idnits 2.17.1 draft-ietf-avtcore-rtp-circuit-breakers-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 22, 2013) is 4080 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3448 (Obsoleted by RFC 5348) == Outdated reference: A later version (-14) exists of draft-ietf-xrblock-rtcp-xr-burst-gap-discard-10 == Outdated reference: A later version (-12) exists of draft-ietf-xrblock-rtcp-xr-burst-gap-loss-08 == Outdated reference: A later version (-15) exists of draft-ietf-xrblock-rtcp-xr-discard-11 == Outdated reference: A later version (-09) exists of draft-ietf-xrblock-rtcp-xr-discard-rle-metrics-05 Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group C. Perkins 3 Internet-Draft University of Glasgow 4 Intended status: Standards Track V. Singh 5 Expires: August 26, 2013 Aalto University 6 February 22, 2013 8 Multimedia Congestion Control: Circuit Breakers for Unicast RTP Sessions 9 draft-ietf-avtcore-rtp-circuit-breakers-02 11 Abstract 13 The Real-time Transport Protocol (RTP) is widely used in telephony, 14 video conferencing, and telepresence applications. Such applications 15 are often run on best-effort UDP/IP networks. If congestion control 16 is not implemented in the applications, then network congestion will 17 deteriorate the user's multimedia experience. This document does not 18 propose a congestion control algorithm; instead, it defines a minimal 19 set of RTP "circuit-breakers". Circuit-breakers are conditions under 20 which an RTP sender needs to stop transmitting media data in order to 21 protect the network from excessive congestion. It is expected that, 22 in the absence of severe congestion, all RTP applications running on 23 best-effort IP networks will be able to run without triggering these 24 circuit breakers. Any future RTP congestion control specification 25 will be expected to operate within the constraints defined by these 26 circuit breakers. 28 Status of this Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at http://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on August 26, 2013. 45 Copyright Notice 47 Copyright (c) 2013 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 64 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . . 3 65 4. RTP Circuit Breakers for Systems Using the RTP/AVP Profile . . 6 66 4.1. RTP/AVP Circuit Breaker #1: Media Timeout . . . . . . . . 8 67 4.2. RTP/AVP Circuit Breaker #2: RTCP Timeout . . . . . . . . . 8 68 4.3. RTP/AVP Circuit Breaker #3: Congestion . . . . . . . . . . 9 69 4.4. Ceasing Transmission . . . . . . . . . . . . . . . . . . . 12 70 5. RTP Circuit Breakers for Systems Using the RTP/AVPF Profile . 12 71 6. Impact of RTCP XR . . . . . . . . . . . . . . . . . . . . . . 13 72 7. Impact of Explicit Congestion Notification (ECN) . . . . . . . 14 73 8. Security Considerations . . . . . . . . . . . . . . . . . . . 14 74 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 75 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14 76 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15 77 11.1. Normative References . . . . . . . . . . . . . . . . . . . 15 78 11.2. Informative References . . . . . . . . . . . . . . . . . . 15 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17 81 1. Introduction 83 The Real-time Transport Protocol (RTP) [RFC3550] is widely used in 84 voice-over-IP, video teleconferencing, and telepresence systems. 85 Many of these systems run over best-effort UDP/IP networks, and can 86 suffer from packet loss and increased latency if network congestion 87 occurs. Designing effective RTP congestion control algorithms, to 88 adapt the transmission of RTP-based media to match the available 89 network capacity, while also maintaining the user experience, is a 90 difficult but important problem. Many such congestion control and 91 media adaptation algorithms have been proposed, but to date there is 92 no consensus on the correct approach, or even that a single standard 93 algorithm is desirable. 95 This memo does not attempt to propose a new RTP congestion control 96 algorithm. Rather, it proposes a minimal set of "circuit breakers"; 97 conditions under which there is general agreement that an RTP flow is 98 causing serious congestion, and ought to cease transmission. It is 99 expected that future standards-track congestion control algorithms 100 for RTP will operate within the envelope defined by this memo. 102 2. Terminology 104 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 105 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 106 document are to be interpreted as described in RFC 2119 [RFC2119]. 107 This interpretation of these key words applies only when written in 108 ALL CAPS. Mixed- or lower-case uses of these key words are not to be 109 interpreted as carrying special significance in this memo. 111 3. Background 113 We consider congestion control for unicast RTP traffic flows. This 114 is the problem of adapting the transmission of an audio/visual data 115 flow, encapsulated within an RTP transport session, from one sender 116 to one receiver, so that it matches the available network bandwidth. 117 Such adaptation needs to be done in a way that limits the disruption 118 to the user experience caused by both packet loss and excessive rate 119 changes. Congestion control for multicast flows is outside the scope 120 of this memo. Multicast traffic needs different solutions, since the 121 available bandwidth estimator for a group of receivers will differ 122 from that for a single receiver, and because multicast congestion 123 control has to consider issues of fairness across groups of receivers 124 that do not apply to unicast flows. 126 Congestion control for unicast RTP traffic can be implemented in one 127 of two places in the protocol stack. One approach is to run the RTP 128 traffic over a congestion controlled transport protocol, for example 129 over TCP, and to adapt the media encoding to match the dictates of 130 the transport-layer congestion control algorithm. This is safe for 131 the network, but can be suboptimal for the media quality unless the 132 transport protocol is designed to support real-time media flows. We 133 do not consider this class of applications further in this memo, as 134 their network safety is guaranteed by the underlying transport. 136 Alternatively, RTP flows can be run over a non-congestion controlled 137 transport protocol, for example UDP, performing rate adaptation at 138 the application layer based on RTP Control Protocol (RTCP) feedback. 139 With a well-designed, network-aware, application, this allows highly 140 effective media quality adaptation, but there is potential to disrupt 141 the network's operation if the application does not adapt its sending 142 rate in a timely and effective manner. We consider this class of 143 applications in this memo. 145 Congestion control relies on monitoring the delivery of a media flow, 146 and responding to adapt the transmission of that flow when there are 147 signs that the network path is congested. Network congestion can be 148 detected in one of three ways: 1) a receiver can infer the onset of 149 congestion by observing an increase in one-way delay caused by queue 150 build-up within the network; 2) if Explicit Congestion Notification 151 (ECN) [RFC3168] is supported, the network can signal the presence of 152 congestion by marking packets using ECN Congestion Experienced (CE) 153 marks; or 3) in the extreme case, congestion will cause packet loss 154 that can be detected by observing a gap in the received RTP sequence 155 numbers. Once the onset of congestion is observed, the receiver has 156 to send feedback to the sender to indicate that the transmission rate 157 needs to be reduced. How the sender reduces the transmission rate is 158 highly dependent on the media codec being used, and is outside the 159 scope of this memo. 161 There are several ways in which a receiver can send feedback to a 162 media sender within the RTP framework: 164 o The base RTP specification [RFC3550] defines RTCP Reception Report 165 (RR) packets to convey reception quality feedback information, and 166 Sender Report (SR) packets to convey information about the media 167 transmission. RTCP SR packets contain data that can be used to 168 reconstruct media timing at a receiver, along with a count of the 169 total number of octets and packets sent. RTCP RR packets report 170 on the fraction of packets lost in the last reporting interval, 171 the cumulative number of packets lost, the highest sequence number 172 received, and the inter-arrival jitter. The RTCP RR packets also 173 contain timing information that allows the sender to estimate the 174 network round trip time (RTT) to the receivers. RTCP reports are 175 sent periodically, with the reporting interval being determined by 176 the number of SSRCs used in the session and a configured session 177 bandwidth estimate (the number of SSRCs used is usually two in a 178 unicast session, one for each participant, but can be greater if 179 the participants send multiple media streams). The interval 180 between reports sent from each receiver tends to be on the order 181 of a few seconds on average, and it is randomised to avoid 182 synchronisation of reports from multiple receivers. RTCP RR 183 packets allow a receiver to report ongoing network congestion to 184 the sender. However, if a receiver detects the onset of 185 congestion partway through a reporting interval, the base RTP 186 specification contains no provision for sending the RTCP RR packet 187 early, and the receiver has to wait until the next scheduled 188 reporting interval. 190 o The RTCP Extended Reports (XR) [RFC3611] allow reporting of more 191 complex and sophisticated reception quality metrics, but do not 192 change the RTCP timing rules. RTCP extended reports of potential 193 interest for congestion control purposes are the extended packet 194 loss, discard, and burst metrics [RFC3611], 195 [I-D.ietf-xrblock-rtcp-xr-discard], 196 [I-D.ietf-xrblock-rtcp-xr-discard-rle-metrics], 197 [I-D.ietf-xrblock-rtcp-xr-burst-gap-discard], 198 [I-D.ietf-xrblock-rtcp-xr-burst-gap-loss]; and the extended delay 199 metrics [RFC6843], [RFC6798]. Other RTCP Extended Reports that 200 could be helpful for congestion control purposes might be 201 developed in future. 203 o Rapid feedback about the occurrence of congestion events can be 204 achieved using the Extended RTP Profile for RTCP-Based Feedback 205 (RTP/AVPF) [RFC4585] in place of the more common RTP/AVP profile 206 [RFC3551]. This modifies the RTCP timing rules to allow RTCP 207 reports to be sent early, in some cases immediately, provided the 208 average RTCP reporting interval remains unchanged. It also 209 defines new transport-layer feedback messages, including negative 210 acknowledgements (NACKs), that can be used to report on specific 211 congestion events. The use of the RTP/AVPF profile is dependent 212 on signalling, but is otherwise generally backwards compatible 213 with the RTP/AVP profile, as it keeps the same average RTCP 214 reporting interval as the base RTP specification. The RTP Codec 215 Control Messages [RFC5104] extend the RTP/AVPF profile with 216 additional feedback messages that can be used to influence that 217 way in which rate adaptation occurs. The dynamics of how rapidly 218 feedback can be sent are unchanged. 220 o Finally, Explicit Congestion Notification (ECN) for RTP over UDP 221 [RFC6679] can be used to provide feedback on the number of packets 222 that received an ECN Congestion Experienced (CE) mark. This RTCP 223 extension builds on the RTP/AVPF profile to allow rapid congestion 224 feedback when ECN is supported. 226 In addition to these mechanisms for providing feedback, the sender 227 can include an RTP header extension in each packet to record packet 228 transmission times. There are two methods: [RFC5450] represents the 229 transmission time in terms of a time-offset from the RTP timestamp of 230 the packet, while [RFC6051] includes an explicit NTP-format sending 231 timestamp (potentially more accurate, but a higher header overhead). 232 Accurate sending timestamps can be helpful for estimating queuing 233 delays, to get an early indication of the onset of congestion. 235 Taken together, these various mechanisms allow receivers to provide 236 feedback on the senders when congestion events occur, with varying 237 degrees of timeliness and accuracy. The key distinction is between 238 systems that use only the basic RTCP mechanisms, without RTP/AVPF 239 rapid feedback, and those that use the RTP/AVPF extensions to respond 240 to congestion more rapidly. 242 4. RTP Circuit Breakers for Systems Using the RTP/AVP Profile 244 The feedback mechanisms defined in [RFC3550] and available under the 245 RTP/AVP profile [RFC3551] are the minimum that can be assumed for a 246 baseline circuit breaker mechanism that is suitable for all unicast 247 applications of RTP. Accordingly, for an RTP circuit breaker to be 248 useful, it needs to be able to detect that an RTP flow is causing 249 excessive congestion using only basic RTCP features, without needing 250 RTCP XR feedback or the RTP/AVPF profile for rapid RTCP reports. 252 RTCP is a fundamental part of the RTP protocol, and the mechanisms 253 described here rely on the implementation of RTCP. Implementations 254 which claim to support RTP, but that do not implement RTCP, cannot 255 use the circuit breaker mechanisms described in this memo. Such 256 implementations SHOULD NOT be used on networks that might be subject 257 to congestion unless equivalent mechanisms are defined using some 258 non-RTCP feedback channel to report congestion and signal circuit 259 breaker conditions. 261 Three potential congestion signals are available from the basic RTCP 262 SR/RR packets and are reported for each synchronisation source (SSRC) 263 in the RTP session: 265 1. The sender can estimate the network round-trip time once per RTCP 266 reporting interval, based on the contents and timing of RTCP SR 267 and RR packets. 269 2. Receivers report a jitter estimate (the statistical variance of 270 the RTP data packet inter-arrival time) calculated over the RTCP 271 reporting interval. Due to the nature of the jitter calculation 272 ([RFC3550], section 6.4.4), the jitter is only meaningful for RTP 273 flows that send a single data packet for each RTP timestamp value 274 (i.e., audio flows, or video flows where each packet comprises 275 one video frame). 277 3. Receivers report the fraction of RTP data packets lost during the 278 RTCP reporting interval, and the cumulative number of RTP packets 279 lost over the entire RTP session. 281 These congestion signals limit the possible circuit breakers, since 282 they give only limited visibility into the behaviour of the network. 284 RTT estimates are widely used in congestion control algorithms, as a 285 proxy for queuing delay measures in delay-based congestion control or 286 to determine connection timeouts. RTT estimates derived from RTCP SR 287 and RR packets sent according to the RTP/AVP timing rules are far too 288 infrequent to be useful though, and don't give enough information to 289 distinguish a delay change due to routing updates from queuing delay 290 caused by congestion. Accordingly, we cannot use the RTT estimate 291 alone as an RTP circuit breaker. 293 Increased jitter can be a signal of transient network congestion, but 294 in the highly aggregated form reported in RTCP RR packets, it offers 295 insufficient information to estimate the extent or persistence of 296 congestion. Jitter reports are a useful early warning of potential 297 network congestion, but provide an insufficiently strong signal to be 298 used as a circuit breaker. 300 The remaining congestion signals are the packet loss fraction and the 301 cumulative number of packets lost. If considered carefully, these 302 can be effective indicators that congestion is occurring in networks 303 where packet loss is primarily due to queue overflows, although loss 304 caused by non-congestive packet corruption can distort the result in 305 some networks. TCP congestion control intentionally tries to fill 306 the router queues, and uses the resulting packet loss as congestion 307 feedback. An RTP flow competing with TCP traffic will therefore 308 expect to see a non-zero packet loss fraction that has to be related 309 to TCP dynamics to estimate available capacity. This behaviour of 310 TCP is reflected in the congestion circuit breaker below, and will 311 affect the design of any RTP congestion control protocol. 313 Two packet loss regimes can be observed: 1) RTCP RR packets show a 314 non-zero packet loss fraction, while the extended highest sequence 315 number received continues to increment; and 2) RR packets show a loss 316 fraction of zero, but the extended highest sequence number received 317 does not increment even though the sender has been transmitting RTP 318 data packets. The former corresponds to the TCP congestion avoidance 319 state, and indicates a congested path that is still delivering data; 320 the latter corresponds to a TCP timeout, and is most likely due to a 321 path failure. A third condition is that data is being sent but no 322 RTCP feedback is received at all, corresponding to a failure of the 323 reverse path. We derive circuit breaker conditions for these loss 324 regimes in the following. 326 4.1. RTP/AVP Circuit Breaker #1: Media Timeout 328 If RTP data packets are being sent, but the RTCP SR or RR packets 329 reporting on that SSRC indicate a non-increasing extended highest 330 sequence number received, this is an indication that those RTP data 331 packets are not reaching the receiver. This could be a short-term 332 issue affecting only a few packets, perhaps caused by a slow-to-open 333 firewall or a transient connectivity problem, but if the issue 334 persists, it is a sign of a more ongoing and significant problem. 335 Accordingly, if a sender of RTP data packets receives two or more 336 consecutive RTCP SR or RR packets from the same receiver, and those 337 packets correspond to its transmission and have a non-increasing 338 extended highest sequence number received field (i.e., the sender 339 receivers at least three RTCP SR or RR packets that report the same 340 value in the extended highest sequence number received field for an 341 SSRC, but the sender has sent RTP data packets for that SSRC that 342 would have caused an increase in the reported value of the extended 343 highest sequence number received if they had reached the receiver), 344 then that sender SHOULD cease transmission (see Section 4.4). 346 The reason for waiting for two or more consecutive RTCP packets with 347 a non-increasing extended highest sequence number is to give enough 348 time for transient reception problems to resolve themselves, but to 349 stop problem flows quickly enough to avoid causing serious ongoing 350 network congestion. A single RTCP report showing no reception could 351 be caused by a transient fault, and so will not cease transmission. 352 Waiting for more than two consecutive RTCP reports before stopping a 353 flow might avoid some false positives, but could lead to problematic 354 flows running for a long time period (potentially tens of seconds, 355 depending on the RTCP reporting interval) before being cut off. 357 4.2. RTP/AVP Circuit Breaker #2: RTCP Timeout 359 In addition to media timeouts, as were discussed in Section 4.1, an 360 RTP session has the possibility of an RTCP timeout. This can occur 361 when RTP data packets are being sent, but there are no RTCP reports 362 returned from the receiver. This is either due to a failure of the 363 receiver to send RTCP reports, or a failure of the return path that 364 is preventing those RTCP reporting from being delivered. In either 365 case, it is not safe to continue transmission, since the sender has 366 no way of knowing if it is causing congestion. Accordingly, an RTP 367 sender that has not received any RTCP SR or RTCP RR packets reporting 368 on the SSRC it is using for three or more RTCP reporting intervals 369 SHOULD cease transmission (see Section 4.4). When calculating the 370 timeout, the fixed minimum RTCP reporting interval SHOULD be used 371 (based on the rationale in Section 6.2 of RFC 3550 [RFC3550]). 373 The choice of three RTCP reporting intervals as the timeout is made 374 following Section 6.3.5 of RFC 3550 [RFC3550]. This specifies that 375 participants in an RTP session will timeout and remove an RTP sender 376 from the list of active RTP senders if no RTP data packets have been 377 received from that RTP sender within the last two RTCP reporting 378 intervals. Using a timeout of three RTCP reporting intervals is 379 therefore large enough that the other participants will have timed 380 out the sender if a network problem stops the data packets it is 381 sending from reaching the receivers, even allowing for loss of some 382 RTCP packets. 384 4.3. RTP/AVP Circuit Breaker #3: Congestion 386 If RTP data packets are being sent, and the corresponding RTCP RR 387 packets show non-zero packet loss fraction and increasing extended 388 highest sequence number received, then those RTP data packets are 389 arriving at the receiver, but some degree of congestion is occurring. 390 The RTP/AVP profile [RFC3551] states that: 392 If best-effort service is being used, RTP receivers SHOULD monitor 393 packet loss to ensure that the packet loss rate is within 394 acceptable parameters. Packet loss is considered acceptable if a 395 TCP flow across the same network path and experiencing the same 396 network conditions would achieve an average throughput, measured 397 on a reasonable time scale, that is not less than the RTP flow is 398 achieving. This condition can be satisfied by implementing 399 congestion control mechanisms to adapt the transmission rate (or 400 the number of layers subscribed for a layered multicast session), 401 or by arranging for a receiver to leave the session if the loss 402 rate is unacceptably high. 404 The comparison to TCP cannot be specified exactly, but is intended 405 as an "order-of-magnitude" comparison in time scale and 406 throughput. The time scale on which TCP throughput is measured is 407 the round-trip time of the connection. In essence, this 408 requirement states that it is not acceptable to deploy an 409 application (using RTP or any other transport protocol) on the 410 best-effort Internet which consumes bandwidth arbitrarily and does 411 not compete fairly with TCP within an order of magnitude. 413 The phase "order of magnitude" in the above means within a factor of 414 ten, approximately. In order to implement this, it is necessary to 415 estimate the throughput a TCP connection would achieve over the path. 416 For a long-lived TCP Reno connection, Padhye et al. [Padhye] showed 417 that the throughput can be estimated using the following equation: 419 s 420 X = -------------------------------------------------------------- 421 R*sqrt(2*b*p/3) + (t_RTO * (3*sqrt(3*b*p/8) * p * (1+32*p^2))) 423 where: 425 X is the transmit rate in bytes/second. 427 s is the packet size in bytes. If data packets vary in size, then 428 the average size is to be used. 430 R is the round trip time in seconds. 432 p is the loss event rate, between 0 and 1.0, of the number of loss 433 events as a fraction of the number of packets transmitted. 435 t_RTO is the TCP retransmission timeout value in seconds, 436 approximated by setting t_RTO = 4*R. 438 b is the number of packets acknowledged by a single TCP 439 acknowledgement ([RFC3448] recommends the use of b=1 since many 440 TCP implementations do not use delayed acknowledgements). 442 This is the same approach to estimated TCP throughput that is used in 443 [RFC3448]. Under conditions of low packet loss, this formula can be 444 approximated as follows with reasonable accuracy: 446 s 447 X = --------------- 448 R * sqrt(p*2/3) 450 It is RECOMMENDED that this simplified throughout equation be used, 451 since the reduction in accuracy is small, and it is much simpler to 452 calculate than the full equation. 454 Given this TCP equation, two parameters need to be estimated and 455 reported to the sender in order to calculate the throughput: the 456 round trip time, R, and the loss event rate, p (the packet size, s, 457 is known to the sender). The round trip time can be estimated from 458 RTCP SR and RR packets. This is done too infrequently for accurate 459 statistics, but is the best that can be done with the standard RTCP 460 mechanisms. 462 RTCP RR packets contain the packet loss fraction, rather than the 463 loss event rate, so p cannot be reported (TCP typically treats the 464 loss of multiple packets within a single RTT as one loss event, but 465 RTCP RR packets report the overall fraction of packets lost, not 466 caring about when the losses occurred). Using the loss fraction in 467 place of the loss event rate can overestimate the loss. We believe 468 that this overestimate will not be significant, given that we are 469 only interested in order of magnitude comparison ([Floyd] section 470 3.2.1 shows that the difference is small for steady-state conditions 471 and random loss, but using the loss fraction is more conservative in 472 the case of bursty loss). 474 The congestion circuit breaker is therefore: when a sender receives 475 an RTCP SR or RR packet that contains a report block for an SSRC it 476 is using, that sender has to check the fraction lost field in that 477 report block to determine if there is a non-zero packet loss rate. 478 If the fraction lost field is zero, then continue sending as normal. 479 If the fraction lost is greater than zero, then estimate the TCP 480 throughput using the simplified equation above, and the measured R, p 481 (approximated by the fraction lost), and s. Compare this with the 482 actual sending rate. If the actual sending rate is more than ten 483 times the estimated sending rate derived from the TCP throughput 484 equation for two consecutive RTCP reporting intervals, the sender 485 SHOULD cease transmission (see Section 4.4). If the RTP sender is 486 using a reduced minimum RTCP reporting interval (as specified in 487 Section 6.2 of RFC 3550 [RFC3550] or the RTP/AVPF profile [RFC4585]), 488 then that reduced RTCP reporting interval is used when determining if 489 the circuit breaker is triggered, since that interval scales with the 490 media data rate. 492 Systems that usually send at a high data rate, but that can reduce 493 their data rate significantly (i.e., by at least a factor of ten), 494 MAY first reduce their sending rate to this lower value to see if 495 this resolves the congestion, but MUST then cease transmission if the 496 problem does not resolve itself within a further two RTCP reporting 497 intervals (see Section 4.4). An example of this might be a video 498 conferencing system that backs off to sending audio only, before 499 completely dropping the call. If such a reduction in sending rate 500 resolves the congestion problem, the sender MAY gradually increase 501 the rate at which it sends data after a reasonable amount of time has 502 passed, provided it takes care not to cause the problem to recur 503 ("reasonable" is intentionally not defined here). 505 As in Section 4.1, we use two reporting intervals to avoid triggering 506 the circuit breaker on transient failures. This circuit breaker is a 507 worst-case condition, and congestion control needs to be performed to 508 keep well within this bound. It is expected that the circuit breaker 509 will only be triggered if the usual congestion control fails for some 510 reason. 512 4.4. Ceasing Transmission 514 What it means to cease transmission depends on the application, but 515 the intention is that the application will stop sending RTP data 516 packets to a particular destination 3-tuple (transport protocol, 517 destination port, IP address), until the user makes an explicit 518 attempt to restart the call. It is important that a human user is 519 involved in the decision to try to restart the call, since that user 520 will eventually give up if the calls repeatedly trigger the circuit 521 breaker. This will help avoid problems with automatic redial systems 522 from congesting the network. Accordingly, RTP flows halted by the 523 circuit breaker SHOULD NOT be restarted automatically unless the 524 sender has received information that the congestion has dissipated. 526 It is recognised that the RTP implementation in some systems might 527 not be able to determine if a call set-up request was initiated by a 528 human user, or automatically by some scripted higher-level component 529 of the system. These implementations SHOULD rate limit attempts to 530 restart a call to the same destination 3-tuple as used by a previous 531 call that was recently halted by the circuit breaker. The chosen 532 rate limit ought to not exceed the rate at which an annoyed human 533 caller might redial a misbehaving phone. 535 5. RTP Circuit Breakers for Systems Using the RTP/AVPF Profile 537 Use of the Extended RTP Profile for RTCP-based Feedback (RTP/AVPF) 538 [RFC4585] allows receivers to send early RTCP reports in some cases, 539 to inform the sender about particular events in the media stream. 540 There are several use cases for such early RTCP reports, including 541 providing rapid feedback to a sender about the onset of congestion. 543 Receiving rapid feedback about congestion events potentially allows 544 congestion control algorithms to be more responsive, and to better 545 adapt the media transmission to the limitations of the network. It 546 is expected that many RTP congestion control algorithms will adopt 547 the RTP/AVPF profile for this reason, defining new transport layer 548 feedback reports that suit their requirements. Since these reports 549 are not yet defined, and likely very specific to the details of the 550 congestion control algorithm chosen, they cannot be used as part of 551 the generic RTP circuit breaker. 553 If the extension for Reduced-Size RTCP [RFC5506] is not used, early 554 RTCP feedback packets sent according to the RTP/AVPF profile will be 555 compound RTCP packets that include an RTCP SR/RR packet. That RTCP 556 SR/RR packet MUST be processed as if it were sent as a regular RTCP 557 report and counted towards the circuit breaker conditions specified 558 in Section 4 of this memo. This will potentially make the RTP 559 circuit breaker fire earlier than it would if the RTP/AVPF profile 560 was not used. 562 Reduced-size RTCP reports sent under the RTP/AVPF early feedback 563 rules that do not contain an RTCP SR or RR packet MUST be ignored by 564 the RTP circuit breaker (they do not contain the information used by 565 the circuit breaker algorithm). Reduced-size RTCP reports sent under 566 the RTP/AVPF early feedback rules that contain RTCP SR or RR packets 567 MUST be processed as if they were sent as regular RTCP reports, and 568 counted towards the circuit breaker conditions specified in Section 4 569 of this memo. This will potentially make the RTP circuit breaker 570 fire earlier than it would if the RTP/AVPF profile was not used. 572 When using ECN with RTP (see Section 7), early RTCP feedback packets 573 can contain ECN feedback reports. The count of ECN-CE marked packets 574 contained in those ECN feedback reports is counted towards the number 575 of lost packets reported if the ECN Feedback Report report is sent in 576 an compound RTCP packet along with an RTCP SR/RR report packet. 577 Reports of ECN-CE packets sent as reduced-size RTCP ECN feedback 578 packets without an RTCP SR/RR packet MUST be ignored. 580 These rules are intended to allow the use of low-overhead early RTP/ 581 AVPF feedback for generic NACK messages without triggering the RTP 582 circuit breaker. This is expected to make such feedback suitable for 583 RTP congestion control algorithms that need to quickly report loss 584 events in between regular RTCP reports. The reaction to reduced-size 585 RTCP SR/RR packets is to allow such algorithms to send feedback that 586 can trigger the circuit breaker, when desired. 588 6. Impact of RTCP XR 590 RTCP Extended Report (XR) blocks provide additional reception quality 591 metrics, but do not change the RTCP timing rules. Some of the RTCP 592 XR blocks provide information that might be useful for congestion 593 control purposes, others provided non-congestion-related metrics. 594 With the exception of RTCP XR ECN Summary Reports (see Section 7), 595 the presence of RTCP XR blocks in a compound RTCP packet does not 596 affect the RTP circuit breaker algorithm. For consistency and ease 597 of implementation, only the reception report blocks contained in RTCP 598 SR packets, RTCP RR packets, or RTCP XR ECN Summary Report packets, 599 are used by the RTP circuit breaker algorithm. 601 7. Impact of Explicit Congestion Notification (ECN) 603 The use of ECN for RTP flows does not affect the media timeout RTP 604 circuit breaker (Section 4.1) or the RTCP timeout circuit breaker 605 (Section 4.2), since these are both connectivity checks that simply 606 determinate if any packets are being received. 608 ECN-CE marked packets SHOULD be treated as if it were lost for the 609 purposes of congestion control, when determining the optimal media 610 sending rate for an RTP flow. If an RTP sender has negotiated ECN 611 support for an RTP session, and has successfully initiated ECN use on 612 the path to the receiver [RFC6679], then ECN-CE marked packets SHOULD 613 be treated as if they were lost when calculating if the congestion- 614 based RTP circuit breaker (Section 4.3) has been met. The count of 615 ECN-CE marked RTP packets is returned in RTCP XR ECN summary report 616 packets if support for ECN has been initiated for an RTP session. 618 8. Security Considerations 620 The security considerations of [RFC3550] apply. 622 If the RTP/AVPF profile is used to provide rapid RTCP feedback, the 623 security considerations of [RFC4585] apply. If ECN feedback for RTP 624 over UDP/IP is used, the security considerations of [RFC6679] apply. 626 If non-authenticated RTCP reports are used, an on-path attacker can 627 trivially generate fake RTCP packets that indicate high packet loss 628 rates, causing the circuit breaker to trigger and disrupting an RTP 629 session. This is somewhat more difficult for an off-path attacker, 630 due to the need to guess the randomly chosen RTP SSRC value and the 631 RTP sequence number. This attack can be avoided if RTCP packets are 632 authenticated, for example using the Secure RTP profile [RFC3711]. 634 9. IANA Considerations 636 There are no actions for IANA. 638 10. Acknowledgements 640 The authors would like to thank Bernard Aboba, Harald Alvestrand, 641 Kevin Gross, Cullen Jennings, Randell Jesup, Jonathan Lennox, Matt 642 Mathis, Stephen McQuistin, Eric Rescorla, and Abheek Saha for their 643 valuable feedback. 645 11. References 647 11.1. Normative References 649 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 650 Requirement Levels", BCP 14, RFC 2119, March 1997. 652 [RFC3448] Handley, M., Floyd, S., Padhye, J., and J. Widmer, "TCP 653 Friendly Rate Control (TFRC): Protocol Specification", 654 RFC 3448, January 2003. 656 [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. 657 Jacobson, "RTP: A Transport Protocol for Real-Time 658 Applications", STD 64, RFC 3550, July 2003. 660 [RFC3551] Schulzrinne, H. and S. Casner, "RTP Profile for Audio and 661 Video Conferences with Minimal Control", STD 65, RFC 3551, 662 July 2003. 664 [RFC3611] Friedman, T., Caceres, R., and A. Clark, "RTP Control 665 Protocol Extended Reports (RTCP XR)", RFC 3611, 666 November 2003. 668 [RFC4585] Ott, J., Wenger, S., Sato, N., Burmeister, C., and J. Rey, 669 "Extended RTP Profile for Real-time Transport Control 670 Protocol (RTCP)-Based Feedback (RTP/AVPF)", RFC 4585, 671 July 2006. 673 11.2. Informative References 675 [Floyd] Floyd, S., Handley, M., Padhye, J., and J. Widmer, 676 "Equation-Based Congestion Control for Unicast 677 Applications", Proc. ACM SIGCOMM 2000, DOI 10.1145/ 678 347059.347397, August 2000. 680 [I-D.ietf-xrblock-rtcp-xr-burst-gap-discard] 681 Clark, A., Huang, R., and W. Wu, "RTP Control 682 Protocol(RTCP) Extended Report (XR) Block for Burst/Gap 683 Discard metric Reporting", 684 draft-ietf-xrblock-rtcp-xr-burst-gap-discard-10 (work in 685 progress), January 2013. 687 [I-D.ietf-xrblock-rtcp-xr-burst-gap-loss] 688 Clark, A., Zhang, S., Zhao, J., and W. Wu, "RTP Control 689 Protocol (RTCP) Extended Report (XR) Block for Burst/Gap 690 Loss metric Reporting", 691 draft-ietf-xrblock-rtcp-xr-burst-gap-loss-08 (work in 692 progress), January 2013. 694 [I-D.ietf-xrblock-rtcp-xr-discard] 695 Clark, A., Zorn, G., and W. Wu, "RTP Control Protocol 696 (RTCP) Extended Report (XR) Block for Discard Count metric 697 Reporting", draft-ietf-xrblock-rtcp-xr-discard-11 (work in 698 progress), December 2012. 700 [I-D.ietf-xrblock-rtcp-xr-discard-rle-metrics] 701 Ott, J., Singh, V., and I. Curcio, "RTP Control Protocol 702 (RTCP) Extended Reports (XR) for Run Length Encoding (RLE) 703 of Discarded Packets", 704 draft-ietf-xrblock-rtcp-xr-discard-rle-metrics-05 (work in 705 progress), December 2012. 707 [Padhye] Padhye, J., Firoiu, V., Towsley, D., and J. Kurose, 708 "Modeling TCP Throughput: A Simple Model and its Empirical 709 Validation", Proc. ACM SIGCOMM 1998, DOI 10.1145/ 710 285237.285291, August 1998. 712 [RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition 713 of Explicit Congestion Notification (ECN) to IP", 714 RFC 3168, September 2001. 716 [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. 717 Norrman, "The Secure Real-time Transport Protocol (SRTP)", 718 RFC 3711, March 2004. 720 [RFC5104] Wenger, S., Chandra, U., Westerlund, M., and B. Burman, 721 "Codec Control Messages in the RTP Audio-Visual Profile 722 with Feedback (AVPF)", RFC 5104, February 2008. 724 [RFC5450] Singer, D. and H. Desineni, "Transmission Time Offsets in 725 RTP Streams", RFC 5450, March 2009. 727 [RFC5506] Johansson, I. and M. Westerlund, "Support for Reduced-Size 728 Real-Time Transport Control Protocol (RTCP): Opportunities 729 and Consequences", RFC 5506, April 2009. 731 [RFC6051] Perkins, C. and T. Schierl, "Rapid Synchronisation of RTP 732 Flows", RFC 6051, November 2010. 734 [RFC6679] Westerlund, M., Johansson, I., Perkins, C., O'Hanlon, P., 735 and K. Carlberg, "Explicit Congestion Notification (ECN) 736 for RTP over UDP", RFC 6679, August 2012. 738 [RFC6798] Clark, A. and Q. Wu, "RTP Control Protocol (RTCP) Extended 739 Report (XR) Block for Packet Delay Variation Metric 740 Reporting", RFC 6798, November 2012. 742 [RFC6843] Clark, A., Gross, K., and Q. Wu, "RTP Control Protocol 743 (RTCP) Extended Report (XR) Block for Delay Metric 744 Reporting", RFC 6843, January 2013. 746 Authors' Addresses 748 Colin Perkins 749 University of Glasgow 750 School of Computing Science 751 Glasgow G12 8QQ 752 United Kingdom 754 Email: csp@csperkins.org 756 Varun Singh 757 Aalto University 758 School of Electrical Engineering 759 Otakaari 5 A 760 Espoo, FIN 02150 761 Finland 763 Email: varun@comnet.tkk.fi 764 URI: http://www.netlab.tkk.fi/~varun/