IETF Logo Mail Archive

Re: [tram] Review of dual allocation in TURNbis-11

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Fri, 09 February 2018 12:51 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C2A012778D for <tram@ietfa.amsl.com>; Fri, 9 Feb 2018 04:51:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.331
X-Spam-Level:
X-Spam-Status: No, score=-4.331 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3k2hwTviV2Ll for <tram@ietfa.amsl.com>; Fri, 9 Feb 2018 04:51:34 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67C0B120727 for <tram@ietf.org>; Fri, 9 Feb 2018 04:51:34 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1518180693; h=From: To:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics: x-ms-exchange-antispam-srfa-diagnostics:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-microsoft-antispam-prvs:x-exchange-antispam-report-test: x-exchange-antispam-report-cfa-test:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-microsoft-antispam-message-info: spamdiagnosticoutput:spamdiagnosticmetadata: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=D R6Xmzx7R2wpEjJz4uFtbV05XnrKKLi+mVoZgKSAOY 4=; b=Lgjs4+vV6SnwLENEFOOZjtghgpuM8xKw/4GwRpa5dmg7 eCbbdyb1icsWvgtNtWSd2QNRa6OCkGnu0vsHF6VOWRGNceV/zK vyTjXhWXoq3y4FofIIoBh8T3BvLcDX5CIxU+tP1LvTLQ9yWFhc GjeKD7JdYntAadbWiABrS5e9ilM=
Received: from DNVEXAPP1N05.corpzone.internalzone.com (DNVEXAPP1N05.corpzone.internalzone.com [10.44.48.89]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 63fe_9a28_af04bd77_f510_43bd_a34e_ae033fce9012; Fri, 09 Feb 2018 06:51:32 -0600
Received: from DNVEXUSR1N12.corpzone.internalzone.com (10.44.48.85) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Fri, 9 Feb 2018 05:51:11 -0700
Received: from DNVEXUSR1N11.corpzone.internalzone.com (10.44.48.84) by DNVEXUSR1N12.corpzone.internalzone.com (10.44.48.85) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Fri, 9 Feb 2018 05:51:10 -0700
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXUSR1N11.corpzone.internalzone.com (10.44.48.84) with Microsoft SMTP Server (TLS) id 15.0.1347.2 via Frontend Transport; Fri, 9 Feb 2018 05:51:10 -0700
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (10.44.176.240) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Fri, 9 Feb 2018 05:51:08 -0700
Received: from DM5PR16MB1788.namprd16.prod.outlook.com (10.172.44.144) by DM5PR16MB1468.namprd16.prod.outlook.com (10.173.211.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.485.10; Fri, 9 Feb 2018 12:51:08 +0000
Received: from DM5PR16MB1788.namprd16.prod.outlook.com ([10.172.44.144]) by DM5PR16MB1788.namprd16.prod.outlook.com ([10.172.44.144]) with mapi id 15.20.0464.017; Fri, 9 Feb 2018 12:51:08 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Marc Petit-Huguenin <petithug@acm.org>, "tram@ietf.org" <tram@ietf.org>
Thread-Topic: [tram] Review of dual allocation in TURNbis-11
Thread-Index: AQHTRFmkTUXySTsG3EGzRBQMWeAaDaLmPU1QgAnZ7oCArKMPEA==
Date: Fri, 09 Feb 2018 12:51:08 +0000
Message-ID: <DM5PR16MB178859E2018148DBAD51635EEAF20@DM5PR16MB1788.namprd16.prod.outlook.com>
References: <65c75449-152c-1ce7-7c81-460ca589d9f0@acm.org> <DM5PR16MB17881ABD54B89E14F0291C56EA4C0@DM5PR16MB1788.namprd16.prod.outlook.com> <ea84bcf9-19b6-5492-383b-18e2bc5a93bf@acm.org>
In-Reply-To: <ea84bcf9-19b6-5492-383b-18e2bc5a93bf@acm.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.0.200.100
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR16MB1468; 7:K2MKLjt5NkAm9XzquXZUyN8TBVk7gIZsv5f112qgZusmS0z990r6ZKxGaGb951deRk0nAQbcgEuCy6Mz/YSoDX/BVGX+yFL9DvdijiTd1g1KIYCWQx+4IYraa87ttfpEZ923eiOTYKROS2MBu09v4kq443Xpy2pzSz3W3ezfcs3ohdHrsSSawMvXJ0wCb0xOhnW8yMcxYwHRBfE/vUCEbY5hUyXkdMN6wqxIKSZ5EDDa+YsQZUeI/Q36YR3QpbiZ
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 6d8e69d1-97ed-40ce-53eb-08d56fbbca77
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:DM5PR16MB1468;
x-ms-traffictypediagnostic: DM5PR16MB1468:
x-microsoft-antispam-prvs: <DM5PR16MB1468AB2CB6B07103130C24F8EAF20@DM5PR16MB1468.namprd16.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(128460861657000)(213716511872227)(81160342030619)(123452027830198);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3231101)(2400082)(944501161)(3002001)(93006095)(93001095)(10201501046)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123560045)(20161123562045)(6072148)(201708071742011); SRVR:DM5PR16MB1468; BCL:0; PCL:0; RULEID:; SRVR:DM5PR16MB1468;
x-forefront-prvs: 057859F9C5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(366004)(376002)(396003)(39380400002)(39850400004)(32952001)(13464003)(51444003)(252514010)(189003)(199004)(52314003)(478600001)(74316002)(5660300001)(45080400002)(72206003)(7736002)(305945005)(66066001)(186003)(55016002)(26005)(77096007)(6306002)(9686003)(68736007)(102836004)(53936002)(33656002)(316002)(3280700002)(25786009)(76176011)(2950100002)(59450400001)(6506007)(6436002)(229853002)(53546011)(3846002)(6116002)(105586002)(2501003)(81156014)(81166006)(8936002)(97736004)(80792005)(2900100001)(2906002)(966005)(14454004)(8676002)(106356001)(7696005)(3660700001)(6246003)(86362001)(99286004)(110136005)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR16MB1468; H:DM5PR16MB1788.namprd16.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: Kv8h9SHyExqLjARgfxYe3XDGv5935ZXGqEp7AvmUCYYCSotFCJUxL7RKiF2TmOXQP/kG//GToSp9tyygUl4Dmw==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6d8e69d1-97ed-40ce-53eb-08d56fbbca77
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Feb 2018 12:51:08.8397 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR16MB1468
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6219> : inlines <6384> : streams <1778478> : uri <2589734>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/3K_qKirpbfafvwhhN6hfpDlrjZA>
Subject: Re: [tram] Review of dual allocation in TURNbis-11
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Feb 2018 12:51:37 -0000

> -----Original Message-----
> From: Marc Petit-Huguenin [mailto:petithug@acm.org]
> Sent: Sunday, October 22, 2017 9:38 PM
> To: Konda, Tirumaleswar Reddy
> <TirumaleswarReddy_Konda@McAfee.com>; tram@ietf.org
> Subject: Re: [tram] Review of dual allocation in TURNbis-11
> 
> Inline.
> 
> On 10/16/2017 07:14 PM, Konda, Tirumaleswar Reddy wrote:
> > Thanks Marc for the detailed review, Please see inline
> >
> >> -----Original Message-----
> >> From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Marc Petit-
> >> Huguenin
> >> Sent: Saturday, October 14, 2017 12:59 AM
> >> To: tram@ietf.org
> >> Subject: [tram] Review of dual allocation in TURNbis-11
> >>
> >> I should first apologize the the delay in reviewing this draft.  I
> >> never managed to get a sponsorship that spans the whole lifetime of a
> >> draft (or a Working Group for that matter), and that why it is so
> >> difficult for me to work on IETF stuff in a sustained and consistent manner.
> >>
> >> Anyway, I was working on a review for turnbis-11 that was
> >> specifically focusing on the synchronization with stunbis, but I kept
> >> be distracted by issues related to the dual allocation feature.  So I
> >> decided instead to send a separate email for that, to make things less
> confusing.
> >>
> >> My main comment about the dual allocation approach is about the
> >> choice of adding a new attribute for that.  STUN supports sending
> >> multiple attributes of the same type, and has a default processing
> >> rule for them ("Any attribute type MAY appear more than once in a
> >> STUN message.  Unless specified otherwise, the order of appearance is
> >> significant:  only the first occurrence needs to be processed by a
> >> receiver, and any duplicates MAY be ignored by a
> >> receiver.")
> >>
> >> So a TURNbis client that wants to do a dual allocating adds two
> >> REQUESTED- ADDRESS-FAMILY (RAF), one for IPv4 and one for IPv6.  An
> >> RFC 5766 server will just use the first one and ignore the second.
> >> The TURNbis client receives only one XOR-RELAYED-ADDRESS (XRA), for
> the first RAF it sent.
> >>
> >> The client can choose the order, so it receives immediately a XRA
> >> from the family it is most interested in, and can try a second
> >> allocation for the other if the server is implementing RFC 5766
> >
> >
> > No, the above change contradicts the behavior defined in
> > https://tools.ietf.org/html/rfc6156#section-3
> > <snip>
> >
> >    TURN servers allocate a single relayed transport address per
> >    allocation request.  Therefore, Allocate requests cannot carry more
> >    than one REQUESTED-ADDRESS-FAMILY attribute.  Consequently, a client
> >    that wishes to allocate more than one relayed transport address at a
> >    TURN server (e.g., an IPv4 and an IPv6 address) needs to perform
> >    several allocation requests (one allocation request per relayed
> >    transport address).
> > </snip>
> >
> > You may want to go through the long discussion in the WG to pick a new
> > attribute (ADDITIONAL-ADDRESS-FAMILY) for dual-stack allocation.
> 
> I still think it is unnecessarily complicated, but all right.
> 
> >
> >>
> >> I think that this makes for simpler rules to implement and simpler text.
> >>
> >> Now some more specific comments about the text:
> >>
> >> - Title and abstract
> >>
> >> The draft should obsolete both RFC 5766 and RFC 6156, and that fact
> >> should be repeated in the abstract.  The authors of RFC 6156 should
> >> be acknowledged either in the Acknowledgment or Contributors section.
> >
> > Done.
> >
> >>
> >> - Section 5.
> >>
> >> The first item in the bullet list should say "the relayed transport
> >> address or addresses;"
> >
> > Updated line to say "All TURN operations revolve around allocations, and all
> TURN messages are associated with either a single or dual allocation."
> >
> >>
> >> In the the fourth item, there is one time-to-expiry per relayed
> >> transport address.
> >>
> >> Same for the list of permissions in the fifth item.
> >>
> >> "Both the relayed transport address and the 5-tuple MUST be unique
> >> across all allocations, so either one can be used to uniquely identify the
> allocation."
> >>
> >> With the dual allocation, the 5-tuple no longer uniquely identify an
> allocation.
> >
> > Yes, fixed.
> >
> >>
> >> - Section 6.2
> >>
> >> I would suggest to make ADDRESS-ERROR-CODE more generic by
> renaming
> >> it as WARNING-CODE and use the same format than for ERROR-CODE.
> Then
> >> allocate a new error code for that specific warning.  I would suggest
> >> to request the 0x8009 codepoint for that attribute.
> >
> > I don't understand the need to change ADDRESS-ERROR-CODE !
> 
> To make it more generic and reusable in future specifications.

ADDRESS-ERROR-CODE cannot use the same format as ERROR-CODE, ADDRESS-ERROR-CODE signals the IP address family for which the warning is generated + all the fields in the ERROR-CODE. 

> 
> >
> >>
> >> Also I think we needs two different warnings, one that states that
> >> dual allocation is not available in a TURNbis server, but both
> >> protocols are available, and another that says that dual allocation
> >> failed because one of the two protocols is not available.  This is to
> >> let the client know that it is useless to try another allocation for the
> missing protocol.
> >
> > I don't get the reason for two different warnings.
> 
> A server may support both IPv6 and IPv4 allocations and not support dual
> allocation, in which case the client can do a second allocation for the IPv6
> relayed address.

If the server does not support dual allocation but supports both IPv6 and IPv4 allocations, it will only allocate the IPv4 relayed address and not will not return ADDRESS-ERROR-CODE in the response, the client will know the server does not understand the ADDITIONAL-ADDRESS-FAMILY attribute (ADDITIONAL-ADDRESS-FAMILY is a comprehension-optional attribute). 

> 
> Alternatively the server may not support IPv6 at all, in which case the second
> allocation will fail and was unnecessary.

ADDRESS-ERROR-CODE signals both unsupported IP address type (0x02 (IPv6 address family)) and the reason for failure (440 (unsupported address family)). 

Cheers,
-Tiru

> 
> Using two different warnings permits to know if the second allocation will
> succeed or not.
> 
> >
> >>
> >> What is the policy when reserving the next port with the EVEN-PORT
> >> attribute in a dual allocation, but one of them fails to find a pair
> >> of subsequent ports available?
> >
> > It's discussed in section 6.1
> >
> > <snip>
> >    Clients MUST NOT
> >    include ADDITIONAL-ADDRESS-FAMILY attribute in a Allocate request
> >    that contains an EVEN-PORT attribute with the R bit set to 1.
> > </snip>
> >
> >>
> >> It is not said that the Allocate successful response must contain two
> >> XRAs after a successful dual allocation.
> >
> > Good point, Updated draft.
> >
> >>
> >> I would also suggest to add some text that says that when a TURNbis
> >> server sends an Allocate success response, it must always send the
> >> XRAs in the same order than the RAFs were sent.  So in case the
> >> server sends back by mistake two XRAs, the first one matches the one
> requested by the client.
> >>
> >> The bullet list at the end needs also to be fixed for dual allocation.
> >
> > Agreed, fixed.
> >
> >>
> >> - Section 6.3
> >>
> >> Here's too, the text needs to be updated for the dual allocation case.
> >
> >
> > Yup, updated.
> >
> > Cheers,
> > -Tiru
> >
> 
> 
> --
> Marc Petit-Huguenin
> Email: marc@petit-huguenin.org
> Blog: https://marc.petit-huguenin.org
> Profile: https://www.linkedin.com/in/petithug

v2.23.0 | Report a Bug | By Email