RE: [Sip] PING/PONG
"Christian Stredicke" <Christian.Stredicke@snom.de> Wed, 17 November 2004 15:42 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA10015 for <sip-web-archive@ietf.org>; Wed, 17 Nov 2004 10:42:47 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CURzl-0003tS-FQ for sip-web-archive@ietf.org; Wed, 17 Nov 2004 10:45:21 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CURn3-0003qy-To; Wed, 17 Nov 2004 10:32:13 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CURil-0002cu-VZ for sip@megatron.ietf.org; Wed, 17 Nov 2004 10:27:48 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA08357 for <sip@ietf.org>; Wed, 17 Nov 2004 10:27:45 -0500 (EST)
Received: from natsmtp00.rzone.de ([81.169.145.165]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CURlC-0003VR-LO for sip@ietf.org; Wed, 17 Nov 2004 10:30:19 -0500
Received: from snom.de (pD951647B.dip.t-dialin.net [217.81.100.123]) by post.webmailer.de (8.13.1/8.13.1) with ESMTP id iAHFRLT4009638; Wed, 17 Nov 2004 16:27:33 +0100 (MET)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Sip] PING/PONG
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Date: Wed, 17 Nov 2004 16:31:24 +0100
Message-ID: <B52FDDEC7CBE9D40B36FE900C9AD78B4176DD6@merenge.intern.snom.de>
Thread-Topic: [Sip] PING/PONG
thread-index: AcTMFOtiRyKQSpn7RMeR3eSHQfrdZgAmkQSw
From: Christian Stredicke <Christian.Stredicke@snom.de>
To: Jonathan Rosenberg <jdrosen@cisco.com>
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 2086112c730e13d5955355df27e3074b
Content-Transfer-Encoding: quoted-printable
Cc: sip@ietf.org
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 2beba50d0fcdeee5f091c59f204d4365
Content-Transfer-Encoding: quoted-printable
So my understanding is: 1. We should use *only* STUN for refreshing bindings (either UDP or TCP, what about TLS) 2. The user agent indicates if it can do it (no negotiation on capabilities) 3. Refreshing must be done from the client Can we agree on that? Christian > -----Original Message----- > From: Jonathan Rosenberg [mailto:jdrosen@cisco.com] > Sent: Tuesday, November 16, 2004 2:46 PM > To: Christian Stredicke > Cc: Spencer Dawkins; sip@ietf.org > Subject: Re: [Sip] PING/PONG > > inline. > > Christian Stredicke wrote: > > > Hi Spencer! > > > > You just mentioned another way of keeping TCP connections > alive. Thats > > good! > > > > So far we have: > > > > - CRLF (frequenly used today, but not indicated by user agent) > > - STUN (same as CRLF) > > It is not the same. STUN solicits a response, which allows > the client to > determine if the NAT binding has changed, and if the server > is still alive. > > > - PING/PONG or whatever (tbd, maybe superflous) > > I am very much against SIP-based keepalives. This turns into a huge > scalability nightmare. It ends up being the dominant > processing cost for > proxies along with the dominant percentage of the signaling > bandwidth, > and it buys you nothing. > > > > - OPTIONS (big overhead, but compatible) > > - REGISTER (same as OPTIONS, but even bigger overhead) > > - TCP low-level (how can this be addressed by the application?) > > - No refreshing ("legacy device") > > > > Lets have a way to indicate these options and let the SBC > decide what > > method it likes/supports. > > Generally speaking, having multiple choices reduces > interoperability. I > think we should pick a solution, and only describe multiple ones if > there is a compelling reason why multiple ones need to exist. > > Its worth pointing out that there are several functions these various > keepalvies provide: > > 1. they keep nat bindings fresh > 2. they allow the client to detect if its nat binding as seen by the > server has changed > 3. they allow the client to determine if the server is still > alive and > responding to messages > 4. they allow the client to determine if the nat has dropped > its binding > altogether, so that packets are just going into the ether > > I *think* Bob is proposing another usage: > > 5. they allow the server to determine that the nat binding for the > client has changed, so it can update its registration to > reflect the new > address > > > Using the keepalive to update the binding on the server introduces > security risks. If the keepalive is not authenticated, an > attacker can > inject the keepalives with a falsified source IP address, and as a > result force incoming calls to be directed towards it. This is not > acceptable. Thus, any request which causes the server to > update any kind > of bindings MUST be authenticated. I would rather not require the > keepalives to be authenticated, as this substantially > increases the cost > of processing them. If you use unauthenticated STUN packets, > the client > detects that its nat binding has changed, and then it can re-register > with a proper REGISTER, which can be authenticated and that > can be used > to update the binding, thus avoiding the attack. > > It is possible to use different mechanisms to address each of the 4 > different issues above. An empty UDP packet or a CRLF on the TCP > connection can address the binding keepalive issue but not any of the > liveness checks. I strongly prefer a single solution that > addresses all > of these. > > -Jonathan R. > > > -- > Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza > Director, Service Provider VoIP Architecture Parsippany, NJ > 07054-2711 > Cisco Systems > jdrosen@cisco.com FAX: (973) 952-5050 > http://www.jdrosen.net PHONE: (973) 952-5000 > http://www.cisco.com > > > _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] PING/PONG Christian Stredicke
- RE: [Sip] PING/PONG Christer Holmberg (JO/LMF)
- RE: [Sip] PING/PONG Steve Langstaff
- Re: [Sip] PING/PONG Bob Penfield
- RE: [Sip] PING/PONG Christer Holmberg (JO/LMF)
- RE: [Sip] PING/PONG Christian Stredicke
- Re: [Sip] PING/PONG Bob Penfield
- RE: [Sip] PING/PONG Chris Boulton
- RE: [Sip] PING/PONG Christian Stredicke
- RE: [Sip] PING/PONG Steve Langstaff
- RE: [Sip] PING/PONG Christian Stredicke
- RE: [Sip] PING/PONG Chris Boulton
- RE: [Sip] PING/PONG Steve Langstaff
- Re: [Sip] PING/PONG Spencer Dawkins
- RE: [Sip] PING/PONG Christian Stredicke
- Re: [Sip] PING/PONG Klaus Darilion
- Re: [Sip] PING/PONG Jonathan Rosenberg
- [Sip] How to get old messages on archives!! vikram bhuskute
- RE: [Sip] PING/PONG Christian Stredicke
- Re: [Sip] PING/PONG Jonathan Rosenberg
- RE: [Sip] PING/PONG Steve Langstaff
- RE: [Sip] PING/PONG Christian Stredicke
- RE: [Sip] PING/PONG Steve Langstaff
- Re: [Sip] PING/PONG Jonathan Rosenberg
- Re: [Sip] PING/PONG Charles Eckel
- Re: [Sip] PING/PONG Jonathan Rosenberg
- Re: [Sip] PING/PONG Robert Sparks
- Re: [Sip] PING/PONG Jonathan Rosenberg
- Re: [Sip] PING/PONG Robert Sparks
- Re: [Sip] PING/PONG Jonathan Rosenberg
- Re: [Sip] PING/PONG Robert Sparks
- Re: [Sip] PING/PONG Jonathan Rosenberg
- Re: [Sip] PING/PONG Robert Sparks