idnits 2.17.1 draft-ietf-avtcore-rtp-circuit-breakers-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC3550, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC3550, updated by this document, for RFC5378 checks: 1998-04-07) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (January 13, 2014) is 3756 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3448 (Obsoleted by RFC 5348) == Outdated reference: A later version (-12) exists of draft-ietf-avtcore-rtp-multi-stream-optimisation-00 Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 AVTCORE Working Group C. S. Perkins 3 Internet-Draft University of Glasgow 4 Updates: 3550 (if approved) V. Singh 5 Intended status: Standards Track Aalto University 6 Expires: July 17, 2014 January 13, 2014 8 Multimedia Congestion Control: Circuit Breakers for Unicast RTP Sessions 9 draft-ietf-avtcore-rtp-circuit-breakers-04 11 Abstract 13 The Real-time Transport Protocol (RTP) is widely used in telephony, 14 video conferencing, and telepresence applications. Such applications 15 are often run on best-effort UDP/IP networks. If congestion control 16 is not implemented in the applications, then network congestion will 17 deteriorate the user's multimedia experience. This document does not 18 propose a congestion control algorithm; instead, it defines a minimal 19 set of RTP "circuit-breakers". Circuit-breakers are conditions under 20 which an RTP sender needs to stop transmitting media data in order to 21 protect the network from excessive congestion. It is expected that, 22 in the absence of severe congestion, all RTP applications running on 23 best-effort IP networks will be able to run without triggering these 24 circuit breakers. Any future RTP congestion control specification 25 will be expected to operate within the constraints defined by these 26 circuit breakers. 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at http://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on July 17, 2014. 45 Copyright Notice 47 Copyright (c) 2014 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 63 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 64 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 65 4. RTP Circuit Breakers for Systems Using the RTP/AVP Profile . 5 66 4.1. RTP/AVP Circuit Breaker #1: Media Timeout . . . . . . . . 7 67 4.2. RTP/AVP Circuit Breaker #2: RTCP Timeout . . . . . . . . 8 68 4.3. RTP/AVP Circuit Breaker #3: Congestion . . . . . . . . . 9 69 4.4. Ceasing Transmission . . . . . . . . . . . . . . . . . . 12 70 5. RTP Circuit Breakers for Systems Using the RTP/AVPF Profile . 12 71 6. Impact of RTCP XR . . . . . . . . . . . . . . . . . . . . . . 13 72 7. Impact of RTCP Reporting Groups . . . . . . . . . . . . . . . 13 73 8. Impact of Explicit Congestion Notification (ECN) . . . . . . 14 74 9. Security Considerations . . . . . . . . . . . . . . . . . . . 14 75 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 76 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 77 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 78 12.1. Normative References . . . . . . . . . . . . . . . . . . 15 79 12.2. Informative References . . . . . . . . . . . . . . . . . 15 80 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 82 1. Introduction 84 The Real-time Transport Protocol (RTP) [RFC3550] is widely used in 85 voice-over-IP, video teleconferencing, and telepresence systems. 86 Many of these systems run over best-effort UDP/IP networks, and can 87 suffer from packet loss and increased latency if network congestion 88 occurs. Designing effective RTP congestion control algorithms, to 89 adapt the transmission of RTP-based media to match the available 90 network capacity, while also maintaining the user experience, is a 91 difficult but important problem. Many such congestion control and 92 media adaptation algorithms have been proposed, but to date there is 93 no consensus on the correct approach, or even that a single standard 94 algorithm is desirable. 96 This memo does not attempt to propose a new RTP congestion control 97 algorithm. Rather, it proposes a minimal set of "circuit breakers"; 98 conditions under which there is general agreement that an RTP flow is 99 causing serious congestion, and ought to cease transmission. It is 100 expected that future standards-track congestion control algorithms 101 for RTP will operate within the envelope defined by this memo. 103 2. Terminology 105 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 106 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 107 document are to be interpreted as described in RFC 2119 [RFC2119]. 108 This interpretation of these key words applies only when written in 109 ALL CAPS. Mixed- or lower-case uses of these key words are not to be 110 interpreted as carrying special significance in this memo. 112 3. Background 114 We consider congestion control for unicast RTP traffic flows. This 115 is the problem of adapting the transmission of an audio/visual data 116 flow, encapsulated within an RTP transport session, from one sender 117 to one receiver, so that it matches the available network bandwidth. 118 Such adaptation needs to be done in a way that limits the disruption 119 to the user experience caused by both packet loss and excessive rate 120 changes. Congestion control for multicast flows is outside the scope 121 of this memo. Multicast traffic needs different solutions, since the 122 available bandwidth estimator for a group of receivers will differ 123 from that for a single receiver, and because multicast congestion 124 control has to consider issues of fairness across groups of receivers 125 that do not apply to unicast flows. 127 Congestion control for unicast RTP traffic can be implemented in one 128 of two places in the protocol stack. One approach is to run the RTP 129 traffic over a congestion controlled transport protocol, for example 130 over TCP, and to adapt the media encoding to match the dictates of 131 the transport-layer congestion control algorithm. This is safe for 132 the network, but can be suboptimal for the media quality unless the 133 transport protocol is designed to support real-time media flows. We 134 do not consider this class of applications further in this memo, as 135 their network safety is guaranteed by the underlying transport. 137 Alternatively, RTP flows can be run over a non-congestion controlled 138 transport protocol, for example UDP, performing rate adaptation at 139 the application layer based on RTP Control Protocol (RTCP) feedback. 140 With a well-designed, network-aware, application, this allows highly 141 effective media quality adaptation, but there is potential to disrupt 142 the network's operation if the application does not adapt its sending 143 rate in a timely and effective manner. We consider this class of 144 applications in this memo. 146 Congestion control relies on monitoring the delivery of a media flow, 147 and responding to adapt the transmission of that flow when there are 148 signs that the network path is congested. Network congestion can be 149 detected in one of three ways: 1) a receiver can infer the onset of 150 congestion by observing an increase in one-way delay caused by queue 151 build-up within the network; 2) if Explicit Congestion Notification 152 (ECN) [RFC3168] is supported, the network can signal the presence of 153 congestion by marking packets using ECN Congestion Experienced (CE) 154 marks; or 3) in the extreme case, congestion will cause packet loss 155 that can be detected by observing a gap in the received RTP sequence 156 numbers. Once the onset of congestion is observed, the receiver has 157 to send feedback to the sender to indicate that the transmission rate 158 needs to be reduced. How the sender reduces the transmission rate is 159 highly dependent on the media codec being used, and is outside the 160 scope of this memo. 162 There are several ways in which a receiver can send feedback to a 163 media sender within the RTP framework: 165 o The base RTP specification [RFC3550] defines RTCP Reception Report 166 (RR) packets to convey reception quality feedback information, and 167 Sender Report (SR) packets to convey information about the media 168 transmission. RTCP SR packets contain data that can be used to 169 reconstruct media timing at a receiver, along with a count of the 170 total number of octets and packets sent. RTCP RR packets report 171 on the fraction of packets lost in the last reporting interval, 172 the cumulative number of packets lost, the highest sequence number 173 received, and the inter-arrival jitter. The RTCP RR packets also 174 contain timing information that allows the sender to estimate the 175 network round trip time (RTT) to the receivers. RTCP reports are 176 sent periodically, with the reporting interval being determined by 177 the number of SSRCs used in the session and a configured session 178 bandwidth estimate (the number of SSRCs used is usually two in a 179 unicast session, one for each participant, but can be greater if 180 the participants send multiple media streams). The interval 181 between reports sent from each receiver tends to be on the order 182 of a few seconds on average, and it is randomised to avoid 183 synchronisation of reports from multiple receivers. RTCP RR 184 packets allow a receiver to report ongoing network congestion to 185 the sender. However, if a receiver detects the onset of 186 congestion partway through a reporting interval, the base RTP 187 specification contains no provision for sending the RTCP RR packet 188 early, and the receiver has to wait until the next scheduled 189 reporting interval. 191 o The RTCP Extended Reports (XR) [RFC3611] allow reporting of more 192 complex and sophisticated reception quality metrics, but do not 193 change the RTCP timing rules. RTCP extended reports of potential 194 interest for congestion control purposes are the extended packet 195 loss, discard, and burst metrics [RFC3611], [RFC7002], [RFC7097], 196 [RFC7003], [RFC6958]; and the extended delay metrics [RFC6843], 197 [RFC6798]. Other RTCP Extended Reports that could be helpful for 198 congestion control purposes might be developed in future. 200 o Rapid feedback about the occurrence of congestion events can be 201 achieved using the Extended RTP Profile for RTCP-Based Feedback 202 (RTP/AVPF) [RFC4585] in place of the more common RTP/AVP profile 203 [RFC3551]. This modifies the RTCP timing rules to allow RTCP 204 reports to be sent early, in some cases immediately, provided the 205 average RTCP reporting interval remains unchanged. It also 206 defines new transport-layer feedback messages, including negative 207 acknowledgements (NACKs), that can be used to report on specific 208 congestion events. The use of the RTP/AVPF profile is dependent 209 on signalling, but is otherwise generally backwards compatible 210 with the RTP/AVP profile, as it keeps the same average RTCP 211 reporting interval as the base RTP specification. The RTP Codec 212 Control Messages [RFC5104] extend the RTP/AVPF profile with 213 additional feedback messages that can be used to influence that 214 way in which rate adaptation occurs. The dynamics of how rapidly 215 feedback can be sent are unchanged. 217 o Finally, Explicit Congestion Notification (ECN) for RTP over UDP 218 [RFC6679] can be used to provide feedback on the number of packets 219 that received an ECN Congestion Experienced (CE) mark. This RTCP 220 extension builds on the RTP/AVPF profile to allow rapid congestion 221 feedback when ECN is supported. 223 In addition to these mechanisms for providing feedback, the sender 224 can include an RTP header extension in each packet to record packet 225 transmission times. There are two methods: [RFC5450] represents the 226 transmission time in terms of a time-offset from the RTP timestamp of 227 the packet, while [RFC6051] includes an explicit NTP-format sending 228 timestamp (potentially more accurate, but a higher header overhead). 229 Accurate sending timestamps can be helpful for estimating queuing 230 delays, to get an early indication of the onset of congestion. 232 Taken together, these various mechanisms allow receivers to provide 233 feedback on the senders when congestion events occur, with varying 234 degrees of timeliness and accuracy. The key distinction is between 235 systems that use only the basic RTCP mechanisms, without RTP/AVPF 236 rapid feedback, and those that use the RTP/AVPF extensions to respond 237 to congestion more rapidly. 239 4. RTP Circuit Breakers for Systems Using the RTP/AVP Profile 240 The feedback mechanisms defined in [RFC3550] and available under the 241 RTP/AVP profile [RFC3551] are the minimum that can be assumed for a 242 baseline circuit breaker mechanism that is suitable for all unicast 243 applications of RTP. Accordingly, for an RTP circuit breaker to be 244 useful, it needs to be able to detect that an RTP flow is causing 245 excessive congestion using only basic RTCP features, without needing 246 RTCP XR feedback or the RTP/AVPF profile for rapid RTCP reports. 248 RTCP is a fundamental part of the RTP protocol, and the mechanisms 249 described here rely on the implementation of RTCP. Implementations 250 which claim to support RTP, but that do not implement RTCP, cannot 251 use the circuit breaker mechanisms described in this memo. Such 252 implementations SHOULD NOT be used on networks that might be subject 253 to congestion unless equivalent mechanisms are defined using some 254 non-RTCP feedback channel to report congestion and signal circuit 255 breaker conditions. 257 Three potential congestion signals are available from the basic RTCP 258 SR/RR packets and are reported for each synchronisation source (SSRC) 259 in the RTP session: 261 1. The sender can estimate the network round-trip time once per RTCP 262 reporting interval, based on the contents and timing of RTCP SR 263 and RR packets. 265 2. Receivers report a jitter estimate (the statistical variance of 266 the RTP data packet inter-arrival time) calculated over the RTCP 267 reporting interval. Due to the nature of the jitter calculation 268 ([RFC3550], section 6.4.4), the jitter is only meaningful for RTP 269 flows that send a single data packet for each RTP timestamp value 270 (i.e., audio flows, or video flows where each packet comprises 271 one video frame). 273 3. Receivers report the fraction of RTP data packets lost during the 274 RTCP reporting interval, and the cumulative number of RTP packets 275 lost over the entire RTP session. 277 These congestion signals limit the possible circuit breakers, since 278 they give only limited visibility into the behaviour of the network. 280 RTT estimates are widely used in congestion control algorithms, as a 281 proxy for queuing delay measures in delay-based congestion control or 282 to determine connection timeouts. RTT estimates derived from RTCP SR 283 and RR packets sent according to the RTP/AVP timing rules are far too 284 infrequent to be useful though, and don't give enough information to 285 distinguish a delay change due to routing updates from queuing delay 286 caused by congestion. Accordingly, we cannot use the RTT estimate 287 alone as an RTP circuit breaker. 289 Increased jitter can be a signal of transient network congestion, but 290 in the highly aggregated form reported in RTCP RR packets, it offers 291 insufficient information to estimate the extent or persistence of 292 congestion. Jitter reports are a useful early warning of potential 293 network congestion, but provide an insufficiently strong signal to be 294 used as a circuit breaker. 296 The remaining congestion signals are the packet loss fraction and the 297 cumulative number of packets lost. If considered carefully, these 298 can be effective indicators that congestion is occurring in networks 299 where packet loss is primarily due to queue overflows, although loss 300 caused by non-congestive packet corruption can distort the result in 301 some networks. TCP congestion control intentionally tries to fill 302 the router queues, and uses the resulting packet loss as congestion 303 feedback. An RTP flow competing with TCP traffic will therefore 304 expect to see a non-zero packet loss fraction that has to be related 305 to TCP dynamics to estimate available capacity. This behaviour of 306 TCP is reflected in the congestion circuit breaker below, and will 307 affect the design of any RTP congestion control protocol. 309 Two packet loss regimes can be observed: 1) RTCP RR packets show a 310 non-zero packet loss fraction, while the extended highest sequence 311 number received continues to increment; and 2) RR packets show a loss 312 fraction of zero, but the extended highest sequence number received 313 does not increment even though the sender has been transmitting RTP 314 data packets. The former corresponds to the TCP congestion avoidance 315 state, and indicates a congested path that is still delivering data; 316 the latter corresponds to a TCP timeout, and is most likely due to a 317 path failure. A third condition is that data is being sent but no 318 RTCP feedback is received at all, corresponding to a failure of the 319 reverse path. We derive circuit breaker conditions for these loss 320 regimes in the following. 322 4.1. RTP/AVP Circuit Breaker #1: Media Timeout 324 If RTP data packets are being sent, but the RTCP SR or RR packets 325 reporting on that SSRC indicate a non-increasing extended highest 326 sequence number received, this is an indication that those RTP data 327 packets are not reaching the receiver. This could be a short-term 328 issue affecting only a few packets, perhaps caused by a slow-to-open 329 firewall or a transient connectivity problem, but if the issue 330 persists, it is a sign of a more ongoing and significant problem. 331 Accordingly, if a sender of RTP data packets receives two or more 332 consecutive RTCP SR or RR packets from the same receiver, and those 333 packets correspond to its transmission and have a non-increasing 334 extended highest sequence number received field (i.e., the sender 335 receivers at least three RTCP SR or RR packets that report the same 336 value in the extended highest sequence number received field for an 337 SSRC, but the sender has sent RTP data packets for that SSRC that 338 would have caused an increase in the reported value of the extended 339 highest sequence number received if they had reached the receiver), 340 then that sender SHOULD cease transmission (see Section 4.4). 342 The reason for waiting for two or more consecutive RTCP packets with 343 a non-increasing extended highest sequence number is to give enough 344 time for transient reception problems to resolve themselves, but to 345 stop problem flows quickly enough to avoid causing serious ongoing 346 network congestion. A single RTCP report showing no reception could 347 be caused by a transient fault, and so will not cease transmission. 348 Waiting for more than two consecutive RTCP reports before stopping a 349 flow might avoid some false positives, but could lead to problematic 350 flows running for a long time period (potentially tens of seconds, 351 depending on the RTCP reporting interval) before being cut off. 353 4.2. RTP/AVP Circuit Breaker #2: RTCP Timeout 355 In addition to media timeouts, as were discussed in Section 4.1, an 356 RTP session has the possibility of an RTCP timeout. This can occur 357 when RTP data packets are being sent, but there are no RTCP reports 358 returned from the receiver. This is either due to a failure of the 359 receiver to send RTCP reports, or a failure of the return path that 360 is preventing those RTCP reporting from being delivered. In either 361 case, it is not safe to continue transmission, since the sender has 362 no way of knowing if it is causing congestion. Accordingly, an RTP 363 sender that has not received any RTCP SR or RTCP RR packets reporting 364 on the SSRC it is using for three or more RTCP reporting intervals 365 SHOULD cease transmission (see Section 4.4). When calculating the 366 timeout, the fixed minimum RTCP reporting interval SHOULD be used 367 (based on the rationale in Section 6.2 of RFC 3550 [RFC3550]). 369 The choice of three RTCP reporting intervals as the timeout is made 370 following Section 6.3.5 of RFC 3550 [RFC3550]. This specifies that 371 participants in an RTP session will timeout and remove an RTP sender 372 from the list of active RTP senders if no RTP data packets have been 373 received from that RTP sender within the last two RTCP reporting 374 intervals. Using a timeout of three RTCP reporting intervals is 375 therefore large enough that the other participants will have timed 376 out the sender if a network problem stops the data packets it is 377 sending from reaching the receivers, even allowing for loss of some 378 RTCP packets. 380 If a sender is transmitting a large number of RTP media streams, such 381 that the corresponding RTCP SR or RR packets are too large to fit 382 into the network MTU, this will force the receiver to generate RTCP 383 SR or RR packets in a round-robin manner. In this case, the sender 384 MAY treat receipt of an RTCP SR or RR packet corresponding to an SSRC 385 it sent using the same 5-tuple of source and destination IP address, 386 port, and protocol, as an indication that the receiver and return 387 path are working to prevent the RTCP timeout circuit breaker from 388 triggering. 390 4.3. RTP/AVP Circuit Breaker #3: Congestion 392 If RTP data packets are being sent, and the corresponding RTCP SR or 393 RR packets show non-zero packet loss fraction and increasing extended 394 highest sequence number received, then those RTP data packets are 395 arriving at the receiver, but some degree of congestion is occurring. 396 The RTP/AVP profile [RFC3551] states that: 398 If best-effort service is being used, RTP receivers SHOULD monitor 399 packet loss to ensure that the packet loss rate is within 400 acceptable parameters. Packet loss is considered acceptable if a 401 TCP flow across the same network path and experiencing the same 402 network conditions would achieve an average throughput, measured 403 on a reasonable time scale, that is not less than the RTP flow is 404 achieving. This condition can be satisfied by implementing 405 congestion control mechanisms to adapt the transmission rate (or 406 the number of layers subscribed for a layered multicast session), 407 or by arranging for a receiver to leave the session if the loss 408 rate is unacceptably high. 410 The comparison to TCP cannot be specified exactly, but is intended 411 as an "order-of-magnitude" comparison in time scale and 412 throughput. The time scale on which TCP throughput is measured is 413 the round-trip time of the connection. In essence, this 414 requirement states that it is not acceptable to deploy an 415 application (using RTP or any other transport protocol) on the 416 best-effort Internet which consumes bandwidth arbitrarily and does 417 not compete fairly with TCP within an order of magnitude. 419 The phase "order of magnitude" in the above means within a factor of 420 ten, approximately. In order to implement this, it is necessary to 421 estimate the throughput a TCP connection would achieve over the path. 422 For a long-lived TCP Reno connection, Padhye et al. [Padhye] showed 423 that the throughput can be estimated using the following equation: 425 s 426 X = -------------------------------------------------------------- 427 R*sqrt(2*b*p/3) + (t_RTO * (3*sqrt(3*b*p/8) * p * (1+32*p^2))) 429 where: 431 X is the transmit rate in bytes/second. 433 s is the packet size in bytes. If data packets vary in size, then 434 the average size is to be used. 436 R is the round trip time in seconds. 438 p is the loss event rate, between 0 and 1.0, of the number of loss 439 events as a fraction of the number of packets transmitted. 441 t_RTO is the TCP retransmission timeout value in seconds, 442 approximated by setting t_RTO = 4*R. 444 b is the number of packets acknowledged by a single TCP 445 acknowledgement ([RFC3448] recommends the use of b=1 since many 446 TCP implementations do not use delayed acknowledgements). 448 This is the same approach to estimated TCP throughput that is used in 449 [RFC3448]. Under conditions of low packet loss, this formula can be 450 approximated as follows with reasonable accuracy: 452 s 453 X = --------------- 454 R * sqrt(p*2/3) 456 It is RECOMMENDED that this simplified throughout equation be used, 457 since the reduction in accuracy is small, and it is much simpler to 458 calculate than the full equation. 460 Given this TCP equation, two parameters need to be estimated and 461 reported to the sender in order to calculate the throughput: the 462 round trip time, R, and the loss event rate, p (the packet size, s, 463 is known to the sender). The round trip time can be estimated from 464 RTCP SR and RR packets. This is done too infrequently for accurate 465 statistics, but is the best that can be done with the standard RTCP 466 mechanisms. 468 Report blocks in RTCP SR or RR packets contain the packet loss 469 fraction, rather than the loss event rate, so p cannot be reported 470 (TCP typically treats the loss of multiple packets within a single 471 RTT as one loss event, but RTCP RR packets report the overall 472 fraction of packets lost, not caring about when the losses occurred). 473 Using the loss fraction in place of the loss event rate can 474 overestimate the loss. We believe that this overestimate will not be 475 significant, given that we are only interested in order of magnitude 476 comparison ([Floyd] section 3.2.1 shows that the difference is small 477 for steady-state conditions and random loss, but using the loss 478 fraction is more conservative in the case of bursty loss). 480 The congestion circuit breaker is therefore: when a sender receives 481 an RTCP SR or RR packet that contains a report block for an SSRC it 482 is using, that sender has to check the fraction lost field in that 483 report block to determine if there is a non-zero packet loss rate. 484 If the fraction lost field is zero, then continue sending as normal. 485 If the fraction lost is greater than zero, then estimate the TCP 486 throughput using the simplified equation above, and the measured R, p 487 (approximated by the fraction lost), and s. Compare this with the 488 actual sending rate. If the actual sending rate is more than ten 489 times the estimated sending rate derived from the TCP throughput 490 equation for two consecutive RTCP reporting intervals, the sender 491 SHOULD cease transmission (see Section 4.4). Systems that usually 492 send at a high data rate, but that can reduce their data rate 493 significantly (i.e., by at least a factor of ten), MAY first reduce 494 their sending rate to this lower value to see if this resolves the 495 congestion, but MUST then cease transmission if the problem does not 496 resolve itself within a further two RTCP reporting intervals (see 497 Section 4.4). An example of this might be a video conferencing 498 system that backs off to sending audio only, before completely 499 dropping the call. If such a reduction in sending rate resolves the 500 congestion problem, the sender MAY gradually increase the rate at 501 which it sends data after a reasonable amount of time has passed, 502 provided it takes care not to cause the problem to recur 503 ("reasonable" is intentionally not defined here). 505 If the incoming RTCP SR or RR packets are using a reduced minimum 506 RTCP reporting interval (as specified in Section 6.2 of RFC 3550 507 [RFC3550] or the RTP/AVPF profile [RFC4585]), then that reduced RTCP 508 reporting interval is used when determining if the circuit breaker is 509 triggered. The RTCP reporting interval of the media sender does not 510 affect how quickly congestion circuit breaker can trigger. The 511 timing is based on the RTCP reporting interval of the receiver that 512 matters (note that RTCP requires all participants in a session to 513 have similar reporting intervals, else the participant timeout rules 514 in [RFC3550] will not work). 516 As in Section 4.1, we use two reporting intervals to avoid triggering 517 the circuit breaker on transient failures. This circuit breaker is a 518 worst-case condition, and congestion control needs to be performed to 519 keep well within this bound. It is expected that the circuit breaker 520 will only be triggered if the usual congestion control fails for some 521 reason. 523 If there are more media streams that can be reported in a single RTCP 524 SR or RR packet, or if the size of a complete RTCP SR or RR packet 525 exceeds the network MTU, then the receiver will report on a subset of 526 sources in each reporting interval, with the subsets selected round- 527 robin across multiple intervals so that all sources are eventually 528 reported [RFC3550]. When generating such round-robin RTCP reports, 529 priority SHOULD be given to reports on sources that have high packet 530 loss rates, to ensure that senders are aware of network congestion 531 they are causing (this is an update to [RFC3550]). 533 4.4. Ceasing Transmission 535 What it means to cease transmission depends on the application, but 536 the intention is that the application will stop sending RTP data 537 packets to a particular destination 3-tuple (transport protocol, 538 destination port, IP address), until the user makes an explicit 539 attempt to restart the call. It is important that a human user is 540 involved in the decision to try to restart the call, since that user 541 will eventually give up if the calls repeatedly trigger the circuit 542 breaker. This will help avoid problems with automatic redial systems 543 from congesting the network. Accordingly, RTP flows halted by the 544 circuit breaker SHOULD NOT be restarted automatically unless the 545 sender has received information that the congestion has dissipated. 547 It is recognised that the RTP implementation in some systems might 548 not be able to determine if a call set-up request was initiated by a 549 human user, or automatically by some scripted higher-level component 550 of the system. These implementations SHOULD rate limit attempts to 551 restart a call to the same destination 3-tuple as used by a previous 552 call that was recently halted by the circuit breaker. The chosen 553 rate limit ought to not exceed the rate at which an annoyed human 554 caller might redial a misbehaving phone. 556 5. RTP Circuit Breakers for Systems Using the RTP/AVPF Profile 558 Use of the Extended RTP Profile for RTCP-based Feedback (RTP/AVPF) 559 [RFC4585] allows receivers to send early RTCP reports in some cases, 560 to inform the sender about particular events in the media stream. 561 There are several use cases for such early RTCP reports, including 562 providing rapid feedback to a sender about the onset of congestion. 564 Receiving rapid feedback about congestion events potentially allows 565 congestion control algorithms to be more responsive, and to better 566 adapt the media transmission to the limitations of the network. It 567 is expected that many RTP congestion control algorithms will adopt 568 the RTP/AVPF profile for this reason, defining new transport layer 569 feedback reports that suit their requirements. Since these reports 570 are not yet defined, and likely very specific to the details of the 571 congestion control algorithm chosen, they cannot be used as part of 572 the generic RTP circuit breaker. 574 If the extension for Reduced-Size RTCP [RFC5506] is not used, early 575 RTCP feedback packets sent according to the RTP/AVPF profile will be 576 compound RTCP packets that include an RTCP SR/RR packet. That RTCP 577 SR/RR packet MUST be processed as if it were sent as a regular RTCP 578 report and counted towards the circuit breaker conditions specified 579 in Section 4 of this memo. This will potentially make the RTP 580 circuit breaker fire earlier than it would if the RTP/AVPF profile 581 was not used. 583 Reduced-size RTCP reports sent under the RTP/AVPF early feedback 584 rules that do not contain an RTCP SR or RR packet MUST be ignored by 585 the RTP circuit breaker (they do not contain the information used by 586 the circuit breaker algorithm). Reduced-size RTCP reports sent under 587 the RTP/AVPF early feedback rules that contain RTCP SR or RR packets 588 MUST be processed as if they were sent as regular RTCP reports, and 589 counted towards the circuit breaker conditions specified in Section 4 590 of this memo. This will potentially make the RTP circuit breaker 591 fire earlier than it would if the RTP/AVPF profile was not used. 593 When using ECN with RTP (see Section 8), early RTCP feedback packets 594 can contain ECN feedback reports. The count of ECN-CE marked packets 595 contained in those ECN feedback reports is counted towards the number 596 of lost packets reported if the ECN Feedback Report report is sent in 597 an compound RTCP packet along with an RTCP SR/RR report packet. 598 Reports of ECN-CE packets sent as reduced-size RTCP ECN feedback 599 packets without an RTCP SR/RR packet MUST be ignored. 601 These rules are intended to allow the use of low-overhead early RTP/ 602 AVPF feedback for generic NACK messages without triggering the RTP 603 circuit breaker. This is expected to make such feedback suitable for 604 RTP congestion control algorithms that need to quickly report loss 605 events in between regular RTCP reports. The reaction to reduced-size 606 RTCP SR/RR packets is to allow such algorithms to send feedback that 607 can trigger the circuit breaker, when desired. 609 6. Impact of RTCP XR 611 RTCP Extended Report (XR) blocks provide additional reception quality 612 metrics, but do not change the RTCP timing rules. Some of the RTCP 613 XR blocks provide information that might be useful for congestion 614 control purposes, others provided non-congestion-related metrics. 615 With the exception of RTCP XR ECN Summary Reports (see Section 8), 616 the presence of RTCP XR blocks in a compound RTCP packet does not 617 affect the RTP circuit breaker algorithm. For consistency and ease 618 of implementation, only the reception report blocks contained in RTCP 619 SR packets, RTCP RR packets, or RTCP XR ECN Summary Report packets, 620 are used by the RTP circuit breaker algorithm. 622 7. Impact of RTCP Reporting Groups 623 An optimisation for grouping RTCP reception statistics and other 624 feedback in RTP sessions with large numbers of participants is given 625 in [I-D.ietf-avtcore-rtp-multi-stream-optimisation]. This allows one 626 SSRC to act as a representative that sends reports on behalf of other 627 SSRCs that are co-located in the same endpoint and see identical 628 reception quality. When running the circuit breaker algorithms, an 629 endpoint MUST treat a reception report from the representative of the 630 reporting group as if a reception report was received from all 631 members of that group. 633 8. Impact of Explicit Congestion Notification (ECN) 635 The use of ECN for RTP flows does not affect the media timeout RTP 636 circuit breaker (Section 4.1) or the RTCP timeout circuit breaker 637 (Section 4.2), since these are both connectivity checks that simply 638 determinate if any packets are being received. 640 ECN-CE marked packets SHOULD be treated as if it were lost for the 641 purposes of congestion control, when determining the optimal media 642 sending rate for an RTP flow. If an RTP sender has negotiated ECN 643 support for an RTP session, and has successfully initiated ECN use on 644 the path to the receiver [RFC6679], then ECN-CE marked packets SHOULD 645 be treated as if they were lost when calculating if the congestion- 646 based RTP circuit breaker (Section 4.3) has been met. The count of 647 ECN-CE marked RTP packets is returned in RTCP XR ECN summary report 648 packets if support for ECN has been initiated for an RTP session. 650 9. Security Considerations 652 The security considerations of [RFC3550] apply. 654 If the RTP/AVPF profile is used to provide rapid RTCP feedback, the 655 security considerations of [RFC4585] apply. If ECN feedback for RTP 656 over UDP/IP is used, the security considerations of [RFC6679] apply. 658 If non-authenticated RTCP reports are used, an on-path attacker can 659 trivially generate fake RTCP packets that indicate high packet loss 660 rates, causing the circuit breaker to trigger and disrupting an RTP 661 session. This is somewhat more difficult for an off-path attacker, 662 due to the need to guess the randomly chosen RTP SSRC value and the 663 RTP sequence number. This attack can be avoided if RTCP packets are 664 authenticated, for example using the Secure RTP profile [RFC3711]. 666 10. IANA Considerations 668 There are no actions for IANA. 670 11. Acknowledgements 672 The authors would like to thank Bernard Aboba, Harald Alvestrand, 673 Kevin Gross, Cullen Jennings, Randell Jesup, Jonathan Lennox, Matt 674 Mathis, Stephen McQuistin, Eric Rescorla, and Abheek Saha for their 675 valuable feedback. 677 12. References 679 12.1. Normative References 681 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 682 Requirement Levels", BCP 14, RFC 2119, March 1997. 684 [RFC3448] Handley, M., Floyd, S., Padhye, J., and J. Widmer, "TCP 685 Friendly Rate Control (TFRC): Protocol Specification", RFC 686 3448, January 2003. 688 [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. 689 Jacobson, "RTP: A Transport Protocol for Real-Time 690 Applications", STD 64, RFC 3550, July 2003. 692 [RFC3551] Schulzrinne, H. and S. Casner, "RTP Profile for Audio and 693 Video Conferences with Minimal Control", STD 65, RFC 3551, 694 July 2003. 696 [RFC3611] Friedman, T., Caceres, R., and A. Clark, "RTP Control 697 Protocol Extended Reports (RTCP XR)", RFC 3611, November 698 2003. 700 [RFC4585] Ott, J., Wenger, S., Sato, N., Burmeister, C., and J. Rey, 701 "Extended RTP Profile for Real-time Transport Control 702 Protocol (RTCP)-Based Feedback (RTP/AVPF)", RFC 4585, July 703 2006. 705 12.2. Informative References 707 [Floyd] Floyd, S., Handley, M., Padhye, J., and J. Widmer, 708 "Equation-Based Congestion Control for Unicast 709 Applications", Proc. ACM SIGCOMM 2000, DOI 10.1145/ 710 347059.347397, August 2000. 712 [I-D.ietf-avtcore-rtp-multi-stream-optimisation] 713 Lennox, J., Westerlund, M., Wu, W., and C. Perkins, 714 "Sending Multiple Media Streams in a Single RTP Session: 715 Grouping RTCP Reception Statistics and Other Feedback", 716 draft-ietf-avtcore-rtp-multi-stream-optimisation-00 (work 717 in progress), July 2013. 719 [Padhye] Padhye, J., Firoiu, V., Towsley, D., and J. Kurose, 720 "Modeling TCP Throughput: A Simple Model and its Empirical 721 Validation", Proc. ACM SIGCOMM 1998, DOI 10.1145/ 722 285237.285291, August 1998. 724 [RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition 725 of Explicit Congestion Notification (ECN) to IP", RFC 726 3168, September 2001. 728 [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. 729 Norrman, "The Secure Real-time Transport Protocol (SRTP)", 730 RFC 3711, March 2004. 732 [RFC5104] Wenger, S., Chandra, U., Westerlund, M., and B. Burman, 733 "Codec Control Messages in the RTP Audio-Visual Profile 734 with Feedback (AVPF)", RFC 5104, February 2008. 736 [RFC5450] Singer, D. and H. Desineni, "Transmission Time Offsets in 737 RTP Streams", RFC 5450, March 2009. 739 [RFC5506] Johansson, I. and M. Westerlund, "Support for Reduced-Size 740 Real-Time Transport Control Protocol (RTCP): Opportunities 741 and Consequences", RFC 5506, April 2009. 743 [RFC6051] Perkins, C. and T. Schierl, "Rapid Synchronisation of RTP 744 Flows", RFC 6051, November 2010. 746 [RFC6679] Westerlund, M., Johansson, I., Perkins, C., O'Hanlon, P., 747 and K. Carlberg, "Explicit Congestion Notification (ECN) 748 for RTP over UDP", RFC 6679, August 2012. 750 [RFC6798] Clark, A. and Q. Wu, "RTP Control Protocol (RTCP) Extended 751 Report (XR) Block for Packet Delay Variation Metric 752 Reporting", RFC 6798, November 2012. 754 [RFC6843] Clark, A., Gross, K., and Q. Wu, "RTP Control Protocol 755 (RTCP) Extended Report (XR) Block for Delay Metric 756 Reporting", RFC 6843, January 2013. 758 [RFC6958] Clark, A., Zhang, S., Zhao, J., and Q. Wu, "RTP Control 759 Protocol (RTCP) Extended Report (XR) Block for Burst/Gap 760 Loss Metric Reporting", RFC 6958, May 2013. 762 [RFC7002] Clark, A., Zorn, G., and Q. Wu, "RTP Control Protocol 763 (RTCP) Extended Report (XR) Block for Discard Count Metric 764 Reporting", RFC 7002, September 2013. 766 [RFC7003] Clark, A., Huang, R., and Q. Wu, "RTP Control Protocol 767 (RTCP) Extended Report (XR) Block for Burst/Gap Discard 768 Metric Reporting", RFC 7003, September 2013. 770 [RFC7097] Ott, J., Singh, V., and I. Curcio, "RTP Control Protocol 771 (RTCP) Extended Report (XR) for RLE of Discarded Packets", 772 RFC 7097, January 2014. 774 Authors' Addresses 776 Colin Perkins 777 University of Glasgow 778 School of Computing Science 779 Glasgow G12 8QQ 780 United Kingdom 782 Email: csp@csperkins.org 784 Varun Singh 785 Aalto University 786 School of Electrical Engineering 787 Otakaari 5 A 788 Espoo, FIN 02150 789 Finland 791 Email: varun@comnet.tkk.fi 792 URI: http://www.netlab.tkk.fi/~varun/