TURN Jonathan Rosenberg Cisco Systems. Changes since last version Moved to behave terminology Many things moved into STUN –Basic request/response formation.

Slides:



Advertisements
Similar presentations
STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.
Advertisements

Transport Layer3-1 Transport Overview and UDP. Transport Layer3-2 Goals r Understand transport services m Multiplexing and Demultiplexing m Reliable data.
Introduction 1-1 Chapter 3 Transport Layer Intro and Multiplexing Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley.
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-
Transmission Control Protocol (TCP)
ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.
NAT Traversal for P2PSIP Philip Matthews Avaya. Peer X Peer Y Peer W 2. P2PSIP Network Establishing new Peer Protocol connection Peer Protocol messages.
STUN bis draft-ietf-behave-rfc3489bis Jonathan Rosenberg Cisco Systems.
UNIT 07 Process – to – Process Delivery: UDP,TCP and SCTP
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
UDP - User Datagram Protocol UDP – User Datagram Protocol Author : Nir Shafrir Reference The TCP/IP Guide - ( Version Version.
ICE Jonathan Rosenberg dynamicsoft. Issue 1: Port Restricted Flow This case does not work well with ICE right now Race condition –Works if message 13.
TCP/IP Protocol Suite 1 Chapter 11 Upon completion you will be able to: User Datagram Protocol Be able to explain process-to-process communication Know.
Ch 23 1 Based on Data Communications and Networking, 4th Edition. by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007 Ameera Almasoud.
Gursharan Singh Tatla Transport Layer 16-May
SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.
Section 461.  ARP  Ghostbusters  Grew up in Lexington, KY  Enjoy stargazing, cycling, and mushroom hunting  Met Mario once (long time ago)
What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host IP treats a computer as an endpoint of communication Best.
Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Modification Proposals to Current TURN Spec Mikael Latvala.
TURN draft-ietf-behave-turn-07 Philip Matthews, Avaya Jonathan Rosenberg, Cisco Rohan Mahy, Plantronics.
Sublayers Under the Network Layer: BOOTP & DHCP
1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan.
TCP: A Closer Look Transmission Control Protocol.
Connecting The Network Layer to Data Link Layer. ARP in the IP Layer The Address Resolution Protocol (ARP) The Address Resolution Protocol (ARP) Part.
TCP1 Transmission Control Protocol (TCP). TCP2 Outline Transmission Control Protocol.
PPSP NAT traversal Lichun Li, Jun Wang, Wei Chen {li.lichun1, draft-li-ppsp-nat-traversal-02.
1 STUN Changes draft-ietf-behave-rfc3489bis-03 Jonathan Rosenberg Dan Wing Cisco Systems.
TURN -01 Changes and Issues Rohan Mahy BEHAVE at IETF66 - Montreal.
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
Chapter 3: Transport Layer Our goals: r understand principles behind transport layer services: m multiplexing/demultipl exing m reliable data transfer.
RFC3489bis Jonathan Rosenberg Cisco. Issue #1: IPSec Demux Raised by HIP folks IPSec in the kernel and ICE in userland –IPSec kicksc all packets with.
IETF-81, Quebec City, July 25-29, 2011
1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Dynamic Host Configuration Protocol (DHCP)
CSC 600 Internetworking with TCP/IP Unit 5: IP, IP Routing, and ICMP (ch. 7, ch. 8, ch. 9, ch. 10) Dr. Cheer-Sun Yang Spring 2001.
Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.
Interactive Connectivity Establishment : ICE
Multipath TCP Signaling Options or Payload? Costin Raiciu
MULTIPLEXING/DEMULTIPLEXING, CONNECTIONLESS TRANSPORT.
Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.
July 2007 CAPWAP Protocol Specification Editors' Report July 2007
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Stream Control Transmission.
TURN draft-ietf-behave-turn-09 Philip Matthews Rohan Mahy Jonathan Rosenberg.
1 Kyung Hee University Chapter 11 User Datagram Protocol.
K. Salah1 Security Protocols in the Internet IPSec.
TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).
Ch. 23, 25 Q and A (NAT and UDP) Victor Norman IS333 Spring 2015.
Process-to-Process Delivery:
Chapter 9 The Transport Layer The Internet Protocol has three main protocols that run on top of IP: two are for data, one for control.
UDP: User Datagram Protocol. What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host – treats a computer as an.
Ch23 Ameera Almasoud 1 Based on Data Communications and Networking, 4th Edition. by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007.
Chapter 11 User Datagram Protocol
Chapter 9: Transport Layer
Chapter 3 outline 3.1 Transport-layer services
Instructor Materials Chapter 9: Transport Layer
A quick intro to networking
IETF 82 BFCPBIS WG Meeting
PART 5 Transport Layer Computer Networks.
TCP Transport layer Er. Vikram Dhiman LPU.
Working at a Small-to-Medium Business or ISP – Chapter 7
Process-to-Process Delivery:
Working at a Small-to-Medium Business or ISP – Chapter 7
Chapter 14 User Datagram Protocol (UDP)
Working at a Small-to-Medium Business or ISP – Chapter 7
CPEG514 Advanced Computer Networkst
CSCD 330 Network Programming
CS4470 Computer Networking Protocols
Transport Layer 9/22/2019.
Presentation transcript:

TURN Jonathan Rosenberg Cisco Systems

Changes since last version Moved to behave terminology Many things moved into STUN –Basic request/response formation and transactions –Digest authentication –Magic cookie –Alternate server/300 resp –Reads as a stun usage Authentication – can now use regular digest for Allocate –No need for shared secret request Set Active Destination sections rewritten and clarified with state machine Unified TCP and UDP treatment of set active destination –Now can send subsequent TURN signaling in TCP case Send is an indication, not a request Allow set active destination even if you never sent data there

Changes MAPPED-ADDRESS is server reflexive Added RELAY- ADDRESS for relayed address Can request specific port properties –Specific port –Port parity –Contiguous port request hints Can ask for specific IP address –Needed for ICE tcp Can ask for a specific transport protocol –Allows UDP/TCP conversions (TLS too from client) –No traffic shaping in conversion Permissions set on send and set active destination

Changes New Connect request for opening TCP connections –Used to be coupled with sending data –Send is now unreliable –Need to know if connection setup succeeds TCP connections NOT opened from ephemeral ports –Opened from allocated port –Allows simultaneous open Closures of tcp connections from external host do not release allocation –Because you can open multiple connections from an allocated address –Couldn’t do that before Allocated lifetimes refreshed by Allocate request ONLY, not data –Allows separation of TURN and data processing –Possible now since TURN can run over TCP once connection setup

Changes Hokey mechanism for dealing with connection setups that take longer than STUN transaction –Get a tentative response, need to try Connect again later Added long overdue example Update to overview of operation

Open Issue #1: Disambiguation Magic cookie allows to know that a message is STUN/TURN But, in the case of TURN – is this for ME or for downstream element? –STUN connectivity checks through TURN server Proposal: New header that contains IP address of server that is the target –Specific to TURN – would be in TURN draft

Open Issue #2: XOR encoding of other addresses Should other addresses besides MAPPED-ADDRESS be xor encoded? Proposal: NO –Not needed – nasty NATs look for their own address

Open Issue #3: Allocation Identification Today, incoming Allocate request is mapped to an allocation based on incoming ‘flow’ –Not through an explicit identifier Whats the problem? –NAT reboot followed by refresh – will not refer to previous allocation Proposal –Subsequent turn signaling includes IP/port of allocation to identify allocation –If refresh comes over new ‘flow’, update mapping of that allocation to the ‘flow’

Open Issue #4: Demux over TCP Server needs to look at magic cookie to differentiate (bytes 5-8) However, server doesn’t know framing protocol –Unlike ICE usages and sip-outbound Spec doesn’t say how to actually do demux when you don’t know framing protocol Options –Signal the framing – requires TURN server to support various app framings (YUCK!!) –Do the cookie hunt and use timers for buffer release of data (ICK!) –Always use Send and Indication – no unencapsulated data (EGADS!) –Define a new lightweight demux for TURN (32 bytes will suffice) (HMM…)

Lightweight Demux Idea 32 bits – 8 bit type, 24 bit length Two types defined: –STUN –Data Use for TCP and UDP –Avoids need for cookie check for UDP data as well – more important for turn than other usages Always use this

Open Issue #5: 32 bit alignment TURN tries to keep all attributes 32 bit aligned But DATA can be arbitrary byte lengths – what to do? Proposal: –Length refers to length of data, but if its not a multiple of 4, padding is added to the end of the actual data –Would need to be described in STUN itself

ToDos IANA registrations Terminology still needs some work Usage of authentication with turn Redo IAB considerations based on updates Update of security considerations – need to think about lack of integrity/security on data stream Clean up MAPPED-ADDRESS vs. XOR-MAPPED Add discussion on usage of alternate server