RE: [SAFE] RE: [BEHAVE] BOF request under consideration: SAFE
"Dan Wing" <dwing@cisco.com> Fri, 12 October 2007 17:20 UTC
Return-path: <safe-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IgOBg-0004T4-8x; Fri, 12 Oct 2007 13:20:36 -0400
Received: from safe by megatron.ietf.org with local (Exim 4.43) id 1IgOBe-0004Sy-V5 for safe-confirm+ok@megatron.ietf.org; Fri, 12 Oct 2007 13:20:34 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IgOBe-0004Sq-LF for safe@ietf.org; Fri, 12 Oct 2007 13:20:34 -0400
Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IgOBa-00062I-7j for safe@ietf.org; Fri, 12 Oct 2007 13:20:34 -0400
X-IronPort-AV: E=Sophos;i="4.21,267,1188802800"; d="scan'208";a="22997440"
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-1.cisco.com with ESMTP; 12 Oct 2007 10:20:29 -0700
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id l9CHKTYB026570; Fri, 12 Oct 2007 10:20:29 -0700
Received: from dwingwxp01 ([10.32.240.195]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l9CHKSZp012809; Fri, 12 Oct 2007 17:20:28 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Philip Matthews' <philip_matthews@magma.ca>
References: <470A480C.4040506@ericsson.com><C84E0A4ABA6DD74DA5221E0833A35DF30A069164@esebe101.NOE.Nokia.com> <2E64FBC4-2ACD-4707-A17F-72A964105BB6@magma.ca>
Subject: RE: [SAFE] RE: [BEHAVE] BOF request under consideration: SAFE
Date: Fri, 12 Oct 2007 10:20:28 -0700
Message-ID: <0dfb01c80cf4$2fc96360$c3f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <2E64FBC4-2ACD-4707-A17F-72A964105BB6@magma.ca>
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.3138
Thread-Index: AcgMyHJC1OqzDhamS8yLliNBGrYIQAAKzNIw
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=8218; t=1192209629; x=1193073629; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20RE=3A=20[SAFE]=20RE=3A=20[BEHAVE]=20BOF=20request=20under=20c onsideration=3A=20SAFE |Sender:=20; bh=ReNrvZsRXvMqu4sG9ZkUO49FUA5LI08vlRLtShgn1ow=; b=ZJtnSNnzv1WZf4JNM6VP8Lw1pbDWlPmefyPWCsCnbasWU5E3WIR+S/bwOO7GqGxIuES0JLlr fh3DAvSIV+nAs5FEL/fBlfYlUkPBqqJh24X+kxuppH9mkYgxKvy1Z21Lb+8oyez9yPv1IIz4nZ Fjo+flUdeaCEAiLSQV50cLRrI=;
Authentication-Results: sj-dkim-1; header.From=dwing@cisco.com; dkim=pass (s ig from cisco.com/sjdkim1004 verified; );
X-Spam-Score: -4.0 (----)
X-Scan-Signature: df9edf1223802dd4cf213867a3af6121
Cc: safe@ietf.org, Markus.Isomaki@nokia.com
X-BeenThere: safe@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Self-Address Fixing Evolution <safe.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/safe>, <mailto:safe-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/safe>
List-Post: <mailto:safe@ietf.org>
List-Help: <mailto:safe-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/safe>, <mailto:safe-request@ietf.org?subject=subscribe>
Errors-To: safe-bounces@ietf.org
> -----Original Message----- > From: Philip Matthews [mailto:philip_matthews@magma.ca] > Sent: Friday, October 12, 2007 5:06 AM > To: <Markus.Isomaki@nokia.com> > Cc: safe@ietf.org > Subject: Re: [SAFE] RE: [BEHAVE] BOF request under consideration: SAFE > > I would like to second Markus comments: I also support the goals of > the BOF, but I share his two technical concerns. The second concern > was raised at the "informal BOF" in Chicago, but the first concern I > have not hear discussed before. > > Regarding the first concern, I think this might actually go beyond > just STUN Control to be a general STUN/ICE issue. Even without STUN > Control, it seems important for an endpoint to know if its > keep-alive rate is sufficient to keep the bindings in intermediate > NATs alive. The way I see this might be done is for the STUN server > (or perhaps the remote endpoint) to send data at regular intervals > while the client sends keep-alives at some rate. If the client > continues to receive data after one or two keep-alive intervals have > passed, the client knows its keep-alive rate is sufficient. A client > may choose to test a lower keep-alive rate in this manner to see > if that is also sufficient. Teredo (Section 5.2.7 of RFC4380, http://tools.ietf.org/html/rfc4380#section-5.2.7) has a documented procedure for doing what you describe. -d > - Philip > > On 11-Oct-07, at 08:53 , <Markus.Isomaki@nokia.com> > <Markus.Isomaki@nokia.com> wrote: > > > Hi, > > > > I support the goals of this BOF and I believe in the reasoning > > provided > > by the charter. I have two concerns that should be > addressed before I > > think STUN NAT control could become successfully deployed: > > > > 1. Technical issue: STUN control allows a host/application > to discover > > NATs and disover/set NAT binding timers for UDP (typically to higher > > values than what the defaults, perhaps around 30-300 s, would be). > > However, BEFORE the application can start using the increased > > keepalive > > period, it needs to have a some sort of assurance that there aren't > > OTHER middleboxes on its path with lower keepalive values. > > Otherwise it > > would be impossible to rely on the increased timer values, > and thus > > the > > whole mechanism might fail in practice. So, I would like to > include in > > the charter a goal where such discovery mechanisms and their > > applicability are considered. The actual mechanism might be based on > > STUN or something else. I know this is a hard problem in general, > > but in > > many access network topologies the problem can be solved by > > configuration + discovery. I'd be happy to contribute in this area. > > Actually I believe this discovery part to be the real issue > with this > > whole work, rather than the details of STUN itself. > > > > 2. Deployment issue: We do have several protocols in this area, for > > instance NSIS. Their deployment does not look to be happening. For > > STUN > > control to be useful, we would need real interest from some real > > NAT/FW > > vendors. It's of course difficult to say how to verify this in a BOF > > beyond matching people's e-mail addresses to NAT/FW product > brands :-) > > Personally I can speak for a single client/host/device vendor only. > > > > Markus > > > > > >> -----Original Message----- > >> From: ext Magnus Westerlund [mailto:magnus.westerlund@ericsson.com] > >> Sent: 08 October, 2007 18:09 > >> To: TSV Area; Behave WG; mmusic (E-mail) > >> Subject: [BEHAVE] BOF request under consideration: SAFE > >> > >> Hi, > >> > >> We ADs have received a request for a BOF in Vancouver: SAFE - > >> Self-Address Fixing Evolution. See description below. I would > >> appreciate any feedback on this. For public discussion please > >> use the SAFE mailing list. > >> > >> Post: safe@ietf.org > >> Subscribe: https://www1.ietf.org/mailman/listinfo/safe > >> > >> Draft: > >> http://www.ietf.org/internet-drafts/draft-wing-behave-nat-contr > > ol-stun-usage-03.txt > >> > >> > >> SAFE - Self-Address Fixing Evolution > >> ------------------------------------ > >> > >> Chairs: > >> TBD > >> > >> > >> ICE and its companion protocol STUN have been successfully > >> deployed on the Internet for NAT traversal. ICE and STUN have > >> several characteristics which contribute to their success: > >> > >> 1. incremental deployment. ICE and STUN are functional > without any > >> modifications to existing NATs. > >> 2. nested NATs. ICE and STUN work when there are multiple NATs > >> between a host and the Internet. > >> 3. topology unaware. ICE and STUN are not configured with > >> information about NATs, firewalls, or their locations -- only > >> with the IP address of a server on the Internet. > >> 4. simple security model. If a host behind a NAT is > allowed to send > >> a packet across the NAT, it is allowed to receive a response. > >> 5. works on routed networks, which allows operation in both > >> enterprise networks and home networks. > >> > >> Other NAT traversal protocols do not share these > >> characteristics, which hinders their widespread deployment. > >> Specifically, > >> > >> * incremental deployment is not possible with MIDCOM, NSIS-NSLP, > >> UPnP, or Bonjour. With all of these protocols, both the NAT > >> and the endpoint have to support the same protocol. > >> * nested NATs are not possible with UPnP or Bonjour. > >> * topology awareness is required of MIDCOM. > >> * security must be established between the controlling entity > >> and the NAT for MIDCOM and NSIS-NSLP. > >> * Both UPnP and Bonjour use broadcast packets which don't work > >> well on routed networks. > >> > >> However, a drawback of ICE/STUN is its chatty keepalive > >> traffic, which is a result of STUN not knowing the binding > >> lifetime of its on-path NATs. This chattiness causes a burden > >> on servers and consumes network bandwidth, which is especially > >> critical on wireless networks. It is desirable to reduce this > >> chattiness while still retaining the important characteristics > >> of STUN and ICE. > >> > >> This BoF is intended to discuss one proposed technique, > >> draft-wing-behave-nat-control-stun-usage, which nearly > >> eliminates STUN's keepalive chatter and still preserves the > >> desirable characteristics of STUN/ICE. > >> > >> The purpose of this BoF is to create a working group for > this effort. > >> > >> > >> Agenda: > >> Introduction, Agenda .................................... 5 > >> Summary of existing NAT traversal techniques ............ 40 > >> (UPnP, NAT-PMP/Bonjour, MIDCOM techniques, NSIS-NSLP, ICE) > >> draft-wing-behave-nat-control-stun-usage ................ 40 > >> Q&A ..................................................... 25 > >> ---------- > >> total: 110 > >> > >> Cheers > >> > >> Magnus Westerlund > >> > >> IETF Transport Area Director & TSVWG Chair > >> > --------------------------------------------------------------------- > >> - > >> Multimedia Technologies, Ericsson Research EAB/TVM/M > >> > --------------------------------------------------------------------- > >> - > >> Ericsson AB | Phone +46 8 4048287 > >> Torshamsgatan 23 | Fax +46 8 7575550 > >> S-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com > >> > --------------------------------------------------------------------- > >> - > >> > >> > >> _______________________________________________ > >> Behave mailing list > >> Behave@ietf.org > >> https://www1.ietf.org/mailman/listinfo/behave > >> > > > > > > _______________________________________________ > > SAFE mailing list > > SAFE@ietf.org > > https://www1.ietf.org/mailman/listinfo/safe > > > > > > _______________________________________________ > SAFE mailing list > SAFE@ietf.org > https://www1.ietf.org/mailman/listinfo/safe _______________________________________________ SAFE mailing list SAFE@ietf.org https://www1.ietf.org/mailman/listinfo/safe
- [SAFE] RE: [tsv-area] BOF request under considera… Black_David
- [SAFE] RE: [tsv-area] BOF request under considera… Dan Wing
- [SAFE] RE: [tsv-area] BOF request under considera… Black_David
- [SAFE] RE: [tsv-area] BOF request under considera… Dan Wing
- RE: [SAFE] RE: [tsv-area] BOF request under consi… Markus.Isomaki
- [SAFE] RE: [BEHAVE] BOF request under considerati… Markus.Isomaki
- [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF request … Magnus Westerlund
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Dan Wing
- Re: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Rémi Denis-Courmont
- Re: [SAFE] RE: [BEHAVE] BOF request under conside… Philip Matthews
- Re: [SAFE] RE: [BEHAVE] BOF request under conside… Rémi Denis-Courmont
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Dan Wing
- RE: [SAFE] RE: [BEHAVE] BOF request under conside… Dan Wing
- Re: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Rémi Denis-Courmont
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Dan Wing
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Pekka Savola
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Markus.Isomaki
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Dan Wing