[Sip] target topology in connect-reuse
Jonathan Rosenberg <jdrosen@cisco.com> Tue, 16 November 2004 20:17 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08090 for <sip-web-archive@ietf.org>; Tue, 16 Nov 2004 15:17:14 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CU9nc-0006tk-8o for sip-web-archive@ietf.org; Tue, 16 Nov 2004 15:19:36 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CU9jL-0004a4-EC; Tue, 16 Nov 2004 15:15:11 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CU9eb-0002lT-PH for sip@megatron.ietf.org; Tue, 16 Nov 2004 15:10:17 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA06988 for <sip@ietf.org>; Tue, 16 Nov 2004 15:10:17 -0500 (EST)
Received: from sj-iport-2-in.cisco.com ([171.71.176.71] helo=sj-iport-2.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CU9gs-0006hV-4v for sip@ietf.org; Tue, 16 Nov 2004 15:12:39 -0500
Received: from sj-core-2.cisco.com (171.71.177.254) by sj-iport-2.cisco.com with ESMTP; 16 Nov 2004 12:22:48 -0800
Received: from mira-sjc5-d.cisco.com (IDENT:mirapoint@mira-sjc5-d.cisco.com [171.71.163.28]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id iAGK9Kw0028306 for <sip@ietf.org>; Tue, 16 Nov 2004 12:09:21 -0800 (PST)
Received: from [192.168.1.100] (sjc-vpn4-1387.cisco.com [10.21.85.106]) by mira-sjc5-d.cisco.com (MOS 3.4.6-GR) with ESMTP id AFT88318; Tue, 16 Nov 2004 12:09:43 -0800 (PST)
Message-ID: <419A5E86.7030009@cisco.com>
Date: Tue, 16 Nov 2004 15:09:42 -0500
From: Jonathan Rosenberg <jdrosen@cisco.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3) Gecko/20040910
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: sip@ietf.org
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac
Content-Transfer-Encoding: 7bit
Subject: [Sip] target topology in connect-reuse
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 31247fb3be228bb596db9127becad0bc
Content-Transfer-Encoding: 7bit
During the sip meeting, we had a lot of discussion about the interactions between connect-reuse and the RFC 3263 mechanisms for load balancing. The current mechanism in connect-reuse will, I believe, create a single connection between a proxy in one domain and one of the servers in another domain. I think the objective of the connect-reuse mechanism is to produce a topology that looks like this: Please view in a fixed-width font such as Courier. +---------+ | | | | | Proxy | --- | | ------ +---------+ | |\ ----- | | +---------+ \\ --- | | \ | Proxy | \ -- | | \\ ---- | | +---------+ \ --- / +---------+ | | -\\ / | | ---- \ // | Proxy | -- \ / | | \X | | -- / \ +---------+ ---- / \ ---/ \\ +---------+ / ---- \ | | / -- | | / -- | Proxy | +---------+ / --- | | | | // ---- | | | | / --- +---------+ | Proxy | / --- | | -- | | +---------+ That is, between each proxy in domain A and each proxy in domain B, there is a single connection used for traffic in each direction. The transaction load is distributed across those connections proportiaonlly to the weight factors in the SRV records. This effect can be achieved if a connection is aliased to to an IP address, so that the connection reuse takes place *after* the DNS operations have occurred. This means that, when one proxy (A) opens a connection to another (B), A has to tell B that, when B wants to send requests to a particular IP address, it can use this connection instead. This needs to be done securely. I'd suggest the following. A opens a TCP connection to a server in B (based on the DNS lookup of B's domain). There is a TLS exhcange. A indicates to B an IP address for which it is an alias. B takes the domain from the subjectAltName in the cert presented by A, looks up the domain in DNS, and verifies that the offered IP address is listed in the DNS record. If so, it is accepted as an alias. -Jonathan R. -- Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza Director, Service Provider VoIP Architecture Parsippany, NJ 07054-2711 Cisco Systems jdrosen@cisco.com FAX: (973) 952-5050 http://www.jdrosen.net PHONE: (973) 952-5000 http://www.cisco.com _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] target topology in connect-reuse Jonathan Rosenberg
- Re: [Sip] target topology in connect-reuse Cullen Jennings
- Re: [Sip] target topology in connect-reuse Eric Rescorla
- Re: [Sip] target topology in connect-reuse Cullen Jennings
- Re: [Sip] target topology in connect-reuse Robert Sanders
- Re: [Sip] target topology in connect-reuse Cullen Jennings