TURN extension to convey flow characteristics draft-wing-tsvwg-turn-flowdata-00 July 2014, IETF 90 Meeting Authors: Dan Wing, Tiru Reddy, Brandon Williams,

Slides:

Advertisements

Similar presentations

VON Europe /19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.

Advertisements

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

1 TURN Server for WebRTC in the Firewall © 2014 Ingate Systems AB Prepared for:Ingates SIP Trunking, UC and WebRTC Seminars ITEXPO January 2014 Miami By:Karl.

Dynamic HA Assignment for MIPv4 in WLAN Interworking Raymond Hsu, Qualcomm Inc., Wing C. Lau, Qualcomm Inc., Notice:

1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,

1 DSMIP6 Support QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota Notice.

1 Controlling NAT Bindings using STUN draft-wing-behave-nat-control-stun-usage-00 Dan Wing Jonathan Rosenberg.

P2P and NAT How to traverse NAT Davide Carboni ©

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

March 2015 IETF 92 Authors: Tirumaleswar Reddy, Dan Wing, Pål-Erik Martinsen and Varun Singh Presenter : Varun Singh draft-reddy-tram-stun-path-data-01.

Karl Stahl CEO/CTO Ingate Systems Ingate’s SBCs do more than POTSoIP SIP. They were developed.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

RTSP NAT Traversal Update Magnus Westlund (Ericsson) Thomas Zeng (PVNS, an Alcatel company) IETF-60 MMUSIC WG draft-ietf-mmusic-rtsp-nat-03.txt.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

Policy-based Accounting: Accounting Issues Georg Carle, Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Center for Information Technology.

Circuit & Application Level Gateways CS-431 Dick Steflik.

ACE – Design Considerations Corinna Schmitt IETF ACE WG meeting July 23,

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.

S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.

ERP for IKEv2 draft-nir-ipsecme-erx-01. Why ERP for IKEv2? RFC 5296 and the bis document define a quick re- authentication protocol for EAP. ERP requires.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.

Diameter Agent Overload IETF 88 - Vancouver 1. Goal Get consensus from the working group that Agent overload needs to be addressed If so, get guidance.

Karl Stahl CEO/CTO Ingate Systems Ingate’s SBCs do more than POTSoIP SIP. They were developed.

MICE Mobility with ICE draft-wing-mmusic-ice-mobility-02 IETF85 Nov Authors: D.Wing, P. Patil, T. Reddy, P. Martinsen.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,

TURN draft-ietf-behave-turn-07 Philip Matthews, Avaya Jonathan Rosenberg, Cisco Rohan Mahy, Plantronics.

SIP? NAT? NOT! Traversing the Firewall for SIP Call Completion Steven Johnson President, Ingate Systems Inc.

1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.

1 | 3GPP2 TSG-X Discussion | December GPP2 X R1 TITLE: TITLE: M2M Deployment Scenarios for 3GPP2SOURCE Mike Dolan, Alcatel-Lucent,

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

TURN-Lite: A Lightweight TURN Architecture and Specification (draft-wang-tram-turnlite-01)draft-wang-tram-turnlite-01 Aijun Wang (China Telecom) Bing Liu.

Group Communications at Concordia J. William Atwood High Speed Protocols Laboratory Concordia University Montreal, Quebec, Canada.

Identities and Network Access Identifier in M2M Page 1 © GPP2 3GPP2 and its Organizational Partners claim copyright in this document and individual.

Performance of HTTP Application in Mobile Ad Hoc Networks Asifuddin Mohammad.

Advanced Computer Networks Topic 2: Characterization of Distributed Systems.

Distributed Authentication in Wireless Mesh Networks Through Kerberos Tickets draft-moustafa-krb-wg-mesh-nw-00.txt Hassnaa Moustafa

Meng Yan. Introduction In fact, your online actions may be monitored by unauthorized parties logged and preserved for future access years later.

TURN -01 Changes and Issues Rohan Mahy BEHAVE at IETF66 - Montreal.

Security Protection on Trust Delegated Medical Data in Public Mobile Networks Dasun Weerasinghe, Muttukrishnan Rajarajan and Veselin Rakocevic Mobile Networks.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

IETF-81, Quebec City, July 25-29, 2011

Problems with STUN Authentication for TURN draft-reddy-behave-turn-auth-04 Mar 2013 IETF 89 Meeting Authors : T.Reddy, Ram. R, Muthu.P, A.Yegin draft-reddy-behave-turn-auth-04.

RTCWEB Considerations for NATs, Firewalls and HTTP proxies draft-hutton-rtcweb-nat-firewall- considerations A. Hutton, T. Stach, J. Uberti.

1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,

SOCKS By BITSnBYTES (Bhargavi, Maya, Priya, Rajini and Shruti)

Diameter NAPT Control Application: Discussion on naming of involved entities Frank Brockners.

Interactive Connectivity Establishment : ICE

1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.

1 Media Session Authorization Dan Wing draft-wing-session-auth-00.txt.

3GPP2 X xxx Title: Subscriber QoS Profile Support in eHRPD System Sources: China Telecom, ZTE Contact: CT: Peirong Li Wenyi.

NEA Working Group IETF meeting July 27, 2011 Jul 27, 2011IETF 81 - NEA Meeting1.

Michael G. Williams, Jeremey Barrett 1 Intro to Mobi-D Host based mobility.

University of Murcia Gabriel López.  Network authentication in eduroam and SSO token distribution ◦ RADIUS hierarchy ◦ Token based on SAML  Network.

10-Jun-05 BWCTL (Bandwidth Test Control) Jeff Boote Network Performance Workshop.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

DOTS Requirements Andrew Mortensen November 2015 IETF 94 1.

Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.

Peer-to-Peer Solutions Between Service Providers David A. Bryan CTO, Jasomi Networks October 10, 2002 – Fall VON, Atlanta, GA.

Extension of the MLD proxy functionality to support multiple upstream interfaces Luis M. Contreras Telefónica I+D Carlos J. Bernardos Universidad Carlos.

Port Based Network Access Control

NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.

Francois Le Faucheur Cisco

Charles Clancy Katrin Hoeper IETF 73 Minneapolis, USA 17 November 2008

OWAMP One-Way Active Measurement Protocol (Sample Implementation)

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S

What WebRTC Does NOT Do:

Protecting Yourself in a WebRTC World

Presentation transcript:

TURN extension to convey flow characteristics draft-wing-tsvwg-turn-flowdata-00 July 2014, IETF 90 Meeting Authors: Dan Wing, Tiru Reddy, Brandon Williams, Ram Ravindranath TURN Flowdata 1

TURN relays data – Sort of like SOCKS or an application proxy Applications like WebRTC may use TURN – Privacy – NAT/Firewall traversal – Mobility – IPv6/IPv4 interworking – Enterprise auditing / policy control 2 Background TURN Flowdata

TURN server could be deployed by a third party provider or application service provider 3 Background TURN Flowdata

TURN server and its network are impacted by traffic using the TURN server During high traffic, it is desirable to shed less- important traffic 4 Problem Statement TURN Flowdata

DPI by TURN service provider  Encrypted traffic  Cost DSCP  DSCP values not preserved  OS might not allow setting DSCP 5 Existing Solutions TURN Flowdata

TURN Flowdata message flow TURN Client Peer 6 TURN Server TURN Flowdata Allocate Request/Response Channel Bind request with FLOWDATA attribute Channel Bind response with FLOWDATA attribute flow is prioritized Channel Data Data

Flowdata format Flowdata does not communicate Diffserv code points Flowdata conveys: – Jitter/loss/delay tolerance (high/med/low) PCP Authentication Requirements 7

Proposed Solution Define STUN FLOWDATA attribute Client sends requested flow characteristics Server responds with what can be provided PCP Authentication Requirements 8

Questions? 9 draft-wing-tsvwg-turn-flowdata-00 TURN Flowdata

Backup Slides 10 TURN Flowdata

FLOWDATA format: Request uLTRSVD1 Attribute Type (TBD)Length (4) uDTuJTdLTdDTdJT 11 RSVD2 TURN Flowdata Upstream Delay Tolerance Downstream Delay Tolerance 0 = No information available. 1 = very low 2 = low 3 = medium 4 = high

FLOWDATA format: Response AuLTRSVD1 Attribute Type (TBD)Length (4) AuDTuAJTAdLTAdDTAdJT 12 RSVD2 TURN Flowdata Accommodated Upstream Delay Tolerance Accommodated Downstream Delay Tolerance 0 = No information available. 1 = very low 2 = low 3 = medium 4 = high