List Info

Thread: BoF request: STUN Control Usage
BoF request: STUN Control Usage
country flaguser name
United States		 2007-06-07 01:43:01 
As individual contributor:

I would like to summarize my reasons for calling this BoF,
and the
value I see STUN Control can bring.  Hopefully this summary
will tease
out futher objections or further agreement for this BoF and
discussion
of draft-wing-behave-nat-control-stun-usage itself.

 1. ICE works.  This has been well demonstrated by its
successful
    deployment on the Internet by millions of endpoints.  It
works
    without explicit support by subscriber's NATs or ISP's
NATs.

 2. A drawback of ICE (and STUN) is the chattiness of
keepalive
    messages (primarily with SIP servers
[draft-ietf-sip-outbound]) 
    and the chattiness of binding discovery messages for
each 
    call (primarily due to ICE).

STUN Control adds an optimization to STUN's existing areas
of
applicability by allowing an end host to negotiate and
extend NAT
binding lifetimes.  This improves the performance of ICE and

sip-outbound and any other protocols making use of STUN.

In our draft, we don't compare STUN Control to other
protocols, so
here are some points:

* STUN Control is inherently limited in the scope of control
it
provides.  It only allows for extension of binding
lifetimes, and only
allows such extensions for the binding associated with the
source
IP/port the STUN Control request is coming from.  Because of
its
fundamentally limited scope of control, the NAT can operate
with a
trivial authorization policy - a control message coming on
its
internal interface is always authorized to manage the
binding lifetime
for the private address and port the message comes from. 
This is, in
fact, exactly the same authorization policies used by NATs
today to
authorize the creation and termination of bindings.  STUN
Control
merely extends that authorization to make the termination
more 
controlled.  The trivial scope of control and authorization
policy 
means that authentication, credentials, shared secrets, and
so on, 
are not required.  The need for such security measures in
other, 
richer control protocols makes them hard to deploy.  STUN
Control 
is meant to be trivially deployable to solve a small but
important 
problem.

* STUN Control works with nested NATs; UPnP does not.

* STUN Control is incrementally deployable.  Other
mechanisms are not
(they require modifying end hosts and NATs, or else they
fail or
they fall back to other mechanisms).  STUN Control is an
optimization to ICE and sip-outbound.  If a host or a NAT
doesn't
support STUN Control, ICE and sip-outbound continue to work
--
albeit with more frequent keepalive messages and binding
discovery
messages sent to the STUN server (which is what they do
today 
without STUN Control).

Please send comments to behaveietf.org.

-d

-----

(Below is my original BoF proposal.  Chairs are still TBD. 
Since
my original request, it has been suggested that one hour
isn't 
sufficient, as we need to discuss deployment barriers to
existing 
techniques, and optimizations that would be useful for
sip-outbound 
and ICE).


Description:
ICE and its companion protocol STUN are emerging as a
popular
mechanism to traverse NATs without requiring deployment of
new
software in existing NATs.  ICE has been specified for SIP,
extended
to Jabber/XMPP, and will work with RTSP.  ICE is
incrementally
deployable, providing operation over any sort of NAT and any
sort of
firewall, without requiring upgrades to those NATs and
firewalls.

A successful Firewall or NAT control protocols needs to also
be
incrementally deployable so that applications can request
enhanced
services from firewalls and from NATs to permit certain
flows towards
a host and to the host's applications.  Incremental
deployment allows
hosts to deploy the protocol without requiring NATs or
firewalls in
front of the host to be upgraded to enjoy basic operation,
but after
upgrading to enjoy enhanced operation.

Draft-wing-behave-nat-control-stun-usage describes how STUN
could be
used to communicate with both NATs and firewalls to enhance
the
operation of those NATs and firewalls to allow certain flows
or treat
them differently.

This BoF is intended to discuss one proposed technique,
draft-wing-behave-nat-control-stun-usage as an
incrementally-deployable
NAT control mechanism and firewall control mechanism, and to
determine
if there is sufficient community interest to move this work
forward
in the IETF.

Agenda:
  Agenda bash ............................................. 
5
  Summary of existing NAT traversal techniques ............
20
   (UPnP, NAT-PMP/Bonjour, MIDCOM techniques, NSIS GIST,
ICE)
  STUN Control ............................................
30
                                                    
---------
                                                     total:
55


_______________________________________________
Behave mailing list
Behaveietf.org
https:/
/www1.ietf.org/mailman/listinfo/behave
RE: BoF request: STUN Control Usage
country flaguser name
United States		 2007-06-07 14:39:18 
> -----Original Message-----
> From: Dan Wing [mailto:dwingcisco.com]
> Subject: [BEHAVE] BoF request: STUN Control Usage
> 
>  1. ICE works.  This has been well demonstrated by its
successful
>     deployment on the Internet by millions of
endpoints.  It works
>     without explicit support by subscriber's NATs or
ISP's NATs.

Just curious, what statistics are available on ICE's
real-world usage and
NAT-penetration success rates?  Specifically:

- How did you come up with the "millions of
endpoints" number?

- What does "works" mean?  (I'd suggest this be
measured in "direct peer
connectivity ratio" and "connection setup
time", but any measure will do.)

Granted, it might be a bit OT given that you're really
trying to talk about
STUN, but I'm always interested in new real-world
statistics.

-david



_______________________________________________
Behave mailing list
Behaveietf.org
https:/
/www1.ietf.org/mailman/listinfo/behave
Re: BoF request: STUN Control Usage
country flaguser name
Sweden		 2007-06-11 09:17:16 
Hi,

I have decided to not approve this BOF for Chicago. The main
reason is 
that we should focus on getting the all the proposals
currently in the 
pipe out of it. BEHAVE for example has a number of things,
including 
STUN-BIS and TURN that we should get out in the near future.
Having this 
BOF will be a distraction for this. I also expect MIDCOM and
NSIS to 
have made progress towards publishing their solutions as
RFCs.

I would recommend the proponents, interested and people
seeing issue to 
keep a dialog and continue to prepare for a future BOF. I
think the next 
IETF meeting in Vancouver in the fall will be a more
suitable time for 
discussing the general topic on NAT control and any further
work in IETF 
on this topic.

Regards

Magnus Westerlund

IETF Transport Area Director & TSVWG Chair
------------------------------------------------------------
----------
Multimedia Technologies, Ericsson Research EAB/TVM/M
------------------------------------------------------------
----------
Ericsson AB                | Phone +46 8 4048287
Torshamsgatan 23           | Fax   +46 8 7575550
S-164 80 Stockholm, Sweden | mailto: magnus.westerlundericsson.com
------------------------------------------------------------
----------


_______________________________________________
Behave mailing list
Behaveietf.org
https:/
/www1.ietf.org/mailman/listinfo/behave
RE: BoF request: STUN Control Usage
user name
 2007-06-11 15:16:42 
Hi Magnus,

I can understand your reasoning. I just hope that we don't
end up in a
situation where there is the formally agreed solution X that
no-one
implements and whose only function would be to block the
development of
solutions Y and Z, which perhaps could have more
implementation
interest. 

Instead of a BoF, I think it would still be useful to have
slot in
BEHAVE to discuss the proposal. A bar BoF should definitely
be held, at
least ;)

Markus
 

>-----Original Message-----
>From: ext Magnus Westerlund
[mailto:magnus.westerlundericsson.com] 
>Sent: 11 June, 2007 17:17
>To: behaveietf.org
>Subject: Re: [BEHAVE] BoF request: STUN Control Usage
>
>Hi,
>
>I have decided to not approve this BOF for Chicago. The
main 
>reason is that we should focus on getting the all the 
>proposals currently in the pipe out of it. BEHAVE for
example 
>has a number of things, including STUN-BIS and TURN that
we 
>should get out in the near future. Having this BOF will
be a 
>distraction for this. I also expect MIDCOM and NSIS to
have 
>made progress towards publishing their solutions as
RFCs.
>
>I would recommend the proponents, interested and people
seeing 
>issue to keep a dialog and continue to prepare for a
future 
>BOF. I think the next IETF meeting in Vancouver in the
fall 
>will be a more suitable time for discussing the general
topic 
>on NAT control and any further work in IETF on this
topic.
>
>Regards
>
>Magnus Westerlund
>
>IETF Transport Area Director & TSVWG Chair
>--------------------------------------------------------
--------------
>Multimedia Technologies, Ericsson Research EAB/TVM/M
>--------------------------------------------------------
--------------
>Ericsson AB                | Phone +46 8 4048287
>Torshamsgatan 23           | Fax   +46 8 7575550
>S-164 80 Stockholm, Sweden | mailto:
magnus.westerlundericsson.com
>--------------------------------------------------------
--------------
>
>
>_______________________________________________
>Behave mailing list
>Behaveietf.org
>https:/
/www1.ietf.org/mailman/listinfo/behave
>


_______________________________________________
Behave mailing list
Behaveietf.org
https:/
/www1.ietf.org/mailman/listinfo/behave
Re: BoF request: STUN Control Usage
country flaguser name
Sweden		 2007-06-14 04:51:34 
Markus.Isomakinokia.com skrev:
> Hi Magnus,
> 
> I can understand your reasoning. I just hope that we
don't end up in a
> situation where there is the formally agreed solution X
that no-one
> implements and whose only function would be to block
the development of
> solutions Y and Z, which perhaps could have more
implementation
> interest. 

This is clearly one of the topics that a future BOF to some
degree will 
need to deal with. There are already developed solutions,
and the 
question that any proponent needs to answer is why they
aren't working. 
I think STUN control have some appealing arguments, but I
don't think 
this is the end of the discussion.

> 
> Instead of a BoF, I think it would still be useful to
have slot in
> BEHAVE to discuss the proposal. A bar BoF should
definitely be held, at
> least ;)
> 

No, not a slot in BEHAVE. As I said, lets focus BEHAVE on
the WG's 
current issues. We also have requested a new mailing list to
move the 
STUN control discussion too. It will be announced as soon it
is working. 
A Bar BOF is fine and in fact encouraged.

Cheers

Magnus Westerlund

IETF Transport Area Director & TSVWG Chair
------------------------------------------------------------
----------
Multimedia Technologies, Ericsson Research EAB/TVM/M
------------------------------------------------------------
----------
Ericsson AB                | Phone +46 8 4048287
Torshamsgatan 23           | Fax   +46 8 7575550
S-164 80 Stockholm, Sweden | mailto: magnus.westerlundericsson.com
------------------------------------------------------------
----------


_______________________________________________
Behave mailing list
Behaveietf.org
https:/
/www1.ietf.org/mailman/listinfo/behave
[1-5]

about | contact  Other archives ( Real Estate discussion Medical topics )