IETF Logo Mail Archive

Re: [tram] Review of dual allocation in TURNbis-11

Brandon Williams <brandon.williams@akamai.com> Fri, 09 March 2018 21:20 UTC

Return-Path: <brandon.williams@akamai.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DADD127873 for <tram@ietfa.amsl.com>; Fri, 9 Mar 2018 13:20:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g6euLg21pS0K for <tram@ietfa.amsl.com>; Fri, 9 Mar 2018 13:20:02 -0800 (PST)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0DF7124F57 for <tram@ietf.org>; Fri, 9 Mar 2018 13:20:01 -0800 (PST)
Received: from pps.filterd (m0122330.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w29LHceK005938; Fri, 9 Mar 2018 21:20:00 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=subject : to : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=jan2016.eng; bh=uOXBO9w2TJSwu5oUzuHsmfLXDd4wgZjhLEyAr4NARdc=; b=IH7eCQ15VWSljvNio/+SdEwjs7j8zo1hpMl946o8Feo8JmBv9RJ1lwZDHpMcQZEPcvTG DTwyJsXGH73icZOz6m77x5b/Tn9KfomBvlxezrzCkdOpLaUahGjKpcm3//YLXNpgpKSH BpZ0XUfm7jBQ4Fp3xd95ihvh//pQ/k2+1J2SVNnWbBTuyM0tJ6MaG6ZmPLp7hdMbQPNT 2FjnMYy5mGes8Lo9ycY01yjqAHgWVKiTRjx9GQS4sHmLDGQgua9WgyYX8W0pw3/zLdHJ YMQpk/wF6pgyogkj8w0iSW5ujjJRzVQYRJTKUybCp2ZA39bbikWsHOp89BAGtlr3TpzK lQ==
Received: from prod-mail-ppoint3 ([96.6.114.86]) by mx0b-00190b01.pphosted.com with ESMTP id 2gkvnbgsd9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 09 Mar 2018 21:19:59 +0000
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w29LFoqO005371; Fri, 9 Mar 2018 16:19:59 -0500
Received: from prod-mail-relay15.akamai.com ([172.27.17.40]) by prod-mail-ppoint3.akamai.com with ESMTP id 2gfqx1hhdp-1; Fri, 09 Mar 2018 16:19:58 -0500
Received: from [172.28.118.62] (bowill.kendall.corp.akamai.com [172.28.118.62]) by prod-mail-relay15.akamai.com (Postfix) with ESMTP id 9FD6120090; Fri, 9 Mar 2018 21:19:58 +0000 (GMT)
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>, Marc Petit-Huguenin <petithug@acm.org>, "tram@ietf.org" <tram@ietf.org>
References: <65c75449-152c-1ce7-7c81-460ca589d9f0@acm.org> <DM5PR16MB17881ABD54B89E14F0291C56EA4C0@DM5PR16MB1788.namprd16.prod.outlook.com> <ea84bcf9-19b6-5492-383b-18e2bc5a93bf@acm.org> <DM5PR16MB178859E2018148DBAD51635EEAF20@DM5PR16MB1788.namprd16.prod.outlook.com> <46fdf931-eb0c-c4fe-9c01-4a066134abfb@acm.org> <BN6PR16MB142530705DF3F28C07FAC9A2EADB0@BN6PR16MB1425.namprd16.prod.outlook.com>
From: Brandon Williams <brandon.williams@akamai.com>
Message-ID: <5942ccf6-aae5-667e-de4d-e54dd7ffa138@akamai.com>
Date: Fri, 09 Mar 2018 16:19:55 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <BN6PR16MB142530705DF3F28C07FAC9A2EADB0@BN6PR16MB1425.namprd16.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-09_11:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803090252
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-09_11:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803090252
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/fHcca0G9lr5RuBu7usxFBeclBRQ>
Subject: Re: [tram] Review of dual allocation in TURNbis-11
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Mar 2018 21:20:04 -0000

Hi Marc,

Tiru had one response and one question below. Any thoughts?

--Brandon

On 03/04/2018 08:30 AM, Konda, Tirumaleswar Reddy wrote:
> Hi Marc,
> 
> Please see inline
> 
>> -----Original Message-----
>> From: Marc Petit-Huguenin [mailto:petithug@acm.org]
>> Sent: Saturday, March 3, 2018 2:47 AM
>> To: Konda, Tirumaleswar Reddy
>> <TirumaleswarReddy_Konda@McAfee.com>; tram@ietf.org
>> Subject: Re: [tram] Review of dual allocation in TURNbis-11
>>
>> As suggested by Brandon, I reviewed turnbis-14 for the modifications agreed
>> on below, and found some discrepancies.  See inline.
>>
>> On 02/09/2018 04:51 AM, Konda, Tirumaleswar Reddy wrote:
>>>> -----Original Message-----
>>>> From: Marc Petit-Huguenin [mailto:petithug@acm.org]
>>>> Sent: Sunday, October 22, 2017 9:38 PM
>>>> To: Konda, Tirumaleswar Reddy
>>>> <TirumaleswarReddy_Konda@McAfee.com>; tram@ietf.org
>>>> Subject: Re: [tram] Review of dual allocation in TURNbis-11
>>>>
>>>> Inline.
>>>>
>>>> On 10/16/2017 07:14 PM, Konda, Tirumaleswar Reddy wrote:
>>>>> Thanks Marc for the detailed review, Please see inline
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Marc Petit-
>>>>>> Huguenin
>>>>>> Sent: Saturday, October 14, 2017 12:59 AM
>>>>>> To: tram@ietf.org
>>>>>> Subject: [tram] Review of dual allocation in TURNbis-11
>>>>>>
>>
>> [snip]
>>
>>>>>
>>>>>>
>>>>>> - Section 6.2
>>>>>>
>>>>>> I would suggest to make ADDRESS-ERROR-CODE more generic by
>>>> renaming
>>>>>> it as WARNING-CODE and use the same format than for ERROR-CODE.
>>>> Then
>>>>>> allocate a new error code for that specific warning.  I would
>>>>>> suggest to request the 0x8009 codepoint for that attribute.
>>>>>
>>>>> I don't understand the need to change ADDRESS-ERROR-CODE !
>>>>
>>>> To make it more generic and reusable in future specifications.
>>>
>>> ADDRESS-ERROR-CODE cannot use the same format as ERROR-CODE,
>> ADDRESS-ERROR-CODE signals the IP address family for which the warning is
>> generated + all the fields in the ERROR-CODE.
>>>
>>>>
>>>>>
>>>>>>
>>>>>> Also I think we needs two different warnings, one that states that
>>>>>> dual allocation is not available in a TURNbis server, but both
>>>>>> protocols are available, and another that says that dual allocation
>>>>>> failed because one of the two protocols is not available.  This is
>>>>>> to let the client know that it is useless to try another allocation
>>>>>> for the
>>>> missing protocol.
>>>>>
>>>>> I don't get the reason for two different warnings.
>>>>
>>>> A server may support both IPv6 and IPv4 allocations and not support
>>>> dual allocation, in which case the client can do a second allocation
>>>> for the IPv6 relayed address.
>>>
>>> If the server does not support dual allocation but supports both IPv6 and
>> IPv4 allocations, it will only allocate the IPv4 relayed address and not will not
>> return ADDRESS-ERROR-CODE in the response, the client will know the
>> server does not understand the ADDITIONAL-ADDRESS-FAMILY attribute
>> (ADDITIONAL-ADDRESS-FAMILY is a comprehension-optional attribute).
>>>
>>>>
>>>> Alternatively the server may not support IPv6 at all, in which case
>>>> the second allocation will fail and was unnecessary.
>>>
>>> ADDRESS-ERROR-CODE signals both unsupported IP address type (0x02
>> (IPv6 address family)) and the reason for failure (440 (unsupported address
>> family)).
>>>
>>> Cheers,
>>> -Tiru
>>>
>>>>
>>>> Using two different warnings permits to know if the second allocation
>>>> will succeed or not.
>>>>
>>>>>
>>>>>>
>>>>>> What is the policy when reserving the next port with the EVEN-PORT
>>>>>> attribute in a dual allocation, but one of them fails to find a
>>>>>> pair of subsequent ports available?
>>>>>
>>>>> It's discussed in section 6.1
>>>>>
>>>>> <snip>
>>>>>     Clients MUST NOT
>>>>>     include ADDITIONAL-ADDRESS-FAMILY attribute in a Allocate request
>>>>>     that contains an EVEN-PORT attribute with the R bit set to 1.
>>>>> </snip>
>>>>>
>>>>>>
>>>>>> It is not said that the Allocate successful response must contain
>>>>>> two XRAs after a successful dual allocation.
>>>>>
>>>>> Good point, Updated draft.
>>
>> I cannot find this update in turn-14.
> 
> This comment is partially addressed in -12 revision, step 9 (in Section 6.2 in -12 revision and Section 7.2 in -14 revision) is updated to discuss dual allocation.
> <snip>
> If the server can fully meet
> the request, then the server allocates one IPv4 and one IPv6
> relay address, and returns an Allocate success response
> containing the relayed transport addresses assigned to the dual
> allocation.
> </snip>
> 
> NEW:
> If the server can fully meet
> the request, then the server allocates one IPv4 and one IPv6
> relay address, and returns an Allocate success response
> containing the relayed transport addresses assigned to the dual
> allocation in two XOR-RELAYED-ADDRESS attributes.
> 
>>
>>>>>
>>>>>>
>>>>>> I would also suggest to add some text that says that when a TURNbis
>>>>>> server sends an Allocate success response, it must always send the
>>>>>> XRAs in the same order than the RAFs were sent.  So in case the
>>>>>> server sends back by mistake two XRAs, the first one matches the
>>>>>> one
>>>> requested by the client.
>>
>> Did not get answer to that and did not see it in turn-14.
> 
> I did not get this comment. If a request contains both REQUESTED-ADDRESS-FAMILY and ADDITIONAL-ADDRESS-FAMILY attributes, the request is rejected by the server. Further, only IPv6 address family is allowed in the
> ADDITIONAL-ADDRESS-FAMILY attribute.
> 
> 
>>
>>>>>>
>>>>>> The bullet list at the end needs also to be fixed for dual allocation.
>>>>>
>>>>> Agreed, fixed.
>>>>>
>>>>>>
>>>>>> - Section 6.3
>>>>>>
>>>>>> Here's too, the text needs to be updated for the dual allocation case.
>>>>>
>>>>>
>>>>> Yup, updated.
>>>>>
>>
>> Same, there is no update since -11 in section 7.3 (formerly 6.3)
> 
> This comment is addressed in -12 revision itself, the updated text uses "relayed transport address or addresses" and " address family or families" to discuss the
> dual allocation case.
> 
> Cheers,
> -Tiru
> 
>>
>> --
>> Marc Petit-Huguenin
>> Email: marc@petit-huguenin.org
>> Blog: https://marc.petit-huguenin.org
>> Profile: https://www.linkedin.com/in/petithug
> 
> _______________________________________________
> tram mailing list
> tram@ietf.org
> https://www.ietf.org/mailman/listinfo/tram
> 

-- 
Brandon Williams; Chief Architect
Cloud Networking; Akamai Technologies Inc.

v2.23.0 | Report a Bug | By Email