Re: [tram] Multiple allocations SV: I-D Action: draft-ietf-tram-turnbis-15.txt

Brandon Williams <brandon.williams@akamai.com> Wed, 21 March 2018 17:06 UTC

Return-Path: <brandon.williams@akamai.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08AF61270AB for <tram@ietfa.amsl.com>; Wed, 21 Mar 2018 10:06:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qLIUOImArAOl for <tram@ietfa.amsl.com>; Wed, 21 Mar 2018 10:06:21 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2ACA7126CC7 for <tram@ietf.org>; Wed, 21 Mar 2018 10:06:20 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.22/8.16.0.22) with SMTP id w2LH5eD9025956; Wed, 21 Mar 2018 17:06:08 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=jan2016.eng; bh=nBP9QMgUxuuWbE/20nxFl319TwoaC/LzwZ8lC2baHW0=; b=b9uWwfoxEOzeVxXavhlFN0u4tUT9NT4ScNKd5VBiIbZvKhJILhAcB1fFoWPegVvI9y74 UtxmIHMwfUhxV81nsn3SMXVaIO25VkRMV9w0ajGjZe2VJ2l7zchphEA6Tz+4Yf1WrCNS P9Nui9IjmwyhDx/+KTBATHeB+3y60LfZTa6Kjhhphq37U7GndgBTkB6R4YA7ZadomyAZ IY2/Xb13UncTXbQYqrRLOB6bTSW/u4TpOZ3vkJdG3hT8QcPsC51H9ZUjLHytHrKqKlSD 4HVBkowsJJ1Znn3sEw3/ASKPN13e+LsPK8R0KqUFlesOwdFQ/qyMCSE/QBAo75Ryy5mC xw==
Received: from prod-mail-ppoint4 ([96.6.114.87]) by m0050102.ppops.net-00190b01. with ESMTP id 2gue7t1s1s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 21 Mar 2018 17:06:07 +0000
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w2LH2Ngj012181; Wed, 21 Mar 2018 13:06:06 -0400
Received: from prod-mail-relay14.akamai.com ([172.27.17.39]) by prod-mail-ppoint4.akamai.com with ESMTP id 2grxbvvcsd-1; Wed, 21 Mar 2018 13:06:05 -0400
Received: from [172.28.118.62] (bowill.kendall.corp.akamai.com [172.28.118.62]) by prod-mail-relay14.akamai.com (Postfix) with ESMTP id D170083A06; Wed, 21 Mar 2018 17:06:04 +0000 (GMT)
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>, "Olle E. Johansson" <oej@edvina.net>, Karl Stahl <karl.stahl@ingate.com>
Cc: "tram@ietf.org" <tram@ietf.org>
References: <152136260256.18150.10551009018364033510@ietfa.amsl.com> <BN6PR16MB1425D61744AC7480972C800AEAD50@BN6PR16MB1425.namprd16.prod.outlook.com> <031e01d3c085$5f581db0$1e085910$@stahl@ingate.com> <BEC020EA-C973-48E5-A918-EF2D25953E33@edvina.net> <BN6PR16MB1425327E5CD094CF18A040F2EAAA0@BN6PR16MB1425.namprd16.prod.outlook.com>
From: Brandon Williams <brandon.williams@akamai.com>
Message-ID: <c3584946-2782-2ac7-7f7c-7e7ae273fec9@akamai.com>
Date: Wed, 21 Mar 2018 13:05:57 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <BN6PR16MB1425327E5CD094CF18A040F2EAAA0@BN6PR16MB1425.namprd16.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-21_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803210196
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-21_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803210196
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/H3r8jqmLqVX52lHXggyR3kYsmlo>
Subject: Re: [tram] Multiple allocations SV: I-D Action: draft-ietf-tram-turnbis-15.txt
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2018 17:06:24 -0000

+1

When Tiru indicated that he had covered Karl's comments, I believe that 
he meant the other comments that were not asking to increase the scope 
of the document.

I think there will be enough work in this area to define the rationale 
and protocol changes that it would be an equivalent level of effort to 
change turnbis at this point vs just working it with a new draft. For 
that reason, I prefer covering the gap with a new draft.

If this does go in to turnbis, we'll need WG consensus to expand scope.

Chairs, Any suggestions on approach?

On 03/21/2018 11:23 AM, Konda, Tirumaleswar Reddy wrote:
>> -----Original Message-----
>> From: Olle E. Johansson [mailto:oej@edvina.net]
>> Sent: Tuesday, March 20, 2018 8:35 PM
>> To: Karl Stahl <karl.stahl@ingate.com>
>> Cc: Olle E Johansson <oej@edvina.net>; Konda, Tirumaleswar Reddy
>> <TirumaleswarReddy_Konda@McAfee.com>; tram@ietf.org
>> Subject: Re: Multiple allocations SV: [tram] I-D Action: draft-ietf-tram-turnbis-
>> 15.txt
>>
>>
>>> On 20 Mar 2018, at 20:55, Karl Stahl <karl.stahl@ingate.com> wrote:
>>>
>>>> This revision addresses comments from Mark, Karl and Noriyuki Torii.
>>> My comment about need for multiple allocations is NOT addressed.
>>>
>>> Let me explain more clearly why multiple allocations is needed:
>>>
>>> ICE is about finding all/many paths for the media, e.g. with the help
>>> of TURN servers.
>>> Those paths are not over ONE IPv4 network, over ONE IPv6 network or
>>> EXACTLY ONE OF EACH.
>>> If fact, it is more common that you have several IPv4 networks paths.
>>>
>>> Now that we have network provided TURN servers, you only ask for
>>> Allocation once (contrary to application provided TURN servers, where
>>> you can be directed to Allocate several times.) and thus we need all
>>> relay addresses in one allocation request.
>>
>> I agree with Karl here, for network-provided turn servers (which is not defined in
>> the terminology section here on in 8155) I think there are use cases for multiple
>> addresses in multiple families.
> 
> The WG has only agreed on dual allocation, this is a new requirement for a specific deployment scenario.
> You may want to submit a new draft (just like we did for RFC8155).
> 
> -Tiru
> 
>>
>> I also understand that this will make the draft more complex. Consider the case
>> where a turn server have two IPv4 networks and one IPv6 and have run out of
>> possible allocations on one IPv4 network - should it send what’s available or
>> send an error message and fail completely?
>>
>> Regardless, this is a good time to fix this.
>>
>> /O
>>
>>
>>>
>>> Wasn't that the reason dual allocation was requested? The need for
>>> multiple allocation is stronger!
>>>
>>> Please address this, e.g. like below (seems you are almost there).
>>>
>>> /Karl
>>>
>>>
>>> ******************* Previous *******************
>>>
>>> Allowing a turn allocation to return multiple relayed transport
>>> addresses, beyond ONE IPv4 and ONE IPv6 (which may sit on the same or
>>> on different interfaces/network segments), seems like very small step
>>> now when the dual allocation was put in place in this draft. We
>>> certainly need it (some reasons below) if TURN is going to be used
>>> where needed and we cannot wait for any additional draft.
>>>
>>> Seems like it is sufficient to extent this table (found in draft 14)
>>> with 3 new values (as shown):
>>>
>>> 16.  STUN Attributes
>>>
>>>    This STUN extension defines the following attributes:
>>>
>>>      0x000C: CHANNEL-NUMBER
>>>      0x000D: LIFETIME
>>>      0x0010: Reserved (was BANDWIDTH)
>>>      0x0012: XOR-PEER-ADDRESS
>>>      0x0013: DATA
>>>      0x0016: XOR-RELAYED-ADDRESS
>>>      0x0017: REQUESTED-ADDRESS-FAMILY
>>>      0x0018: EVEN-PORT
>>>      0x0019: REQUESTED-TRANSPORT
>>>      0x001A: DONT-FRAGMENT
>>>      0x0021: Reserved (was TIMER-VAL)
>>>      0x0022: RESERVATION-TOKEN
>>>      TBD-CA: ADDITIONAL-ADDRESS-FAMILY
>>> ADDITIONAL-ADDRESS-ALL
>>> ADDITIONAL-ADDRESS-ALLV4
>>> ADDITIONAL-ADDRESS-ALLV6
>>>      TBD-CA: ADDRESS-ERROR-CODE
>>>      TBD-CA: ICMP
>>>
>>> Actually, browsing through the draft for ADDITIONAL-ADDRESS-FAMILY,
>>> very little text seems to be added for generalization to  ADDITIONAL-
>> ADDRESS-xxx.
>>> Almost everything applies to ADDITIONAL-ADDRESS-xxx and can be reused.
>>>
>>> ADDITIONAL-ADDRESS-ALL should be the default for any modern TURN client.
>>>
>>> Check! - We need this now.
>>>
>>> Thanks,
>>> Karl
>>>
>>>> -----Original Message-----
>>>> From: Karl Stahl [mailto:karl.stahl@ingate.com]
>>>> Sent: Sunday, March 4, 2018 10:36 PM
>>>> To: 'Marc Petit-Huguenin' <petithug@acm.org>; Konda, Tirumaleswar
>>>> Reddy <TirumaleswarReddy_Konda@McAfee.com>; tram@ietf.org
>>>> Subject: SV: [tram] Review of dual allocation in TURNbis-11
>>>>
>>>> Hi,
>>>>
>>>> When we now have "dual allocation" into this draft (I see on page 26:
>>>> "If
>>> the
>>>> client wishes to obtain one IPv6 and one IPv4 relayed transport
>>>> address
>>> then
>>>> it includes an ADDITIONAL-ADDRESS-FAMILY transport address then it")
>>>> can we not generalize that further and allow MORE THAN ONE relayed
>>>> transport address (of any family) in response to an allocation?
>>>>
>>>> I mean that a TURN server could have several relay interfaces at
>>>> different
>>> IP-
>>>> addresses into different networks - not just the Internet, but also a
>>>> VoIP (higher quality) network e.g. by some triple play service
>>>> provider, an IMS network or some branch office network.
>>>>
>>>> I think this is specifically important for network provided/auto
>>> discovered
>>>> turn servers (application provided turn servers could instead just
>>>> list
>>> several
>>>> turn servers).
>>>>
>>>> I saw someone snipped this about "SINGLE relayed transport address
>>>> per allocation request"
>>>>>> https://tools.ietf.org/html/rfc6156#section-3
>>>>>> <snip>
>>>>>>
>>>>>>    TURN servers allocate a single relayed transport address per
>>>>>>    allocation request.  Therefore, Allocate requests cannot carry more
>>>>>>    than one REQUESTED-ADDRESS-FAMILY attribute.  Consequently, a
>>>> client
>>>>>>    that wishes to allocate more than one relayed transport address
>>>>>> at
>>> a
>>>>>>    TURN server (e.g., an IPv4 and an IPv6 address) needs to perform
>>>>>>    several allocation requests (one allocation request per relayed
>>>>>>    transport address).
>>>>>> </snip>
>>>>
>>>> but if that is remedied now, it seems like a small step to generalize
>>>> so
>>> we can
>>>> get multiple relayed transport addresses from one allocate request?
>>>>
>>>> /Karl
>>>
>>>
>>> -----Ursprungligt meddelande-----
>>> Från: tram [mailto:tram-bounces@ietf.org] För Konda, Tirumaleswar
>>> Reddy
>>> Skickat: den 18 mars 2018 09:51
>>> Till: tram@ietf.org
>>> Ämne: Re: [tram] I-D Action: draft-ietf-tram-turnbis-15.txt
>>>
>>> This revision addresses comments from Mark, Karl and Noriyuki Torii.
>>>
>>> -Tiru
>>>
>>>> -----Original Message-----
>>>> From: tram [mailto:tram-bounces@ietf.org] On Behalf Of internet-
>>>> drafts@ietf.org
>>>> Sent: Sunday, March 18, 2018 8:43 AM
>>>> To: i-d-announce@ietf.org
>>>> Cc: tram@ietf.org
>>>> Subject: [tram] I-D Action: draft-ietf-tram-turnbis-15.txt
>>>>
>>>>
>>>> A New Internet-Draft is available from the on-line Internet-Drafts
>>> directories.
>>>> This draft is a work item of the TURN Revised and Modernized WG of
>>>> the IETF.
>>>>
>>>>         Title           : Traversal Using Relays around NAT (TURN): Relay
>>> Extensions
>>>> to Session Traversal Utilities for NAT (STUN)
>>>>         Authors         : Tirumaleswar Reddy
>>>>                           Alan Johnston
>>>>                           Philip Matthews
>>>>                           Jonathan Rosenberg
>>>> 	Filename        : draft-ietf-tram-turnbis-15.txt
>>>> 	Pages           : 84
>>>> 	Date            : 2018-03-18
>>>>
>>>> Abstract:
>>>>    If a host is located behind a NAT, then in certain situations it can
>>>>    be impossible for that host to communicate directly with other hosts
>>>>    (peers).  In these situations, it is necessary for the host to use
>>>>    the services of an intermediate node that acts as a communication
>>>>    relay.  This specification defines a protocol, called TURN (Traversal
>>>>    Using Relays around NAT), that allows the host to control the
>>>>    operation of the relay and to exchange packets with its peers using
>>>>    the relay.  TURN differs from some other relay control protocols in
>>>>    that it allows a client to communicate with multiple peers using a
>>>>    single relay address.
>>>>
>>>>    The TURN protocol was designed to be used as part of the ICE
>>>>    (Interactive Connectivity Establishment) approach to NAT traversal,
>>>>    though it also can be used without ICE.
>>>>
>>>>    This document obsoletes RFC 5766 and RFC 6156.
>>>>
>>>>
>>>> The IETF datatracker status page for this draft is:
>>>> https://datatracker.ietf.org/doc/draft-ietf-tram-turnbis/
>>>>
>>>> There are also htmlized versions available at:
>>>> https://tools.ietf.org/html/draft-ietf-tram-turnbis-15
>>>> https://datatracker.ietf.org/doc/html/draft-ietf-tram-turnbis-15
>>>>
>>>> A diff from the previous version is available at:
>>>> https://www.ietf.org/rfcdiff?url2=draft-ietf-tram-turnbis-15
>>>>
>>>>
>>>> Please note that it may take a couple of minutes from the time of
>>> submission
>>>> until the htmlized version and diff are available at tools.ietf.org.
>>>>
>>>> Internet-Drafts are also available by anonymous FTP at:
>>>> ftp://ftp.ietf.org/internet-drafts/
>>>>
>>>> _______________________________________________
>>>> tram mailing list
>>>> tram@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/tram
>>>
>>> _______________________________________________
>>> tram mailing list
>>> tram@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tram
>>>
> 
> _______________________________________________
> tram mailing list
> tram@ietf.org
> https://www.ietf.org/mailman/listinfo/tram
>