IETF Logo Mail Archive

Re: [rtcweb] Consent for fate-sharing connections (Do we need text in draft-ietf-rtcweb-stun-consent-freshness ?)

Magnus Westerlund <magnus.westerlund@ericsson.com> Fri, 28 March 2014 08:11 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C3361A0285 for <rtcweb@ietfa.amsl.com>; Fri, 28 Mar 2014 01:11:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LVU7Qllnz3W6 for <rtcweb@ietfa.amsl.com>; Fri, 28 Mar 2014 01:11:48 -0700 (PDT)
Received: from sesbmg20.ericsson.net (sesbmg20.ericsson.net [193.180.251.56]) by ietfa.amsl.com (Postfix) with ESMTP id 65B3B1A0476 for <rtcweb@ietf.org>; Fri, 28 Mar 2014 01:11:47 -0700 (PDT)
X-AuditID: c1b4fb38-b7f418e000001099-b7-53352ec073cf
Received: from ESESSHC002.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg20.ericsson.net (Symantec Mail Security) with SMTP id 59.C9.04249.0CE25335; Fri, 28 Mar 2014 09:11:44 +0100 (CET)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.26) with Microsoft SMTP Server id 14.2.347.0; Fri, 28 Mar 2014 09:11:44 +0100
Message-ID: <53352EC0.80006@ericsson.com>
Date: Fri, 28 Mar 2014 09:11:44 +0100
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Harald Alvestrand <harald@alvestrand.no>, rtcweb@ietf.org
References: <CF579BF9.85AEA%rmohanr@cisco.com> <CA+9kkMCgFVWi96iqRsee5V3UMBmY0eK=S0mLnde52tUs3Xnddw@mail.gmail.com> <CF5824EF.85B9A%rmohanr@cisco.com> <CF5828FE.85BC2%rmohanr@cisco.com> <5334324C.8070004@ericsson.com> <CABkgnnVB7ydWL0xW=e8qVaowTQG+jm0ghrjKGSJN-UeDuXin7g@mail.gmail.com> <5334758B.9020207@alvestrand.no>
In-Reply-To: <5334758B.9020207@alvestrand.no>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmphluLIzCtJLcpLzFFi42KZGfG3RveAnmmwwbGPxhbH+rrYLNb+a2d3 YPK4MuEKq8eSJT+ZApiiuGxSUnMyy1KL9O0SuDJufZ3CVrBMoWLDxi2sDYyNUl2MnBwSAiYS lxb3s0PYYhIX7q1n62Lk4hASOMIo8eTeHhYIZzmjxOkrK1hBqngFNCXat+4GSnBwsAioSmz8 VggSZhOwkLj5o5ENxBYVCJZYOmcxC0S5oMTJmU/AbBEBe4mLc16C2cICNRI9/5ug5u9nkmi6 uY8RZCangK7E4QYZEFNCQFyipzEIpJxZQE9iytUWRghbXqJ562xmEFtIQFuioamDdQKj4Cwk 22YhaZmFpGUBI/MqRo7i1OKk3HQjg02MwJA8uOW3xQ7Gy39tDjFKc7AoifN+fOscJCSQnliS mp2aWpBaFF9UmpNafIiRiYNTqoGxSn72IeajtT7P5/ZP/LdLOPPY1MRUp5WZa5/5zg3W3Vm0 X/VmzbLSiGRx8XXVuu93HJw4gSmqaHdWkWqL34fbE0oX2blphHYcsVlhv2rR3ELLL14TVJNu 5CXPS922dq6qn4Nm7/0jXdMiP4v/jlKeJXljYut7IYWIzM3np59Y0Xonb/vM3hkPlViKMxIN tZiLihMBD9fV9BcCAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/eY2vStR0MS4kz58mMKLV3bjiXfU
Subject: Re: [rtcweb] Consent for fate-sharing connections (Do we need text in draft-ietf-rtcweb-stun-consent-freshness ?)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Mar 2014 08:11:56 -0000

On 2014-03-27 20:01, Harald Alvestrand wrote:
> On 03/27/2014 06:15 PM, Martin Thomson wrote:
>> On 27 March 2014 07:14, Magnus Westerlund
>> <magnus.westerlund@ericsson.com> wrote:
>>> I do think RTP MUST be fate shared with its RTCP. Because revoking
>>> consent for RTCP should not be a way of turning off congestion control.
>>> Thus, no RTCP should mean no RTP either as you get no feedback on how it
>>> behaves.
>> I would hope that a congestion control algorithm for RTP would a) use
>> RTCP as its feedback mechanism, and b) react fairly harshly if RTCP
>> suddenly disappeared.  Such that loss of consent on RTCP would
>> essentially cut bandwidth to zero, or close to.
>>
>> I remember having this issue with Lync: we were dropping RTCP and the
>> video quality was absolutely appalling.  Turns out, Lync was doing
>> both a and b.
> 
> That's one of the properties of the "circuit breaker" algorithm that
> Colin Perkins has been editing: Lose RTCP for 3 RTCP reporting
> intervals, cut transmission.
> 
> draft-ietf-avtcore-rtp-circuit-breakers-03.txt
> 
> And our very own rtp-usage requires that we support circuit-breaker:
> draft-ietf-rtcweb-rtp-usage-11.txt
> 
> 7.1.  Boundary Conditions and Circuit Breakers
> 
>    In the absence of a concrete congestion control algorithm, all WebRTC
>    implementations MUST implement the RTP circuit breaker algorithm that
>    is in described [I-D.ietf-avtcore-rtp-circuit-breakers].  The RTP
>    circuit breaker is designed to enable applications to recognise and
>    react to situations of extreme network congestion.  However, since
>    the RTP circuit breaker might not be triggered until congestion
>    becomes extreme, it cannot be considered a substitute for congestion
>    control, and applications MUST also implement congestion control to
>    allow them to adapt to changes in network capacity.  Any future RTP
>    congestion control algorithms are expected to operate within the
>    envelope allowed by the circuit breaker.
> 

Martin and Harald,
(as individual)

Yes, you are both correct that we have mechanisms that also is intended
to react to this happening.

I didn't meant to imply that these would not be present. Still, I think
for the consent mechanism it needs to at least perform consent and kill
on what ICE refers to as "Media Stream", i.e. where RTP and RTCP
transport flows when not performing RTP/RTCP multiplexing would be
different components, that failure to acquire consent on all components
revoke the rights on all those components. Because, if not then you can
end up in strange conditions where you still send some traffic. If we
turn the issue around and consent is revoked for RTP but not RTCP. Then
the RTCP stream continues to send. An application may considered this a
failed case as this higher layer is likely to considered RTP and RTCP as
a unit and not care about the distinction.


Also, I realize that circuit breakers have an issue when it comes to
protecting the network if an attacker can set the RTCP bandwidths
sufficiently low on their own. As all the breakers are calculated based
on reporting intervals, if one sets the RTCP RR bandwidth to 1 bps, then
the reporting interval will be very long, even a two SSRC RTP session
with minimal RTCP packets will get an Td= 2730,67 s, i.e. ~45 minutes.

I need to think a bit more, but I think we might require that one
provision RTCP with sufficient RTCP bandwidth that the minimal fixed
interval of 5 seconds is going to be the largest term when using the
circuit breaker. I will bring this up in AVTCORE.

Cheers

Magnus Westerlund

----------------------------------------------------------------------
Services, Media and Network features, Ericsson Research EAB/TXM
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Färögatan 6                 | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email