IETF Logo Mail Archive

Re: [tram] [Tsv-art] Tsvart last call review of draft-ietf-tram-turnbis-25

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Wed, 19 June 2019 13:18 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78A9212048A; Wed, 19 Jun 2019 06:18:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.308
X-Spam-Level:
X-Spam-Status: No, score=-4.308 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hpqpb64kGouz; Wed, 19 Jun 2019 06:18:25 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CAA0120489; Wed, 19 Jun 2019 06:18:24 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1560949665; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-ms-exchange-senderadcheck: x-microsoft-antispam-message-info:Content-Type: MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-CrossTenant-userprincipalname: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=N oIIV2rQV5CKi+CW14ek2FW0/oN8hR9LCjudYAWMka c=; b=fYgWwXLkNYdhdff3+/uLy2OmeWCO43qvFL7thAn1sFOc Qkt2dHU3muKqGP9GnAZhzJ+GhRJATzLpj0xnCSZzJVxk+1/bID lfT8Bi73JQJ8yI8JghoB+OSGKMHZ+J4ZaZ4M1BdEL1Shscn9M6 qOjgWYTZxQ4BBbLYkCFw2TBAaxg=
Received: from DNVEXAPP1N06.corpzone.internalzone.com (unknown [10.44.48.90]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 2ca9_6dc7_c8c71370_d016_4b74_a16b_c885ea8b09fe; Wed, 19 Jun 2019 07:07:44 -0600
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 19 Jun 2019 07:16:44 -0600
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Wed, 19 Jun 2019 07:16:43 -0600
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (10.44.176.240) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 19 Jun 2019 07:16:42 -0600
Received: from DM5PR16MB1705.namprd16.prod.outlook.com (10.172.44.147) by DM5PR16MB1449.namprd16.prod.outlook.com (10.173.215.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.12; Wed, 19 Jun 2019 13:16:42 +0000
Received: from DM5PR16MB1705.namprd16.prod.outlook.com ([fe80::3d0a:95ec:9842:68f7]) by DM5PR16MB1705.namprd16.prod.outlook.com ([fe80::3d0a:95ec:9842:68f7%9]) with mapi id 15.20.1987.014; Wed, 19 Jun 2019 13:16:42 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Joe Touch <touch@strayalpha.com>
CC: Magnus Westerlund <magnus.westerlund@ericsson.com>, "tram@ietf.org" <tram@ietf.org>, Brandon Williams <brandon.williams@akamai.com>, "draft-ietf-tram-turnbis.all@ietf.org" <draft-ietf-tram-turnbis.all@ietf.org>, "tsv-art@ietf.org" <tsv-art@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Thread-Topic: [Tsv-art] [tram] Tsvart last call review of draft-ietf-tram-turnbis-25
Thread-Index: AQHVJeJ2zBNO/MoToUu8o4//D8AZNqai0WDA
Date: Wed, 19 Jun 2019 13:16:42 +0000
Message-ID: <DM5PR16MB170505241FAB128A7A2B0F64EAE50@DM5PR16MB1705.namprd16.prod.outlook.com>
References: <155971464360.28104.6837263931145163343@ietfa.amsl.com> <F306B122-79F3-4C7A-8CE2-1C094D9F0FCC@strayalpha.com> <DM5PR16MB1705A4C370C4405AFFD63546EA100@DM5PR16MB1705.namprd16.prod.outlook.com> <5F2F8A3B-2887-4107-81E2-B4E222A4044E@strayalpha.com> <DM5PR16MB1705BD4E31370D2F5A179F17EA130@DM5PR16MB1705.namprd16.prod.outlook.com> <2C6B5776-CB95-4607-8D0C-07FDE2F6D515@strayalpha.com> <DM5PR16MB1705638AD29F3288E4AC0952EAED0@DM5PR16MB1705.namprd16.prod.outlook.com> <HE1PR0701MB252250AE4E7C158F985B0CC895ED0@HE1PR0701MB2522.eurprd07.prod.outlook.com> <D9A01E28-F9FB-4C86-AFD3-A2BA8D89C340@strayalpha.com> <a3bbeb17-e768-9ab2-9f34-3d179fa8fe38@akamai.com> <E41C125D-F3B4-475E-8AD0-124F531F1DC9@strayalpha.com> <DM5PR16MB170564C0438321CC3FDD0ACFEAEF0@DM5PR16MB1705.namprd16.prod.outlook.com> <4C41A2BC-0CBC-42D5-B313-22F9A9D51F6E@strayalpha.com> <DM5PR16MB1705874C023145D26DCB58E6EAEE0@DM5PR16MB1705.namprd16.prod.outlook.com> <edcd66c2-0dfb-8f89-d6a3-53482c433d4e@strayalpha.com> <DM5PR16MB17057CCD4D2543D84254EFD1EAEB0@DM5PR16MB1705.namprd16.prod.outlook.com> <9EC31E30-695B-4F9E-9320-63B6F0E08036@strayalpha.com> <DM5PR16MB17054A230572CECFB3E2EADEEAEA0@DM5PR16MB1705.namprd16.prod.outlook.com> <25ACCF3B-3E1D-4F01-A75D-C3DDF0F8B48F@strayalpha.com>
In-Reply-To: <25ACCF3B-3E1D-4F01-A75D-C3DDF0F8B48F@strayalpha.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.3.0.8
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [49.37.204.46]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f8e1cabf-e176-4d99-b6a7-08d6f4b85f0c
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:DM5PR16MB1449;
x-ms-traffictypediagnostic: DM5PR16MB1449:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <DM5PR16MB144992DF7B76C5685BD26680EAE50@DM5PR16MB1449.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0073BFEF03
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(366004)(39860400002)(396003)(376002)(346002)(32952001)(189003)(199004)(71200400001)(7736002)(54896002)(6306002)(236005)(9686003)(11346002)(6246003)(66476007)(476003)(55016002)(9326002)(68736007)(66066001)(5660300002)(52536014)(446003)(66946007)(478600001)(102836004)(26005)(4326008)(486006)(66446008)(14454004)(8676002)(66556008)(72206003)(86362001)(53546011)(6506007)(53936002)(6916009)(966005)(316002)(33656002)(81166006)(790700001)(3846002)(74316002)(606006)(81156014)(256004)(64756008)(6116002)(186003)(76176011)(25786009)(8936002)(54906003)(6436002)(229853002)(2906002)(5024004)(73956011)(76116006)(99286004)(7696005)(80792005)(71190400001)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR16MB1449; H:DM5PR16MB1705.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: /Af/TBCdSvwZmo3mvrSRm+fXlqly+TRiT6y7uoQUuSURY8g4TglPRwwh+AesRKycNh9vxnT5SHbzVYwdjwRx1ivtVckM4ZelnSlN0VQbkEpGB1IEyEjSVB7sZeeJMRBtMfqjcaWXx6gJH8uFtkvF40vRR3erXfjgVhp3iJx68JfJoc2Rap4EIzF5qpakbw8ejTayU8bU5UCWeX3VeDrLnuFVyxvJjV9flr/Ho6rEkEug01ikz4MNPeSX5jrBpRcyiC9aHP2Om3/d1vRvHo5fKwjlA40Q4uQYR8a+KmLOK2LWZ/gqVv6NVYT9y3YueiHtHuxD7ZSAyYSeLcadYSkUHTBbKwWxBFo89+D02xmefqQrbYKL5BmVLBhEo1KacMptp78Rd6FVeXdJZOa20uCxC7qaffHj7aiwZRIDlpLwuwM=
Content-Type: multipart/alternative; boundary="_000_DM5PR16MB170505241FAB128A7A2B0F64EAE50DM5PR16MB1705namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: f8e1cabf-e176-4d99-b6a7-08d6f4b85f0c
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jun 2019 13:16:42.3951 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TirumaleswarReddy_Konda@McAfee.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR16MB1449
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6571> : inlines <7107> : streams <1824943> : uri <2857791>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/8GakNt_dHslU8GIIwnAvImq6JFk>
Subject: Re: [tram] [Tsv-art] Tsvart last call review of draft-ietf-tram-turnbis-25
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jun 2019 13:18:29 -0000

Hi Joe,

Please see inline [TR3]

From: Joe Touch <touch@strayalpha.com>
Sent: Tuesday, June 18, 2019 8:00 PM
To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>
Cc: Magnus Westerlund <magnus.westerlund@ericsson.com>; tram@ietf.org; Brandon Williams <brandon.williams@akamai.com>; draft-ietf-tram-turnbis.all@ietf.org; tsv-art@ietf.org; ietf@ietf.org
Subject: Re: [Tsv-art] [tram] Tsvart last call review of draft-ietf-tram-turnbis-25


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.

________________________________
See end...


On Jun 18, 2019, at 1:31 AM, Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com<mailto:TirumaleswarReddy_Konda@McAfee.com>> wrote:

Hi Joe,

Please see inline [TR2]

From: tram <tram-bounces@ietf.org<mailto:tram-bounces@ietf.org>> On Behalf Of Joe Touch
Sent: Monday, June 17, 2019 7:48 PM
To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com<mailto:TirumaleswarReddy_Konda@McAfee.com>>
Cc: Magnus Westerlund <magnus.westerlund@ericsson.com<mailto:magnus.westerlund@ericsson.com>>; ietf@ietf.org<mailto:ietf@ietf.org>; Brandon Williams <brandon.williams@akamai.com<mailto:brandon.williams@akamai.com>>; draft-ietf-tram-turnbis.all@ietf.org<mailto:draft-ietf-tram-turnbis.all@ietf.org>; tsv-art@ietf.org<mailto:tsv-art@ietf.org>; tram@ietf.org<mailto:tram@ietf.org>
Subject: Re: [tram] [Tsv-art] Tsvart last call review of draft-ietf-tram-turnbis-25

CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
________________________________




On Jun 17, 2019, at 3:30 AM, Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com<mailto:TirumaleswarReddy_Konda@McAfee.com>> wrote:

Hi Joe,

Please see inline [TR1]
 …



On Jun 13, 2019, at 1:42 AM, Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com<mailto:TirumaleswarReddy_Konda@McAfee.com>> wrote:

...
The description in the document implies packet-to-packet translation, which
seems dangerous (even as a description). This is especially true for the
notion that each UDP packet is translated into exactly one TCP frame directly.

The TURN specification only discusses packet-to-packet translation for UDP-to-UDP relay and not for TCP-to-UDP relay.

Sec 15 talks about setting IP fragmentation based on the received messages. If this is not based on packet-to-packet translation, can you explain how this can be achieved? TCP sets DF for a connection, not on a per packet basis

[TR] It is not based on packet-to-packet translation. TURN client can set the DON’T-FRAGMENT attribute in the TURN message to tell the TURN server to set the DF bit in the resulting UDP datagram sent to the peer. Please seehttps://tools.ietf.org/html/draft-ietf-tram-turnbis-25#section-15
The section notes that only a single DSCP can be set for a TCP connection. A similar note should be included in the discussion of IP fragmentation and IP options  - these too can be set on a per-message basis for UDP, but not for TCP.
[TR1] Section 15 discusses both IP fragmentation and IP options, see https://tools.ietf.org/html/draft-ietf-tram-turnbis-25#section-15
It does, but incorrectly implies these are per packet decisions. As with that section’s description of DSCP, the descriptions of IP fragmentation and IP options need to indicate these are either not under user control (IP fragmentation) or per-connection (IP options) for TCP.

[TR2] No, the section does not say per-packet translations. Please see the below snip from Section 15
<snip>
      Preferred Behavior: When the server sends a packet to a peer in
      response to a Send indication containing the DONT-FRAGMENT
      attribute, then set the DF bit in the outgoing IP header to 1.  In
      all other cases when sending an outgoing packet containing
      application data (e.g., Data indication, ChannelData message, or
      DONT-FRAGMENT attribute not included in the Send indication), set
      the DF bit in the outgoing IP header to 0.
</snip>

Loosely restated, this says:

              when you get TURN message X, set the IP header as follows

That implies that each TURN message affects a single IP header. That implies packet translation, not content relay - especially because it cannot work for TCP content relay, where IP options cannot be controlled  mid-connection on a per-user-message basis....

[TR3] The above text is only for TCP-to-UDP relay, DF bit will be set in the outgoing UDP packet. The specification does not support TCP-to-TCP relay.


Again, despite claims of intent, this document’s description of all these translations inappropriately implies they are per-packet decisions throughout. This should further be corrected with some explicit text indicating otherwise - as has been noted throughout this thread.

[TR2] I will add the following line to avoid confusion:

Note that the server does not preform per-packet translation for TCP-to-UDP translation and vice-versa.

That seems reasonable, but….


The TURN server sets various fields in the IP header based on the DONT-FRAGMENT attribute in the TURN message and on a per-connection basis for the TCP connection.

That’s still confusing.

You’re not setting IP header values; you’re setting TCP or UDP parameters (which you hope will affect IP values).

Is this also based on the DF attribute in the TURN message, or would it be equally valid (and much more clear) to say that it is based on the DF value of a **TURN session***? I.e., what happens if you receive more than one TURN message with different DF parameters (itor if this is strictly prohibited, please cite where that is mandated).

[TR3] For TCP-to-UDP relay, the DF attribute in the TURN message will be used to set the DF bit in the outgoing UDP packet to the peer. I will re-phrase the text as follows:

Note that the server does not perform per-packet translation for TCP-to-UDP relay and vice-versa. For TCP-to-UDP relay, the TURN server sets the DF field in the outgoing UDP packet based on the presence of DONT-FRAGMENT attribute in the TURN message. For UDP-to-TCP relay, the TURN server sets various IP header fields in the TCP packets on a per-connection basis for the TCP connection.

Cheers,
-Tiru

Joe

v2.23.0 | Report a Bug | By Email