Re: [rtcweb] Is rtcweb the right place for draft-ietf-rtcweb-mdns-ice-candidates?

Roman Shpount <roman@telurix.com> Thu, 04 July 2019 18:47 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32732120167 for <rtcweb@ietfa.amsl.com>; Thu, 4 Jul 2019 11:47:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gh6iXJFPWr8a for <rtcweb@ietfa.amsl.com>; Thu, 4 Jul 2019 11:47:10 -0700 (PDT)
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4DE5120141 for <rtcweb@ietf.org>; Thu, 4 Jul 2019 11:47:10 -0700 (PDT)
Received: by mail-pl1-x62d.google.com with SMTP id b7so3448705pls.6 for <rtcweb@ietf.org>; Thu, 04 Jul 2019 11:47:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IMEiTCU6RPYS/MJZvjUQw/512UONGY5mRxFsRS/M47o=; b=vIeWQK6QTEOJX+77vcDbPTf/ugYwguSmX+c4F9fAL6d0Nle/KeMJXFeKWxrzV6cm5y sbGydZkPRj8j7HwdXIOEhCzk180gUo+gsykixNxhy7h7Bwg147a4GRdX+SQa9mk3Kxw8 9DMNcZyn4hpMmrh4USrRPVoxosQyCeYlslNo6kJ2uaUG18hpIS1rzeFgp7DDNN/kleNi xuubol/qmPigPPDiBPN4Ilk/3YwIYa6cSP6Q+st+kbFB08eijd31PgI8IjpV/nunccQt olMJH0cXhksYE6+cCT58K8RStovrQR8zWoEGlBHhduAPxBlACv4Zvnt74D7bmtE/T2gb ZGFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IMEiTCU6RPYS/MJZvjUQw/512UONGY5mRxFsRS/M47o=; b=bHt2vz8TF10aXw9lF2BqjpTr0/t9/c23mdOoCBKrjoT4Qne3eQqEbtUgD9Te8vQgF+ In/fxRAauWa6+AyxEGbUNUp+ALexWtjdO63A4IsPjVSOfeAWzeoX0+3cvKAD6XCDlw8i 6OIr1Gs+1pnupyfDP/bm5/EU6ndFTAGSPLJ6BIeJP5aUdexh5duVrrQevXFJ6Rv2WeqZ CF3+XONz8KZ1mU6kgxxwINucC3CpmuHkVy7DzqlVDH8W1l884zEpEfIgPvX0WOEI/PGa AWfdgFKVc/GgCBOqXRGoQtBmcD7CjuYF7GRl9vEGtw+fuO8gl9ebIqn3h1u57UCAOZHT rFiA==
X-Gm-Message-State: APjAAAVIL0GNUBnpDAl5ANBwuKQD+/CX0cWTktgDzOpZyERBNpdhHT6A 6RR9NpDVjsnm6bxXcRODPCoO6ASCrd8=
X-Google-Smtp-Source: APXvYqyNnxbfBksbhmMriT9ZOTilc4ACl3AlF1piiGhxWEizfDn0Si38VY3FrPXMFic550jrJzf/EA==
X-Received: by 2002:a17:902:da4:: with SMTP id 33mr46624678plv.209.1562266029480; Thu, 04 Jul 2019 11:47:09 -0700 (PDT)
Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com. [209.85.214.171]) by smtp.gmail.com with ESMTPSA id v184sm6900691pfb.82.2019.07.04.11.47.08 for <rtcweb@ietf.org> (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Thu, 04 Jul 2019 11:47:08 -0700 (PDT)
Received: by mail-pl1-f171.google.com with SMTP id w24so3441913plp.2 for <rtcweb@ietf.org>; Thu, 04 Jul 2019 11:47:08 -0700 (PDT)
X-Received: by 2002:a17:902:20c8:: with SMTP id v8mr51005856plg.284.1562266028068; Thu, 04 Jul 2019 11:47:08 -0700 (PDT)
MIME-Version: 1.0
References: <b03853a4-1006-4da0-d52f-9e7462a2cd0c@alvestrand.no> <D80CECAF-B520-40A2-BFBB-E39B73BA943D@sn3rd.com> <CAD5OKxsd-SE8VpwFgto3DLbabs+9O+cHMucy1+Cep7tCJQR6+w@mail.gmail.com> <CAOJ7v-2XrND6YWqo2tEiDbs7TZpEoiP+MGBAk2aF7hfoMiGk0Q@mail.gmail.com> <CAD5OKxtSzOfnN8WrV-duwwfmwa+VJX_3HACiXU43Xeym25GQaQ@mail.gmail.com> <CAOJ7v-1pKuvNfuPVqJQKj1d0U8Z7JH9aqNU0DkNDMYvec7jyUQ@mail.gmail.com> <40E6F158-7AA1-42AD-9D18-1B4C335ECD64@mozilla.com> <CAOJ7v-2CWAX0W02qdRes3G-_5hiWGhWEdLhregO-nb1m2EDZZQ@mail.gmail.com>
In-Reply-To: <CAOJ7v-2CWAX0W02qdRes3G-_5hiWGhWEdLhregO-nb1m2EDZZQ@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
Date: Thu, 4 Jul 2019 14:46:59 -0400
X-Gmail-Original-Message-ID: <CAD5OKxu3sCBaN3MmWmeawuYB-sPqfZt6TqF=dSfs6Q0QdXNYKg@mail.gmail.com>
Message-ID: <CAD5OKxu3sCBaN3MmWmeawuYB-sPqfZt6TqF=dSfs6Q0QdXNYKg@mail.gmail.com>
To: Justin Uberti <juberti@google.com>
Cc: Nils Ohlmeier <nohlmeier@mozilla.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a5d44d058cdf6742"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/L2P051Vv4sr8RzZ_oih4yLBtes4>
Subject: Re: [rtcweb] Is rtcweb the right place for draft-ietf-rtcweb-mdns-ice-candidates?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jul 2019 18:47:13 -0000

The FQDN in c= line and candidate address where in specs for a really long
time (RFC 4566 and RFC 5245 both define them). This being said, FQDN in c=
line was very infrequently used and FQDN in ICE candidate was never used.
FQDN in ICE candidate was badly under defined and due to limited use there
is no established practice on how it should work. Using FQDN for mDNS ICE
candidates, as far as I know, is the first wide spread use of FQDN in ICE
candidates. Almost every ICE implementation outside of Chrome was never
tested against FQDN in c= lines and ICE candidates and likely would have
issues.

As it stands, ice-sip-sdp does not contradict using FQDN in ICE candidates,
but is specifically leaves a big hole in the document regarding how exactly
offers with FQDN are generated and how FQDN candidates are supposed to be
processed. The only thing current draft defines is absolute minimum of what
end point needs to do when receiving a session description with FQDN
candidates and safely ignoring them.Things like FQDN resolution procedures,
procedures for adding resolution results to the candidate list, and what is
supposed to go into the c= line for FQDN default candidate were
deliberately left out for the future document. If anybody wants to use FQDN
in ICE candidates, these things need to be defined and verified to cause
minimal disruption when deployed against existing end points. Since ICE and
ICE session description related issues are normally discussed in mmusic, it
probably should happen there to reach the proper audience.

I understand that running experiments before proposing a solution is
probably a good thing and this is what Chrome was doing up until this
point. At the same time, rolling this feature into production before at
least documenting it, will definitely cause interop problems. What we have
now is a fairly major feature with a fairly outdated specification where
all the interop issues weren't considered.

As far as connectivity impact of Chrome experiment goes, we do see it
causing issues with at least two scenarios:

1. Listen only connections to SBC/Media servers on public IP: We have a set
of services which run SBC or Media Servers on public IPs with ICE TCP
enabled. These services did not use STUN or TURN servers, since all the
communications are between the browser end point and the server on public
IP. In cases when microphone is not present on the client computer or
client denies microphone access, client is still offered to connect in
listen only mode. In this scenario, we ended up with FQDN in the c= line
and only FQDN based candidates. As a quick work around we added STUN
server, but this, in addition to slowing down the connection time, still
prevented connections from hosts where UDP was blocked. We had to update
software used to run our hosted services to support FQDN in c= line and ICE
candidates (which was actually done as a regex replacement). Our software
which is installed at client premises is still not updated and will likely
take our clients another 6 months to a year to update. As far as we could
see, before update, 2-3% of all listen only connections where affected.
This is not a huge number but caused customer complaints from clients who
were able to connect before the experiment started.

2. Peer-to-peer connections within enterprise: We are working with a
peer-to-peer web casting solution for webinars. We see the connectivity
rate reduction within large enterprises, where IP based connection between
two private IP is allowed but client browsers are not withing the same
broadcast domain. In this case mDNS connectivity check fails when direct IP
connectivity check would succeed. In these cases webcast client switches to
streaming from the server, so this does no result in total failure but does
decrease the P2P network efficiency. Having an ability to ask for
Peer-to-Peer connectivity permission would really help in this case.

Best Regards,
_____________
Roman Shpount


On Thu, Jul 4, 2019 at 1:41 AM Justin Uberti <juberti@google.com> wrote:

> As I understand it, mdns in the c= line will only occur in edge cases,
> i.e., when there are no other candidates. As such I don’t see this as a
> showstopper.
>
> We have measured the connectivity impact of this change in significant
> detail and feel increasingly confident there are no egregious latent issues.
>
> On Wed, Jul 3, 2019 at 9:50 PM Nils Ohlmeier <nohlmeier@mozilla.com>
> wrote:
>
>> Probably not the ideal forum to point this out, but I hope the Chrome
>> team is aware that rolling out this feature, assuming it includes using
>> mDNS in the connection line, will break interop with Firefox.
>> So I have to concur that rolling this out appears to be premature to me.
>>
>> Best
>>   Nils Ohlmeier
>>
>> On 3Jul, 2019, at 17:58, Justin Uberti <
>> juberti=40google.com@dmarc.ietf.org> wrote:
>>
>> Hmm, that's unfortunate. I think this is a mistake, given that we are
>> about to throw the switch to enable mDNS for 100% of Chrome endpoints;
>> Chrome (and soon all browsers) will have to ignore ice-sip-sdp until this
>> extension spec is written.
>>
>> ice-sip-sdp isn't published yet, so it seems an update to that document
>> could still be a possibility. If that's not an option, putting forth #1 as
>> a specific extension that allows FQDN candidates to be generated in certain
>> situations seems like the right path.
>>
>>
>>
>> On Wed, Jul 3, 2019 at 5:40 PM Roman Shpount <roman@telurix.com> wrote:
>>
>>> Part of the problem is that mmusic have decided to punt on the FQDN
>>> support. In the current mmusic-ice-sip-sdp the final language that was
>>> included:
>>>
>>> <connection-address>:  is taken from RFC 4566 [RFC4566].  It is the IP
>>> address of the candidate, allowing for IPv4 addresses, IPv6 addresses, and
>>> fully qualified domain names (FQDNs).  When parsing this field, an agent
>>> can differentiate an IPv4 address and an IPv6 address by presence of a
>>> colon in its value - the presence of a colon indicates IPv6.  *An agent
>>> generating local candidates MUST NOT use FQDN addresses.  An agent
>>> processing remote candidates MUST ignore candidate lines that include
>>> candidates with FQDN *or IP address versions that are not supported or
>>> recognized.  *The procedures for generation and handling of FQDN
>>> candidates, as well as, how agents indicate support for such procedures,
>>> need to be specified in an extension specification.*
>>>
>>> So, at this point we have two options:
>>> 1. draft-ietf-rtcweb-mdns-ice-candidates can update ice-sip-sdp and
>>> define how FQDN candidates generated by mdns are handled
>>> 2. write a new draft in mmusic which defines FQDN handling
>>>
>>> In any case some sort of mmusic discussion is needed to reconcile this.
>>>
>>> Best Regards,
>>> _____________
>>> Roman Shpount
>>>
>>>
>>> On Wed, Jul 3, 2019 at 8:28 PM Justin Uberti <juberti@google.com> wrote:
>>>
>>>> The problem this draft is trying to solve is fairly RTCWEB-specific. If
>>>> there are individual issues to resolve, we can send them out to mmusic for
>>>> discussion, but AFAIK no changes to existing ICE specs are needed.
>>>>
>>>> On Wed, Jul 3, 2019 at 4:26 PM Roman Shpount <roman@telurix.com> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> Is rtcweb the right place for draft-ietf-rtcweb-mdns-ice-candidates?
>>>>> This entire draft seems to be ICE/SDP specific and not limited to rtcweb.
>>>>> Also, there are significant interop implications for this draft
>>>>> between browser and non-browser end points which probably warrant larger
>>>>> discussion outside of rtcweb group. I would think mmusic would be a much
>>>>> better place for this draft. I know there is an incentive to complete this
>>>>> draft quickly but this has a potential to break a lot of things (it already
>>>>> did break interop with almost every existing ICE implementation).
>>>>>
>>>>> Regards,
>>>>> _____________
>>>>> Roman Shpount
>>>>> _______________________________________________
>>>>> rtcweb mailing list
>>>>> rtcweb@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/rtcweb
>>>>>
>>>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org
>> https://www.ietf.org/mailman/listinfo/rtcweb
>>
>>
>>