IETF Logo Mail Archive

Re: [rtcweb] NAT/Firewall considerations (RE: I-D Action: draft-ietf-rtcweb-transports-00.txt)

"cb.list6" <cb.list6@gmail.com> Tue, 27 August 2013 16:05 UTC

Return-Path: <cb.list6@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92D8311E838C for <rtcweb@ietfa.amsl.com>; Tue, 27 Aug 2013 09:05:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CMgVbAt2-u56 for <rtcweb@ietfa.amsl.com>; Tue, 27 Aug 2013 09:05:04 -0700 (PDT)
Received: from mail-wg0-x232.google.com (mail-wg0-x232.google.com [IPv6:2a00:1450:400c:c00::232]) by ietfa.amsl.com (Postfix) with ESMTP id 3015511E81A3 for <rtcweb@ietf.org>; Tue, 27 Aug 2013 09:05:04 -0700 (PDT)
Received: by mail-wg0-f50.google.com with SMTP id m15so4278843wgh.5 for <rtcweb@ietf.org>; Tue, 27 Aug 2013 09:05:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=OnHvl61ofklpQCN2uWj5ZOw71xKN45U57Pg01g0R8Eg=; b=qa2o4ZNn24Au30OWm+kx+I920oS4gYCvsjEdPM7UzizU170C+n7Ax1+im3BytzXVIp NYkhd6cPDa1c77hu79fEKplSZbfLoHauF+31JLzEHKxPuKHfljpZtZU2Kv3ZLZvlBxr2 NMGu+rjTsYJCu8+EjEWfLYQ5NRK624sFk41zHnWPJnBarrPt7hBMrMXml/T7yFV8+ved zoKWfaNQy9E6Ho3w5o0vKLbBn5K3RE6lWJ4vv4VFp40MlUoA3FaQdHUYaFlmwjsf9was 5ptEJxP3tTb2M97cT3kRJ/Tv/97nqU9/wLGKD6W7AHXFVJD5mcdvLzl9Nkp7W/txNVWL A2rw==
MIME-Version: 1.0
X-Received: by 10.194.77.167 with SMTP id t7mr14838705wjw.27.1377619503293; Tue, 27 Aug 2013 09:05:03 -0700 (PDT)
Received: by 10.216.124.10 with HTTP; Tue, 27 Aug 2013 09:05:03 -0700 (PDT)
In-Reply-To: <1713CFAA-2032-4893-A260-1F8D0FB81641@gmail.com>
References: <E44893DD4E290745BB608EB23FDDB7620A0906A4@008-AM1MPN1-041.mgdnok.nokia.com> <521CBD2E.9030905@ericsson.com> <1713CFAA-2032-4893-A260-1F8D0FB81641@gmail.com>
Date: Tue, 27 Aug 2013 09:05:03 -0700
Message-ID: <CAD6AjGRZ0zBQryZwqfK4hH5zRuEgfUwNnBV9zCLvAc47J54zvA@mail.gmail.com>
From: "cb.list6" <cb.list6@gmail.com>
To: Alan Johnston <alan.b.johnston@gmail.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Cc: "<rtcweb@ietf.org>" <rtcweb@ietf.org>
Subject: Re: [rtcweb] NAT/Firewall considerations (RE: I-D Action: draft-ietf-rtcweb-transports-00.txt)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Aug 2013 16:05:05 -0000

The I-D says this

"As last resort in order to cater

   for NAT/FWs with address and port dependent filtering characteristics"

What is the first resort?

<ascending soap box>

Specifically, i would like the document to say that end points and
intermediate systems should support IPv6 and attempt IPv6
connectivity...which means they must support IPv6.

IPv6 is a middle box / NAT avoidance mechanism, but these early days
of WebRTC show no support for IPv6.

https://bugzilla.mozilla.org/show_bug.cgi?id=797262

The draft should explicitly describe that secure e2e connectivity
should be attempted first with all address families, not short cuts
that make WebRTC more fragile by relying on middle boxes (TURN).

I am not opposed to this draft, and find TURN to be a useful way to
police traffic and bridge disparate address families, but it is a
slippery slope where we try to avoid one middle box with another.

CB

On Tue, Aug 27, 2013 at 7:55 AM, Alan Johnston
<alan.b.johnston@gmail.com> wrote:
> Agree that enterprises need this plus a few other TURN extensions.
>
> I support adoption as WG draft.
>
> - Alan -
>
>
>
> On Aug 27, 2013, at 9:52 AM, Salvatore Loreto
> <salvatore.loreto@ericsson.com> wrote:
>
> +1
>
>
> On 8/27/13 2:53 PM, Markus.Isomaki@nokia.com wrote:
>
> Hi,
>
>
>
> I would support the adoption of the NAT and Firewall considerations
> (http://tools.ietf.org/html/draft-hutton-rtcweb-nat-firewall-considerations-01)
> as a WG document. Or to be more precise, I very much agree with the
> requirements summarized in Section 5. Especially this one seems important to
> me:
>
>
>
> o  connect to a TURN server via a HTTP proxy using the HTTP connect
>
>       method,
>
>
>
> If we want WebRTC to work from many corporate networks I’m aware of, it
> would not be possible without this as a fallback capability.
>
>
>
> Markus
>
>
>
>
>
>
>
> From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf Of
> ext Bernard Aboba
> Sent: 21 August, 2013 00:44
> To: Hutton, Andrew; rtcweb@ietf.org; Harald Alvestrand
> Subject: Re: [rtcweb] I-D Action: draft-ietf-rtcweb-transports-00.txt
>
>
>
> The NAT/Firewall considerations document does go into detail on the various
> traversal scenarios, which helps inform the discussion of what should or
> should not be supported in terms of transport.  Section 5 summarizes the
> recommendations as follows:
>
> 5.  Requirements for RTCWEB-enabled browsers
>
>
>
>
>
>    For the purpose of relaying RTCWEB media streams or data channels a
>
>    browser needs to be able to
>
>
>
>    o  connect to a TURN server via UDP, TCP and TLS,
>
>
>
>    o  connect to a TURN server via a HTTP proxy using the HTTP connect
>
>       method,
>
>
>
>    o  connect to a TURN server via the HTTP(s) ports 80/443 instead of
>
>       the default STUN ports 3478/5349,
>
>
>
>    o  upgrade the HTTP proxy-relayed connection to the TURN server to
>
>       use TLS,
>
>
>
>    o  use the same proxy selection procedure for TURN as currently done
>
>       for HTTP,
>
>
>
>    o  switch the usage of the HTTP proxy-relayed connection with the
>
>       TURN server from HTTP to STUN/TURN,
>
>
>
>    o  use a preconfigured or standardized port range for UDP-based media
>
>       streams or data channels,
>
>
>
>    o  learn from the proxy configuration script about the presence of a
>
>       local TURN server and use it for sending UDP traffic to the
>
>       internet,
>
>
>
>    o  support ICE-TCP for TCP-based direct media connection to the
>
>       RTCWEB peer.
>
>
>
>> From: andrew.hutton@siemens-enterprise.com
>> To: rtcweb@ietf.org; harald@alvestrand.no
>> Date: Tue, 20 Aug 2013 16:31:28 +0000
>> Subject: Re: [rtcweb] I-D Action: draft-ietf-rtcweb-transports-00.txt
>>
>> Section 2.2 "Middle Box Related Functions" should also I assume cover the
>> case of using a HTTP Proxy or an enterprise TURN server and reference
>> http://tools.ietf.org/html/draft-hutton-rtcweb-nat-firewall-considerations-01
>> assuming we can get this adopted.
>>
>> Regards
>> Andy
>
>
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>

v2.23.0 | Report a Bug | By Email