Re: [tram] New Version Notification for draft-patil-tram-turn-serv-disc-01.txt
Brandon Williams <brandon.williams@akamai.com> Mon, 19 May 2014 12:22 UTC
Return-Path: <brandon.williams@akamai.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD9CC1A036E for <tram@ietfa.amsl.com>; Mon, 19 May 2014 05:22:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3RZErTUoAwH1 for <tram@ietfa.amsl.com>; Mon, 19 May 2014 05:22:36 -0700 (PDT)
Received: from prod-mail-xrelay07.akamai.com (prod-mail-xrelay07.akamai.com [72.246.2.115]) by ietfa.amsl.com (Postfix) with ESMTP id 380A01A0249 for <tram@ietf.org>; Mon, 19 May 2014 05:22:29 -0700 (PDT)
Received: from prod-mail-xrelay07.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id F296447540; Mon, 19 May 2014 12:22:28 +0000 (GMT)
Received: from prod-mail-relay06.akamai.com (prod-mail-relay06.akamai.com [172.17.120.126]) by prod-mail-xrelay07.akamai.com (Postfix) with ESMTP id E5EBF474D4; Mon, 19 May 2014 12:22:28 +0000 (GMT)
Received: from [172.28.115.172] (bowill.kendall.corp.akamai.com [172.28.115.172]) by prod-mail-relay06.akamai.com (Postfix) with ESMTP id E26882026; Mon, 19 May 2014 12:22:28 +0000 (GMT)
Message-ID: <5379F784.1000606@akamai.com>
Date: Mon, 19 May 2014 08:22:28 -0400
From: Brandon Williams <brandon.williams@akamai.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Karl Stahl <karl.stahl@intertex.se>, "tram@ietf.org" <tram@ietf.org>
References: <20140502095509.21732.16127.idtracker@ietfa.amsl.com> <CF8969C6.32FD1%praspati@cisco.com> <043201cf7296$c9527940$5bf76bc0$@stahl@intertex.se> <5379C531.6090202@akamai.com> <054701cf7352$393a0550$abae0ff0$@stahl@intertex.se>
In-Reply-To: <054701cf7352$393a0550$abae0ff0$@stahl@intertex.se>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tram/RkbpBrYmBZePS9eue695L4UHfgg
Subject: Re: [tram] New Version Notification for draft-patil-tram-turn-serv-disc-01.txt
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 May 2014 12:22:38 -0000
I would be more concerned about anycast timing out than DNS. If the dns server exists but has no answer, it will tell you. I think you would only need a timeout for non-existent DNS servers. On the other hand, the only way you know that the anycast address doesn't work is a timeout waiting for a response. You could use an ICMP ttl-exceeded response, but they aren't reliably sent or delivered. I would argue strongly against MUST for supporting anycast, because of the security issues that have been raised. I would say SHOULD support, and those that do MUST allow users to define security policies that prohibit using anycast. --Brandon On 05/19/2014 07:05 AM, Karl Stahl wrote: >> require a round-trip between... > - I wasn't concerned about round-trips, but rather possible time-outs when > there is nothing to find - I haven't really checked (concerned about that we > don't specify something slow creating a need to trickle or something) > > Regarding multiple methods and TTL limitation, is the intention of this > draft that it may/could be used by rtcweb as: > "... webrtc browsers MUST use turn servers discovered by the anycast method > in draft-patil-tram-turn-serv-disc-01.txt with TTL limitation set to 3..." ? > > /Karl > > > -----Ursprungligt meddelande----- > Från: tram [mailto:tram-bounces@ietf.org] För Brandon Williams > Skickat: den 19 maj 2014 10:48 > Till: tram@ietf.org > Ämne: Re: [tram] New Version Notification for > draft-patil-tram-turn-serv-disc-01.txt > > I'm not sure how realistic it is to define a specific TTL limitation. > That assumes a perhaps unrealistic degree of uniformity in both the local > network implementation and the ISP network implementation. > > Regarding whether multiple methods should be in the spec, one other > important question to answer is whether all of the proposed methods have > identical security properties. There were some security limitations for > anycast (at least the well-known-address version) discussed on the list. > These security limitations still need some discussion in the draft. > > Regarding connect time, in what way is the anycast method faster than name > resolution? Under some conditions it may be faster, but typically it will > require an extra round-trip between the client and the anycast address just > as name resolution will require a round-trip between the client and the DNS > server. > > --Brandon > > On 05/18/2014 08:43 AM, Karl Stahl wrote: >> I browsed through this document and to me it looks mature enough to be >> pushed forward (hopefully soon) to get an IANA anycast address etc., >> so these things can be put into current WebRTC browsers. As we know, >> many enterprises cannot use WebRTC at all today due to their >> restrictive firewall policies - they need a TURN server on their LAN, >> discovered and used by the WebRTC browsers to even begin using WebRTC. >> >> However, I raised a few questions and some suggestions >> http://www.ietf.org/mail-archive/web/tram/current/msg00480.html >> at the end of the previous version of this draft that never became >> discussed and remain: >> >> A) Under 8.2 there is a suggested way to assure that the TURN server >> returned by the anycast method, is provided by the network provider >> (and not some far away TURN server that should not be trusted to use >> without authentication): "... can set an IP TTL on their TURN requests >> that limits how far they can travel into the public Internet." >> >> I suggest that this TTL limitation is specified (e.g. Don't look >> further than 3 steps - local firewall + max 2 ISP routers) and brought >> into section "5. Discovery using Anycast" of the draft. >> >> B) Shall we really have more than one method? If the Anycast method >> can be used by everyone, why then also have DHCP and now a two more > methods? >> >> I assume you intend that all webrtc browsers implement and can use all >> methods? Or? (If a service provider e.g. deploys DHCP discovered TURN >> servers, but some webrtc browser in some operating system don't >> find/cannot use the TURN server, it would be bad.) >> >> In previous discussions, there were some fears that DHCP options are >> not available in some common OSs. If so, I think the DHCP method >> should be skipped. >> >> Also, if the other methods (other than anycast) may fail, why have them? >> Are they better to deploy and provision for network service providers? >> >> And will webrtc browsers implement all these methods? >> >> Do we have input/feedback on these questions? >> >> Should the "connect speed factor" not also be considered? Even though >> the auto discovery can be done in advance of a call, we should >> consider the mobility use case. With a mobile client changing network, >> LAN/LTE/public WiFi etc., we want to get up and run as soon as >> possible, so the auto discovery of a new TURN server should not be a >> tedious process >> >> And should the quick anycast auto discovery not be the first to be >> tried/used (which it is not now in the draft)? >> >> C) I noticed that referenced I-D.ietf-geopriv-res-gw-lis-discovery >> is now RFC7216. >> >> /Karl >> >> >> -----Ursprungligt meddelande----- >> Från: tram [mailto:tram-bounces@ietf.org] För Prashanth Patil >> (praspati) >> Skickat: den 2 maj 2014 12:02 >> Till: tram@ietf.org >> Ämne: [tram] FW: New Version Notification for >> draft-patil-tram-turn-serv-disc-01.txt >> >> A new revision of the TURN server discovery draft has been published. >> Notable updates : >> >> * 300 (Try Alternate) response for anycast. >> * Mechanism described in draft-kist-alto-3pdisc i.e. using the clients >> own address to populate the DNS reverse zone (i.e., in-addr.arpa or >> ip6.arpa) with appropriate NAPTR records pointing to the TURN server. >> * Learning domain names from own identity. >> >> -Prashanth >> >> >> On 5/2/14 3:25 PM, "internet-drafts@ietf.org" >> <internet-drafts@ietf.org> >> wrote: >> >>> >>> A new version of I-D, draft-patil-tram-turn-serv-disc-01.txt >>> has been successfully submitted by Prashanth Patil and posted to the >>> IETF repository. >>> >>> Name: draft-patil-tram-turn-serv-disc >>> Revision: 01 >>> Title: TURN Server Auto Discovery >>> Document date: 2014-05-02 >>> Group: Individual Submission >>> Pages: 11 >>> URL: >>> http://www.ietf.org/internet-drafts/draft-patil-tram-turn-serv-disc-0 >>> 1.txt >>> Status: >>> https://datatracker.ietf.org/doc/draft-patil-tram-turn-serv-disc/ >>> Htmlized: >>> http://tools.ietf.org/html/draft-patil-tram-turn-serv-disc-01 >>> Diff: >>> http://www.ietf.org/rfcdiff?url2=draft-patil-tram-turn-serv-disc-01 >>> >>> Abstract: >>> Current Traversal Using Relays around NAT (TURN) server discovery >>> mechanisms are relatively static and limited to explicit >>> configuration. These are usually under the administrative control of >>> the application or TURN service provider, and not the enterprise or >>> the ISP, the network in which the client is located. Enterprises and >>> ISPs wishing to provide their own TURN servers need auto discovery >>> mechanisms that a TURN client could use with no or minimal >>> configuration. This document describes two such mechanisms for TURN >>> server discovery. >>> >>> >>> >>> >>> >>> Please note that it may take a couple of minutes from the time of >>> submission until the htmlized version and diff are available at >>> tools.ietf.org. >>> >>> The IETF Secretariat >>> >> >> _______________________________________________ >> tram mailing list >> tram@ietf.org >> https://www.ietf.org/mailman/listinfo/tram >> >> _______________________________________________ >> tram mailing list >> tram@ietf.org >> https://www.ietf.org/mailman/listinfo/tram >> > > -- > Brandon Williams; Senior Principal Software Engineer Emerging Products > Engineering; Akamai Technologies Inc. > > _______________________________________________ > tram mailing list > tram@ietf.org > https://www.ietf.org/mailman/listinfo/tram > -- Brandon Williams; Senior Principal Software Engineer Emerging Products Engineering; Akamai Technologies Inc.
- [tram] FW: New Version Notification for draft-pat… Prashanth Patil (praspati)
- Re: [tram] FW: New Version Notification for draft… Paul Kyzivat
- Re: [tram] FW: New Version Notification for draft… Prashanth Patil (praspati)
- Re: [tram] FW: New Version Notification for draft… Paul Kyzivat
- Re: [tram] FW: New Version Notification for draft… Simon Perreault
- Re: [tram] New Version Notification for draft-pat… Karl Stahl
- Re: [tram] New Version Notification for draft-pat… Brandon Williams
- Re: [tram] New Version Notification for draft-pat… Karl Stahl
- Re: [tram] New Version Notification for draft-pat… Brandon Williams
- Re: [tram] New Version Notification for draft-pat… Prashanth Patil (praspati)
- Re: [tram] New Version Notification for draft-pat… Karl Stahl
- Re: [tram] New Version Notification for draft-pat… Tirumaleswar Reddy (tireddy)
- Re: [tram] New Version Notification for draft-pat… Prashanth Patil (praspati)
- Re: [tram] New Version Notification for draft-pat… Karl Stahl
- Re: [tram] New Version Notification for draft-pat… Karl Stahl
- Re: [tram] New Version Notification for draft-pat… Tirumaleswar Reddy (tireddy)
- Re: [tram] New Version Notification for draft-pat… Karl Stahl
- Re: [tram] New Version Notification for draft-pat… Tirumaleswar Reddy (tireddy)