Re: [Sip] Outbound Issues: slides 3 and 4
"Bob Penfield" <BPenfield@acmepacket.com> Tue, 08 August 2006 22:55 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GAaTl-0000y7-Hm; Tue, 08 Aug 2006 18:55:17 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GAaTk-0000y2-CM for sip@ietf.org; Tue, 08 Aug 2006 18:55:16 -0400
Received: from host10.216.41.24.conversent.net ([216.41.24.10] helo=acmepacket.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GAaTi-00064Z-F5 for sip@ietf.org; Tue, 08 Aug 2006 18:55:15 -0400
Received: from BPenfield [10.0.200.6] by acmepacket.com with ESMTP (SMTPD-9.03) id A6550620; Tue, 08 Aug 2006 18:55:17 -0400
Message-ID: <012f01c6bb3d$b07785a0$800101df@acmepacket.com>
From: Bob Penfield <BPenfield@acmepacket.com>
To: Dean Willis <dean.willis@softarmor.com>, Rohan Mahy <rohan@ekabal.com>
References: <f42475fcd7ff6c4129ce895e0c2bd451@ekabal.com> <20FC5D76-79A0-498D-B048-26CAD2DD1A7F@softarmor.com>
Subject: Re: [Sip] Outbound Issues: slides 3 and 4
Date: Tue, 08 Aug 2006 18:55:05 -0400
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="response"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 386e0819b1192672467565a524848168
Cc: IETF SIP List <sip@ietf.org>
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Errors-To: sip-bounces@ietf.org
Setting phaser to "kill" ;) Seriously, If the first thing a non-STUN-supporting proxy sees for a new connection is a STUN message, It may see it as an attack and tear down the connection and possibly black-list the UA. IMO, the requirement is that the UA be able to verify that the proxy supports STUN before it sends a STUN packet. I am happy with Rohan's proposal. Now, if I were implementing a UA, I would certainly have it stop STUNing if it never saw a STUN response. Maybe the draft should say such to handle the case where a UA ends up connecting directly to a non-STUN-supporting registrar that thinks it has outbound proxies to handle the STUNing. cheers, (-:bob Robert F. Penfield Chief Software Architect Acme Packet, Inc. 71 Third Avenue Burlington, MA 01803 bpenfield@acmepacket.com ----- Original Message ----- From: "Dean Willis" <dean.willis@softarmor.com> To: "Rohan Mahy" <rohan@ekabal.com> Cc: "IETF SIP List" <sip@ietf.org> Sent: Tuesday, August 08, 2006 4:02 PM Subject: Re: [Sip] Outbound Issues: slides 3 and 4 > > On Aug 8, 2006, at 9:38 AM, Rohan Mahy wrote: > >> >> The specific proposal works like this. A UAC which has an outbound URI >> indicating with ;keepalive=stun that the next hop can support STUN >> messages on the SIP port, needs to verify the first hop supports STUN >> before sending any STUN messages. The UAC sends its first SIP message to >> the next hop with a Proxy-Require: sip-stun. If the URI was correct >> (STUN was supported), and the first-hop is an intermediary, the >> first-hop removes the Proxy-Require and forwards the SIP request >> (probably a REGISTER request) along adding no additional delay. A >> positive response to a REGISTER or OPTIONS with Supported: outbound and >> no error counts as positive confirmation that either the registrar >> supports STUN or expects to never receive a request without getting it >> from an outbound proxy which did not complain about the Proxy-Require >> [1]. If the UAC was misconfigured (the first-hop intermediary does not >> support STUN keepalives), either the first hop will reject the SIP >> request (if it is an intermediary), or the registrar will not include an >> indicator that it supports outbound (if the first hop was the >> registrar). >> > > Cullen suggested an alternate possibility that might work. > > I'll try and paraphrase: > > A UAC which has an outbound URI indicating with ;keepalive=stun that the > next hop can support STUN messages on the SIP port needs to verify the > first hop supports STUN before repeatedly sending STUN messages. The UAC > may initially try sending STUN messages to the SIP port of the first hop > node. If the UAC does not receive a correct STUN response (within some > timer?) then it must assume that this mode does not support STUN, and > proceed without using STUN until it has some evidence that the first-hop > node might have changed, in which case it retries the STUN requests as > per the initial attempt. > > I think it's probably okay to stun a server a few times before deciding > it doesn't like being stunned -- after all, the primary risk is one of > slowing down service for the user doing the stunning, not shutting down > the server being stunned. What I object to is a specification that says > you go on stunning it indefinitely, perhaps millions of times over the > course of an association, with no way to discover that you really > shouldn't be stunning it. > > Set phasers on "stun", Mr. Sulu! > > -- > Dean > > _______________________________________________ > Sip mailing list https://www1.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use sip-implementors@cs.columbia.edu for questions on current sip > Use sipping@ietf.org for new developments on the application of sip > _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- RE: [Sip] Outbound Issues: slides 3 and 4 Hadriel Kaplan
- [Sip] Outbound Issues: slides 3 and 4 Rohan Mahy
- RE: [Sip] Outbound Issues: slides 3 and 4 Francois Audet
- Re: [Sip] Outbound Issues: slides 3 and 4 Dean Willis
- Re: [Sip] Outbound Issues: slides 3 and 4 Jeroen van Bemmel
- Re: [Sip] Outbound Issues: slides 3 and 4 Bob Penfield
- Re: [Sip] Outbound Issues: slides 3 and 4 Dean Willis
- RE: [Sip] Outbound Issues: slides 3 and 4 Joel M. Halpern
- Re: [Sip] Outbound Issues: slides 3 and 4 Rohan Mahy
- Re: [Sip] Outbound Issues: slides 3 and 4 Rohan Mahy
- Re: [Sip] Outbound Issues: slides 3 and 4 Jeroen van Bemmel
- Re: [Sip] Outbound Issues: slides 3 and 4 Fredrik Thulin
- Re: [Sip] Outbound Issues: slides 3 and 4 Hisham Khartabil
- RE: [Sip] Outbound Issues: slides 3 and 4 Christer Holmberg (JO/LMF)
- Re: [Sip] Outbound Issues: slides 3 and 4 Hisham Khartabil
- Re: [Sip] Outbound Issues: slides 3 and 4 Rohan Mahy
- RE: [Sip] Outbound Issues: slides 3 and 4 Christer Holmberg (JO/LMF)
- RE: [Sip] Outbound Issues: slides 3 and 4 Christer Holmberg (JO/LMF)
- RE: [Sip] Outbound Issues: slides 3 and 4 Hadriel Kaplan
- Re: [Sip] Outbound Issues: slides 3 and 4 Bob Penfield
- Re: [Sip] Outbound Issues: slides 3 and 4 - the p… Cullen Jennings
- Re: [Sip] Outbound Issues: slides 3 and 4 Cullen Jennings
- Re: [Sip] Outbound Issues: slides 3 and 4 - B2BUA… Cullen Jennings
- Re: [Sip] Outbound Issues: slides 3 and 4 Cullen Jennings
- RE: [Sip] Outbound Issues: slides 3 and 4 Christer Holmberg (JO/LMF)
- RE: [Sip] Outbound Issues: slides 3 and 4 - the p… Christer Holmberg (JO/LMF)
- Re: [Sip] Outbound Issues: slides 3 and 4 Fredrik Thulin
- RE: [Sip] Outbound Issues: slides 3 and 4 Christer Holmberg (JO/LMF)
- Re: [Sip] Outbound Issues: slides 3 and 4 Cullen Jennings
- Re: [Sip] Outbound Issues: slides 3 and 4 - B2BUA… Bob Penfield
- RE: [Sip] Outbound Issues: slides 3 and 4 Francois Audet
- Re: [Sip] Outbound Issues: slides 3 and 4 Cullen Jennings
- Re: [Sip] Outbound Issues: slides 3 and 4 - the p… Cullen Jennings
- Re: [Sip] Outbound Issues: slides 3 and 4 - B2BUA… Cullen Jennings
- Re: [Sip] Outbound Issues: slides 3 and 4 Bob Penfield
- Re: [Sip] Outbound Issues: slides 3 and 4 - the p… Dean Willis
- Re: [Sip] Outbound Issues: slides 3 and 4 Dean Willis
- RE: [Sip] Outbound Issues: slides 3 and 4 Hadriel Kaplan
- RE: [Sip] Outbound Issues: slides 3 and 4 - using… Christer Holmberg (JO/LMF)
- using mapped addresses from stun in sip-outbound,… Jonathan Rosenberg
- Re: [Sip] Outbound Issues: slides 3 and 4 Cullen Jennings
- Re: [Sip] Outbound Issues: slides 3 and 4 - the p… Jonathan Rosenberg
- Re: [Sip] Outbound Issues: slides 3 and 4 - using… Jonathan Rosenberg
- Re: [Sip] Outbound Issues: slides 3 and 4 Cullen Jennings
- Re: [Sip] Outbound Issues: slides 3 and 4 Cullen Jennings
- Re: [Sip] Outbound Issues: slides 3 and 4 - using… Cullen Jennings
- RE: [Sip] Outbound Issues: slides 3 and 4 Hadriel Kaplan
- Re: [Sip] Outbound Issues: slides 3 and 4 Rohan Mahy
- RE: [Sip] Outbound Issues: slides 3 and 4 Christer Holmberg (JO/LMF)
- Re: [Sip] Outbound Issues: slides 3 and 4 Dean Willis
- RE: [Sip] Outbound Issues: slides 3 and 4 Christer Holmberg (JO/LMF)
- RE: [Sip] Outbound Issues: slides 3 and 4 - the p… Christer Holmberg (JO/LMF)
- Re: [Sip] Outbound Issues: slides 3 and 4 Hisham Khartabil
- Re: using mapped addresses from stun in sip-outbo… Hisham Khartabil
- RE: using mapped addresses from stun in sip-outbo… Christer Holmberg (JO/LMF)
- RE: using mapped addresses from stun in sip-outbo… Christer Holmberg (JO/LMF)
- RE: [Sip] Outbound Issues: slides 3 and 4 Jeroen Van Bemmel
- Indicating proxy capabilities (was: RE: [Sip] Out… Christer Holmberg (JO/LMF)
- RE: [Sip] Outbound Issues: slides 3 and 4 Erkki.Koivusalo
- Re: [Sip] Outbound Issues: slides 3 and 4 Fredrik Thulin
- Re: [Sip] Outbound Issues: slides 3 and 4 Hisham Khartabil
- Re: [Sip] Outbound Issues: slides 3 and 4 Hisham Khartabil
- RE: [Sip] Outbound Issues: slides 3 and 4 Christer Holmberg (JO/LMF)
- Re: [Sip] Outbound Issues: slides 3 and 4 Hisham Khartabil
- RE: [Sip] Outbound Issues: slides 3 and 4 Hadriel Kaplan
- RE: [Sip] Outbound Issues: slides 3 and 4 Jeroen Van Bemmel
- RE: [Sip] Outbound Issues: slides 3 and 4 Hadriel Kaplan
- RE: [Sip] Outbound Issues: slides 3 and 4 Hadriel Kaplan
- Re: [Sip] Outbound Issues: slides 3 and 4 Cullen Jennings
- Re: [Sip] Outbound Issues: slides 3 and 4 Cullen Jennings
- Re: [Sip] Outbound Issues: slides 3 and 4 Cullen Jennings
- Re: [Sip] Outbound Issues: slides 3 and 4 Cullen Jennings
- RE: [Sip] Outbound Issues: slides 3 and 4 Erkki.Koivusalo
- RE: [Sip] Outbound Issues: slides 3 and 4 Christer Holmberg (JO/LMF)
- Re: [Sip] Outbound Issues: slides 3 and 4 Cullen Jennings
- Re: [Sip] Outbound Issues: slides 3 and 4 - the p… Jiri Kuthan
- RE: [Sip] Outbound Issues: slides 3 and 4 Hadriel Kaplan
- Re: [Sip] Outbound Issues: slides 3 and 4 Rohan Mahy
- Re: [Sip] Outbound Issues: slides 3 and 4 Dean Willis
- RE: [Sip] Outbound Issues: slides 3 and 4 Hadriel Kaplan
- Re: [Sip] Outbound Issues: slides 3 and 4 Joel M. Halpern
- Re: [Sip] Outbound Issues: slides 3 and 4 Jeroen van Bemmel
- RE: [Sip] Outbound Issues: slides 3 and 4 Christer Holmberg (JO/LMF)
- Re: [Sip] Outbound Issues: slides 3 and 4 Dean Willis
- Re: [Sip] Outbound Issues: slides 3 and 4 Cullen Jennings
- RE: [Sip] Outbound Issues: slides 3 and 4 Christer Holmberg (JO/LMF)
- Re: [Sip] Outbound Issues: slides 3 and 4 Fredrik Thulin
- RE: [Sip] Outbound Issues: slides 3 and 4 Christer Holmberg (JO/LMF)
- RE: [Sip] Outbound Issues: slides 3 and 4 Christer Holmberg (JO/LMF)
- Re: [Sip] Outbound Issues: slides 3 and 4 Jiri Kuthan
- Re: [Sip] Outbound Issues: slides 3 and 4 Hisham Khartabil
- Re: [Sip] Outbound Issues: slides 3 and 4 Hisham Khartabil
- RE: [Sip] Outbound Issues: slides 3 and 4 - the p… Erkki.Koivusalo
- Re: [Sip] Outbound Issues: slides 3 and 4 Paul Kyzivat
- Re: [Sip] Outbound Issues: slides 3 and 4 Hisham Khartabil
- Re: [Sip] Outbound Issues: slides 3 and 4 Dean Willis
- Outbound-05: Proxy STUN keepalive support flag (w… Christer Holmberg (JO/LMF)