Re: [tram] Review of dual allocation in TURNbis-11
"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Tue, 17 October 2017 02:14 UTC
Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E5FC133074 for <tram@ietfa.amsl.com>; Mon, 16 Oct 2017 19:14:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.001
X-Spam-Level:
X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HUQxXruOJTNG for <tram@ietfa.amsl.com>; Mon, 16 Oct 2017 19:14:26 -0700 (PDT)
Received: from MIVWSMAILOUT1.mcafee.com (mivwsmailout1.mcafee.com [161.69.47.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8068132D53 for <tram@ietf.org>; Mon, 16 Oct 2017 19:14:25 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1508206464; h=From: To:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics: x-ms-exchange-antispam-srfa-diagnostics:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-exchange-antispam-report-test:x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test:x-forefront-prvs: x-forefront-antispam-report:received-spf:authentication-results: spamdiagnosticoutput:spamdiagnosticmetadata: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=X mW+GvWl1Xs7jNIIWiJwz3zE/jVSO7KgPsaFESuA4S Q=; b=fGJvd2zxyEfD6y0hVeWStSTPGGadu8qMJkwhPvkLx1Cc LwYoXsbZUWEXgNXuK95zDvRXUXVDiYbP05MftpAoO2rlD06yjP w0AkOYwrJ5e2wF+KnoKA7VTfmDZ0pYb8fsZoapGSrQ6/gX3qWM d8s6zaeJC5zWVbaMlHZkK7PDb8I=
Received: from MIVEXAPP1N03.corpzone.internalzone.com (unknown [10.48.48.90]) by MIVWSMAILOUT1.mcafee.com with smtp id 29f9_8478_c666617c_d3f2_4615_8b92_eac71898d72e; Mon, 16 Oct 2017 21:14:24 -0500
Received: from MIVEXUSR1N05.corpzone.internalzone.com (10.48.48.85) by MIVEXAPP1N03.corpzone.internalzone.com (10.48.48.90) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 16 Oct 2017 22:14:23 -0400
Received: from MIVEXAPP1N01.corpzone.internalzone.com (10.48.48.88) by MIVEXUSR1N05.corpzone.internalzone.com (10.48.48.85) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 16 Oct 2017 22:14:22 -0400
Received: from MIVO365EDGE4.corpzone.internalzone.com (10.48.176.87) by MIVEXAPP1N01.corpzone.internalzone.com (10.48.48.88) with Microsoft SMTP Server (TLS) id 15.0.1347.2 via Frontend Transport; Mon, 16 Oct 2017 22:14:22 -0400
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (10.48.176.241) by edge.mcafee.com (10.48.176.87) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 16 Oct 2017 22:14:21 -0400
Received: from DM5PR16MB1788.namprd16.prod.outlook.com (10.172.44.144) by DM5PR16MB1788.namprd16.prod.outlook.com (10.172.44.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Tue, 17 Oct 2017 02:14:20 +0000
Received: from DM5PR16MB1788.namprd16.prod.outlook.com ([10.172.44.144]) by DM5PR16MB1788.namprd16.prod.outlook.com ([10.172.44.144]) with mapi id 15.20.0077.022; Tue, 17 Oct 2017 02:14:20 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Marc Petit-Huguenin <petithug@acm.org>, "tram@ietf.org" <tram@ietf.org>
Thread-Topic: [tram] Review of dual allocation in TURNbis-11
Thread-Index: AQHTRFmkTUXySTsG3EGzRBQMWeAaDaLmPU1Q
Date: Tue, 17 Oct 2017 02:14:20 +0000
Message-ID: <DM5PR16MB17881ABD54B89E14F0291C56EA4C0@DM5PR16MB1788.namprd16.prod.outlook.com>
References: <65c75449-152c-1ce7-7c81-460ca589d9f0@acm.org>
In-Reply-To: <65c75449-152c-1ce7-7c81-460ca589d9f0@acm.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [122.172.106.162]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR16MB1788; 6:t5ilUNaMN/GIR0beN+xnkr4IVatZvNqRG4QEvQ2inkx3ie0x01MZH3uABcUkqNJbGMgcCM9xVWgq/cdDpMiAW4qc90ua65Z4kGXe9y6cYN89HtnRbp8PSUJUccUWgaJNPphk4lAvZE5trYZwgjRIi4Vep08yIlZNpug37yRUUohOBEGv5i/AqEPBw92k1xt9t2DEy7mUSjqsSxxrelbMa+rrGdMNmjgUz+TQUfIordQQCzjmm0KH4M/Jslw2WzDt3lulvvPPw/hzkzi7ddkr0MeL2KR7HWadAMfktpqtDFCtT+zK6N71aRO2Z+uw1/zfZJhYyKOHVTYHzszaC8aiOg==; 5:B63LPJlhAJUPnvvCoDG1O7QksxcBX07CiFK8d29+jbprVtWLxw9oY8AFacMr7T4UtcbUC5HvMdGzHDCBkS/luJlY2h3CUOH8r1vfs5SzDlNr8meSLXVSc5iFwl6dZcdY6VcqudWcNNBMoqlxk0q7xw==; 24:Zn3hDKsHpcEjERQCAXycnRr3CjgkyRiGZDyjXPA6z4a78hiTrC3W91okpqLXMIpTE59ikh9LtfU7cu4SU73B6Nih/oMzEFttOrItCb5KjMQ=; 7:KuyBZhqWT7Gab/QwDX9x7PATeaGTRdNMUj0xVq+bQhJHhavIv920DMBMJsBsBqQTLmYhuesYeibPBeQSCE9bE2p/RlXa4znFIZQRY9OR6qxnHjr8mN7zz+rjNoFyn+PyPKuxzDrR7Lu6lD+v4NTRPVV4LGcDWT1+4uCy3hrfCUPAEa1bU1aFf1F4Qs0b5BxJAoaYhi3K6/ZJfS74USDA3LS87pd3n7P+G9QZAJvVqk4=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 432be927-94e7-4f24-d2cf-08d51504c6de
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:DM5PR16MB1788;
x-ms-traffictypediagnostic: DM5PR16MB1788:
x-exchange-antispam-report-test: UriScan:(158342451672863)(128460861657000)(81160342030619);
x-microsoft-antispam-prvs: <DM5PR16MB1788A03F3AFFDA983524F9F9EA4C0@DM5PR16MB1788.namprd16.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(100000703101)(100105400095)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(20161123560025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM5PR16MB1788; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM5PR16MB1788;
x-forefront-prvs: 04631F8F77
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(252514010)(189002)(51444003)(52314003)(32952001)(52084003)(13464003)(377454003)(199003)(53546010)(3660700001)(966005)(97736004)(8936002)(316002)(3280700002)(81156014)(66066001)(2950100002)(6306002)(6116002)(3846002)(2906002)(102836003)(86362001)(110136005)(81166006)(2501003)(478600001)(9686003)(72206003)(8676002)(14454004)(6506006)(55016002)(74316002)(6436002)(5660300001)(105586002)(305945005)(99286003)(53936002)(33656002)(45080400002)(76176999)(50986999)(7736002)(2900100001)(77096006)(54356999)(7696004)(106356001)(25786009)(68736007)(6246003)(101416001)(80792005)(189998001)(229853002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR16MB1788; H:DM5PR16MB1788.namprd16.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Oct 2017 02:14:20.2206 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR16MB1788
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6137> : inlines <6133> : streams <1767567> : uri <2517734>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/kA7TJ2WKPvk-c8qPblBbF4w_wMg>
Subject: Re: [tram] Review of dual allocation in TURNbis-11
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Oct 2017 02:14:28 -0000
Thanks Marc for the detailed review, Please see inline > -----Original Message----- > From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Marc Petit- > Huguenin > Sent: Saturday, October 14, 2017 12:59 AM > To: tram@ietf.org > Subject: [tram] Review of dual allocation in TURNbis-11 > > I should first apologize the the delay in reviewing this draft. I never managed > to get a sponsorship that spans the whole lifetime of a draft (or a Working > Group for that matter), and that why it is so difficult for me to work on IETF > stuff in a sustained and consistent manner. > > Anyway, I was working on a review for turnbis-11 that was specifically > focusing on the synchronization with stunbis, but I kept be distracted by > issues related to the dual allocation feature. So I decided instead to send a > separate email for that, to make things less confusing. > > My main comment about the dual allocation approach is about the choice of > adding a new attribute for that. STUN supports sending multiple attributes > of the same type, and has a default processing rule for them ("Any attribute > type MAY appear more than once in a STUN message. Unless specified > otherwise, the order of appearance is significant: only the first occurrence > needs to be processed by a receiver, and any duplicates MAY be ignored by a > receiver.") > > So a TURNbis client that wants to do a dual allocating adds two REQUESTED- > ADDRESS-FAMILY (RAF), one for IPv4 and one for IPv6. An RFC 5766 server > will just use the first one and ignore the second. The TURNbis client receives > only one XOR-RELAYED-ADDRESS (XRA), for the first RAF it sent. > > The client can choose the order, so it receives immediately a XRA from the > family it is most interested in, and can try a second allocation for the other if > the server is implementing RFC 5766 No, the above change contradicts the behavior defined in https://tools.ietf.org/html/rfc6156#section-3 <snip> TURN servers allocate a single relayed transport address per allocation request. Therefore, Allocate requests cannot carry more than one REQUESTED-ADDRESS-FAMILY attribute. Consequently, a client that wishes to allocate more than one relayed transport address at a TURN server (e.g., an IPv4 and an IPv6 address) needs to perform several allocation requests (one allocation request per relayed transport address). </snip> You may want to go through the long discussion in the WG to pick a new attribute (ADDITIONAL-ADDRESS-FAMILY) for dual-stack allocation. > > I think that this makes for simpler rules to implement and simpler text. > > Now some more specific comments about the text: > > - Title and abstract > > The draft should obsolete both RFC 5766 and RFC 6156, and that fact should > be repeated in the abstract. The authors of RFC 6156 should be > acknowledged either in the Acknowledgment or Contributors section. Done. > > - Section 5. > > The first item in the bullet list should say "the relayed transport address or > addresses;" Updated line to say "All TURN operations revolve around allocations, and all TURN messages are associated with either a single or dual allocation." > > In the the fourth item, there is one time-to-expiry per relayed transport > address. > > Same for the list of permissions in the fifth item. > > "Both the relayed transport address and the 5-tuple MUST be unique across > all allocations, so either one can be used to uniquely identify the allocation." > > With the dual allocation, the 5-tuple no longer uniquely identify an allocation. Yes, fixed. > > - Section 6.2 > > I would suggest to make ADDRESS-ERROR-CODE more generic by renaming it > as WARNING-CODE and use the same format than for ERROR-CODE. Then > allocate a new error code for that specific warning. I would suggest to > request the 0x8009 codepoint for that attribute. I don't understand the need to change ADDRESS-ERROR-CODE ! > > Also I think we needs two different warnings, one that states that dual > allocation is not available in a TURNbis server, but both protocols are > available, and another that says that dual allocation failed because one of > the two protocols is not available. This is to let the client know that it is > useless to try another allocation for the missing protocol. I don't get the reason for two different warnings. > > What is the policy when reserving the next port with the EVEN-PORT > attribute in a dual allocation, but one of them fails to find a pair of > subsequent ports available? It's discussed in section 6.1 <snip> Clients MUST NOT include ADDITIONAL-ADDRESS-FAMILY attribute in a Allocate request that contains an EVEN-PORT attribute with the R bit set to 1. </snip> > > It is not said that the Allocate successful response must contain two XRAs > after a successful dual allocation. Good point, Updated draft. > > I would also suggest to add some text that says that when a TURNbis server > sends an Allocate success response, it must always send the XRAs in the > same order than the RAFs were sent. So in case the server sends back by > mistake two XRAs, the first one matches the one requested by the client. > > The bullet list at the end needs also to be fixed for dual allocation. Agreed, fixed. > > - Section 6.3 > > Here's too, the text needs to be updated for the dual allocation case. Yup, updated. Cheers, -Tiru > > > -- > Marc Petit-Huguenin > Email: marc@petit-huguenin.org > Blog: https://marc.petit-huguenin.org > Profile: https://www.linkedin.com/in/petithug
- [tram] Review of dual allocation in TURNbis-11 Marc Petit-Huguenin
- Re: [tram] Review of dual allocation in TURNbis-11 Konda, Tirumaleswar Reddy
- Re: [tram] Review of dual allocation in TURNbis-11 Marc Petit-Huguenin
- Re: [tram] Review of dual allocation in TURNbis-11 Konda, Tirumaleswar Reddy
- Re: [tram] Review of dual allocation in TURNbis-11 Marc Petit-Huguenin
- Re: [tram] Review of dual allocation in TURNbis-11 Konda, Tirumaleswar Reddy
- Re: [tram] Review of dual allocation in TURNbis-11 Karl Stahl
- Re: [tram] Review of dual allocation in TURNbis-11 Konda, Tirumaleswar Reddy
- [tram] Extend dual allocation to multiple in TURN… Karl Stahl
- Re: [tram] Review of dual allocation in TURNbis-11 Brandon Williams
- Re: [tram] Extend dual allocation to multiple in … Brandon Williams
- Re: [tram] Review of dual allocation in TURNbis-11 Brandon Williams
- Re: [tram] Review of dual allocation in TURNbis-11 Marc Petit-Huguenin