[Sip] target topology in connect-reuse
Jonathan Rosenberg <jdrosen@cisco.com> Tue, 16 November 2004 20:17 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08090 for <sip-web-archive@ietf.org>; Tue, 16 Nov 2004 15:17:14 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CU9nc-0006tk-8o for sip-web-archive@ietf.org; Tue, 16 Nov 2004 15:19:36 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CU9jL-0004a4-EC; Tue, 16 Nov 2004 15:15:11 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CU9eb-0002lT-PH for sip@megatron.ietf.org; Tue, 16 Nov 2004 15:10:17 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA06988 for <sip@ietf.org>; Tue, 16 Nov 2004 15:10:17 -0500 (EST)
Received: from sj-iport-2-in.cisco.com ([171.71.176.71] helo=sj-iport-2.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CU9gs-0006hV-4v for sip@ietf.org; Tue, 16 Nov 2004 15:12:39 -0500
Received: from sj-core-2.cisco.com (171.71.177.254) by sj-iport-2.cisco.com with ESMTP; 16 Nov 2004 12:22:48 -0800
Received: from mira-sjc5-d.cisco.com (IDENT:mirapoint@mira-sjc5-d.cisco.com [171.71.163.28]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id iAGK9Kw0028306 for <sip@ietf.org>; Tue, 16 Nov 2004 12:09:21 -0800 (PST)
Received: from [192.168.1.100] (sjc-vpn4-1387.cisco.com [10.21.85.106]) by mira-sjc5-d.cisco.com (MOS 3.4.6-GR) with ESMTP id AFT88318; Tue, 16 Nov 2004 12:09:43 -0800 (PST)
Message-ID: <419A5E86.7030009@cisco.com>
Date: Tue, 16 Nov 2004 15:09:42 -0500
From: Jonathan Rosenberg <jdrosen@cisco.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3) Gecko/20040910
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: sip@ietf.org
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac
Content-Transfer-Encoding: 7bit
Subject: [Sip] target topology in connect-reuse
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 31247fb3be228bb596db9127becad0bc
Content-Transfer-Encoding: 7bit
During the sip meeting, we had a lot of discussion about the
interactions between connect-reuse and the RFC 3263 mechanisms for load
balancing. The current mechanism in connect-reuse will, I believe,
create a single connection between a proxy in one domain and one of the
servers in another domain.
I think the objective of the connect-reuse mechanism is to produce a
topology that looks like this:
Please view in a fixed-width font such as
Courier.
+---------+
| |
| |
| Proxy | ---
| | ------ +---------+
| |\ ----- | |
+---------+ \\ --- | |
\ | Proxy |
\ -- | |
\\ ---- | |
+---------+ \ --- / +---------+
| | -\\ /
| | ---- \ //
| Proxy | -- \ /
| | \X
| | -- / \
+---------+ ---- / \
---/ \\ +---------+
/ ---- \ | |
/ -- | |
/ -- | Proxy |
+---------+ / --- | |
| | // ---- | |
| | / --- +---------+
| Proxy | / ---
| | --
| |
+---------+
That is, between each proxy in domain A and each proxy in domain B,
there is a single connection used for traffic in each direction. The
transaction load is distributed across those connections proportiaonlly
to the weight factors in the SRV records.
This effect can be achieved if a connection is aliased to to an IP
address, so that the connection reuse takes place *after* the DNS
operations have occurred.
This means that, when one proxy (A) opens a connection to another (B), A
has to tell B that, when B wants to send requests to a particular IP
address, it can use this connection instead. This needs to be done
securely.
I'd suggest the following. A opens a TCP connection to a server in B
(based on the DNS lookup of B's domain). There is a TLS exhcange. A
indicates to B an IP address for which it is an alias. B takes the
domain from the subjectAltName in the cert presented by A, looks up the
domain in DNS, and verifies that the offered IP address is listed in the
DNS record. If so, it is accepted as an alias.
-Jonathan R.
--
Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza
Director, Service Provider VoIP Architecture Parsippany, NJ 07054-2711
Cisco Systems
jdrosen@cisco.com FAX: (973) 952-5050
http://www.jdrosen.net PHONE: (973) 952-5000
http://www.cisco.com
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip
- [Sip] target topology in connect-reuse Jonathan Rosenberg
- Re: [Sip] target topology in connect-reuse Cullen Jennings
- Re: [Sip] target topology in connect-reuse Eric Rescorla
- Re: [Sip] target topology in connect-reuse Cullen Jennings
- Re: [Sip] target topology in connect-reuse Robert Sanders
- Re: [Sip] target topology in connect-reuse Cullen Jennings