Re: [rtcweb] [mmusic] TURN server address via DHCP, WGLC of draft-ietf-rtcweb-use-cases-and-requirements-11

Justin Uberti <juberti@google.com> Thu, 03 October 2013 19:10 UTC

Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57ECB21F893E for <rtcweb@ietfa.amsl.com>; Thu, 3 Oct 2013 12:10:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ec-9AHMDDDZW for <rtcweb@ietfa.amsl.com>; Thu, 3 Oct 2013 12:09:56 -0700 (PDT)
Received: from mail-vb0-x233.google.com (mail-vb0-x233.google.com [IPv6:2607:f8b0:400c:c02::233]) by ietfa.amsl.com (Postfix) with ESMTP id 6C55621F8BFD for <rtcweb@ietf.org>; Thu, 3 Oct 2013 11:59:41 -0700 (PDT)
Received: by mail-vb0-f51.google.com with SMTP id x16so1759409vbf.24 for <rtcweb@ietf.org>; Thu, 03 Oct 2013 11:59:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=VgyHIR1hZU+3SXKQ8cfclHEj5je4TMBwBy3/JZURhVM=; b=JAq9Y6KDWLHVOl5H+/jLNKJ9XJ4R8Da7yVK9/K0/LyccF0s2kPaO+UDU8x8JYToRGP /uyCi/U3/azeE+ZR5xTvJS3j4ytHep9stwMxUI6uyPBHPyIQklQebP05rYP3x5A6lZuD t0eVE4HsU0zLe4mHiLLPGG41TwipRvmAanhMro3AYH/ehl4YTuxALDvERuMbIlzHfZWa sCZArDf1TJV8LNwV/nZa7cTV7IejZwTy0wK+DOlv4Ch2G0vrV81l9YGHfEqJklrMtgJ5 5IDf7BWFAIc21NJz8ECzRa2fQ0C1GBzm9NTDN1GI9Hd+4MTFXOaIP7k4XSEsaN0MEt8q +iFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=VgyHIR1hZU+3SXKQ8cfclHEj5je4TMBwBy3/JZURhVM=; b=WlFb03U8A7h9ARnWCTDPq+yweN+Py/v4/pRyZcd0+wWJWxs+gLO907z3PhkmCqMS7J Je/vp16YNAhBlF7hFKE2MezcCkKtcMwiEQs141OulIpYR4FPNA4Dyg9odzl2tD3l39MR lxHHF1HYVmnWb6bwz0N8SEsup8n9jBOr+Jkwg5AydHOCYtbKGQuO9h1hfJQ9KDjoyOJZ BpV7LeYTdmBm+PsJrbVHH/YGtPfDrn9vipOwCVPzgf1VVFiqycldk+fGKpz8TkI3gnLs 8UiWx2aHFO4aktBNSNGpHZuCnCsz8ukxilwhtvRN0XDvFNgRdDdDT78b8fwArMXDsaK0 7bGQ==
X-Gm-Message-State: ALoCoQneOw1qo92tN2ETG5H7z8EhnGDTr2rQkuI0hnSGazEVlwvbWxhO89QKByFTgqdnPOWgIOIkSy8L6TnEBTCykS/xyYq5mJejd02lwgmr+D1+lgJrXTEeAayLJjI0eompF7Q1Z048qAsgcN0a8z+1RzRB3HwU4QR8F8Lpl5mlCimggStQYSjmAwTPDfTxPHGgeEM34Q1e
X-Received: by 10.220.10.194 with SMTP id q2mr8622404vcq.2.1380826780775; Thu, 03 Oct 2013 11:59:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.110.101 with HTTP; Thu, 3 Oct 2013 11:59:20 -0700 (PDT)
In-Reply-To: <524a139b.e37e700a.694f.ffffae7bSMTPIN_ADDED_BROKEN@mx.google.com>
References: <C5E08FE080ACFD4DAE31E4BDBF944EB11667BBA0@xmb-aln-x02.cisco.com> <523c6d3d.c9d1440a.3b96.7499SMTPIN_ADDED_BROKEN@mx.google.com> <CAD6AjGRXr5kPRQdN+4jkgXHciN3NE7HiRmsb7kaYuzwHEPa7ZA@mail.gmail.com> <C5E08FE080ACFD4DAE31E4BDBF944EB1166CC702@xmb-aln-x02.cisco.com> <5244104D.4010401@alvestrand.no> <CABkgnnWyYCdpSxXyiYb+4BzMpME85671x5JzxJX08RiyQd+SFQ@mail.gmail.com> <BLU169-W98EC710F291837B36C14F0932B0@phx.gbl> <524a139b.e37e700a.694f.ffffae7bSMTPIN_ADDED_BROKEN@mx.google.com>
From: Justin Uberti <juberti@google.com>
Date: Thu, 03 Oct 2013 11:59:20 -0700
Message-ID: <CAOJ7v-0nTR4U8muY_XCDnSWH_Ff1Ad0E+j6CUeus9zsbZFuZfQ@mail.gmail.com>
To: Karl Stahl <karl.stahl@intertex.se>
Content-Type: multipart/alternative; boundary="001a11c3b944c3ce7704e7dac968"
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>, draft-ietf-rtcweb-use-cases-and-requirements@tools.ietf.org, "Cullen Jennings (fluffy)" <fluffy@cisco.com>
Subject: Re: [rtcweb] [mmusic] TURN server address via DHCP, WGLC of draft-ietf-rtcweb-use-cases-and-requirements-11
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Oct 2013 19:10:04 -0000

WPAD already supports DNS-based discovery (in addition to DHCP). If you
have host-95-199-196-65.mobileonline.telia.com as your endpoint hostname,
it will try to get a PAC file from wpad.mobileonline.telia.com.

Since for all practical purposes, TURN is a "UDP proxy", I think it should
be handled similar to other proxy autoconfig mechanisms.


On Mon, Sep 30, 2013 at 5:13 PM, Karl Stahl <karl.stahl@intertex.se> wrote:

> I happily withdraw my suggestion to use DHCP to find a network provider
> offered TURN server in favor of the DNS-Based Service Discovery method
> (inserted last below). The major problem with the DHCP usage was that you
> then also have to do something similar for: RA - Router Advertisement - in
> IPv6, addition to the IPCP protocol for PPPoE and something for the mobile
> OTT channel – wherever DHCP is NOT the method to give you an IP address.**
> **
>
> ** **
>
> Further:****
>
> > On Thu, Sep 27, 2013 Justin Uberti wrote:****
>
> > Agree. I still think that extending PAC files to include TURN
> information is the right way to go.****
>
> > PAC files can already be discovered via DHCP or DNS, there is no need to
> reinvent this wheel.****
>
> ** **
>
> >>On Thu, Sep 26, 2013 at 4:55 PM, Cullen Jennings (fluffy) <
> fluffy@cisco.com> wrote:****
>
> >>I think we need to give some advise to the browsers vendors on what they
> should implement to find turn servers****
>
> ** **
>
> I Googled a bit on PAC and WPAD and saw that a HTTP proxy config JS file
> can be picked up through a URL based on the device name. Similar could work
> for finding a TURN server on a LAN, but what about the case with a network
> provider offered TURN server? The network provider hands out an IP address
> and wants to announce a related TURN server address: – Is there a “PAC-way”
> to announce it to a device on a LAN (behind a NAT/firewall)? The device
> must find such configuration file based on its public IP address (that he
> can find using STUN as in the suggestion below).****
>
> ** **
>
> But generally, finding a TURN-server is a network-thing, ICE (or even TURN
> not using ICE), not a Web-thing, so for that reason the DNS-Based Service
> Discovery method is at a better level. Such method could also be used by
> SIP clients (even a Skype client could implement it to benefit from a
> real-time path with better quality, if the network provider offers such
> path through his TURN server).****
>
> ** **
>
> The DNS-Based Service Discovery method should be easy to implement in a
> WebRTC browser (doing complex ICE things anyway). The question is rather
> how easy it is for the network provider to provision. Do they all do
> reverse DNS like with found with mobile operators TeliaSonera and Tele2 in
> Sweden? Then it should not be too difficult.****
>
> ** **
>
> Or is there yet another better method to announce a TURN server address
> with the IP address offered?****
>
> ** **
>
> /Karl****
>
> ** **
>
> ** **
>
> *Från:* rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] *För *Bernard
> Aboba
> *Skickat:* den 29 september 2013 02:41
> *Till:* Harald Alvestrand
> *Kopia:* rtcweb@ietf.org
>
> *Ämne:* Re: [rtcweb] TURN server address via DHCP, WGLC of
> draft-ietf-rtcweb-use-cases-and-requirements-11****
>
> ** **
>
> On Sep 26, 2013 8:46 PM, "Harald Alvestrand" <harald@alvestrand.no> wrote:
>
> "So far, neither the POSIX standard nor any OS vendor has offered a
> generic facility to access information made available in DHCP packets."***
> *
>
> ** **
>
> [BA] The Windows DHCP client API does provide this: ****
>
>
> http://msdn.microsoft.com/en-us/library/windows/desktop/aa363351(v=vs.85).aspx
> ****
>
> ** **
>
> In particular, the SendParams argument to the DhcpRequestParams
> function can be used to request a particular parameter (e.g. TURN server
> address), which will then be returned in the RecdParams variable.  ****
>
> ** **
>
> Nevertheless, I still think that using DHCP to configure the TURN server
> address in a browser isn't a good idea.  For one thing, since DHCP is
> effectively unsecured, this mechanism could be used by a rogue DHCP server
> to force traffic to a rogue turnserver.   Great for surveillance!****
>
> ** **
>
> ** **
>
> On Sep 27, 2013 1:27 AM, "Karl Stahl" <karl.stahl@intertex.se> wrote:****
>
> Here comes the suggestion I got from my developer that would allow a
> network
> provider to offer his TURN server for the WebRTC browser to use. This would
> require NO new DHCP-options or similar, and NO OS changes (I do realize
> those should be avoided if possible...).
>
> The idea is still, that whoever is responsible for giving a device an IP
> address (the network provider or a LAN administrator) can also announce a
> TURN server for the WebRTC browser to use.
>
> The suggestion is to use RFC6763 (DNS-Based Service Discovery, see chapter
> 11) where the network provider (the owner of the IP address) has set up a
> DNS PTR record for the TURN server in the in-addr.arpa domain.
>
> If the device got IP 173.164.252.149, then make a query for the PTR record
> for:
> _turn._udp.149.252.164.173.in-addr.arpa.
> Then the SRV record would return the actual address to the TURN server (and
> you may find several for load balancing and failover I guess)
>
> If the device is on a LAN, the IP 173.164.252.149 to query would be the WAN
> IP you get via STUN in the ICE process. But if the LAN administrator
> provides a local TURN server, then he also should have blocked STUN in the
> firewall, and the browser should query the device's local host address (as
> in the ICE procedure) and the local LAN DNS server should answer the query
> to give the local TURN server address on the LAN.
>
> Shouldn't this work to allow network provider to offer his TURN server
> "automatically and generally"?
>
> And wouldn't this work nicely for mobile devices, whenever the device is on
> a "WebRTC-ready access" (actually good for everything using ICE), whether
> fixed, WiFi or 3G/4G OTT, you get also a TURN server (and the network
> provider hopefully offers a prioritized pipe there as one usage of this
> mechanism).
>
> Not to slow down every call setup by doing this in the ICE process, I guess
> this could be done when starting the browser and when the device gets a new
> IP address, to have the TURN server address ready for later use.
>
> /Karl****
>
>