Re: [rtcweb] FW: I-D Action: draft-hutton-rtcweb-nat-firewall-considerations-00.txt

"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Tue, 12 March 2013 02:48 UTC

Return-Path: <tireddy@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 612B221F8A9B for <rtcweb@ietfa.amsl.com>; Mon, 11 Mar 2013 19:48:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.443
X-Spam-Level:
X-Spam-Status: No, score=-10.443 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ybbsINtQX3xT for <rtcweb@ietfa.amsl.com>; Mon, 11 Mar 2013 19:48:48 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) by ietfa.amsl.com (Postfix) with ESMTP id 659DC21F88E8 for <rtcweb@ietf.org>; Mon, 11 Mar 2013 19:48:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4403; q=dns/txt; s=iport; t=1363056528; x=1364266128; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=IgLgagId/yBXVkKUXa2S+GPSqE3YRUCKPiaceQ0+fA0=; b=ij/9TvJYg6ZCoZxUYPolKd7CP2XdE/O3TKZDG/zt+baPv119i606fdrv prLVG7TMC3TbJ2S3Unhk7ffZ3uqbmk9blpnQF/6pZGRuurPcPeUzKILbl 9TXyfPLuoz6tCo/RrNeq/v1sQUjwr1pauC+cg0oJTOcwV6dhm7ZrwARs2 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgEFAGOWPlGtJV2Z/2dsb2JhbABDxGaBXxZ0gikBAQEDAQEBATc0FwQCAQgRBAEBAQoUCQcnCxQIAQgCBAESCIgFBgyvZJAejUOBGiYSBoJZYQOXc49XgVSBKQ2BczU
X-IronPort-AV: E=Sophos;i="4.84,827,1355097600"; d="scan'208";a="186356902"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-7.cisco.com with ESMTP; 12 Mar 2013 02:48:48 +0000
Received: from xhc-rcd-x11.cisco.com (xhc-rcd-x11.cisco.com [173.37.183.85]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id r2C2mlLV022713 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 12 Mar 2013 02:48:47 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.195]) by xhc-rcd-x11.cisco.com ([173.37.183.85]) with mapi id 14.02.0318.004; Mon, 11 Mar 2013 21:48:47 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: "Markus.Isomaki@nokia.com" <Markus.Isomaki@nokia.com>, "Reinaldo Penno (repenno)" <repenno@cisco.com>, "andrew.hutton@siemens-enterprise.com" <andrew.hutton@siemens-enterprise.com>, "harald@alvestrand.no" <harald@alvestrand.no>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: [rtcweb] FW: I-D Action: draft-hutton-rtcweb-nat-firewall-considerations-00.txt
Thread-Index: AQHOHoLCeBG0qZf7qESwwRmByq5f3JihPEwAgAAEjACAAFuNgP//urKQ
Date: Tue, 12 Mar 2013 02:48:46 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A1493154C@xmb-rcd-x10.cisco.com>
References: <9F33F40F6F2CD847824537F3C4E37DDF06895013@MCHP04MSX.global-ad.net> <45A697A8FFD7CF48BCF2BE7E106F06040901B8ED@xmb-rcd-x04.cisco.com> <E44893DD4E290745BB608EB23FDDB7623BBBCD@008-AM1MPN1-042.mgdnok.nokia.com>
In-Reply-To: <E44893DD4E290745BB608EB23FDDB7623BBBCD@008-AM1MPN1-042.mgdnok.nokia.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.71.82]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [rtcweb] FW: I-D Action: draft-hutton-rtcweb-nat-firewall-considerations-00.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 02:48:49 -0000

> -----Original Message-----
> From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf Of
> Markus.Isomaki@nokia.com
> Sent: Tuesday, March 12, 2013 7:12 AM
> To: Reinaldo Penno (repenno); andrew.hutton@siemens-enterprise.com;
> harald@alvestrand.no; rtcweb@ietf.org
> Subject: Re: [rtcweb] FW: I-D Action: draft-hutton-rtcweb-nat-firewall-
> considerations-00.txt
> 
> Hi,
> 
> ICE/STUN/TURN and PCP are not really competitors or alternatives to each
> other.

Good point. http://tools.ietf.org/html/rfc6544#section-5.3 explains to gather candidates also using PCP in addition to using STUN/TURN. ICE connectivity checks
will reveal if PCP Unaware NAT exists or not. 

> 
> A browser or any other client will anyway need to implement ICE/STUN/TURN to
> work its way through non-PCP supporting NATs, which will be the majority for a
> long time even if PCP became succesfull. The benefit of the ICE/STUN/TURN
> approach is that every organization or individual who deploys NATs or
> firewalls will not need to deploy STUN and TURN servers, but they can be
> deployed independently e.g. by the WebRTC service provider.

Enterprise use cases would be different. http://tools.ietf.org/html/draft-ietf-rtcweb-use-cases-and-requirements-09 explains some of the reasons to deploy TURN server in the campus itself. 

--Tiru.

> 
> However, PCP, even gradually deployed, would still be useful as well. As
> Reinaldo is saying, it would improve robustness it produces explict NAT
> mappings with explicit durations. Also, it can serve as an alternative to
> STUN/TURN in case the browser happens to be behind a PCP-capable NAT/FW. So,
> PCP can be seen as an optimization and should be used when it is available.
> PCP can also help clients behind NAT/FW to reduce their keep-alive rate which
> is applicable to WebRTC as well. However, as depicted in [1], knowing when a
> client can entirely rely on PCP is not always so easy to detect.
> 
> I hope we will see PCP deployment especially in the mobile/cellular access,
> but as many people have pointed out, the success rate of this type of
> protocols has been quite low. So it will be a nice surprise rather than
> something I would count on if it happens.
> 
> [1] http://datatracker.ietf.org/doc/draft-reddy-pcp-optimize-
> keepalives/?include_text=1.
> 
> Markus
> 
> 
> >-----Original Message-----
> >From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf
> >Of ext Reinaldo Penno (repenno)
> >Sent: 11 March, 2013 22:14
> >To: Hutton, Andrew; Harald Alvestrand; rtcweb@ietf.org
> >Subject: Re: [rtcweb] FW: I-D Action: draft-hutton-rtcweb-nat-firewall-
> >considerations-00.txt
> >
> >
> >
> >On 3/11/13 12:58 PM, "Hutton, Andrew"
> ><andrew.hutton@siemens-enterprise.com> wrote:
> >
> >>On: 11 March 2013 14:03 Reinaldo Penno (repenno) Wrote:
> >>
> >>
> >>>
> >>> I'm sure STUN and TURN servers are not universally deployed ('100%')
> >>> in ISP networks either.
> >>
> >>It is not required for an ISP to deploy a TURN server the webrtc TURN
> >>server is much more likely to be deployed by the web application
> >>provider which will instruct the browser to use it when accessing its
> service.
> >
> >The line between Application providers and ISPs is very blurry today.
> >Application provider can be over the top or it can be the ISP itself.
> >
> >
> >>
> >>>
> >>> But I'm not proposing dropping STUN/TURN in lieu of PCP, but using
> >>> PCP as an additional technique. Maybe you misunderstood what I was
> >>> proposing.
> >>>
> >>
> >>Understood but would need to understand what the benefits of doing so
> >>would be.
> >
> >
> >Yes, certainly.
> >
> >A protocol that allows a host to explicit control FW/NAT mappings/pinholes
> >(both for incoming and outgoing connections IPv4/IPv6), including lifetime,
> >knowing when such device restart/reboot, is more deterministic.
> >Client is always free to use STUN/TURN.
> >
> >
> >>
> >>Regards
> >>Andy
> >
> >_______________________________________________
> >rtcweb mailing list
> >rtcweb@ietf.org
> >https://www.ietf.org/mailman/listinfo/rtcweb
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb