TURN -01 Changes and Issues Rohan Mahy BEHAVE at IETF66 - Montreal.

Slides:

Advertisements

Similar presentations

STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.

Advertisements

RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-

ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.

NAT/Firewall Traversal April NAT revisited – “port-translating NAT”

1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings

NAT Traversal for P2PSIP Philip Matthews Avaya. Peer X Peer Y Peer W 2. P2PSIP Network Establishing new Peer Protocol connection Peer Protocol messages.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

Slide 1 Client / Server Paradigm. Slide 2 Outline: Client / Server Paradigm Client / Server Model of Interaction Server Design Issues C/ S Points of Interaction.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Introduction to the Application.

ICE Jonathan Rosenberg dynamicsoft. Issue 1: Port Restricted Flow This case does not work well with ICE right now Race condition –Works if message 13.

RTSP NAT Traversal Update Magnus Westlund (Ericsson) Thomas Zeng (PVNS, an Alcatel company) IETF-60 MMUSIC WG draft-ietf-mmusic-rtsp-nat-03.txt.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

TCP/IP Basics A review for firewall configuration.

NetComm Wireless SMS Forwarding Feature Spotlight.

Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Modification Proposals to Current TURN Spec Mikael Latvala.

TURN draft-ietf-behave-turn-07 Philip Matthews, Avaya Jonathan Rosenberg, Cisco Rohan Mahy, Plantronics.

NETCONF Server and RESTCONF Server Configuration Models draft-ietf-netconf-server-model-06 NETCONF WG IETF #92 Dallas, TX, USA.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

SOCKS Group: Challenger Member: Lichun Zhan. Agenda Introduction SOCKS v4 SOCKS v5 Summary Conclusion References Questions.

BY OLIVIA WILSON AND BRITTANY MCDONALD Up Your Shields with Shields Up!

TCP: A Closer Look Transmission Control Protocol.

TCP : Transmission Control Protocol Computer Network System Sirak Kaewjamnong.

CS332, Ch. 26: TCP Victor Norman Calvin College 1.

SIPPING IETF 57 Jonathan Rosenberg dynamicsoft.

1 STUN Changes draft-ietf-behave-rfc3489bis-03 Jonathan Rosenberg Dan Wing Cisco Systems.

1 SPEERMINT Use Cases for Cable IETF 66 Montreal 11 JULY 2006 Presented by Yiu L. Lee.

ECEN “Internet Protocols and Modeling”, Spring 2012 Course Materials: Papers, Reference Texts: Bertsekas/Gallager, Stuber, Stallings, etc Class.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

RFC3489bis Jonathan Rosenberg Cisco. Issue #1: IPSec Demux Raised by HIP folks IPSec in the kernel and ICE in userland –IPSec kicksc all packets with.

Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.

Flashback: A Peer-to-Peer Web Server for Flash Crowds Presented by Tom Batkiewicz CS 587x Fall ‘07.

IETF-81, Quebec City, July 25-29, 2011

1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Dynamic Host Configuration Protocol (DHCP)

Chapter 22 Bootstrap and Auto configuration (DHCP) History of Bootstrap -Bootstrap is used to assign IP address to the computer. -Constant changes in the.

RTCWEB Considerations for NATs, Firewalls and HTTP proxies draft-hutton-rtcweb-nat-firewall- considerations A. Hutton, T. Stach, J. Uberti.

Network and the internet Part eight Introduction to computer, 2nd semester, 2009/2010 Mr.Nael Aburas Faculty of Information.

SIP Connection Reuse Efficiency Rohan Mahy—Airespace

Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.

Interactive Connectivity Establishment : ICE

Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.

TURN Jonathan Rosenberg Cisco Systems. Changes since last version Moved to behave terminology Many things moved into STUN –Basic request/response formation.

IETF66 DIME WG John Loughney, Hannes Tschofenig and Victor Fajardo 3588-bis: Current Issues.

Reliable Client-Server Communication. Reliable Communication So far: Concentrated on process resilience (by means of process groups). What about reliable.

RTCWEB STUN Usage for Consent Freshness and Session Liveness draft-muthu-behave-consent-freshness-01 Authors: D. Wing, Muthu A M. Perumal, R. Ram Mohan,

Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP draft-ietf-mmusic-rfc2396bis-10 Magnus Westerlund Co-auhtors: Henning Schulzrinne, Rob Lanphier,

July 2007 CAPWAP Protocol Specification Editors' Report July 2007

TURN draft-ietf-behave-turn-09 Philip Matthews Rohan Mahy Jonathan Rosenberg.

C3 confidentiality classificationIntegrated M2M Terminals Introduction Vodafone MachineLink 3G v1.0 1 Vodafone MachineLink 3G SMS Forwarding Feature Spotlight.

Netprog: Chat1 Chat Issues and Ideas for Service Design Refs: RFC 1459 (IRC)

Netprog: Client/Server Issues1 Issues in Client/Server Programming Refs: Chapter 27.

1 © Process Software Corp. DHCP Failover Protocol Jeff DECUS Europe 2000 Thursday, 13 Apr :00 - 9:45.

GIST NAT traversal and Legacy NAT traversal for GIST AND

A Local Area Network Chat Client ITTC LAN CHAT John Vincent Cecogo Jerikho Daguno Ardee Santos Elaine Mendoza Anjomar Pat Del Mindo Philip John Sales Philip.

TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).

IP packet filtering Breno de Medeiros. Florida State University Fall 2005 Packet filtering Packet filtering is a network security mechanism that works.

Communication Networks NETW 501 Tutorial 2

Monitoring Dynamic IOC Installations Using the alive Record Dohn Arms Beamline Controls & Data Acquisition Group Advanced Photon Source.

HIP-Based NAT Traversal in P2P-Environments

TURN TCP Rohan Mahy Why split out TCP peers from TURN? Head of line blocking problem and fair sharing –No consensus on best way to solve.

Introduction to Networking Recital 4

draft-ietf-simple-message-sessions-00 Ben Campbell

draft-ietf-behave-nat-behavior-discovery-01

Rohan Mahy TURN TCP Rohan Mahy

TURN-Lite: A Lightweight TURN Architecture and Specification (draft-wang-tram-turnlite-03) Aijun Wang (China Telecom) Bing Liu (Speaker) (Huawei) IETF.

Chat Refs: RFC 1459 (IRC).

Starting TCP Connection – A High Level View

TA: Donghyun (David) Kim

draft-ietf-p2psip-base-03

Update of PWG Process and IP Policy

Presentation transcript:

TURN -01 Changes and Issues Rohan Mahy BEHAVE at IETF66 - Montreal

Lightweight TCP Framing Added in this version of the draft (#2) Rohan assumed this needs to run on the same port as regular STUN, so.. –consistent with text about the usage –Client can send to server anytime –Server only uses it once an active destination has been set JDR assumed we would demux on port –consistent with separate SRV records This is requirements question. Lets pick something.

Connect Request Mistakenly removed (#3) Will be added back Needed for case when TURN server is used for policy reasons (you can only connect to outside through a specific TURN server)

Connection Status Indication (#5) Needed for forking case if a connection for a single fork dies Also nice to have to tell if connection dies, but you still want to talk to TURN server over the same port. Always sent reliably now

More Changes TCP relayed to peer only if connection from TURN client reliable (#1) –UDP to UDP, TCP to TCP/UDP, TLS to TCP/UDP Now allowed to “refresh” my allocation even if my source address has changed. Convenient if I detect that my NAT reboots. (#6) Rewrote Overview (#7) Motivated odd/even port alignment options (#8) use REMOTE-ADDRESS in place of DESTINATION-ADDRESS (#9) use XOR-MAPPED throughout (#10)

Explicit OpenBinding / CloseBinding requests (#11, #B) ISSUE: If you are forking, would like to squelch data from one fork of many Added a CloseBinding request for this purpose. –Do we want one of these? Also added an explicit OpenBinding request for completeness (open a binding without issuing a Send) –Do we need this? Proposal: Keep CloseBinding, remove OpenBinding X

Set Active Destination states (#A) Currently document has a state machine for client and server to prevent client from being confused. Proposal in document to eliminate the server state machine in favor of client-enforced timer. If the client screws up, only the client is impacted –Proposal in draft doesn’t allow swap from one fork to another if I want to keep the old flow. Do we need this? Alternatively, Set Active Destination with no REMOTE-ADDRESS, wait, Set Active Destination with new active address X

Doors / Lockdown (#4) Was concept in previous versions of TURN Initial allocation can ask for the “door” property. Creates a binding for first datagram/TCP SYN received at door, then closes the door. –still can’t run real server: can’t ask for specific port, can’t get well- known port, can’t add a door to existing binding/allocation –still allows additional explicit bindings with Send / Connect / OpenBinding Why? Allows peers to optimize down to a single TURN relay in some cases (no forking). Also useful for interop with non- ICE peers Issue: Port scanner can easily “lockout” the real peer, but with ICE, the client can still communicate through 2 TURN relays Do we want this concept?

Keepalive via Data or STUN? (#C) Currently draft only refreshes allocations based on STUN messages. Data does not refresh allocation/binding timers (a change from last time). Is this OK? Proposal on list to separate allocation timer from binding timers. –Keep one timer –Split into allocation (set by STUN) and binding timers (set by Data?)