IETF Logo Mail Archive

Re: [tram] Multiple allocations SV: I-D Action: draft-ietf-tram-turnbis-15.txt

"Karl Stahl" <karl.stahl@ingate.com> Thu, 05 April 2018 15:52 UTC

Return-Path: <karl@ingate.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 109AB12D88D for <tram@ietfa.amsl.com>; Thu, 5 Apr 2018 08:52:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.989
X-Spam-Level:
X-Spam-Status: No, score=-0.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MSGID_MULTIPLE_AT=1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ingate.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E246GuWZnp1t for <tram@ietfa.amsl.com>; Thu, 5 Apr 2018 08:52:43 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0079.outbound.protection.outlook.com [104.47.0.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 632AE12D87D for <tram@ietf.org>; Thu, 5 Apr 2018 08:52:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ingate.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=NjjYJOnz2wSrKaWQiRE3ejnN3SgYnsH44Rvbi9haSmw=; b=F5SAnjlsui5OAydU6T1qje+c6xRR0ti9hTnktThex0Jnli5SUqqnBIZH3DdMtF233xMJYaIAb0vYDccOEwfiJ7mXCoQBbtavXRZaXy6TD8hagCNJmo1uoycihkwEeltH3J/Rlqss9HkurIJ1/v2hRnVJEYeI1na8+GJ4ZVutdb0=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=karl@ingate.com;
Received: from Kallei7 (90.229.133.175) by AM4PR01MB1825.eurprd01.prod.exchangelabs.com (2603:10a6:200:9::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.653.12; Thu, 5 Apr 2018 15:52:37 +0000
From: Karl Stahl <karl.stahl@ingate.com>
To: 'Noriyuki Torii' <torii0573@gmail.com>, tram@ietf.org
References: <152136260256.18150.10551009018364033510@ietfa.amsl.com> <BN6PR16MB1425D61744AC7480972C800AEAD50@BN6PR16MB1425.namprd16.prod.outlook.com> <5ab16736.d461ca0a.4c075.ef7dSMTPIN_ADDED_BROKEN@mx.google.com> <CABEjbR+2yBgtVrYDxE75SH6V6_G5XSciBnu39WGeGyxXEz8p6g@mail.gmail.com>
In-Reply-To: <CABEjbR+2yBgtVrYDxE75SH6V6_G5XSciBnu39WGeGyxXEz8p6g@mail.gmail.com>
Date: Thu, 05 Apr 2018 17:52:43 +0200
Message-ID: <01b101d3ccf6$231e5d50$695b17f0$@stahl>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_01B2_01D3CD06.E6A72D50"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AdPMjjRf33GSGjOETYeZjDpy/qpGHwANGn+g
Content-Language: sv
X-Originating-IP: [90.229.133.175]
X-ClientProxiedBy: AM0PR06CA0063.eurprd06.prod.outlook.com (2603:10a6:208:aa::40) To AM4PR01MB1825.eurprd01.prod.exchangelabs.com (2603:10a6:200:9::23)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: fe942a94-4aa5-4d14-1986-08d59b0d4155
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4604075)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603328)(7153060)(7193020); SRVR:AM4PR01MB1825;
X-Microsoft-Exchange-Diagnostics: 1; AM4PR01MB1825; 3:Ufv3tHpytC9UuM7UIZFv3lGJqZ24txje8764jw4wOEIc9svfCyYupZ20FhPwrNhfnyxlUtg0KWAcnyUAOYsrljQX8zv3Jf1zdr4Hia+DyOyWWRBCKtREEeBMLc09iWA43OlcAIL9M23+rSR802Rwczf8XC/KqnB+ffpcsGnxRaEGB3xZqpmzH6xfMzKGKCVpULpxpgBfKK1RUthZB4MtlfN5f5TNKX/7p5P/d97Y1Lb9N9ELD7rQQz29p8edcGdn; 25:27rKkwTr8eS9JvJ3HT205VSqH9yHzmzReFsmYzhPlx50GWjhIU4IHsmzsDuGgz6jJp6s/eZoLvC5YZ4pxTIogMZVVYuzEiVmd/VaOVH6FoSoL2Ovmzd68IbIxCB6DZFIqR8ryXUk6nRzIv1EXDDu4v7XOad9HhM/xjbrwgz3CUbVfEy9Hv9+QrF9i26oXx6znQMjW4cai8tUkVs938VGbQpOJfXuPVGsBJsP7d3yH/XClxFTSUcHEeTIdT8R4pzVIwydbwwuNnOtsSnP0s+ZqKRZFsrTPE4Ts2gu71znTTgMEsg9XvTd/YINSG2uBXYow0sgUu61Hc5HnYL2mRwzKw==; 31:Ilk9vcqskprpb9sZlW/yofQMdw5f8xmDdasp/Er8W2/s4m0rSvt+7SvZelk9PAddVv5M9ctqfSWXnVzfQji7+Y/l8MQsAyNtpTC4piHaXymCGzLvi/WTeG3gL3vqNAf2hIjl8TPCTzO0EaSkwI5DPotZ9m2od2TEjh7XmrG+Q/XR2kkhvaS7rgsXeapkzIsRfKRYMzNODbmlVhI/Rpcy4ZR6H81XNJuyxs1ZJD9ohik=
X-MS-TrafficTypeDiagnostic: AM4PR01MB1825:
X-Microsoft-Antispam-PRVS: <AM4PR01MB182542CBDED2EDC2CAFAFF46B1BB0@AM4PR01MB1825.eurprd01.prod.exchangelabs.com>
X-Exchange-Antispam-Report-Test: UriScan:(28532068793085)(158342451672863)(278428928389397)(120809045254105)(192374486261705)(213716511872227)(21532816269658)(123452027830198)(17755550239193)(21748063052155);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(3231221)(944501327)(52105095)(10201501046)(6041310)(20161123564045)(20161123558120)(20161123562045)(2016111802025)(20161123560045)(6072148)(6043046)(201708071742011); SRVR:AM4PR01MB1825; BCL:0; PCL:0; RULEID:; SRVR:AM4PR01MB1825;
X-Microsoft-Exchange-Diagnostics: 1; AM4PR01MB1825; 4:0EPWhw8Lv85yxi5HVcqSS6leV5mq3SsLSxDJw64ZSaKWIjM12k1kBw6Nxz4n3VjqWAPMbc4JQGubQfO/cvQzMDv5ZDR2dED/gt4jQQZJokVRDiyZ1TlbtlPMvxnAqHoJanu2tz7u2jeKT7/3NkmFC8VFjWqlN+TvVom1twDRmhGbbyKyFfKBXGZxshW7/sVsRIq/3G12KvG73N/H0tY1h/5SlQhfVFGS+5bZImiZMKv3IYIhXoohCTWXXfGNhF0rW0xcSu5cW/tgf9fU3brub8ZaYbKECIzv1gpqxexTaoWIBAwcjNw4IWVB5ZydWvmjHVSJEdvW17agxF0dq9nQayd8xjzy9z9kR6g6y7rPJjflPk/xfKHEVroOevtVUIcdVg3+uatl1wrk+oaA/dksNcFIba+2q/8ed6XicQqhOnUOL81Z2aVsuI/a5NIn5Xhcg5BUGZQUjvDvssJZ8mSH9SFgQK7DwNTWPIs7YfHLKcJwYfN6+ilKsrKlhA4PlVirFuvFxpltUAHDXeCbF1bCRezf9Gw2eDyWc6KIG6AqSUPTUvXdFmeBxIPEkGibalrOVQM4do25yuSEUKz0KciVRiwsGEAKXa4XL56H7HaGGgpjX2Kpqb89C+QV3eWYiMJd
X-Forefront-PRVS: 06339BAE63
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39830400003)(346002)(366004)(39380400002)(376002)(396003)(38534002)(189003)(199004)(13464003)(377424004)(7826002)(61296003)(61793004)(44736005)(316002)(71636004)(110136005)(478600001)(53936002)(93886005)(561944003)(16586007)(66066001)(81156014)(6666003)(81166006)(2906002)(25786009)(96836002)(5660300001)(105586002)(84116003)(50226002)(7736002)(8936002)(8676002)(39060400002)(18717965001)(33964004)(53546011)(33896004)(84326002)(76176011)(59450400001)(52116002)(36756003)(186003)(3846002)(11346002)(6116002)(966005)(6496006)(97736004)(386003)(476003)(26005)(16526019)(486006)(106356001)(956004)(102836004)(16200700003)(68736007)(446003)(53946003)(236005)(54896002)(1420700001)(14726001)(6306002)(6486002)(9686003)(790700001)(606006)(21314002)(2101003)(569006); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR01MB1825; H:Kallei7; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
Received-SPF: None (protection.outlook.com: ingate.com does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;AM4PR01MB1825;23:/sjbVJ7TyoCT8922tR7W4R4M88M03R395qpU2YcsMbcJkIiS2lUm34lijx1WgtQsyyHt19Nr7rCUWpiZA18s3HTOYIDL6SjqFLwS177BwynZJ3+hC8+rYH7C/mJyrz18E1iLbBDL6DjQy0CRTNTV7pen0H1LXBLEklTOljaYZad0ZF07Sk87Z18u7+JENBDK03+SAhIhbNOxtpJ4aZ/lFPazplkqEch9FAd+D42EzncHWiA23Pej7L/skRANUxjvDojeURoQrE1yHfHItZ6+DdOQcySwt5xLS1h0HCSWzRU4qeNwt4HBTnIpqvtcNz+zyIpF1Z4z9jOmEe3p/hcEkmDeTWFGlXXUf9jY1MJtvmUecqXqCYplFpjNQHjaUkasnfLFKKfyt7/MFwSXG8/yQsO3ox8W8l6y2ew5yvil569lFv0kBpKCBEwTrRdE9prnqr/3phTv0wzXbJmtWMBbijwgk2wMbFB0gjiP8jxT6pu57VpzuLrVxeE9PrX6EkwB+RLOdSlMha4X4PG9tR9OloVZeuiw1RiZQFHq0giLOkIAhpxcQGvOseQvzPRlPV0yEsxQ6GUNZ/QBBhkn8/wQHhOUg5UQW6i2WpAXvj9PnnpBJFGspwVP3n47pGzKoxmjpImZrMWaRj82azAQXVpKi0QbqbkqIoy8xgj0ofpNVMNCFUgLuHCQj3YeRzmg/Hx7TYwsM0yxY33ZOPJXfMD9WjP2cD3UpOhc2rVaGLovZnmXWmvT7p+cBwrKIi75YPJIjAOAjqvFcriCAONfULmzlynL1HLY9mLt01pNsZ/T+kwvV9exYpd9lTQhvttga27gf396lbCyvZooUHwIxjN5/Kg4Nl/qA5p1TCSgsBA5I/WcABihnu3d9cL5+CINL1jp9T4E2+aujt87Bp5Rv/a1K4lDnFlNdbpzo+d0PtzFhM+K+Hi7+203tGUd4dZahZRfAyeJzDLHDRTIzwu/uIt+aHGI5fNnnDwbghtrH4aqzICRmxXdP0G7QB8LVDDcTDSy2T5dZqiTLkANKcvQLWwq6Ciblfmw9GPH0sQ5yQMZC64pruLaZExNey11CSDyaVf9eCWHIZ5/YnM9pQ+jgDRa28V6p6W+rMvzo1H7oGaqRND311FbZe5ldXeYMWM/7SDm02Qxz++TSK4YjI76GtZHVNo39clCXrxTTTTk1wUrthYJTE5cIYhxi4C5Ta1ZZjl60f9P9P0HqCkleST17ty3OHs4gyJruOEO/f/Ms2NgZA/vHKTDCHwWEbUeXATRdTx2KeASZ18vb03LY5tje7gGvxjvNdL2sdVKZfLDcfgYgWffrIIydbjVDAxUQUNSlpQkJafUECMRTV8E1JcNUjXPELPM/NQHrgNGdZ6+r6JD/s8EurzpyRUjO4L5iF5ccOOc2+jpxnOL6KqF9c2PDvtnVGekqmT6ehWZrceZehymN9pJ7XTaPh7ry+kC2K/vWUN1nG3kzysCKTEweLO/u50w67cEdJO8dy4qIE1jZ3IDGwbVWjk3vLFEyJ2wBASlFL0Or77UGkB72nNo2c2OXC4n+0H4zlziP4ailqiUP+jpfrxt8jJb4UURrhYNm1/b348Y4xXPKtTxpUsdhogUYd9hrOa47wLANV2fn8HYvMd+w3kxXtNEDcEgJcwzLdxw7r48oSUMTfMlS+qDQ9kT8EqQPXWBYmwzD5Kmdyad8XGKUAO46uMuyqdaOjmLT3L+uh9n
X-Microsoft-Antispam-Message-Info: MqjgFMUFsNxVLV4kDkGQ0+uGy99AL1j6rmyJ5Mv49a+SfI8kcOrBYbTC7FW+JebtZ12Iy4Mx9Vc3roZUxfDFwnaiTtC6rFt2vpB6R+HGtyXSWWOUBTRPS5yjwvpQjIoWlFSWJk4Yurcm6M+fOEJxWDo8M5A3ONcbngfTIoeLTZnLyBhRVReJ1aplxboWEjck
X-Microsoft-Exchange-Diagnostics: 1; AM4PR01MB1825; 6:hdEuNRZdIx4tjjm6EEuz5r7U62jwNABjX8E8se87jdAnlGn2EbNdZoxrSH8TVEaVNsy34PK0FBHTYpVj67kT/KY5aIFlMK9/TFp3zlGDe+gNLEb3BZ1rb5fVMis1Bq8Ybq/MdcDB5Y7juJO/9Cw8q3v3KPuSMroJk0Hek5Iy6DzrbXkO2aX3cbMcP4W4DxavaMKciiJSjhrZ9ydbyXKMPJ9/rDEa2IXjKQ/pzHp/PxVaRf0k24vtyoYVdBbxO3lvsmVUcGQ6v6lSc3J7jz18SCdbhQwQsKDI8mf808pOP9NsjZXo7Wqg2IixSYahxqzwvzgLRns+6BUVfGmheyjU3xSiMLQq0/LBCMsHQ1nH+j2YDEqKJn4Nr8KJiBjgYrs8CJzFH25Wy/cKMNvQKxwc8iwzpuGeamRahoiqCNUaOsRitId9mSHgywnUMbeiuzD20Vw0Uxs27szHUBueD0zd4Q==; 5:74+xZhhqxx1PQVJE0mqRE/dTxqkQaQMSVOPenobLdrrcULsm5zW2B6oOsz4abuJFYNhmNrY87uexGIy3fYWpPFduYZNJBYpniNmyAlpdWD8a8cJTQrzQcDBRvmsYvZMsQJAp0Z2+PUkAkRA7EI4IMzXj2MEPa+do1aNBp8diyRo=; 24:Rr/8Z+c2to8vGJYTk16IkkuEDy13c3s2fzWRq3ikUJ5iBhWAEtsUvJ1IKh949QYNFNIxCFlLiyao1P1HNWdhm1dfgtcoH7cLYy0WIfKI0Lg=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; AM4PR01MB1825; 7:bmv9Bzf2TkajcsIPxnTxCCivuAdwUFf/D41iC0T4UVBcec2Pxv8YsGO84f/QSwTrdUYdgLKLO9kKhNdaRppWud92jXPOz2WC8COcsgWXBSFfO+MCpm3LNiTqT/tHGcgkcgamcNOy22zH0X+663DBac3eq1nvAp22xScTCx6GF/cJMyqLn80NAbGJBZStN8Xc3Jr23D2O6hfKFXQ1M1So4aovTUNCtvlV4XK2c71t7pEfO6OFCp+mO2ietIyHy3Lm
X-OriginatorOrg: ingate.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Apr 2018 15:52:37.1546 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: fe942a94-4aa5-4d14-1986-08d59b0d4155
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: c3eda49a-3ed0-46c6-8a9e-d0d8ce3d2fae
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR01MB1825
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/wOSNeouzMRSBFzL9oTOHhbt4ObY>
Subject: Re: [tram] Multiple allocations SV: I-D Action: draft-ietf-tram-turnbis-15.txt
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2018 15:52:47 -0000

Noriyoki, Answering in-line below with cuts from drafts/RFCs how the network provided turn server came to be (which is why we need the generalization to multiple allocation) and jumping back on the other thread to explain the application (that real-time media is not only over public Internet – actually, current VoIP is typically on separate (quality) networks)

 

And Olle, last below (what came first) “Network-provided servers was added to the security section of RFC 8155…”– It was the other way around! What became RFC 8155 was intended to be TURN server discovery mechanism for enterprises and ISPs. That is Network Provided TURN servers in the local or access network – Not Brandon’s TURN servers that are elsewhere (but discovered).

 

/Karl

-----Ursprungligt meddelande-----
Från: tram [mailto:tram-bounces@ietf.org] För Noriyuki Torii
Skickat: den 5 april 2018 05:29
Till: tram@ietf.org
Ämne: Re: [tram] Multiple allocations SV: I-D Action: draft-ietf-tram-turnbis-15.txt

 

Hi,

 

>From my understandings, current TURNbis specification is intended, as its

scope of, just a single IP addressed server nevertheless its IPv4/v6

co-allocation capability. Such a capablity is introduced for v4 <-> v6

communication, and not as a generalization for a multiple IP addressed

server.

 

[KS] --- That is the way it has happened (in contrast to intended/understood considering why TRAM was formed, charter https://datatracker.ietf.org/wg/tram/about and the overall need for a TURNbis)

 

 

IMHO, if a server with multiple IP addresses of the same family will be

deployed into service, idential form of allocation request currently

defined also should be sent to such a server. And the server must process

the request appropriately according to its network configuration.

 

In general, clients don't know, and shouldn't need to know, how many IP

addresses are given to the server communicating with, or how is the

topology of the network into where the server is deployed, etc.

So the client side request form selection is not usually possible.

 

[KS] --- That is totally changed with the network provided TURN server 

 

In ICE style, to get all candidates:

* With application provided TURN servers, the Client is given all TURN servers (into different networks) to Allocate multiple times.

* With network provided TURN servers, the Client needs to get all candidates in one go (One Allocation to that single network provided TURN server, that it has found somehow).

 

 

THE NETWORK PROVIDED TURNSERVER COMES FROM: RFC7478

https://tools.ietf.org/html/rfc7478 

Web Real-Time Communication Use Cases and Requirements

 

2.3.2.  Simple Video Communication Service: NAT/Firewall That Blocks UDP

 

2.3.2.1.  Description

 

   This use case is almost identical to the

   Simple Video Communication Service use case (Section 2.3.1).  The

   difference is that one of the users is behind a NAT/firewall that

   blocks UDP traffic.

 

2.3.2.2.  Additional Requirements

 

   ----------------------------------------------------------------

   REQ-ID          DESCRIPTION

   ----------------------------------------------------------------

   F18             The browser must be able to send streams and

                   data to a peer in the presence of NATs and

                   firewalls that block UDP traffic.

   ----------------------------------------------------------------

 

2.3.3.  Simple Video Communication Service: Firewall That Only Allows

 

        Traffic via an HTTP Proxy

 

2.3.3.1.  Description

 

   This use case is almost identical to the

   Simple Video Communication Service use case (Section 2.3.1).  The

   difference is that one of the users is behind a firewall that only

   allows traffic via an HTTP Proxy.

 

2.3.3.2.  Additional Requirements

 

   ----------------------------------------------------------------

   REQ-ID          DESCRIPTION

   ----------------------------------------------------------------

   F21             The browser must be able to send streams and

                   data to a peer in the presence of firewalls that only

                   allow traffic via an HTTP Proxy, when firewall policy

                   allows WebRTC traffic.

   ----------------------------------------------------------------

 

2.3.4.  Simple Video Communication Service: Global Service Provider

 

2.3.4.1.  Description

 

   This use case is almost identical to the

   Simple Video Communication Service use case (Section 2.3.1).  What is

   added is that the service provider is operating over large

   geographical areas (or even globally).

 

   Assuming that the Interactive Connectivity Establishment (ICE)

   mechanism [RFC5245] will be used, this means that the service

   provider would like to be able to provide several Session Traversal

   Utilities for NAT (STUN) and Traversal Using Relay NAT (TURN) servers

   (via the app) to the browser; selection of which one(s) to use is

   part of the ICE processing.  Other reasons for wanting to provide

   several STUN and TURN servers include support for IPv4 and IPv6, load

   balancing, and redundancy.

 

   Note that ICE support being mandatory does not preclude a WebRTC

   endpoint from supporting more traversal mechanisms than ICE using

   STUN and TURN.

 

2.3.4.2.  Additional Requirements

 

   ----------------------------------------------------------------

   REQ-ID          DESCRIPTION

   ----------------------------------------------------------------

   F19             The browser must be able to use several STUN

                   and TURN servers.

   ----------------------------------------------------------------

 

   A22

 

2.3.5.  Simple Video Communication Service: Enterprise Aspects

 

2.3.5.1.  Description

 

   This use case is similar to the Simple Video Communication Service

   use case (Section 2.3.1).

 

   What is added is aspects when using the service in enterprises.  ICE

   is assumed in the further description of this use case.

 

   An enterprise that uses a WebRTC-based web application for

   communication desires to audit all WebRTC-based application sessions

   used from inside the company towards any external peer.  To be able

   to do this, they deploy a TURN server that straddles the boundary

   between the internal and the external network.

 

   The firewall will block all attempts to use STUN with an external

   destination unless they go to the enterprise auditing TURN server.

   In cases where employees are using WebRTC applications provided by an

   external service provider, they still want the traffic to stay inside

   their internal network and in addition not load the straddling TURN

   server; thus, they deploy a STUN server allowing the WebRTC client to

   determine its server reflexive address on the internal side.  Thus,

   enabling cases where peers are both on the internal side to connect

   without the traffic leaving the internal network.  It must be

   possible to configure the browsers used in the enterprise with

   network specific STUN and TURN servers.  This should be possible to

   achieve by autoconfiguration methods.  The WebRTC functionality will

   need to utilize both network specific STUN and TURN resources and

   STUN and TURN servers provisioned by the web application.

<end cut from RFC 7478>

 

[KS continuing] That TURN server that straddles the boundary

   between the internal and the external network

+ is the network provided TURN server in the local or access network [terminology used in https://www.rfc-editor.org/rfc/pdfrfc/rfc8155.txt.pdf] 

+ and in the TRAM CHARTER is the (among milestones:)

Nov 2015  Send new TURN server discovery mechanism for enterprises and ISPs to IESG for publication as Proposed Standard draft-ietf-tram-turn-server-discovery  

+ and in https://www.ietf.org/archive/id/draft-ietf-rtcweb-return-02.txt 

TURN Proxy or Border TURN server

 

Brandon’s Network Provided TURN servers are OUTSIDE the local or access network and it is very unfortunate that https://www.rfc-editor.org/rfc/rfc8155.txt took that as the main approach “This document describes three discovery mechanisms, so as to maximize the opportunity for discovery, based on the network in which the TURN    client finds itself.” (We definitely don’t want to find Brandon’s turn servers when trying to discover the very private TURN server on the LAN – unfortunately making RFC 8155 more or less useless for its intended purpose: Autodiscovery of the network provided TURN server in the local and access network.)  

 

(And Olle: Your statement in other email “Well, since Network-provided servers was added to the security ection of RFC 8155, I kind of think it’s now in scope for everything TURN and from that standpoint I do understand Karl’s objections.” – It was the other way around! What became RFC 8155 was intended to be TURN server discovery mechanism for enterprises and ISPs.)

 

Enough of history now. And back to the other thread and the need for having real-time media on multiple WAN networks (heavily used for VoiP for over 10 years).

 

The Network Provided TURN Server in the local or access network, is really about finally resolving the NAT/Firewall traversal problem of real-time communication. After all these (15?) years, we cannot have a TURNbis RFC that in itself hinders its usage (only to use with real-time media on the public Internet – which rarely is the case).

 

 

[Noriyuki’s text again]

 

Because of above, I'm afraid to say but I couldn't agree with the Karl's

proposal of the modification of request form with additional attributes,

although I can understand there exists the demand of specification for

multiple IP addressed server.

 

I think the generalization of TURN for multiple IP addressed server is

something need more discussion and separate publication.

 

Regards,

Noriyuki Torii

 

2018-03-21 4:55 GMT+09:00 Karl Stahl < <mailto:karl.stahl@ingate.com> karl.stahl@ingate.com>:

>> This revision addresses comments from Mark, Karl and Noriyuki Torii.

> My comment about need for multiple allocations is NOT addressed.

> 

> Let me explain more clearly why multiple allocations is needed:

> 

> ICE is about finding all/many paths for the media, e.g. with the help of

> TURN servers.

> Those paths are not over ONE IPv4 network, over ONE IPv6 network or EXACTLY

> ONE OF EACH.

> If fact, it is more common that you have several IPv4 networks paths.

> 

> Now that we have network provided TURN servers, you only ask for Allocation

> once (contrary to application provided TURN servers, where you can be

> directed to Allocate several times.) and thus we need all relay addresses in

> one allocation request.

> 

> Wasn't that the reason dual allocation was requested? The need for multiple

> allocation is stronger!

> 

> Please address this, e.g. like below (seems you are almost there).

> 

> /Karl

> 

> 

> ******************* Previous *******************

> 

> Allowing a turn allocation to return multiple relayed transport addresses,

> beyond ONE IPv4 and ONE IPv6 (which may sit on the same or on different

> interfaces/network segments), seems like very small step now when the dual

> allocation was put in place in this draft. We certainly need it (some

> reasons below) if TURN is going to be used where needed and we cannot wait

> for any additional draft.

> 

> Seems like it is sufficient to extent this table (found in draft 14) with 3

> new values (as shown):

> 

> 16.  STUN Attributes

> 

>    This STUN extension defines the following attributes:

> 

>      0x000C: CHANNEL-NUMBER

>      0x000D: LIFETIME

>      0x0010: Reserved (was BANDWIDTH)

>      0x0012: XOR-PEER-ADDRESS

>      0x0013: DATA

>      0x0016: XOR-RELAYED-ADDRESS

>      0x0017: REQUESTED-ADDRESS-FAMILY

>      0x0018: EVEN-PORT

>      0x0019: REQUESTED-TRANSPORT

>      0x001A: DONT-FRAGMENT

>      0x0021: Reserved (was TIMER-VAL)

>      0x0022: RESERVATION-TOKEN

>      TBD-CA: ADDITIONAL-ADDRESS-FAMILY

> ADDITIONAL-ADDRESS-ALL

> ADDITIONAL-ADDRESS-ALLV4

> ADDITIONAL-ADDRESS-ALLV6

>      TBD-CA: ADDRESS-ERROR-CODE

>      TBD-CA: ICMP

> 

> Actually, browsing through the draft for ADDITIONAL-ADDRESS-FAMILY, very

> little text seems to be added for generalization to  ADDITIONAL-ADDRESS-xxx.

> Almost everything applies to ADDITIONAL-ADDRESS-xxx and can be reused.

> 

> ADDITIONAL-ADDRESS-ALL should be the default for any modern TURN client.

> 

> Check! - We need this now.

> 

> Thanks,

> Karl

> 

>> -----Original Message-----

>> From: Karl Stahl [ <mailto:karl.stahl@ingate.com> mailto:karl.stahl@ingate.com]

>> Sent: Sunday, March 4, 2018 10:36 PM

>> To: 'Marc Petit-Huguenin' < <mailto:petithug@acm.org> petithug@acm.org>; Konda, Tirumaleswar Reddy

>> < <mailto:TirumaleswarReddy_Konda@McAfee.com> TirumaleswarReddy_Konda@McAfee.com>;  <mailto:tram@ietf.org> tram@ietf.org

>> Subject: SV: [tram] Review of dual allocation in TURNbis-11

>> 

>> Hi,

>> 

>> When we now have "dual allocation" into this draft (I see on page 26: "If

> the

>> client wishes to obtain one IPv6 and one IPv4 relayed transport address

> then

>> it includes an ADDITIONAL-ADDRESS-FAMILY transport address then it") can

>> we not generalize that further and allow MORE THAN ONE relayed transport

>> address (of any family) in response to an allocation?

>> 

>> I mean that a TURN server could have several relay interfaces at different

> IP-

>> addresses into different networks - not just the Internet, but also a VoIP

>> (higher quality) network e.g. by some triple play service provider, an IMS

>> network or some branch office network.

>> 

>> I think this is specifically important for network provided/auto

> discovered

>> turn servers (application provided turn servers could instead just list

> several

>> turn servers).

>> 

>> I saw someone snipped this about "SINGLE relayed transport address per

>> allocation request"

>> > >  <https://tools.ietf.org/html/rfc6156#section-3> https://tools.ietf.org/html/rfc6156#section-3

>> > > <snip>

>> > >

>> > >    TURN servers allocate a single relayed transport address per

>> > >    allocation request.  Therefore, Allocate requests cannot carry more

>> > >    than one REQUESTED-ADDRESS-FAMILY attribute.  Consequently, a

>> client

>> > >    that wishes to allocate more than one relayed transport address at

> a

>> > >    TURN server (e.g., an IPv4 and an IPv6 address) needs to perform

>> > >    several allocation requests (one allocation request per relayed

>> > >    transport address).

>> > > </snip>

>> 

>> but if that is remedied now, it seems like a small step to generalize so

> we can

>> get multiple relayed transport addresses from one allocate request?

>> 

>> /Karl

> 

> 

> -----Ursprungligt meddelande-----

> Från: tram [ <mailto:tram-bounces@ietf.org> mailto:tram-bounces@ietf.org] För Konda, Tirumaleswar Reddy

> Skickat: den 18 mars 2018 09:51

> Till:  <mailto:tram@ietf.org> tram@ietf.org

> Ämne: Re: [tram] I-D Action: draft-ietf-tram-turnbis-15.txt

> 

> This revision addresses comments from Mark, Karl and Noriyuki Torii.

> 

> -Tiru

> 

>> -----Original Message-----

>> From: tram [ <mailto:tram-bounces@ietf.org> mailto:tram-bounces@ietf.org] On Behalf Of internet-

>>  <mailto:drafts@ietf.org> drafts@ietf.org

>> Sent: Sunday, March 18, 2018 8:43 AM

>> To:  <mailto:i-d-announce@ietf.org> i-d-announce@ietf.org

>> Cc:  <mailto:tram@ietf.org> tram@ietf.org

>> Subject: [tram] I-D Action: draft-ietf-tram-turnbis-15.txt

>> 

>> 

>> A New Internet-Draft is available from the on-line Internet-Drafts

> directories.

>> This draft is a work item of the TURN Revised and Modernized WG of the

>> IETF.

>> 

>>         Title           : Traversal Using Relays around NAT (TURN): Relay

> Extensions

>> to Session Traversal Utilities for NAT (STUN)

>>         Authors         : Tirumaleswar Reddy

>>                           Alan Johnston

>>                           Philip Matthews

>>                           Jonathan Rosenberg

>>       Filename        : draft-ietf-tram-turnbis-15.txt

>>       Pages           : 84

>>       Date            : 2018-03-18

>> 

>> Abstract:

>>    If a host is located behind a NAT, then in certain situations it can

>>    be impossible for that host to communicate directly with other hosts

>>    (peers).  In these situations, it is necessary for the host to use

>>    the services of an intermediate node that acts as a communication

>>    relay.  This specification defines a protocol, called TURN (Traversal

>>    Using Relays around NAT), that allows the host to control the

>>    operation of the relay and to exchange packets with its peers using

>>    the relay.  TURN differs from some other relay control protocols in

>>    that it allows a client to communicate with multiple peers using a

>>    single relay address.

>> 

>>    The TURN protocol was designed to be used as part of the ICE

>>    (Interactive Connectivity Establishment) approach to NAT traversal,

>>    though it also can be used without ICE.

>> 

>>    This document obsoletes RFC 5766 and RFC 6156.

>> 

>> 

>> The IETF datatracker status page for this draft is:

>>  <https://datatracker.ietf.org/doc/draft-ietf-tram-turnbis/> https://datatracker.ietf.org/doc/draft-ietf-tram-turnbis/

>> 

>> There are also htmlized versions available at:

>>  <https://tools.ietf.org/html/draft-ietf-tram-turnbis-15> https://tools.ietf.org/html/draft-ietf-tram-turnbis-15

>>  <https://datatracker.ietf.org/doc/html/draft-ietf-tram-turnbis-15> https://datatracker.ietf.org/doc/html/draft-ietf-tram-turnbis-15

>> 

>> A diff from the previous version is available at:

>>  <https://www.ietf.org/rfcdiff?url2=draft-ietf-tram-turnbis-15> https://www.ietf.org/rfcdiff?url2=draft-ietf-tram-turnbis-15

>> 

>> 

>> Please note that it may take a couple of minutes from the time of

> submission

>> until the htmlized version and diff are available at tools.ietf.org.

>> 

>> Internet-Drafts are also available by anonymous FTP at:

>>  <ftp://ftp.ietf.org/internet-drafts/> ftp://ftp.ietf.org/internet-drafts/

>> 

>> _______________________________________________

>> tram mailing list

>>  <mailto:tram@ietf.org> tram@ietf.org

>>  <https://www.ietf.org/mailman/listinfo/tram> https://www.ietf.org/mailman/listinfo/tram

> 

> _______________________________________________

> tram mailing list

>  <mailto:tram@ietf.org> tram@ietf.org

>  <https://www.ietf.org/mailman/listinfo/tram> https://www.ietf.org/mailman/listinfo/tram

> 

> _______________________________________________

> tram mailing list

>  <mailto:tram@ietf.org> tram@ietf.org

>  <https://www.ietf.org/mailman/listinfo/tram> https://www.ietf.org/mailman/listinfo/tram

 

_______________________________________________

tram mailing list

 <mailto:tram@ietf.org> tram@ietf.org

 <https://www.ietf.org/mailman/listinfo/tram> https://www.ietf.org/mailman/listinfo/tram

v2.23.0 | Report a Bug | By Email