IETF Logo Mail Archive

Re: [tram] New Version Notification for draft-patil-tram-turn-serv-disc-01.txt

"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Fri, 23 May 2014 12:12 UTC

Return-Path: <tireddy@cisco.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79EC71A0181 for <tram@ietfa.amsl.com>; Fri, 23 May 2014 05:12:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.152
X-Spam-Level:
X-Spam-Status: No, score=-15.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pmar1mmEdvwd for <tram@ietfa.amsl.com>; Fri, 23 May 2014 05:12:15 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54D891A0177 for <tram@ietf.org>; Fri, 23 May 2014 05:12:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=14419; q=dns/txt; s=iport; t=1400847134; x=1402056734; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=miJaV/Aw3OBXRy+dN6Ya8qhi64Zo+ioaJPRFNBW1TQk=; b=BnNNWflKoliwGi64NviSUwX0fibeczB3wzhGS5X+tbwtnIRbzt52XavD zd5wURYVuQjt0bwOsX+qgJ+kk9kgHsoSBcCQFED2xScHvR+iL/6AS5GSa iSPAPPj+31fAr4CT+AbIDgVZasBrlXMESLvODhg4WJSagrgNXFXB4rxA+ Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AqoIAJ86f1OtJA2N/2dsb2JhbABQCYMHUlEHvQiHPAGBCRZ0giUBAQEDAQEBAWoBCQcHBgEIEQQBAQEKHS4LFAkJAQQBEggBEogeCAgF11oXiTOERAMHAQEeMwuDJYEVBIlnkUiRaoM4bYEBCRci
X-IronPort-AV: E=Sophos;i="4.98,893,1392163200"; d="scan'208";a="327368343"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-6.cisco.com with ESMTP; 23 May 2014 12:12:12 +0000
Received: from xhc-aln-x06.cisco.com (xhc-aln-x06.cisco.com [173.36.12.80]) by alln-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id s4NCCC7v025207 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 23 May 2014 12:12:12 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.76]) by xhc-aln-x06.cisco.com ([173.36.12.80]) with mapi id 14.03.0123.003; Fri, 23 May 2014 07:12:12 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Karl Stahl <karl.stahl@intertex.se>, "Prashanth Patil (praspati)" <praspati@cisco.com>, "tram@ietf.org" <tram@ietf.org>, 'Simon Perreault' <simon.perreault@viagenie.ca>
Thread-Topic: [tram] New Version Notification for draft-patil-tram-turn-serv-disc-01.txt
Thread-Index: Ac92gDOVw9oothYRQZui0FBNf1c9ng==
Date: Fri, 23 May 2014 12:12:11 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A24337770@xmb-rcd-x10.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.58.189]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tram/XHegn_tfiF2iR3L2DLqs8-o8phI
Subject: Re: [tram] New Version Notification for draft-patil-tram-turn-serv-disc-01.txt
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 May 2014 12:12:18 -0000

> -----Original Message-----
> From: Karl Stahl [mailto:karl.stahl@intertex.se]
> Sent: Thursday, May 22, 2014 2:59 PM
> To: Tirumaleswar Reddy (tireddy); Prashanth Patil (praspati); tram@ietf.org;
> 'Simon Perreault'
> Subject: SV: [tram] New Version Notification for draft-patil-tram-turn-serv-disc-
> 01.txt
> 
> Hi Tiru, you misinterpreted the use case, let me clarify.
> 
> Because there are restrictive firewalls (or other reasons) that media cannot
> get THROUGH (as you report below), as a solution we PARALLEL that firewall
> with a TURN server having one LAN and one WAN interface, where the TURN
> server at the LAN interface is offered to the enterprise LAN users to be
> used without further authentication.
> 
> This is (part of) use case "3.3.5.  Simple Video Communication Service,
> enterprise aspects" in draft-ietf-rtcweb-use-cases-and-requirements-14.txt :
> "TURN server that straddles" ... "It must be possible to configure the
> browsers used in the enterprise with network specific STUN and TURN servers.
> This should be possible to achieve by auto-configuration methods.  The
> RTCWEB functionality will need to utilize both network specific STUN and
> TURN resources and STUN and TURN servers provisioned by the web
> application."
> 
> Resulting in requirement:
>    F20     The browser must support the use of STUN and TURN
>            servers that are supplied by entities other than
>            the web application (i.e. the network provider).
> 
> And in the enterprise case discussed, you don't expect the enterprise to
> advertise that LAN TURN server with more than one (simple to configure)
> method, do you?
> - Anycast method: Just add a route in the existing restrictive
> firewall/router
> - DHCP method: Add the TURN servers LAN IP-Address to a local DHCP server
> (which may be available in the existing restrictive firewall.
> - DNS stuff: Set up something more complex on the LAN
> 
> My questions - or rather wanting to hear your thoughts - that maybe should
> be spelled out in the draft:
> 
> In this case, isn't advertizing by the Anycast-method (always?) sufficient?

Looks sufficient for this use case only. Please note that this is not the only use case for TURN server usage in Enterprise deployment. The other possible scenario is that Enterprise has tie-up with third party TURN service provider. For more information refer to the Introduction in draft http://tools.ietf.org/html/draft-williams-peer-redirect-00. In this case TURN servers are discovered using DNS and Enterprise Firewall would be configured to permit UDP traffic to these third party TURN servers only.

-Tiru


> If using other methods - browsers of course MUST use all methods for
> discovery.
> 
> Let us hear your thoughts/considerations.
> (Including, what should go into some webrtc-draft how browsers use the auto
> discovery in your draft.)
> 
> /Karl
> 
> -----Ursprungligt meddelande-----
> Från: Tirumaleswar Reddy (tireddy) [mailto:tireddy@cisco.com]
> Skickat: den 21 maj 2014 19:17
> Till: Karl Stahl; Prashanth Patil (praspati); tram@ietf.org; 'Simon
> Perreault'
> Ämne: RE: [tram] New Version Notification for
> draft-patil-tram-turn-serv-disc-01.txt
> 
> > -----Original Message-----
> > From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Karl Stahl
> > Sent: Tuesday, May 20, 2014 6:06 PM
> > To: Tirumaleswar Reddy (tireddy); Prashanth Patil (praspati);
> > tram@ietf.org; 'Simon Perreault'
> > Subject: Re: [tram] New Version Notification for
> > draft-patil-tram-turn-serv-disc- 01.txt
> >
> > In this multiple methods discussion, what about this WebRTC use case
> > that I think will be common:
> >
> > An enterprise installs a TURN server with one LAN-port (paralleling
> > its firewall), because it wants to use WebRTC but maintain a
> > restrictive firewall policy, that stops WebRTC media or it wants to
> > have a better media path than through his ordinary data crowded Internet
> access.
> >
> > Would it then be sufficient to add a route in its ordinary firewall,
> > so the anycast- address goes to that local TURN-server - and the
> > Web-browsers really use that path?
> >
> > I don't see the enterprise wanting to set up other discovery methods also.
> 
> Enterprise firewall policies to permit WebRTC media and data channels is an
> interesting problem it was discussed in pntaw ietf mailing list sometime
> back. Various mechanisms like
> http://tools.ietf.org/html/draft-hutton-rtcweb-nat-firewall-considerations-0
> 3, PCP etc were discussed. As far as I remember there was no conclusion that
> only anycast approach would work.
> 
> Cheers,
> -Tiru
> 
> >
> > /Karl
> >
> >
> > -----Ursprungligt meddelande-----
> > Från: Tirumaleswar Reddy (tireddy) [mailto:tireddy@cisco.com]
> > Skickat: den 20 maj 2014 09:14
> > Till: Karl Stahl; Prashanth Patil (praspati); tram@ietf.org; 'Simon
> Perreault'
> > Ämne: RE: [tram] New Version Notification for
> > draft-patil-tram-turn-serv-disc- 01.txt
> >
> > > -----Original Message-----
> > > From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Karl Stahl
> > > Sent: Tuesday, May 20, 2014 3:58 AM
> > > To: Prashanth Patil (praspati); tram@ietf.org; 'Simon Perreault'
> > > Subject: Re: [tram] New Version Notification for
> > > draft-patil-tram-turn-serv-disc- 01.txt
> > >
> > > I read "We'll probably need both if we want to maximize chances of
> > > discovery." in the draft also, but don't really get it.
> >
> > With Secure DHCPv6 with Public Key
> > http://tools.ietf.org/html/draft-ietf-dhc-sedhcpv6-02, DHCP has
> > benefits over Anycast.
> > But since DHCP is not workable in some cases, clients may end-up using
> > both the techniques (for e.g. use happy-eyeball mechanism) and give
> > precedence to TURN server learnt using secure DHCP.
> >
> > >
> > > Do you mean that if the network provider offers one particular TURN
> > > server to his network users, that TURN server should be advertised
> > > in both suggested ways?
> >
> > Yes
> >
> > -Tiru
> >
> > By maximize, the draft really means discovering servers that may not
> > support all discoverable methods. For example, if a provider already
> > has TURN application service provisioned in DNS (as in RFC5928), it
> > can be readily discovered without needing anycast.
> >
> > -Prashanth
> >
> > >
> > > /Karl
> > >
> > > -----Ursprungligt meddelande-----
> > > Från: tram [mailto:tram-bounces@ietf.org] För Prashanth Patil
> > > (praspati)
> > > Skickat: den 19 maj 2014 20:12
> > > Till: Karl Stahl; tram@ietf.org; 'Simon Perreault'
> > > Ämne: Re: [tram] New Version Notification for
> > > draft-patil-tram-turn-serv-disc-01.txt
> > >
> > > Hi Karl,
> > >
> > > On 5/18/14 6:13 PM, "Karl Stahl" <karl.stahl@intertex.se> wrote:
> > >
> > > >I browsed through this document and to me it looks mature enough to
> > > >be pushed forward (hopefully soon) to get an IANA anycast address
> > > >etc., so these things can be put into current WebRTC browsers. As
> > > >we know, many enterprises cannot use WebRTC at all today due to
> > > >their restrictive firewall policies - they need a TURN server on
> > > >their LAN, discovered and used by the WebRTC browsers to even begin
> using WebRTC.
> > > >
> > > >However, I raised a few questions and some suggestions
> > > >http://www.ietf.org/mail-archive/web/tram/current/msg00480.html
> > > >at the end of the previous version of this draft that never became
> > > >discussed and remain:
> > > >
> > > >A) Under 8.2 there is a suggested way to assure that the TURN
> > > >server returned by the anycast method, is provided by the network
> > > >provider (and not some far away TURN server that should not be
> > > >trusted to use without authentication): "... can set an IP TTL on
> > > >their TURN requests that limits how far they can travel into the public
> Internet."
> > > >
> > > >I suggest that this TTL limitation is specified (e.g. Don't look
> > > >further than 3 steps - local firewall + max 2 ISP routers) and
> > > >brought into section "5. Discovery using Anycast" of the draft.
> > >
> > > I think the decision should be left up to the application. We could,
> > > maybe, make a recommendation at best (i.e. it is not a MUST).
> > >
> > >
> > > >
> > > >B) Shall we really have more than one method? If the Anycast method
> > > >can be used by everyone, why then also have DHCP and now a two more
> > methods?
> > >
> > > There are essentially 2 methods described in the draft (1) Service
> > > resolution and (2) Anycast. We'll probably need both if we want to
> > > maximize chances of discovery.
> > > DHCP happens to be one method to obtain the domain-name for (1)
> > > Service resolution. While the DHCP method may not workable in some
> > > cases, the other two methods (one of them inspired by
> > > draft-kist-alto-3pdisc) could offer better results. We can do away
> > > with
> > DHCP,  if that is the WG consensus.
> > >
> > >
> > > >
> > > >I assume you intend that all webrtc browsers implement and can use
> > > >all methods? Or? (If a service provider e.g. deploys DHCP
> > > >discovered TURN servers, but some webrtc browser in some operating
> > > >system don't find/cannot use the TURN server, it would be bad.)
> > > >
> > > >In previous discussions, there were some fears that DHCP options
> > > >are not available in some common OSs. If so, I think the DHCP
> > > >method should be skipped.
> > > >
> > > >Also, if the other methods (other than anycast) may fail, why have
> them?
> > >
> > > Anycast may fail, too.
> > >
> > >
> > > >
> > > >Are they better to deploy and provision for network service providers?
> > > >
> > > >And will webrtc browsers implement all these methods?
> > > >
> > > >Do we have input/feedback on these questions?
> > > >
> > > >Should the "connect speed factor" not also be considered? Even
> > > >though the auto discovery can be done in advance of a call, we
> > > >should consider the mobility use case. With a mobile client
> > > >changing network, LAN/LTE/public WiFi etc., we want to get up and
> > > >run as soon as possible, so the auto discovery of a new TURN server
> > > >should not be a tedious process
> > > >
> > > >And should the quick anycast auto discovery not be the first to be
> > > >tried/used (which it is not now in the draft)?
> > >
> > > Given that there is a service resolution mechanism for TURN over
> > > DTLS
> > > (http://tools.ietf.org/html/draft-ietf-tram-stun-dtls-02#page-6), it
> seems useful to do service resolution before.
> > >
> > > >
> > > >C) I noticed that referenced I-D.ietf-geopriv-res-gw-lis-discovery
> > > >is now RFC7216.
> > >
> > > Thanks, will update.
> > >
> > > -Prashanth
> > >
> > >
> > > >
> > > >/Karl
> > > >
> > > >
> > > >-----Ursprungligt meddelande-----
> > > >Från: tram [mailto:tram-bounces@ietf.org] För Prashanth Patil
> > > >(praspati)
> > > >Skickat: den 2 maj 2014 12:02
> > > >Till: tram@ietf.org
> > > >Ämne: [tram] FW: New Version Notification for
> > > >draft-patil-tram-turn-serv-disc-01.txt
> > > >
> > > >A new revision of the TURN server discovery draft has been published.
> > > >Notable updates :
> > > >
> > > >* 300 (Try Alternate) response for anycast.
> > > >* Mechanism described in draft-kist-alto-3pdisc i.e. using the
> > > >clients own address to populate the DNS reverse zone (i.e.,
> > > >in-addr.arpa or
> > > >ip6.arpa) with appropriate NAPTR records pointing to the TURN server.
> > > >* Learning domain names from own identity.
> > > >
> > > >-Prashanth
> > > >
> > > >
> > > >On 5/2/14 3:25 PM, "internet-drafts@ietf.org"
> > > ><internet-drafts@ietf.org>
> > > >wrote:
> > > >
> > > >>
> > > >>A new version of I-D, draft-patil-tram-turn-serv-disc-01.txt
> > > >>has been successfully submitted by Prashanth Patil and posted to
> > > >>the IETF repository.
> > > >>
> > > >>Name:		draft-patil-tram-turn-serv-disc
> > > >>Revision:	01
> > > >>Title:		TURN Server Auto Discovery
> > > >>Document date:	2014-05-02
> > > >>Group:		Individual Submission
> > > >>Pages:		11
> > > >>URL:
> > > >>http://www.ietf.org/internet-drafts/draft-patil-tram-turn-serv-dis
> > > >>c-
> > > >>01
> > > >>.tx
> > > >>t
> > > >>Status:
> > > >>https://datatracker.ietf.org/doc/draft-patil-tram-turn-serv-disc/
> > > >>Htmlized:
> > > >>http://tools.ietf.org/html/draft-patil-tram-turn-serv-disc-01
> > > >>Diff:
> > > >>http://www.ietf.org/rfcdiff?url2=draft-patil-tram-turn-serv-disc-0
> > > >>1
> > > >>
> > > >>Abstract:
> > > >>   Current Traversal Using Relays around NAT (TURN) server discovery
> > > >>   mechanisms are relatively static and limited to explicit
> > > >>   configuration.  These are usually under the administrative control
> of
> > > >>   the application or TURN service provider, and not the enterprise or
> > > >>   the ISP, the network in which the client is located.  Enterprises
> and
> > > >>   ISPs wishing to provide their own TURN servers need auto discovery
> > > >>   mechanisms that a TURN client could use with no or minimal
> > > >>   configuration.  This document describes two such mechanisms for
> TURN
> > > >>   server discovery.
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>Please note that it may take a couple of minutes from the time of
> > > >>submission until the htmlized version and diff are available at
> > > >>tools.ietf.org.
> > > >>
> > > >>The IETF Secretariat
> > > >>
> > > >
> > > >_______________________________________________
> > > >tram mailing list
> > > >tram@ietf.org
> > > >https://www.ietf.org/mailman/listinfo/tram
> > > >
> > >
> > > _______________________________________________
> > > tram mailing list
> > > tram@ietf.org
> > > https://www.ietf.org/mailman/listinfo/tram
> > >
> > > _______________________________________________
> > > tram mailing list
> > > tram@ietf.org
> > > https://www.ietf.org/mailman/listinfo/tram
> >
> > _______________________________________________
> > tram mailing list
> > tram@ietf.org
> > https://www.ietf.org/mailman/listinfo/tram

v2.23.0 | Report a Bug | By Email