IETF Logo Mail Archive

RE: [SAFE] RE: [BEHAVE] BOF request under consideration: SAFE

"Dan Wing" <dwing@cisco.com> Fri, 12 October 2007 17:20 UTC

Return-path: <safe-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IgOBg-0004T4-8x; Fri, 12 Oct 2007 13:20:36 -0400
Received: from safe by megatron.ietf.org with local (Exim 4.43) id 1IgOBe-0004Sy-V5 for safe-confirm+ok@megatron.ietf.org; Fri, 12 Oct 2007 13:20:34 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IgOBe-0004Sq-LF for safe@ietf.org; Fri, 12 Oct 2007 13:20:34 -0400
Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IgOBa-00062I-7j for safe@ietf.org; Fri, 12 Oct 2007 13:20:34 -0400
X-IronPort-AV: E=Sophos;i="4.21,267,1188802800"; d="scan'208";a="22997440"
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-1.cisco.com with ESMTP; 12 Oct 2007 10:20:29 -0700
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id l9CHKTYB026570; Fri, 12 Oct 2007 10:20:29 -0700
Received: from dwingwxp01 ([10.32.240.195]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l9CHKSZp012809; Fri, 12 Oct 2007 17:20:28 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Philip Matthews' <philip_matthews@magma.ca>
References: <470A480C.4040506@ericsson.com><C84E0A4ABA6DD74DA5221E0833A35DF30A069164@esebe101.NOE.Nokia.com> <2E64FBC4-2ACD-4707-A17F-72A964105BB6@magma.ca>
Subject: RE: [SAFE] RE: [BEHAVE] BOF request under consideration: SAFE
Date: Fri, 12 Oct 2007 10:20:28 -0700
Message-ID: <0dfb01c80cf4$2fc96360$c3f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <2E64FBC4-2ACD-4707-A17F-72A964105BB6@magma.ca>
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.3138
Thread-Index: AcgMyHJC1OqzDhamS8yLliNBGrYIQAAKzNIw
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=8218; t=1192209629; x=1193073629; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20RE=3A=20[SAFE]=20RE=3A=20[BEHAVE]=20BOF=20request=20under=20c onsideration=3A=20SAFE |Sender:=20; bh=ReNrvZsRXvMqu4sG9ZkUO49FUA5LI08vlRLtShgn1ow=; b=ZJtnSNnzv1WZf4JNM6VP8Lw1pbDWlPmefyPWCsCnbasWU5E3WIR+S/bwOO7GqGxIuES0JLlr fh3DAvSIV+nAs5FEL/fBlfYlUkPBqqJh24X+kxuppH9mkYgxKvy1Z21Lb+8oyez9yPv1IIz4nZ Fjo+flUdeaCEAiLSQV50cLRrI=;
Authentication-Results: sj-dkim-1; header.From=dwing@cisco.com; dkim=pass (s ig from cisco.com/sjdkim1004 verified; );
X-Spam-Score: -4.0 (----)
X-Scan-Signature: df9edf1223802dd4cf213867a3af6121
Cc: safe@ietf.org, Markus.Isomaki@nokia.com
X-BeenThere: safe@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Self-Address Fixing Evolution <safe.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/safe>, <mailto:safe-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/safe>
List-Post: <mailto:safe@ietf.org>
List-Help: <mailto:safe-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/safe>, <mailto:safe-request@ietf.org?subject=subscribe>
Errors-To: safe-bounces@ietf.org

 

> -----Original Message-----
> From: Philip Matthews [mailto:philip_matthews@magma.ca] 
> Sent: Friday, October 12, 2007 5:06 AM
> To: <Markus.Isomaki@nokia.com>
> Cc: safe@ietf.org
> Subject: Re: [SAFE] RE: [BEHAVE] BOF request under consideration: SAFE
> 
> I would like to second Markus comments: I also support the goals of  
> the BOF, but I share his two technical concerns. The second concern  
> was raised at the "informal BOF" in Chicago, but the first concern I  
> have not hear discussed before.
> 
> Regarding the first concern, I think this might actually go beyond  
> just STUN Control to be a general STUN/ICE issue.  Even without STUN  
> Control, it seems important for an endpoint to know if its 
> keep-alive rate is sufficient to keep the bindings in intermediate 
> NATs alive.  The way I see this might be done is for the STUN server 
> (or perhaps the remote endpoint) to send data at regular intervals 
> while the client sends keep-alives at some rate. If the client 
> continues to receive data after one or two keep-alive intervals have 
> passed, the client knows its keep-alive rate is sufficient.  A client 
> may choose to test a lower keep-alive rate in this manner to see 
> if that is also sufficient.

Teredo (Section 5.2.7 of RFC4380, 
http://tools.ietf.org/html/rfc4380#section-5.2.7) has a documented
procedure for doing what you describe.

-d

> - Philip
> 
> On 11-Oct-07, at 08:53 , <Markus.Isomaki@nokia.com>  
> <Markus.Isomaki@nokia.com> wrote:
> 
> > Hi,
> >
> > I support the goals of this BOF and I believe in the reasoning  
> > provided
> > by the charter. I have two concerns that should be 
> addressed before I
> > think STUN NAT control could become successfully deployed:
> >
> > 1. Technical issue: STUN control allows a host/application 
> to discover
> > NATs and disover/set NAT binding timers for UDP (typically to higher
> > values than what the defaults, perhaps around 30-300 s, would be).
> > However, BEFORE the application can start using the increased  
> > keepalive
> > period, it needs to have a some sort of assurance that there aren't
> > OTHER middleboxes on its path with lower keepalive values.  
> > Otherwise it
> > would be impossible to rely on the increased timer values, 
> and thus  
> > the
> > whole mechanism might fail in practice. So, I would like to 
> include in
> > the charter a goal where such discovery mechanisms and their
> > applicability are considered. The actual mechanism might be based on
> > STUN or something else. I know this is a hard problem in general,  
> > but in
> > many access network topologies the problem can be solved by
> > configuration + discovery. I'd be happy to contribute in this area.
> > Actually I believe this discovery part to be the real issue 
> with this
> > whole work, rather than the details of STUN itself.
> >
> > 2. Deployment issue: We do have several protocols in this area, for
> > instance NSIS. Their deployment does not look to be happening. For  
> > STUN
> > control to be useful, we would need real interest from some real  
> > NAT/FW
> > vendors. It's of course difficult to say how to verify this in a BOF
> > beyond matching people's e-mail addresses to NAT/FW product 
> brands :-)
> > Personally I can speak for a single client/host/device vendor only.
> >
> > Markus
> >
> >
> >> -----Original Message-----
> >> From: ext Magnus Westerlund [mailto:magnus.westerlund@ericsson.com]
> >> Sent: 08 October, 2007 18:09
> >> To: TSV Area; Behave WG; mmusic (E-mail)
> >> Subject: [BEHAVE] BOF request under consideration: SAFE
> >>
> >> Hi,
> >>
> >> We ADs have received a request for a BOF in Vancouver: SAFE -
> >> Self-Address Fixing Evolution. See description below. I would
> >> appreciate any feedback on this. For public discussion please
> >> use the SAFE mailing list.
> >>
> >> Post: safe@ietf.org
> >> Subscribe: https://www1.ietf.org/mailman/listinfo/safe
> >>
> >> Draft:
> >> http://www.ietf.org/internet-drafts/draft-wing-behave-nat-contr
> > ol-stun-usage-03.txt
> >>
> >>
> >> SAFE - Self-Address Fixing Evolution
> >> ------------------------------------
> >>
> >> Chairs:
> >>  TBD
> >>
> >>
> >> ICE and its companion protocol STUN have been successfully
> >> deployed on the Internet for NAT traversal.  ICE and STUN have
> >> several characteristics which contribute to their success:
> >>
> >>  1. incremental deployment.  ICE and STUN are functional 
> without any
> >>     modifications to existing NATs.
> >>  2. nested NATs.  ICE and STUN work when there are multiple NATs
> >>     between a host and the Internet.
> >>  3. topology unaware.  ICE and STUN are not configured with
> >>     information about NATs, firewalls, or their locations -- only
> >>     with the IP address of a server on the Internet.
> >>  4. simple security model.  If a host behind a NAT is 
> allowed to send
> >>     a packet across the NAT, it is allowed to receive a response.
> >>  5. works on routed networks, which allows operation in both
> >>     enterprise networks and home networks.
> >>
> >> Other NAT traversal protocols do not share these
> >> characteristics, which hinders their widespread deployment.
> >> Specifically,
> >>
> >>  * incremental deployment is not possible with MIDCOM, NSIS-NSLP,
> >>    UPnP, or Bonjour.  With all of these protocols, both the NAT
> >>    and the endpoint have to support the same protocol.
> >>  * nested NATs are not possible with UPnP or Bonjour.
> >>  * topology awareness is required of MIDCOM.
> >>  * security must be established between the controlling entity
> >>    and the NAT for MIDCOM and NSIS-NSLP.
> >>  * Both UPnP and Bonjour use broadcast packets which don't work
> >>    well on routed networks.
> >>
> >> However, a drawback of ICE/STUN is its chatty keepalive
> >> traffic, which is a result of STUN not knowing the binding
> >> lifetime of its on-path NATs.  This chattiness causes a burden
> >> on servers and consumes network bandwidth, which is especially
> >> critical on wireless networks.  It is desirable to reduce this
> >> chattiness while still retaining the important characteristics
> >> of STUN and ICE.
> >>
> >> This BoF is intended to discuss one proposed technique,
> >> draft-wing-behave-nat-control-stun-usage, which nearly
> >> eliminates STUN's keepalive chatter and still preserves the
> >> desirable characteristics of STUN/ICE.
> >>
> >> The purpose of this BoF is to create a working group for 
> this effort.
> >>
> >>
> >> Agenda:
> >>  Introduction, Agenda ....................................  5
> >>  Summary of existing NAT traversal techniques ............ 40
> >>   (UPnP, NAT-PMP/Bonjour, MIDCOM techniques, NSIS-NSLP, ICE)
> >>  draft-wing-behave-nat-control-stun-usage ................ 40
> >>  Q&A ..................................................... 25
> >>                                                    ----------
> >>                                                    total: 110
> >>
> >> Cheers
> >>
> >> Magnus Westerlund
> >>
> >> IETF Transport Area Director & TSVWG Chair
> >> 
> --------------------------------------------------------------------- 
> >> -
> >> Multimedia Technologies, Ericsson Research EAB/TVM/M
> >> 
> --------------------------------------------------------------------- 
> >> -
> >> Ericsson AB                | Phone +46 8 4048287
> >> Torshamsgatan 23           | Fax   +46 8 7575550
> >> S-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
> >> 
> --------------------------------------------------------------------- 
> >> -
> >>
> >>
> >> _______________________________________________
> >> Behave mailing list
> >> Behave@ietf.org
> >> https://www1.ietf.org/mailman/listinfo/behave
> >>
> >
> >
> > _______________________________________________
> > SAFE mailing list
> > SAFE@ietf.org
> > https://www1.ietf.org/mailman/listinfo/safe
> >
> 
> 
> 
> _______________________________________________
> SAFE mailing list
> SAFE@ietf.org
> https://www1.ietf.org/mailman/listinfo/safe


_______________________________________________
SAFE mailing list
SAFE@ietf.org
https://www1.ietf.org/mailman/listinfo/safe

v2.23.0 | Report a Bug | By Email