IETF Logo Mail Archive

Re: [tram] New Version Notification for draft-patil-tram-turn-serv-disc-01.txt

"Karl Stahl" <karl.stahl@intertex.se> Tue, 20 May 2014 12:35 UTC

Return-Path: <karl.stahl@intertex.se>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3553B1A0683 for <tram@ietfa.amsl.com>; Tue, 20 May 2014 05:35:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.6
X-Spam-Level:
X-Spam-Status: No, score=-1.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MSGID_MULTIPLE_AT=1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1LbHYoka3TLt for <tram@ietfa.amsl.com>; Tue, 20 May 2014 05:35:52 -0700 (PDT)
Received: from smtp.it-norr.com (smtp.it-norr.com [80.244.64.161]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA3BE1A0357 for <tram@ietf.org>; Tue, 20 May 2014 05:35:50 -0700 (PDT)
Received: from ([90.229.134.75]) by smtp.it-norr.com (Telecom3 SMTP service) with ASMTP id 201405201435453059; Tue, 20 May 2014 14:35:45 +0200
From: Karl Stahl <karl.stahl@intertex.se>
To: "'Tirumaleswar Reddy (tireddy)'" <tireddy@cisco.com>, "'Prashanth Patil (praspati)'" <praspati@cisco.com>, tram@ietf.org, 'Simon Perreault' <simon.perreault@viagenie.ca>
References: <CFA01C24.36103%praspati@cisco.com> <069201cf73b1$948b5a80$bda20f80$@stahl@intertex.se> <913383AAA69FF945B8F946018B75898A24335B49@xmb-rcd-x10.cisco.com>
In-Reply-To: <913383AAA69FF945B8F946018B75898A24335B49@xmb-rcd-x10.cisco.com>
Date: Tue, 20 May 2014 14:35:43 +0200
Message-ID: <079501cf7428$0490b520$0db21f60$@stahl>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AQHPc43INN+P5dH8gUSyAQOmv2KoiJtIz96AgAA+0DCAAFRjQA==
Content-Language: sv
Archived-At: http://mailarchive.ietf.org/arch/msg/tram/ShVzCfHYsujiKqr49F7d-yRehVk
Subject: Re: [tram] New Version Notification for draft-patil-tram-turn-serv-disc-01.txt
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 May 2014 12:35:54 -0000

In this multiple methods discussion, what about this WebRTC use case that I
think will be common:

An enterprise installs a TURN server with one LAN-port (paralleling its
firewall), because it wants to use WebRTC but maintain a restrictive
firewall policy, that stops WebRTC media or it wants to have a better media
path than through his ordinary data crowded Internet access.

Would it then be sufficient to add a route in its ordinary firewall, so the
anycast-address goes to that local TURN-server - and the Web-browsers really
use that path?

I don't see the enterprise wanting to set up other discovery methods also.

/Karl


-----Ursprungligt meddelande-----
Från: Tirumaleswar Reddy (tireddy) [mailto:tireddy@cisco.com] 
Skickat: den 20 maj 2014 09:14
Till: Karl Stahl; Prashanth Patil (praspati); tram@ietf.org; 'Simon
Perreault'
Ämne: RE: [tram] New Version Notification for
draft-patil-tram-turn-serv-disc-01.txt

> -----Original Message-----
> From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Karl Stahl
> Sent: Tuesday, May 20, 2014 3:58 AM
> To: Prashanth Patil (praspati); tram@ietf.org; 'Simon Perreault'
> Subject: Re: [tram] New Version Notification for 
> draft-patil-tram-turn-serv-disc- 01.txt
> 
> I read "We'll probably need both if we want to maximize chances of 
> discovery." in the draft also, but don't really get it.

With Secure DHCPv6 with Public Key
http://tools.ietf.org/html/draft-ietf-dhc-sedhcpv6-02, DHCP has benefits
over Anycast.
But since DHCP is not workable in some cases, clients may end-up using both
the techniques (for e.g. use happy-eyeball mechanism) and give precedence to
TURN server learnt using secure DHCP.

> 
> Do you mean that if the network provider offers one particular TURN 
> server to his network users, that TURN server should be advertised in 
> both suggested ways?

Yes

-Tiru

By maximize, the draft really means discovering servers that may not support
all discoverable methods. For example, if a provider already has TURN
application service provisioned in DNS (as in RFC5928), it can be readily
discovered without needing anycast.

-Prashanth

> 
> /Karl
> 
> -----Ursprungligt meddelande-----
> Från: tram [mailto:tram-bounces@ietf.org] För Prashanth Patil 
> (praspati)
> Skickat: den 19 maj 2014 20:12
> Till: Karl Stahl; tram@ietf.org; 'Simon Perreault'
> Ämne: Re: [tram] New Version Notification for 
> draft-patil-tram-turn-serv-disc-01.txt
> 
> Hi Karl,
> 
> On 5/18/14 6:13 PM, "Karl Stahl" <karl.stahl@intertex.se> wrote:
> 
> >I browsed through this document and to me it looks mature enough to 
> >be pushed forward (hopefully soon) to get an IANA anycast address 
> >etc., so these things can be put into current WebRTC browsers. As we 
> >know, many enterprises cannot use WebRTC at all today due to their 
> >restrictive firewall policies - they need a TURN server on their LAN, 
> >discovered and used by the WebRTC browsers to even begin using WebRTC.
> >
> >However, I raised a few questions and some suggestions 
> >http://www.ietf.org/mail-archive/web/tram/current/msg00480.html
> >at the end of the previous version of this draft that never became 
> >discussed and remain:
> >
> >A) Under 8.2 there is a suggested way to assure that the TURN server 
> >returned by the anycast method, is provided by the network provider 
> >(and not some far away TURN server that should not be trusted to use 
> >without authentication): "... can set an IP TTL on their TURN 
> >requests that limits how far they can travel into the public Internet."
> >
> >I suggest that this TTL limitation is specified (e.g. Don't look 
> >further than 3 steps - local firewall + max 2 ISP routers) and 
> >brought into section "5. Discovery using Anycast" of the draft.
> 
> I think the decision should be left up to the application. We could, 
> maybe, make a recommendation at best (i.e. it is not a MUST).
> 
> 
> >
> >B) Shall we really have more than one method? If the Anycast method 
> >can be used by everyone, why then also have DHCP and now a two more
methods?
> 
> There are essentially 2 methods described in the draft (1) Service 
> resolution and (2) Anycast. We'll probably need both if we want to 
> maximize chances of discovery.
> DHCP happens to be one method to obtain the domain-name for (1) 
> Service resolution. While the DHCP method may not workable in some 
> cases, the other two methods (one of them inspired by 
> draft-kist-alto-3pdisc) could offer better results. We can do away with
DHCP,  if that is the WG consensus.
> 
> 
> >
> >I assume you intend that all webrtc browsers implement and can use 
> >all methods? Or? (If a service provider e.g. deploys DHCP discovered 
> >TURN servers, but some webrtc browser in some operating system don't 
> >find/cannot use the TURN server, it would be bad.)
> >
> >In previous discussions, there were some fears that DHCP options are 
> >not available in some common OSs. If so, I think the DHCP method 
> >should be skipped.
> >
> >Also, if the other methods (other than anycast) may fail, why have them?
> 
> Anycast may fail, too.
> 
> 
> >
> >Are they better to deploy and provision for network service providers?
> >
> >And will webrtc browsers implement all these methods?
> >
> >Do we have input/feedback on these questions?
> >
> >Should the "connect speed factor" not also be considered? Even though 
> >the auto discovery can be done in advance of a call, we should 
> >consider the mobility use case. With a mobile client changing 
> >network, LAN/LTE/public WiFi etc., we want to get up and run as soon 
> >as possible, so the auto discovery of a new TURN server should not be 
> >a tedious process
> >
> >And should the quick anycast auto discovery not be the first to be 
> >tried/used (which it is not now in the draft)?
> 
> Given that there is a service resolution mechanism for TURN over DTLS 
> (http://tools.ietf.org/html/draft-ietf-tram-stun-dtls-02#page-6), it 
> seems useful to do service resolution before.
> 
> >
> >C) I noticed that referenced I-D.ietf-geopriv-res-gw-lis-discovery
> >is now RFC7216.
> 
> Thanks, will update.
> 
> -Prashanth
> 
> 
> >
> >/Karl
> >
> >
> >-----Ursprungligt meddelande-----
> >Från: tram [mailto:tram-bounces@ietf.org] För Prashanth Patil
> >(praspati)
> >Skickat: den 2 maj 2014 12:02
> >Till: tram@ietf.org
> >Ämne: [tram] FW: New Version Notification for 
> >draft-patil-tram-turn-serv-disc-01.txt
> >
> >A new revision of the TURN server discovery draft has been published.
> >Notable updates :
> >
> >* 300 (Try Alternate) response for anycast.
> >* Mechanism described in draft-kist-alto-3pdisc i.e. using the 
> >clients own address to populate the DNS reverse zone (i.e., 
> >in-addr.arpa or
> >ip6.arpa) with appropriate NAPTR records pointing to the TURN server.
> >* Learning domain names from own identity.
> >
> >-Prashanth
> >
> >
> >On 5/2/14 3:25 PM, "internet-drafts@ietf.org"
> ><internet-drafts@ietf.org>
> >wrote:
> >
> >>
> >>A new version of I-D, draft-patil-tram-turn-serv-disc-01.txt
> >>has been successfully submitted by Prashanth Patil and posted to the 
> >>IETF repository.
> >>
> >>Name:		draft-patil-tram-turn-serv-disc
> >>Revision:	01
> >>Title:		TURN Server Auto Discovery
> >>Document date:	2014-05-02
> >>Group:		Individual Submission
> >>Pages:		11
> >>URL:
> >>http://www.ietf.org/internet-drafts/draft-patil-tram-turn-serv-disc-
> >>01
> >>.tx
> >>t
> >>Status:
> >>https://datatracker.ietf.org/doc/draft-patil-tram-turn-serv-disc/
> >>Htmlized:
> >>http://tools.ietf.org/html/draft-patil-tram-turn-serv-disc-01
> >>Diff:
> >>http://www.ietf.org/rfcdiff?url2=draft-patil-tram-turn-serv-disc-01
> >>
> >>Abstract:
> >>   Current Traversal Using Relays around NAT (TURN) server discovery
> >>   mechanisms are relatively static and limited to explicit
> >>   configuration.  These are usually under the administrative control of
> >>   the application or TURN service provider, and not the enterprise or
> >>   the ISP, the network in which the client is located.  Enterprises and
> >>   ISPs wishing to provide their own TURN servers need auto discovery
> >>   mechanisms that a TURN client could use with no or minimal
> >>   configuration.  This document describes two such mechanisms for TURN
> >>   server discovery.
> >>
> >>
> >>
> >>
> >>
> >>Please note that it may take a couple of minutes from the time of 
> >>submission until the htmlized version and diff are available at 
> >>tools.ietf.org.
> >>
> >>The IETF Secretariat
> >>
> >
> >_______________________________________________
> >tram mailing list
> >tram@ietf.org
> >https://www.ietf.org/mailman/listinfo/tram
> >
> 
> _______________________________________________
> tram mailing list
> tram@ietf.org
> https://www.ietf.org/mailman/listinfo/tram
> 
> _______________________________________________
> tram mailing list
> tram@ietf.org
> https://www.ietf.org/mailman/listinfo/tram

v2.23.0 | Report a Bug | By Email