IETF Logo Mail Archive

RE: [Sip] draft-jennings-sip-dtls

"Tolga Asveren" <asveren@ulticom.com> Fri, 18 February 2005 14:06 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA04066 for <sip-web-archive@ietf.org>; Fri, 18 Feb 2005 09:06:44 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D2981-0000lQ-4v for sip-web-archive@ietf.org; Fri, 18 Feb 2005 09:29:09 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D28cT-0006uP-NS; Fri, 18 Feb 2005 08:56:33 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D28Zk-0005yd-EE for sip@megatron.ietf.org; Fri, 18 Feb 2005 08:53:44 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA03002 for <sip@ietf.org>; Fri, 18 Feb 2005 08:53:43 -0500 (EST)
Received: from 192-73-206-10.ulticom.com ([192.73.206.10] helo=colby.ulticom.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D28vP-0000Rx-In for sip@ietf.org; Fri, 18 Feb 2005 09:16:08 -0500
Received: from pcasveren (pc-asveren.ulticom.com [172.25.33.55]) by colby.ulticom.com (8.12.10/8.12.10) with SMTP id j1IDpt4t020102; Fri, 18 Feb 2005 08:51:56 -0500 (EST)
From: Tolga Asveren <asveren@ulticom.com>
To: Christian Stredicke <Christian.Stredicke@snom.de>, Francois Audet <audet@nortel.com>, Cullen Jennings <fluffy@cisco.com>, Jonathan Rosenberg <jdrosen@cisco.com>
Subject: RE: [Sip] draft-jennings-sip-dtls
Date: Fri, 18 Feb 2005 08:39:51 -0500
Message-ID: <GBEBKGPKHGPAOFCLBNAMKEOBCNAA.asveren@ulticom.com>
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <B52FDDEC7CBE9D40B36FE900C9AD78B422A65F@merenge.intern.snom.de>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Scanned-By: MIMEDefang 2.40
X-Spam-Score: 1.0 (+)
X-Scan-Signature: 426dd6ea860196690cb99367d860d19e
Cc: sip@ietf.org
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0488072596=="
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
X-Spam-Score: 0.7 (/)
X-Scan-Signature: a7c7a0f28a102b9cb6317697abf1cf76

Message<Actually this becomes too implementation dependent, probably need to
switch to implementors list, but just because it is about the
existence/non-existence of certain limitation which might be an argument in
favor of a new proposal, I continue here>

Why is there a limitation because of 16 bit (I assume you are referring to
local/remote port field length in TCP header)? When the server side calls
"accept", a new socket will be assigned but no extra port is consumed.

And yes, there are ways to support the case you mentioned -with one IP
Address/port pair-.

Don't get me wrong, obviously the protocol needs to be implementable, but I
personally do not see a problem related with that issue, neither in TCP
protocol nor how to achieve the desired functionality in mainstream OS.

        Tolga
  -----Original Message-----
  From: sip-bounces@ietf.org [mailto:sip-bounces@ietf.org]On Behalf Of
Christian Stredicke
  Sent: Thursday, February 17, 2005 3:01 PM
  To: Tolga Asveren; Francois Audet; Cullen Jennings; Jonathan Rosenberg
  Cc: sip@ietf.org
  Subject: RE: [Sip] draft-jennings-sip-dtls


  16 bit set an upper limit of 64 K connections. My feeling is that TCP was
not designed for this purpose.

  Sorry for being so pragmatic. Maybe someone can show me an implementation
that can handle 100 K connections on one IP address.

  CS



----------------------------------------------------------------------------
    From: Tolga Asveren [mailto:asveren@ulticom.com]
    Sent: Thursday, February 17, 2005 8:16 PM
    To: Christian Stredicke; Francois Audet; Cullen Jennings; Jonathan
Rosenberg
    Cc: sip@ietf.org
    Subject: RE: [Sip] draft-jennings-sip-dtls


    Isn't "running out of sockets" an implementation issue rather than a
protocol one?

    And I believe using multiple processes would solve that problem.

      Tolga
      -----Original Message-----
      From: sip-bounces@ietf.org [mailto:sip-bounces@ietf.org]On Behalf Of
Christian Stredicke
      Sent: Wednesday, February 16, 2005 5:02 PM
      To: Francois Audet; Cullen Jennings; Jonathan Rosenberg
      Cc: sip@ietf.org
      Subject: RE: [Sip] draft-jennings-sip-dtls


      Today I would recommend SIP operators to avoid TCP (and that includes
TLS) because the processes are simply running out of sockets (think about an
ITSP with one million customers). The UDP/DTLS idea would make it reasonable
simple to have much more connections and on top have security. And as far as
I understood the dtls it finally does solve the fragmentation pain problem.

      That sounds like a great thing to me. I would vote for dtls!

      CS



------------------------------------------------------------------------
        From: sip-bounces@ietf.org [mailto:sip-bounces@ietf.org] On Behalf
Of Francois Audet
        Sent: Wednesday, February 16, 2005 9:47 PM
        To: 'Cullen Jennings'; 'Jonathan Rosenberg'
        Cc: sip@ietf.org
        Subject: RE: [Sip] draft-jennings-sip-dtls


        I would agree with Jonathan.

        Yes, some implementations of SIP/TCP have performance issues
compared to SIP/UDP, but not necessarily all of them.

        Also, if we need to address the other problems of UDP transport
(like fragmentation, and others), then it is not clear to me that we are
saving much in the first place by using UDP/DTLS instead of TCP/TLS.

        I'd like to see real data before we add yet another thing we'll have
to implement...
          -----Original Message-----
          From: sip-bounces@ietf.org [mailto:sip-bounces@ietf.org] On Behalf
Of Cullen Jennings
          Sent: Tuesday, February 15, 2005 20:08
          To: Jonathan Rosenberg
          Cc: sip@ietf.org
          Subject: Re: [Sip] draft-jennings-sip-dtls



          Oops - I meant to put that.... There is pretty much one key thing.
No one has build an single edge proxy that can terminate 100k to 1M
connections to UAs using TLS. In theory it is possible, but in practice it
seems hard. The argument is that this will be easier with DTLS. The issue is
not the time it takes to do the crypto - session resumption deals with that
nicely - it just the issues of dealing with half a million TCP connections
to one box. Of course no one has done it with DTLS either :-)

          I believe the argument we made for SCTP was that adding an
extensions for SCTP won't increase the complexity of things that don't
support SCTP.

          I agree the UDP/TCP complexity made SIP more complicated and I
agree that sip and sips made things more complicated. I'm not sure I buy
that both TLS and TCP made things more complicated.


          On 2/15/05 7:15 PM, "Jonathan Rosenberg" <jdrosen@cisco.com>
wrote:


            Cullen,

            What seems missing to me from this is requirements and problem
            statements. What is DTLS doing for us that we don't get from
TLS?

            Though SIP can run over many different transport protocols, I
think
            experience over time has shown that more choices here is not
necessarily
            a good thing, as SIP has a fair bit of complexity as a result of
dealing
            with the differences between UDP and TCP. As such, I don't think
its a
            good idea to just add more transport protocols to SIP's list of
            supported ones unless there is a compelling problem that it is
solving.

            Thanks,
            Jonathan R.

            Cullen Jennings wrote:

            >
            > Nagendra and I put together a draft on using DTLS with SIP.
Until it
            > shows up in the archives you can find it at
            >
            >
http://scm.sipfoundry.org/rep/ietf-drafts/fluffy/draft-jennings-sip-dtls-00.
html
            >
            > (there is a .txt version too)
            >
            >
            > The abstract is:
            >
            >    This draft specifies how to use Datagram Transport Layer
Security
            >    (DTLS) as a transport for SIP.  DTLS is a new protocol for
providing
            >    TLS security over a datagram protocol.
            >
            >










  > ------------------------------------------------------------------------
            >
            > _______________________________________________
            > Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
            > This list is for NEW development of the core SIP Protocol
            > Use sip-implementors@cs.columbia.edu for questions on current
sip
            > Use sipping@ietf.org for new developments on the application
of sip



_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email