IETF Logo Mail Archive

Re: [tram] Review of dual allocation in TURNbis-11

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Tue, 17 October 2017 02:14 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E5FC133074 for <tram@ietfa.amsl.com>; Mon, 16 Oct 2017 19:14:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.001
X-Spam-Level:
X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HUQxXruOJTNG for <tram@ietfa.amsl.com>; Mon, 16 Oct 2017 19:14:26 -0700 (PDT)
Received: from MIVWSMAILOUT1.mcafee.com (mivwsmailout1.mcafee.com [161.69.47.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8068132D53 for <tram@ietf.org>; Mon, 16 Oct 2017 19:14:25 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1508206464; h=From: To:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics: x-ms-exchange-antispam-srfa-diagnostics:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-exchange-antispam-report-test:x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test:x-forefront-prvs: x-forefront-antispam-report:received-spf:authentication-results: spamdiagnosticoutput:spamdiagnosticmetadata: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=X mW+GvWl1Xs7jNIIWiJwz3zE/jVSO7KgPsaFESuA4S Q=; b=fGJvd2zxyEfD6y0hVeWStSTPGGadu8qMJkwhPvkLx1Cc LwYoXsbZUWEXgNXuK95zDvRXUXVDiYbP05MftpAoO2rlD06yjP w0AkOYwrJ5e2wF+KnoKA7VTfmDZ0pYb8fsZoapGSrQ6/gX3qWM d8s6zaeJC5zWVbaMlHZkK7PDb8I=
Received: from MIVEXAPP1N03.corpzone.internalzone.com (unknown [10.48.48.90]) by MIVWSMAILOUT1.mcafee.com with smtp id 29f9_8478_c666617c_d3f2_4615_8b92_eac71898d72e; Mon, 16 Oct 2017 21:14:24 -0500
Received: from MIVEXUSR1N05.corpzone.internalzone.com (10.48.48.85) by MIVEXAPP1N03.corpzone.internalzone.com (10.48.48.90) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 16 Oct 2017 22:14:23 -0400
Received: from MIVEXAPP1N01.corpzone.internalzone.com (10.48.48.88) by MIVEXUSR1N05.corpzone.internalzone.com (10.48.48.85) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 16 Oct 2017 22:14:22 -0400
Received: from MIVO365EDGE4.corpzone.internalzone.com (10.48.176.87) by MIVEXAPP1N01.corpzone.internalzone.com (10.48.48.88) with Microsoft SMTP Server (TLS) id 15.0.1347.2 via Frontend Transport; Mon, 16 Oct 2017 22:14:22 -0400
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (10.48.176.241) by edge.mcafee.com (10.48.176.87) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 16 Oct 2017 22:14:21 -0400
Received: from DM5PR16MB1788.namprd16.prod.outlook.com (10.172.44.144) by DM5PR16MB1788.namprd16.prod.outlook.com (10.172.44.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Tue, 17 Oct 2017 02:14:20 +0000
Received: from DM5PR16MB1788.namprd16.prod.outlook.com ([10.172.44.144]) by DM5PR16MB1788.namprd16.prod.outlook.com ([10.172.44.144]) with mapi id 15.20.0077.022; Tue, 17 Oct 2017 02:14:20 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Marc Petit-Huguenin <petithug@acm.org>, "tram@ietf.org" <tram@ietf.org>
Thread-Topic: [tram] Review of dual allocation in TURNbis-11
Thread-Index: AQHTRFmkTUXySTsG3EGzRBQMWeAaDaLmPU1Q
Date: Tue, 17 Oct 2017 02:14:20 +0000
Message-ID: <DM5PR16MB17881ABD54B89E14F0291C56EA4C0@DM5PR16MB1788.namprd16.prod.outlook.com>
References: <65c75449-152c-1ce7-7c81-460ca589d9f0@acm.org>
In-Reply-To: <65c75449-152c-1ce7-7c81-460ca589d9f0@acm.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [122.172.106.162]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR16MB1788; 6:t5ilUNaMN/GIR0beN+xnkr4IVatZvNqRG4QEvQ2inkx3ie0x01MZH3uABcUkqNJbGMgcCM9xVWgq/cdDpMiAW4qc90ua65Z4kGXe9y6cYN89HtnRbp8PSUJUccUWgaJNPphk4lAvZE5trYZwgjRIi4Vep08yIlZNpug37yRUUohOBEGv5i/AqEPBw92k1xt9t2DEy7mUSjqsSxxrelbMa+rrGdMNmjgUz+TQUfIordQQCzjmm0KH4M/Jslw2WzDt3lulvvPPw/hzkzi7ddkr0MeL2KR7HWadAMfktpqtDFCtT+zK6N71aRO2Z+uw1/zfZJhYyKOHVTYHzszaC8aiOg==; 5:B63LPJlhAJUPnvvCoDG1O7QksxcBX07CiFK8d29+jbprVtWLxw9oY8AFacMr7T4UtcbUC5HvMdGzHDCBkS/luJlY2h3CUOH8r1vfs5SzDlNr8meSLXVSc5iFwl6dZcdY6VcqudWcNNBMoqlxk0q7xw==; 24:Zn3hDKsHpcEjERQCAXycnRr3CjgkyRiGZDyjXPA6z4a78hiTrC3W91okpqLXMIpTE59ikh9LtfU7cu4SU73B6Nih/oMzEFttOrItCb5KjMQ=; 7:KuyBZhqWT7Gab/QwDX9x7PATeaGTRdNMUj0xVq+bQhJHhavIv920DMBMJsBsBqQTLmYhuesYeibPBeQSCE9bE2p/RlXa4znFIZQRY9OR6qxnHjr8mN7zz+rjNoFyn+PyPKuxzDrR7Lu6lD+v4NTRPVV4LGcDWT1+4uCy3hrfCUPAEa1bU1aFf1F4Qs0b5BxJAoaYhi3K6/ZJfS74USDA3LS87pd3n7P+G9QZAJvVqk4=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 432be927-94e7-4f24-d2cf-08d51504c6de
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:DM5PR16MB1788;
x-ms-traffictypediagnostic: DM5PR16MB1788:
x-exchange-antispam-report-test: UriScan:(158342451672863)(128460861657000)(81160342030619);
x-microsoft-antispam-prvs: <DM5PR16MB1788A03F3AFFDA983524F9F9EA4C0@DM5PR16MB1788.namprd16.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(100000703101)(100105400095)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(20161123560025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM5PR16MB1788; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM5PR16MB1788;
x-forefront-prvs: 04631F8F77
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(252514010)(189002)(51444003)(52314003)(32952001)(52084003)(13464003)(377454003)(199003)(53546010)(3660700001)(966005)(97736004)(8936002)(316002)(3280700002)(81156014)(66066001)(2950100002)(6306002)(6116002)(3846002)(2906002)(102836003)(86362001)(110136005)(81166006)(2501003)(478600001)(9686003)(72206003)(8676002)(14454004)(6506006)(55016002)(74316002)(6436002)(5660300001)(105586002)(305945005)(99286003)(53936002)(33656002)(45080400002)(76176999)(50986999)(7736002)(2900100001)(77096006)(54356999)(7696004)(106356001)(25786009)(68736007)(6246003)(101416001)(80792005)(189998001)(229853002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR16MB1788; H:DM5PR16MB1788.namprd16.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Oct 2017 02:14:20.2206 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR16MB1788
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6137> : inlines <6133> : streams <1767567> : uri <2517734>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/kA7TJ2WKPvk-c8qPblBbF4w_wMg>
Subject: Re: [tram] Review of dual allocation in TURNbis-11
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Oct 2017 02:14:28 -0000

Thanks Marc for the detailed review, Please see inline

> -----Original Message-----
> From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Marc Petit-
> Huguenin
> Sent: Saturday, October 14, 2017 12:59 AM
> To: tram@ietf.org
> Subject: [tram] Review of dual allocation in TURNbis-11
> 
> I should first apologize the the delay in reviewing this draft.  I never managed
> to get a sponsorship that spans the whole lifetime of a draft (or a Working
> Group for that matter), and that why it is so difficult for me to work on IETF
> stuff in a sustained and consistent manner.
> 
> Anyway, I was working on a review for turnbis-11 that was specifically
> focusing on the synchronization with stunbis, but I kept be distracted by
> issues related to the dual allocation feature.  So I decided instead to send a
> separate email for that, to make things less confusing.
> 
> My main comment about the dual allocation approach is about the choice of
> adding a new attribute for that.  STUN supports sending multiple attributes
> of the same type, and has a default processing rule for them ("Any attribute
> type MAY appear more than once in a STUN message.  Unless specified
> otherwise, the order of appearance is significant:  only the first occurrence
> needs to be processed by a receiver, and any duplicates MAY be ignored by a
> receiver.")
> 
> So a TURNbis client that wants to do a dual allocating adds two REQUESTED-
> ADDRESS-FAMILY (RAF), one for IPv4 and one for IPv6.  An RFC 5766 server
> will just use the first one and ignore the second.  The TURNbis client receives
> only one XOR-RELAYED-ADDRESS (XRA), for the first RAF it sent.
> 
> The client can choose the order, so it receives immediately a XRA from the
> family it is most interested in, and can try a second allocation for the other if
> the server is implementing RFC 5766


No, the above change contradicts the behavior defined in https://tools.ietf.org/html/rfc6156#section-3 
<snip>

   TURN servers allocate a single relayed transport address per
   allocation request.  Therefore, Allocate requests cannot carry more
   than one REQUESTED-ADDRESS-FAMILY attribute.  Consequently, a client
   that wishes to allocate more than one relayed transport address at a
   TURN server (e.g., an IPv4 and an IPv6 address) needs to perform
   several allocation requests (one allocation request per relayed
   transport address).
</snip>

You may want to go through the long discussion in the WG to pick a new
attribute (ADDITIONAL-ADDRESS-FAMILY) for dual-stack allocation.

> 
> I think that this makes for simpler rules to implement and simpler text.
> 
> Now some more specific comments about the text:
> 
> - Title and abstract
> 
> The draft should obsolete both RFC 5766 and RFC 6156, and that fact should
> be repeated in the abstract.  The authors of RFC 6156 should be
> acknowledged either in the Acknowledgment or Contributors section.

Done. 

> 
> - Section 5.
> 
> The first item in the bullet list should say "the relayed transport address or
> addresses;"

Updated line to say "All TURN operations revolve around allocations, and all TURN messages are associated with either a single or dual allocation."

> 
> In the the fourth item, there is one time-to-expiry per relayed transport
> address.
> 
> Same for the list of permissions in the fifth item.
> 
> "Both the relayed transport address and the 5-tuple MUST be unique across
> all allocations, so either one can be used to uniquely identify the allocation."
> 
> With the dual allocation, the 5-tuple no longer uniquely identify an allocation.

Yes, fixed. 

> 
> - Section 6.2
> 
> I would suggest to make ADDRESS-ERROR-CODE more generic by renaming it
> as WARNING-CODE and use the same format than for ERROR-CODE.  Then
> allocate a new error code for that specific warning.  I would suggest to
> request the 0x8009 codepoint for that attribute.

I don't understand the need to change ADDRESS-ERROR-CODE !

> 
> Also I think we needs two different warnings, one that states that dual
> allocation is not available in a TURNbis server, but both protocols are
> available, and another that says that dual allocation failed because one of
> the two protocols is not available.  This is to let the client know that it is
> useless to try another allocation for the missing protocol.

I don't get the reason for two different warnings. 

> 
> What is the policy when reserving the next port with the EVEN-PORT
> attribute in a dual allocation, but one of them fails to find a pair of
> subsequent ports available?

It's discussed in section 6.1

<snip>
   Clients MUST NOT
   include ADDITIONAL-ADDRESS-FAMILY attribute in a Allocate request
   that contains an EVEN-PORT attribute with the R bit set to 1.
</snip>

> 
> It is not said that the Allocate successful response must contain two XRAs
> after a successful dual allocation.

Good point, Updated draft. 

> 
> I would also suggest to add some text that says that when a TURNbis server
> sends an Allocate success response, it must always send the XRAs in the
> same order than the RAFs were sent.  So in case the server sends back by
> mistake two XRAs, the first one matches the one requested by the client.
> 
> The bullet list at the end needs also to be fixed for dual allocation.

Agreed, fixed. 

> 
> - Section 6.3
> 
> Here's too, the text needs to be updated for the dual allocation case.


Yup, updated.

Cheers,
-Tiru

> 
> 
> --
> Marc Petit-Huguenin
> Email: marc@petit-huguenin.org
> Blog: https://marc.petit-huguenin.org
> Profile: https://www.linkedin.com/in/petithug

v2.23.0 | Report a Bug | By Email