HUB.china.huawei.com (10.201.5.217) by lhreml203-edg.huawei.com (172.18.7.221) with Microsoft SMTP Server (TLS) id 14.1.323.7; Tue, 19 Mar 2013 07:35:30 +0000
Received: from SZXEML457-HUB.china.huawei.com (10.82.67.200) by lhreml403-hub.china.huawei.com (10.201.5.217) with Microsoft SMTP Server (TLS) id 14.1.323.7; Tue, 19 Mar 2013 07:36:23 +0000
Received: from SZXEML538-MBX.china.huawei.com ([169.254.4.92]) by szxeml457-hub.china.huawei.com ([10.82.67.200]) with mapi id 14.01.0323.007; Tue, 19 Mar 2013 15:36:17 +0800
From: "Chenxin (Xin)" <hangzhou.chenxin@huawei.com>
To: "rtcweb@ietf.org" <rtcweb@ietf.org>, "andrew.hutton@siemens-enterprise.com" <andrew.hutton@siemens-enterprise.com>
Thread-Topic: some thoguhts on draft draft-hutton-rtcweb-nat-firewall-considerations-00
Thread-Index: Ac4kdG4t/VbBlcdVS2qFsvPBgtNscw==
Date: Tue, 19 Mar 2013 07:36:17 +0000
Message-ID: <9E34D50A21D1D1489134B4D770CE0397390EDEE2@szxeml538-mbx.china.huawei.com>
Accept-Language: en-US, zh-CN
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.166.41.102]
Content-Type: multipart/alternative; boundary="_000_9E34D50A21D1D1489134B4D770CE0397390EDEE2szxeml538mbxchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Subject: [rtcweb] some thoguhts on draft draft-hutton-rtcweb-nat-firewall-considerations-00
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2013 07:36:30 -0000
Hi Andrew,
I have read the draft-hutton-rtcweb-nat-firewall-considerations-00, and have some more considerations about nat-fw-traversal: Is it possible to consider to allow the webrtc client connect to the turn server using websocket connection. The websocket is upgraded from http and supports subprotocol field and multiplexing extension, which will be convenient to deal with the multiplexing usecase.
2.3 Firewall open only for TCP-based HTTP(s) traffic
If upgrade the http to websocket and send the Turn data directly on the websocket connection, it works too.
The Turn server should be configured to accept the websocket connection and listen to the HTTP(S) ports as well.
The webrtc client need to be configured to contact the TURN server over the HTTP(s) ports.
3.3.1 TURN server connection via TCP
Websocket works fine in the scenario of explicit proxy traversal using Http Connect method. If there are intermediate transparent proxy server, ecncrypted websocket connection will be successful.
In this scenario, The Turn server should be configured to accept the websocket connection and listen to the HTTP(S) ports as well.
In addition, the proxy server may need to be upgraded to support Websocket if the uncrypted websocket need be supported.
Best Regards,
Xin
- [rtcweb] some thoguhts on draft draft-hutton-rtcw… Chenxin (Xin)
- Re: [rtcweb] some thoguhts on draft draft-hutton-… Stach, Thomas