IETF Logo Mail Archive

Re: [tram] Review of dual allocation in TURNbis-11

Marc Petit-Huguenin <petithug@acm.org> Sun, 22 October 2017 16:08 UTC

Return-Path: <petithug@acm.org>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3ED0139AA1 for <tram@ietfa.amsl.com>; Sun, 22 Oct 2017 09:08:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.441
X-Spam-Level:
X-Spam-Status: No, score=-0.441 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KdRjiTV0OTjx for <tram@ietfa.amsl.com>; Sun, 22 Oct 2017 09:08:24 -0700 (PDT)
Received: from implementers.org (unknown [92.243.22.217]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E5DF133049 for <tram@ietf.org>; Sun, 22 Oct 2017 09:08:24 -0700 (PDT)
Received: from [IPv6:2601:648:8301:730f:445e:763:74a4:83a9] (unknown [IPv6:2601:648:8301:730f:445e:763:74a4:83a9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "Marc Petit-Huguenin", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id 48074AE799; Sun, 22 Oct 2017 18:08:22 +0200 (CEST)
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>, "tram@ietf.org" <tram@ietf.org>
References: <65c75449-152c-1ce7-7c81-460ca589d9f0@acm.org> <DM5PR16MB17881ABD54B89E14F0291C56EA4C0@DM5PR16MB1788.namprd16.prod.outlook.com>
From: Marc Petit-Huguenin <petithug@acm.org>
Message-ID: <ea84bcf9-19b6-5492-383b-18e2bc5a93bf@acm.org>
Date: Sun, 22 Oct 2017 09:08:15 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <DM5PR16MB17881ABD54B89E14F0291C56EA4C0@DM5PR16MB1788.namprd16.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="8XkuvCIsk3T16gExbKu6PLBCCjlqlXnvT"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/UIM2r8b4gs7mOkrsibPp04O78FA>
Subject: Re: [tram] Review of dual allocation in TURNbis-11
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Oct 2017 16:08:27 -0000

Inline.

On 10/16/2017 07:14 PM, Konda, Tirumaleswar Reddy wrote:
> Thanks Marc for the detailed review, Please see inline
> 
>> -----Original Message-----
>> From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Marc Petit-
>> Huguenin
>> Sent: Saturday, October 14, 2017 12:59 AM
>> To: tram@ietf.org
>> Subject: [tram] Review of dual allocation in TURNbis-11
>>
>> I should first apologize the the delay in reviewing this draft.  I never managed
>> to get a sponsorship that spans the whole lifetime of a draft (or a Working
>> Group for that matter), and that why it is so difficult for me to work on IETF
>> stuff in a sustained and consistent manner.
>>
>> Anyway, I was working on a review for turnbis-11 that was specifically
>> focusing on the synchronization with stunbis, but I kept be distracted by
>> issues related to the dual allocation feature.  So I decided instead to send a
>> separate email for that, to make things less confusing.
>>
>> My main comment about the dual allocation approach is about the choice of
>> adding a new attribute for that.  STUN supports sending multiple attributes
>> of the same type, and has a default processing rule for them ("Any attribute
>> type MAY appear more than once in a STUN message.  Unless specified
>> otherwise, the order of appearance is significant:  only the first occurrence
>> needs to be processed by a receiver, and any duplicates MAY be ignored by a
>> receiver.")
>>
>> So a TURNbis client that wants to do a dual allocating adds two REQUESTED-
>> ADDRESS-FAMILY (RAF), one for IPv4 and one for IPv6.  An RFC 5766 server
>> will just use the first one and ignore the second.  The TURNbis client receives
>> only one XOR-RELAYED-ADDRESS (XRA), for the first RAF it sent.
>>
>> The client can choose the order, so it receives immediately a XRA from the
>> family it is most interested in, and can try a second allocation for the other if
>> the server is implementing RFC 5766
> 
> 
> No, the above change contradicts the behavior defined in https://tools.ietf.org/html/rfc6156#section-3 
> <snip>
> 
>    TURN servers allocate a single relayed transport address per
>    allocation request.  Therefore, Allocate requests cannot carry more
>    than one REQUESTED-ADDRESS-FAMILY attribute.  Consequently, a client
>    that wishes to allocate more than one relayed transport address at a
>    TURN server (e.g., an IPv4 and an IPv6 address) needs to perform
>    several allocation requests (one allocation request per relayed
>    transport address).
> </snip>
> 
> You may want to go through the long discussion in the WG to pick a new
> attribute (ADDITIONAL-ADDRESS-FAMILY) for dual-stack allocation.

I still think it is unnecessarily complicated, but all right.

> 
>>
>> I think that this makes for simpler rules to implement and simpler text.
>>
>> Now some more specific comments about the text:
>>
>> - Title and abstract
>>
>> The draft should obsolete both RFC 5766 and RFC 6156, and that fact should
>> be repeated in the abstract.  The authors of RFC 6156 should be
>> acknowledged either in the Acknowledgment or Contributors section.
> 
> Done. 
> 
>>
>> - Section 5.
>>
>> The first item in the bullet list should say "the relayed transport address or
>> addresses;"
> 
> Updated line to say "All TURN operations revolve around allocations, and all TURN messages are associated with either a single or dual allocation."
> 
>>
>> In the the fourth item, there is one time-to-expiry per relayed transport
>> address.
>>
>> Same for the list of permissions in the fifth item.
>>
>> "Both the relayed transport address and the 5-tuple MUST be unique across
>> all allocations, so either one can be used to uniquely identify the allocation."
>>
>> With the dual allocation, the 5-tuple no longer uniquely identify an allocation.
> 
> Yes, fixed. 
> 
>>
>> - Section 6.2
>>
>> I would suggest to make ADDRESS-ERROR-CODE more generic by renaming it
>> as WARNING-CODE and use the same format than for ERROR-CODE.  Then
>> allocate a new error code for that specific warning.  I would suggest to
>> request the 0x8009 codepoint for that attribute.
> 
> I don't understand the need to change ADDRESS-ERROR-CODE !

To make it more generic and reusable in future specifications.

> 
>>
>> Also I think we needs two different warnings, one that states that dual
>> allocation is not available in a TURNbis server, but both protocols are
>> available, and another that says that dual allocation failed because one of
>> the two protocols is not available.  This is to let the client know that it is
>> useless to try another allocation for the missing protocol.
> 
> I don't get the reason for two different warnings. 

A server may support both IPv6 and IPv4 allocations and not support dual allocation, in which case the client can do a second allocation for the IPv6 relayed address.

Alternatively the server may not support IPv6 at all, in which case the second allocation will fail and was unnecessary.

Using two different warnings permits to know if the second allocation will succeed or not.

> 
>>
>> What is the policy when reserving the next port with the EVEN-PORT
>> attribute in a dual allocation, but one of them fails to find a pair of
>> subsequent ports available?
> 
> It's discussed in section 6.1
> 
> <snip>
>    Clients MUST NOT
>    include ADDITIONAL-ADDRESS-FAMILY attribute in a Allocate request
>    that contains an EVEN-PORT attribute with the R bit set to 1.
> </snip>
> 
>>
>> It is not said that the Allocate successful response must contain two XRAs
>> after a successful dual allocation.
> 
> Good point, Updated draft. 
> 
>>
>> I would also suggest to add some text that says that when a TURNbis server
>> sends an Allocate success response, it must always send the XRAs in the
>> same order than the RAFs were sent.  So in case the server sends back by
>> mistake two XRAs, the first one matches the one requested by the client.
>>
>> The bullet list at the end needs also to be fixed for dual allocation.
> 
> Agreed, fixed. 
> 
>>
>> - Section 6.3
>>
>> Here's too, the text needs to be updated for the dual allocation case.
> 
> 
> Yup, updated.
> 
> Cheers,
> -Tiru
> 


-- 
Marc Petit-Huguenin
Email: marc@petit-huguenin.org
Blog: https://marc.petit-huguenin.org
Profile: https://www.linkedin.com/in/petithug

v2.23.0 | Report a Bug | By Email