Re: [Wish] STUN/TURN server configuration

Lorenzo Miniero <lorenzo@meetecho.com> Tue, 21 September 2021 11:30 UTC

Return-Path: <lorenzo@meetecho.com>
X-Original-To: wish@ietfa.amsl.com
Delivered-To: wish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 339FE3A0113 for <wish@ietfa.amsl.com>; Tue, 21 Sep 2021 04:30:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Level:
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.499, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=aruba.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZABKU_OdA4T7 for <wish@ietfa.amsl.com>; Tue, 21 Sep 2021 04:30:23 -0700 (PDT)
Received: from smtpcmd11116.aruba.it (smtpcmd11116.aruba.it [62.149.156.116]) by ietfa.amsl.com (Postfix) with ESMTP id 5FCBC3A010D for <wish@ietf.org>; Tue, 21 Sep 2021 04:30:23 -0700 (PDT)
Received: from lminiero ([2.232.93.8]) by Aruba Outgoing Smtp with ESMTPSA id Sdydm2vDuIR3HSdydmgZeX; Tue, 21 Sep 2021 13:30:19 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aruba.it; s=a1; t=1632223819; bh=I4X3JNtfSvmLZbKD8G4TiPNsjuzhpXISe/2X82iBO78=; h=Date:From:To:Subject:MIME-Version:Content-Type; b=eTLbRPSANhzb+g4gljejbYQy78ESZU9n9wCGcsuapXr9lDzCKenfpFJuK+ss/mZbY Mflm//A5Z8l/qRjMO2OwyeB2U91u8iVabr2Lo4lvJz+utnybS4gL3I+1Sd2I4ykkbQ XUv7qdrI3Wvgm1uDgi9idZRMh2TPUOA6LAJ/7VhOLgHgK9O/xjHdOoybabcpdaM5za KT2UuynCYBbhHMz8lFfWDu5w0PR5chcHSJ6j70wCmeATfbhBnRi02pweLvKyORuBVq kqovCKTdfDlFseql2LcGIvtaOosEyAzXU5bVTl8SMVxCkywD509/tYlgDF1N2aI1uK 8u3wBeE1yZZJg==
Date: Tue, 21 Sep 2021 13:30:18 +0200
From: Lorenzo Miniero <lorenzo@meetecho.com>
To: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Cc: WISH List <wish@ietf.org>
Message-ID: <20210921133018.44d868b9@lminiero>
In-Reply-To: <CA+ag07ah6FzfrbMGkULbZ5s1CTUgWqa-ge_c2tjHbEqDwhHSig@mail.gmail.com>
References: <CA+ag07ah6FzfrbMGkULbZ5s1CTUgWqa-ge_c2tjHbEqDwhHSig@mail.gmail.com>
Organization: Meetecho
X-Mailer: Claws Mail 3.18.0 (GTK+ 2.24.33; x86_64-redhat-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-CMAE-Envelope: MS4wfJLhes+IriRVj4hWtVWvkpzF82YXyXz0Z3p8/7tTrUx+YzBFT9KRKx0DhkKj3xyan4aoB+k7nqZkKwbRvtZGSCXvC4KyVxx5l8gTVNWmnDlnMZkkjFUl xg2hj8p+/x0c//Xiosz+a/icO5y6SHmcVmjzPNwiPbHUoDyNoz3yhY8v05y3sjgUcxx4VnRMeH1JdQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/wish/R7QS9hFy5-_etDeauErT5lpziJg>
Subject: Re: [Wish] STUN/TURN server configuration
X-BeenThere: wish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: WebRTC Ingest Signaling over HTTPS <wish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wish>, <mailto:wish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wish/>
List-Post: <mailto:wish@ietf.org>
List-Help: <mailto:wish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wish>, <mailto:wish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Sep 2021 11:30:28 -0000

On Tue, 21 Sep 2021 12:41:56 +0200
Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> wrote:

> Hi all,
> 
> One of the topics not covered yet on the draft is what to do with the
> stun/turn server configuration for the whip client.
> 
> Ideally, we don't want to have to configure a new set of url
> credentials in order to do so, and we definitely want to avoid having
> to configure them manually on the client.
> 
> The options that we have available are:
> 
> 1- Retrieving it before the SDP offer is generated and the HTTP PUT
> is sent:
> 
>    1a- Using a well known url based on the domain of the whip
> endpoint url, that is if the url of the endpoint is
> https://whip.example.org/enpoint/ the url
> would be something like
> https://whip.example.org/.well-known/ice-server-config as per rfc5785
>    1b- Using a prefetch request to the resource url (either an
> OPTIONS or GET) to retrieve the url of the turn server configuration
>    1c- Using a GET request to the whip resource to retrieve directly
> the turn server config
> 
> 
> 2-Retrieving the info after the SDP offer is generated and  HTTP PUT
> is sent. This is in theory supported  by the w3c spec (by updating
> the pc configuration via
> https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-setconfiguration)
> and according to JSEP (
> https://datatracker.ietf.org/doc/html/rfc8829#section-4.1.18) it
> shouldn't trigger a ice restart as the ice gathering has not been
> started. so it is possible to do the following steps:
> 
>  create pc without ice server config
>  create offer
>  send HTTP PUT with sdp offer
>  get response with sdp answer
>  retrieve turn server config
>  update pc config
>  set local description
>  set remote description
> 
> 
> However, I am not sure if the implementation of the setconfiguration
> is available on all browsers and other webrtc implementations. FWIW,
> chrome actually requires an ice restart if you update the turn server
> configuration regardless of the ice gathering phase.
> If we go that route we could either
> 
>    2a - return the url for gathering the http config on a Link header
> in the 202 response to the HTTP PUT request
>    2b - return directly the configuration in a mixed-type body
>    2c-  return each turn server url + params each one on a different
> link header like :
>           Link: turn:turn.example.net;
> rel="urn:ietf:params:whip:ice-server"; username="user"; credential:
> "myPassword"; credential-type: "password";
> 
> 
> I am personally in favor of option 1a in order to reduce roundtrip
> times, although I like the elegance of option 2c (even if it could
> cause problems to implement)
> 
> What are your views?
> 
> Best regards
> Sergio


I prefer 1a as well, as ideally we'll want to have STUN and TURN
addresses available before we start. I guess that, for the most
flexibility, we may want to allow different STUN/TURN servers for
different available endpoints, rather than a single well known endpoint
valid for all of them.

Lorenzo 

-- 
I'm getting older but, unlike whisky, I'm not getting any better
https://twitter.com/elminiero