[Sipping] Gen-ART review of draft-ietf-sipping-sbc-funcs-04.txt

Black_David@emc.com Wed, 09 January 2008 07:35 UTC

Return-path: <sipping-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JCVT1-0004vY-5u; Wed, 09 Jan 2008 02:35:15 -0500
Received: from sipping by megatron.ietf.org with local (Exim 4.43) id 1JCK9G-0006WZ-5K for sipping-confirm+ok@megatron.ietf.org; Tue, 08 Jan 2008 14:30:06 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JCK9F-0006WF-GB; Tue, 08 Jan 2008 14:30:05 -0500
Received: from mexforward.lss.emc.com ([128.222.32.20]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1JCK9E-0004hJ-M4; Tue, 08 Jan 2008 14:30:05 -0500
Received: from hop04-l1d11-si02.isus.emc.com (HOP04-L1D11-SI02.isus.emc.com [10.254.111.55]) by mexforward.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id m08JSg29022599; Tue, 8 Jan 2008 14:28:42 -0500 (EST)
Received: from mailhub.lss.emc.com (nagas.lss.emc.com [10.254.144.11]) by hop04-l1d11-si02.isus.emc.com (Tablus Interceptor); Tue, 8 Jan 2008 14:28:42 -0500
Received: from corpussmtp4.corp.emc.com (corpussmtp4.corp.emc.com [10.254.64.54]) by mailhub.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id m08JS6XQ005056; Tue, 8 Jan 2008 14:28:38 -0500 (EST)
From: Black_David@emc.com
Received: from CORPUSMX20A.corp.emc.com ([128.221.62.13]) by corpussmtp4.corp.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 8 Jan 2008 14:28:36 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 08 Jan 2008 14:28:33 -0500
Message-ID: <8CC6CEAB44F131478D3A7B429ECACD91085EAA@CORPUSMX20A.corp.emc.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Gen-ART review of draft-ietf-sipping-sbc-funcs-04.txt
thread-index: AchSLKhHudAwrRHqQAKfaYDdq1MdkA==
To: Jani.Hautakorpi@ericsson.com, Gonzalo.Camarillo@ericsson.com, bpenfield@acmepacket.com, ahawrylyshen@ditechnetworks.com, mbhatia@3clogic.com, gen-art@ietf.org, sipping@ietf.org, ietf@ietf.org
X-OriginalArrivalTime: 08 Jan 2008 19:28:36.0540 (UTC) FILETIME=[AA11EFC0:01C8522C]
X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.5.1.298604, Antispam-Data: 2007.8.30.53115
X-PerlMx-Spam: Gauge=, SPAM=0%, Reason='EMC_BODY_1+ -3, EMC_FROM_0+ -3, NO_REAL_NAME 0, __C230066_P5 0, __CP_NOT_1 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0'
X-Tablus-Inspected: yes
X-Tablus-Classifications: public
X-Tablus-Action: allow
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0ff9c467ad7f19c2a6d058acd7faaec8
X-Mailman-Approved-At: Wed, 09 Jan 2008 02:35:12 -0500
Cc: Black_David@emc.com, jon.peterson@neustar.biz, mary.barnes@nortel.com
Subject: [Sipping] Gen-ART review of draft-ietf-sipping-sbc-funcs-04.txt
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Errors-To: sipping-bounces@ietf.org

Authors,

I have been selected as the General Area Review Team (Gen-ART)
reviewer for this draft (for background on Gen-ART, please see
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html)

Please resolve these comments along with any other Last Call
comments you may receive.

Document: draft-ietf-sipping-sbc-funcs-04.txt
Reviewer: David L. Black
Review Date: 7 January 2008
IETF LC End Date: 16 January 2008

Summary:

This draft is on the right track, but has open issues,
described in the review.

Comments:

This draft is generally in good shape and well-written.  Most
of these comments are nits, but I consider the following
three to be minor open issues:
	a) NAT problem not explained (3.4.1)
	b) Scope of Protocol Repair needs to be broadened (3.6)
	c) Recommendations need to cross-reference problems (4)
These are marked with *** in the comments below.

End of Section 2: the intuition behind the terms "inner
network" and "outer network" should be explained.  It
appears that the SBC is logically associated with the inner
network and provides functions such as controlling and
protecting access to the inner network from the outer
network.

Section 2.2:

   Some endpoints may be behind enterprise or residential NATs.
   In cases where the access network is a private network, the
   SBC is the NAT for all traffic.

"the NAT" --> "a NAT" and add a sentence calling attention to
the possibility that SIP traffic may get NAT'ed more than once
(e.g., in Figure 3, traffic to/from UA3 may get NAT'ed at both
the NAT and the SBC if the Access Network is a private network).

The last paragraph of section 3.1.3 rapidly switches from
topology hiding to identity hiding.  The relationship
between these two should be explained.

Section 3.2.1:

   Some operators do not want to manage the traffic (e.g.,
   allowing only certain codecs), but only to monitor it ...

The parenthetical example "(e.g., ..." is very poorly placed.
It should be moved into the previous paragraph.

Section 3.2.2 - Add "requirements of Authenticated Identity
Management" just before the citation of [3] for clarity.

"o=mhandley" - while I realize this came from RFC 2327, please
use an example other than Mark Handley's username.  "caller"
or "callee" would be fine.

*** Section 3.4.1 doesn't completely explain the NAT problem
before it describes the solution.  It looks like the primary
NAT problem is keeping the NAT binding for the control
connection active, hence the decreased validity time to force
an earlier REGISTER to refresh the binding state.  That needs
to be explained in the first paragraph, and it needs to be
clear that this is about a NAT outside the SBC (e.g., the NAT
in Figure 3, not the NAT that may be in the SBC), as an SBC
presumably does not need to resort to this sort of subterfuge
to keep a NAT binding active in a NAT that's part of the SBC
itself.

I presume that media traffic is sufficiently continuous that
its NAT bindings are self-sustaining, right?  That should
also be stated.

The fourth paragraph in Section 3.4.1 ("Operators implement
...") is about a lot more than NATs (e.g., it applies in the
complete absence of NATs).  It probably belongs somewhere
else; at a minimum, it's also related to access control (3.5).

Section 3.4.2 - please provide examples and citations for
end-to-end confidentiality and integrity mechanisms used
in practice.

Section 3.4.2, last sentence - surely there are rules of
thumb that work for choosing NAT binding refresh periods
that usually work.  Section 3.5 of
draft-ietf-tsvwg-udp-guidelines-04.txt is one place to
look, and this should probably be referenced.

Section 3.4.3:

   Naturally also other measures need to be taken in
   order to enable the NAT traversal, but this example
   illustrates only one mechanism for preserving the
   SIP related NAT bindings.

That's somewhat cryptic - a brief explanation of the
"other measures" would be an improvement.

Section 3.6.1, end of first paragraph - explain what is
meant by "protocol conversion": conversion of which
protocol between what and what?

*** Section 3.6.1 describes repairing messages "generated
by not-fully-standard clients" but the example in Section
3.6.3 involves a correct message sent to a client that
doesn't implement the entire standard.  Section 3.6.1
needs to be rewritten to encompass the example.

Section 3.7.1 - provide an example of the encryption
techniques used.

*** Section 4 should cross-reference the requirements back
to subsections of Section 3.  I think the cross references
are:
- Req-1 (topology hiding): 3.1
- Req-2 (redirect via intermediary): 3.2, 3.4, 3.5, others?
- Req-3 (capability mismatch): 3.3
Section 4 should also list items not completely addressed,
i.e., those for which SBC "hacks" and/or not-completely
standard SBC interposition will continue to be needed.

The Security considerations section should point out the
security motivations for some SBC functionality. This
arises in a number of subsections of Section 3.

idnits 2.05.03 ran clean (no errors or warnings).

----------------------------------------------------
David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
black_david@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------



_______________________________________________
Sipping mailing list  https://www1.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sip@ietf.org for new developments of core SIP