Re: [rtcweb] Requiring ICE for RTC calls

Eric Rescorla <ekr@rtfm.com> Fri, 30 September 2011 02:35 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0427321F8EC6 for <rtcweb@ietfa.amsl.com>; Thu, 29 Sep 2011 19:35:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.902
X-Spam-Level:
X-Spam-Status: No, score=-102.902 tagged_above=-999 required=5 tests=[AWL=0.074, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J4GbuSSt3vYx for <rtcweb@ietfa.amsl.com>; Thu, 29 Sep 2011 19:35:28 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id 04F5721F8EC5 for <rtcweb@ietf.org>; Thu, 29 Sep 2011 19:35:27 -0700 (PDT)
Received: by wyh21 with SMTP id 21so679130wyh.31 for <rtcweb@ietf.org>; Thu, 29 Sep 2011 19:38:20 -0700 (PDT)
Received: by 10.227.10.139 with SMTP id p11mr1932055wbp.61.1317350300091; Thu, 29 Sep 2011 19:38:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.227.196.83 with HTTP; Thu, 29 Sep 2011 19:37:40 -0700 (PDT)
In-Reply-To: <2C381E05-59C5-4678-A431-CFDAC1098050@acmepacket.com>
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com> <CAD6AjGSmz5T_F+SK2EoBQm6T-iRKp7dd4j8ZAF5JKdbbyomZQA@mail.gmail.com> <CALiegfmO54HC+g9L_DYn4jtXAAbLEvS++qxKa6TNrLDREs9SeA@mail.gmail.com> <4E80984A.903@skype.net> <CALiegfmyvTb57WVooKryS-ubfcg+w5gZ+zfO1zzBLn3609AzaA@mail.gmail.com> <4E809EE6.2050702@skype.net> <CAD5OKxvUOadaU0dnB7-Ho9cZ92VY+4Owuhj7oKPCx9Jy1iwT1Q@mail.gmail.com> <C2DF2C51-B3F7-443D-A047-7E6FB03E6D20@phonefromhere.com> <CAOJ7v-3AJJcdrCKcH4AJmv_016sZtcOPOo8yCv3Va65eJogAkQ@mail.gmail.com> <53C72381-DC23-4A6A-944C-B418791876B0@cisco.com> <CALiegf=nG+KXto9CXfn64CQSp3P5Lfm+S8c0xnA187Fhz=fcrQ@mail.gmail.com> <05B54E0C-B867-4D7F-825D-2E008E69B07F@acmepacket.com> <4E84F06B.7020705@skype.net> <2C381E05-59C5-4678-A431-CFDAC1098050@acmepacket.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 29 Sep 2011 19:37:40 -0700
Message-ID: <CABcZeBMgFetriRkyvR_pOczWX6RCpMisjzjQeBsPYj9Zg3S0zQ@mail.gmail.com>
To: Hadriel Kaplan <HKaplan@acmepacket.com>
Content-Type: multipart/alternative; boundary="002215974dfaae843104ae1f84ba"
Cc: Randell Jesup <randell-ietf@jesup.org>, "<rtcweb@ietf.org>" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Requiring ICE for RTC calls
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2011 02:35:29 -0000

On Thu, Sep 29, 2011 at 5:18 PM, Hadriel Kaplan <HKaplan@acmepacket.com>wrote:

>
> On Sep 29, 2011, at 6:25 PM, Matthew Kaufman wrote:
>
> > Ridiculous. We're not talking something like one SHA-1 HMAC per packet
> received... this is one SHA-1 per connectivity test. That's one or two
> packets *per call*. No way that increases the cost/complexity of any
> possible device that might be terminating or transcoding media.
>
> Not as far as I know; the SHA-1 hash is calculated on every single STUN
> request and response packet, because it covers the STUN header which
> includes the transaction-id, which is unique per request; and the request
> has different content than the response.  So per ICE-pair connectivity
> check, it could be two STUN requests and two responses (for the "normal"
> mode).  And since I'm assuming v4/v6 dual-stack, that's potentially double
> that number.
>
> And yes while 8 SHA-1's per call isn't a lot compared to transcoding or
> terminating media, I wasn't talking about this being done in the PSTN
> TDM-facing gateways themselves, but rather in the "media-plane gateway"
> interworking RTCWeb with the legacy SIP world. (ie, SBCs)  At least I
> assumed that's what people here meant by "media gateways" - it's not like
> real PSTN-TDM gateways are eager to do ICE... nor are MTAs, voicemail
> servers, announcement servers, conference servers, IVRs, etc.
>

Absent some measurements, I tend to agree with Matthew here.
My Macbook Air can do roughly 3x10^3 SHA-1 operations per
second on a single core. In order for this to be 10% of your load,
you would need to be processing on the order of
75K STUN requests/sec/core. How many total calls/second
can you do/core w/o STUN?

-Ekr