Re: [rtcweb] UDP transport problem
Randell Jesup <randell-ietf@jesup.org> Fri, 14 February 2014 10:20 UTC
Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC7E91A01FB for <rtcweb@ietfa.amsl.com>; Fri, 14 Feb 2014 02:20:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mt5JxWQmo_22 for <rtcweb@ietfa.amsl.com>; Fri, 14 Feb 2014 02:20:54 -0800 (PST)
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com [173.236.101.58]) by ietfa.amsl.com (Postfix) with ESMTP id 659B61A01C3 for <rtcweb@ietf.org>; Fri, 14 Feb 2014 02:20:54 -0800 (PST)
Received: from [12.131.214.70] (port=52638 helo=[10.0.0.14]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from <randell-ietf@jesup.org>) id 1WEFt6-000ECl-HX for rtcweb@ietf.org; Fri, 14 Feb 2014 04:20:52 -0600
Message-ID: <52FDEE06.1030003@jesup.org>
Date: Fri, 14 Feb 2014 02:20:54 -0800
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Thunderbird/27.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <CAD6AjGRiQ1UF5n3JG9HPRQFM+TD54Xz-dpTn5u9bX+__BMfesQ@mail.gmail.com>
In-Reply-To: <CAD6AjGRiQ1UF5n3JG9HPRQFM+TD54Xz-dpTn5u9bX+__BMfesQ@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r2-chicago.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
X-Get-Message-Sender-Via: r2-chicago.webserversystems.com: authenticated_id: randell@jesup.org
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/xWRVaL_SNVKkskGFiNb7n7VULVk
Subject: Re: [rtcweb] UDP transport problem
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Feb 2014 10:20:57 -0000
On 2/12/2014 10:06 PM, Cb B wrote: > For about a year now, i have been very concerned about IPv4 UDP. It > has been increasingly associated with DDoS traffic [1], to the point > that the protocol's reputation is akin to IPv4 PING in 2003 (widely > blocked). The material point here is that IPv4 UDP is being > indiscriminately blocked and policed in access networks. This is not > something access networks are wantonly electing to do. This decision > is made in the heat of the moment to restore service to customers and > networks who are overrun with attack traffic [2]. And it is not > simply DNS, NTP, and chargen for simple filtering. > > My suggestion is that draft-ietf-rtcweb-transports be updated to > include SCTP as a transport type option. I understand that SCTP is > not supported on Windows (tm) and most NATs. Side note: it would be ironic to end up using DataChannel-over-SCTP-over-DTLS-over-SCTP > In general, we may find > that TURN / TRAM is a required local trust anchor in access networks, > just as local ISP-administered SMTP servers in access networks are > frequently required relay points since access networks block SMTP. [3] I certainly understand the reason for concern; but the idea that UDP would become limited to TURN-mediated is frightening and depressing (and whose TURN and how does the ISP know it's TURN-mediated unless it's an ISP's TURN?) One significant piece of the value proposition of WebRTC is that through use of ICE (and TURN) it will usually bypass the need for relays, significantly improving media quality (delay), dramatically cutting the cost of operation for services, easing deployment, and avoiding a number of levels of control/ability-to-block/etc. It's especially depressing in that we put significant effort into reducing the likelihood that WebRTC could be used for DDoS attacks. I will note that blocking UDP (or massively-rate-limiting it) will have all sorts of nasty effects on all forms of VoIP. TCP-entrained VoIP can evade that, but at a serious cost to call quality. Surely the operators know this. > This UDP concern is not an issue for IPv6, since IPv6 is not, as of > yet, been associated with these massive attacks. And when i say > massive, i mean massive [4]. And because of the scale and risk, > access networks are simply clamping IPv4 UDP throughput and moving on > and not looking back. Can the DNS amplification attack be used to hit any ports other than 53? Can clamps be limited to port 53 > I understand predicting the demise of UDP is not a popular opinion in > the IETF. But as a network operator, and stakeholder in the internet > / ietf / webrtc, i am hoping to share this information so that you all > can make well informed protocol decisions. Thank you -- Randell Jesup randell-ietf@jesup.org
- Re: [rtcweb] UDP transport problem Martin Thomson
- [rtcweb] UDP transport problem Cb B
- Re: [rtcweb] UDP transport problem Cb B
- Re: [rtcweb] UDP transport problem Matthew Kaufman
- Re: [rtcweb] UDP transport problem Cb B
- Re: [rtcweb] UDP transport problem Michael Tuexen
- Re: [rtcweb] UDP transport problem Harald Alvestrand
- Re: [rtcweb] UDP transport problem Cb B
- Re: [rtcweb] UDP transport problem cowwoc
- Re: [rtcweb] UDP transport problem Ted Hardie
- Re: [rtcweb] UDP transport problem Cb B
- Re: [rtcweb] UDP transport problem Cb B
- Re: [rtcweb] UDP transport problem Harald Alvestrand
- Re: [rtcweb] UDP transport problem Ted Hardie
- Re: [rtcweb] UDP transport problem Dave Taht
- Re: [rtcweb] UDP transport problem Cb B
- Re: [rtcweb] UDP transport problem cowwoc
- Re: [rtcweb] UDP transport problem Cb B
- Re: [rtcweb] UDP transport problem Dave Taht
- Re: [rtcweb] UDP transport problem Dave Taht
- Re: [rtcweb] UDP transport problem Harald Alvestrand
- Re: [rtcweb] UDP transport problem cowwoc
- Re: [rtcweb] UDP transport problem Dave Taht
- Re: [rtcweb] UDP transport problem Michael Tuexen
- Re: [rtcweb] UDP transport problem Randell Jesup
- Re: [rtcweb] UDP transport problem Cb B
- Re: [rtcweb] UDP transport problem cowwoc
- Re: [rtcweb] UDP transport problem Harald Alvestrand
- Re: [rtcweb] UDP transport problem Harald Alvestrand
- Re: [rtcweb] UDP transport problem Tim Panton
- Re: [rtcweb] UDP transport problem Tim Panton
- Re: [rtcweb] UDP transport problem Jeremy Laurenson (jlaurens)
- Re: [rtcweb] UDP transport problem Cynthia G. Anderson