Re: [sipcore] 4028bis: forking
Roman Shpount <roman@telurix.com> Mon, 01 June 2020 17:02 UTC
Return-Path: <roman@telurix.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 803583A1248 for <sipcore@ietfa.amsl.com>; Mon, 1 Jun 2020 10:02:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bc70YdVYzWJX for <sipcore@ietfa.amsl.com>; Mon, 1 Jun 2020 10:02:54 -0700 (PDT)
Received: from mail-ot1-x333.google.com (mail-ot1-x333.google.com [IPv6:2607:f8b0:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EA9F3A127F for <sipcore@ietf.org>; Mon, 1 Jun 2020 10:02:53 -0700 (PDT)
Received: by mail-ot1-x333.google.com with SMTP id b18so8574534oti.1 for <sipcore@ietf.org>; Mon, 01 Jun 2020 10:02:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TpATjDWFYLXVHhfG07PlmQFoBqSE3jE4zJhyw69B+tQ=; b=nSO9SlUv5Keh7pFx3Dphw855WSSFLDpTNubt8YddNFu2MZEGCAmMQ6VK2Rlyyhgd4X qrlEGOU2tR4Z0tUSNOn5XcEDHk1JBIgKIb0MKF6G64z8cIKm2j0B3+/tLDnxo5XZPsP7 tW/lKkeJsdGo8PT7eRyfoF0HVMKxaNBoB7rUEpMeOIHSN61fvx8E36voyCzg/xXaWsXu aq/O7L9Wm4fuY8QG2OehXLUan32DlCloTLX4++KwTunu7R88aIkxC8gcpfqxJ1qpF5lR FTujQPZsU8K52/MQZ9IVaA4dLW+S9PY2p/pkTzbSaTxIlrEbyZUcUVgfiVzXSAUZnG+h G+4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TpATjDWFYLXVHhfG07PlmQFoBqSE3jE4zJhyw69B+tQ=; b=Q+fKPPhtVLoZWUSH/ExbsIe82SUg05d2o0UndBmG5OQBDMQQABsfpsgtfTGcHHKRsx aAWHEohu7RLpBj8+FuA9UPN8do+fkLrXHP6tM2e1lpArGR42FyzndWUh+aa7lK1c+Cgq qV6DLww34Tt86YlGgQxu5VZvfnkbVVZVN/F0ZRExly7lADNdkLhxQXIUAklaZWsp4LlV 2u0PLDQ2g0+K/XbyidUarbBle+8jYD65s91Nq1hUpUXxzYNplins+B9MBNKhsH20Z5Z3 MGGOd2tod32wlielzlBlgo1JcwjmYfoD8ZnMaoBP672SxJ553Ek59uYnW/+I4a0KZgkL TYNA==
X-Gm-Message-State: AOAM530pUZ/fq3oOgQLYkB1ZRcvFRxcbdLbNyqLZE7xjsRYibZ100Mbz jcOuH1yJwxmZArse10awpCtJei3uiRs=
X-Google-Smtp-Source: ABdhPJx+BVEfSvpvGNoj50/ItV4cbz2L/83iMbB1MxCncdFE+ZH67aJ5F5eNvs38oQKT9mNkYUJQ+Q==
X-Received: by 2002:a05:6830:12c1:: with SMTP id a1mr12495966otq.123.1591030972759; Mon, 01 Jun 2020 10:02:52 -0700 (PDT)
Received: from mail-oi1-f177.google.com (mail-oi1-f177.google.com. [209.85.167.177]) by smtp.gmail.com with ESMTPSA id w197sm3958659oif.1.2020.06.01.10.02.51 for <sipcore@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 01 Jun 2020 10:02:51 -0700 (PDT)
Received: by mail-oi1-f177.google.com with SMTP id c194so4689865oig.5 for <sipcore@ietf.org>; Mon, 01 Jun 2020 10:02:51 -0700 (PDT)
X-Received: by 2002:aca:72c2:: with SMTP id p185mr207540oic.139.1591030971345; Mon, 01 Jun 2020 10:02:51 -0700 (PDT)
MIME-Version: 1.0
References: <87zh9rh3r6.fsf@hobgoblin.ariadne.com> <d11b3de6-9c51-91c0-125e-175d6ff15bc5@gmail.com>
In-Reply-To: <d11b3de6-9c51-91c0-125e-175d6ff15bc5@gmail.com>
From: Roman Shpount <roman@telurix.com>
Date: Mon, 01 Jun 2020 13:02:40 -0400
X-Gmail-Original-Message-ID: <CAD5OKxvDsa6fyEVfz2-zPOzSHLtNn9_MoaSgr+ucx6Ba-jPU3Q@mail.gmail.com>
Message-ID: <CAD5OKxvDsa6fyEVfz2-zPOzSHLtNn9_MoaSgr+ucx6Ba-jPU3Q@mail.gmail.com>
To: OKUMURA Shinji <ietf.shinji@gmail.com>
Cc: "Dale R. Worley" <worley@ariadne.com>, SIPCORE <sipcore@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000dfb21505a708c365"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/RMFY79bSLXE0rmwTFBx-DOcT6pA>
Subject: Re: [sipcore] 4028bis: forking
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2020 17:02:57 -0000
Shinji, The main purposes of session timers is to allow SIP proxies to maintain dialog state for billing and other purposes. Proxies are the main agents that insert Session-Expires header. In most cases there is no reason for UA to use session timers since they can normally monitor call presence without it. Your proposal makes the most common use case for session timers impossible. Min-SE exists mainly for the purpose of preventing badly behaving proxies or UA from overload proxies on the call path or UAS. Not allowing proxy to send 422 creates a big security risk. My general attitude is that parallel forking is broken for a lot of use cases anyway, so it should be avoided. I do not think a lot of production deployments are actually use parallel forking. Most of the UA would not handle multiple 200 OK responses that can be created as a result of parallel fork. Session timers are, on the other hand, are used a lot. So I would prefer to live with broken or under-specified parallel forking vs breaking session timers. Thank You, _____________ Roman Shpount On Mon, Jun 1, 2020 at 5:57 AM OKUMURA Shinji <ietf.shinji@gmail.com> wrote: > Hi, > > I've not intended to suggest a common solution to the fork-issue. I am > interested in how the fork does not happen. It is related to the behavior > of proxies and a UAS in the 1st phase that you mention. My suggestion is > that a UAS and proxies SHOULD avoid returning 422 as much as possible. > > Considering backward compatibility, rules are as follows. > > a) A UAC and proxies should not insert a Session-Expires header. > b) A UAC and proxies may insert a Min-SE header or increase the value of > it. > c) A UAS may insert a Session-Expires header into a 200 response. > d) A proxy may insert a Session-Expires header into a 200 response, but > must not modify it. > > Of course legacy proxies will return 422, but this is unavoidable. > In that case, the following rule may be useful. > > e) If a proxy increases the value of a Min-SE header and it becomes > greater than the value of a Session-Expires header, then a proxy should > increase the value of a Session-Expires header to the value of a Min-SE > header. > > However, this rule can be problematic in terms of backward compatibility. > > Shinji > > On 2020/05/29 11:30, Dale R. Worley wrote: > > OKUMURA Shinji <ietf.shinji@gmail.com> writes: > >> As you point out, the other responses(407, 420, ...) cause the same > problem. > >> But session-timer is essentially a kind of pre-condition, so I'd like > >> to avoid incoming calls to fail because of it. And I'd like to sort > >> out also the rules in early dialog. > > > >> On 2020/05/27 19:16, Christer Holmberg wrote: > >>> A proxy rejecting a request is not unique to the session-timer. > >>> > >>> If Alice receives a 422 she can send a CANCEL (if other early dialogs > >>> have been established), and then a new initial INVITE. > > > > (This has a larger scope than just session-timers.) > > > > I don't know if the above writers intended this point, but reading what > > they have said suggests to me this possible behavior for proxies (which > > I don't recall seeing suggested): > > > > Note that 422 is one of a number of "pre-condition failure" response > > codes. Those have the properties (1) when they are generated, they are > > generated nearly immediately from the INVITE, and (2) the UAC can adjust > > the INVITE to prevent them. > > > > Suppose that if a proxy receives one of these "pre-condition failure" > > responses, it immediately (or with short delay on a human scale) cancels > > all remaining forks of the transaction and returns the failure response > > upstream. > > > > The effect is to split the "early dialog" phase into two sub-phases, (1) > > a very short phase where the forking of the INVITE effectively probes > > for proxies and UASs that object to the the INVITE for "pre-condition" > > reasons, and (2) a longer phase which resembles the current early dialog > > phase. > > > > There are probably refinements needed to make this work in all cases. > > > > Dale > > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore >
- [sipcore] 4028bis: forking OKUMURA Shinji
- Re: [sipcore] 4028bis: forking Christer Holmberg
- Re: [sipcore] 4028bis: forking Paul Kyzivat
- Re: [sipcore] 4028bis: forking worley
- Re: [sipcore] 4028bis: forking OKUMURA Shinji
- Re: [sipcore] 4028bis: forking OKUMURA Shinji
- Re: [sipcore] 4028bis: forking OKUMURA Shinji
- Re: [sipcore] 4028bis: forking Christer Holmberg
- Re: [sipcore] 4028bis: forking worley
- Re: [sipcore] 4028bis: forking OKUMURA Shinji
- Re: [sipcore] 4028bis: forking Roman Shpount
- Re: [sipcore] 4028bis: forking OKUMURA Shinji
- Re: [sipcore] 4028bis: forking Roman Shpount
- Re: [sipcore] 4028bis: forking OKUMURA Shinji
- Re: [sipcore] 4028bis: forking Roman Shpount