Re: [rtcweb] NAT behavior heuristics

"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Tue, 07 August 2012 15:37 UTC

Return-Path: <tireddy@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0086721F8718 for <rtcweb@ietfa.amsl.com>; Tue, 7 Aug 2012 08:37:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.479
X-Spam-Level:
X-Spam-Status: No, score=-10.479 tagged_above=-999 required=5 tests=[AWL=0.120, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AkkX0JNJ2dfg for <rtcweb@ietfa.amsl.com>; Tue, 7 Aug 2012 08:37:32 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id 9C68721F8646 for <rtcweb@ietf.org>; Tue, 7 Aug 2012 08:37:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=tireddy@cisco.com; l=5083; q=dns/txt; s=iport; t=1344353852; x=1345563452; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=Ywz6Xab3ofdm/UfH06yxZlYpUWkza0ME+4fN2+LaqhI=; b=ld3mRLsgPdWHzxJYapbTW8rmOruiyJ1eedw1euHQt3oQ2n+4U8HQpqCS SAQ9i1f5A7nY+6H+JzbJj09Q3sDfWI3TBNoKCDgGwsaphON7tJ4uP+DiD v8bIPuCQ3aSWoxIVngeVQKA8+7VlQYvUMqRX2B8sA1fwegIVcr/YsI4+8 s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgAFAB41IVCtJV2d/2dsb2JhbABFuUaBB4IgAQEBAgEBAQEBDwFbCwUHBAIBCA4DBAEBAQodByEGCxQJCAIEAQ0FCBqHXAMGBgubVJZ/DYlOiitkBYYIYAOIGItdgmeJdYMdgWaCXw
X-IronPort-AV: E=Sophos;i="4.77,727,1336348800"; d="scan'208";a="109215442"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-8.cisco.com with ESMTP; 07 Aug 2012 15:37:30 +0000
Received: from xhc-rcd-x15.cisco.com (xhc-rcd-x15.cisco.com [173.37.183.89]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id q77FbUmW009782 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 7 Aug 2012 15:37:30 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.216]) by xhc-rcd-x15.cisco.com ([173.37.183.89]) with mapi id 14.02.0298.004; Tue, 7 Aug 2012 10:37:29 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Cameron Byrne <cb.list6@gmail.com>, "Markus.Isomaki@nokia.com" <Markus.Isomaki@nokia.com>
Thread-Topic: [rtcweb] NAT behavior heuristics
Thread-Index: Ac1w1ovfvzUgFxvbR0qnhkeGI2kOuAAVj+eAAAB2nYAAdXC7AAAK960AAAlqvrAACyyyAABTg5cAAAIELQAACfK/kA==
Date: Tue, 7 Aug 2012 15:37:27 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A1477E4F7@xmb-rcd-x10.cisco.com>
References: <038b01cd70d6$8c5bc870$a5135950$@com> <CABkgnnW+pCnDZuYHDj6=7xdqRwM6AO48RrC1xhMrvFZbUBgtyw@mail.gmail.com> <04ff01cd7104$be09bed0$3a1d3c70$@com> <501E1E40.8070203@jesup.org> <CAD6AjGTrd0d9dm5HC2xr=ZAU2DmU55Sdkm6rH8NO4sJMMuLScA@mail.gmail.com> <913383AAA69FF945B8F946018B75898A1477C17F@xmb-rcd-x10.cisco.com> <CAD6AjGTEH+12WfKavx7H_xpfeynEL6W33L9nD98_vztVodGTuA@mail.gmail.com> <E44893DD4E290745BB608EB23FDDB76228412C@008-AM1MPN1-042.mgdnok.nokia.com> <CAD6AjGQyMjK0paM6v3m_DTxBk7AEpQQYaqo8NkZKxUd6eJ_YKg@mail.gmail.com>
In-Reply-To: <CAD6AjGQyMjK0paM6v3m_DTxBk7AEpQQYaqo8NkZKxUd6eJ_YKg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.85.252]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19090.005
x-tm-as-result: No--60.448700-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "randell-ietf@jesup.org" <randell-ietf@jesup.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>, "phdgang@gmail.com" <phdgang@gmail.com>
Subject: Re: [rtcweb] NAT behavior heuristics
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Aug 2012 15:37:34 -0000

> I know of one large USA mobile operator that is not SPI firewalling or tracking state for ipv6 mobiels, so this is not a problem for them.
> If operators choose to statefully inspect user traffic, those cost and limitations are assumed as part of the cost and service definition from the mobile 
> operator.
> IMHO, SPI FW in ipv6 is not prudent or cost justified in mobile networks.

http://www.bluecoat.com/sites/default/files/documents/files/Content_Filtering_for_Mobile_Operators.pdf
offers URL filtering based on user profile, claims to block Skype if sent over port 80/443  (http://www.bluecoat.com/sites/default/files/documents/files/How_Mobile_Operators_Can_Control_Skype.1.pdf), block viruses/worm. This product is targeted for Mobile Operators. 

--Tiru.


From: Cameron Byrne [mailto:cb.list6@gmail.com] 
Sent: Tuesday, August 07, 2012 8:41 PM
To: Markus.Isomaki@nokia.com
Cc: rtcweb@ietf.org; Tirumaleswar Reddy (tireddy); phdgang@gmail.com; randell-ietf@jesup.org
Subject: RE: [rtcweb] NAT behavior heuristics


On Aug 7, 2012 7:13 AM, <Markus.Isomaki@nokia.com> wrote:
>
> Hi Cameron,
>
> Cameron Byrne wrote:
> >
> >I asked around in Vancouver about PCP, and all the operators i spoke to said
> >no-plans, no motivation.  But, that was a small sample.
>
> This is probably a fair assessment about the concrete plans. Most mobile operators don't even follow IETF much, so I doubt that they have even heard about PCP so far. There are however a few operators, where at least the research and standardization people have been interested in PCP (as witnessed by http://datatracker.ietf.org/doc/draft-chen-pcp-mobile-deployment/). I think some operators are also proposing PCP to be included in the 3GPP specs (release 12). It is hard to say how much that means in the real world, but at least I'd expect we could find a few operators willing to do real-network trials withing the next 12 months.
>
> Personally I see PCP as a very useful tool in the cellular access environment, for probing the NAT/FW timers and in the best case even setting them. It will be a major chicken-and-egg situation between apps, mobile OS's and the networks, to get anything into use. I think we should still do our best to overcome it. I agree that RTCWeb or anyone else should not rely on PCP (or any similar mechanim), but have the ability to make use of it if it happens to be available.
>
> I'm unconvinced IPv6 will help at all in this case. How do you know how long the FW on the path will keep its state up without keepalives? It will probably be the same as for NATs: In some networks timeout is 2 minutes, while in others 60 minutes. Having something like PCP to check out that it indeed is 60 min. would be extremely helpful. While most app developers might not be willing/able to optimize for battery/mobile, there are already some that are doing a good job. So there is hope that the new mechanisms would get some traction.
>
I know of one large USA mobile operator that is not SPI firewalling or tracking state for ipv6 mobiels, so this is not a problem for them.
If operators choose to statefully inspect user traffic, those cost and limitations are assumed as part of the cost and service definition from the mobile operator.
IMHO, SPI FW in ipv6 is not prudent or cost justified in mobile networks. 
CB
> Markus
>
>
> >-----Original Message-----
> >From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf
> >Of ext Cameron Byrne
> >Sent: 06 August, 2012 01:22
> >To: Tirumaleswar Reddy (tireddy)
> >Cc: Randell Jesup; rtcweb@ietf.org; phdgang@gmail.com
> >Subject: Re: [rtcweb] NAT behavior heuristics
> >
> >On Sun, Aug 5, 2012 at 3:05 PM, Tirumaleswar Reddy (tireddy)
> ><tireddy@cisco.com> wrote:
> >>> Fyi. I have not seen any traction for pcp anywhere in the mobile space.
> >>
> >> http://tools.ietf.org/html/draft-chen-pcp-mobile-deployment-01 describes
> >usage of PCP in Mobile Deployments.
> >>
> >> --Tiru.
> >>
> >
> >Yep, that's  an I-D.
> >
> >And, it says things like "Without
> >   the particular considerations , PCP may not provide desirable
> >   outcomes.  Some default behaviours may even cause negative impacts or
> >   system failures in a mobile environment.  "
> >
> >Got an operators with a timeline on supporting it?  How about a mobile OS
> >that plans to support PCP, because you will need both.  And, that would be
> >interesting information.
> >
> >I asked around in Vancouver about PCP, and all the operators i spoke to said
> >no-plans, no motivation.  But, that was a small sample.
> >
> >In any event, my only point is that RTCWEB should NOT be counting on PCP.  If
> >PCP is a tool you have, use it.  My point: it is not a tool you have.
> >
> >CB
> >_______________________________________________
> >rtcweb mailing list
> >rtcweb@ietf.org
> >https://www.ietf.org/mailman/listinfo/rtcweb