idnits 2.17.1 draft-ietf-ice-pac-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 13, 2019) is 1655 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ICE Working Group C. Holmberg 3 Internet-Draft Ericsson 4 Updates: 8445 (if approved) J. Uberti 5 Intended status: Standards Track Google 6 Expires: April 15, 2020 October 13, 2019 8 Interactive Connectivity Establishment Patiently Awaiting Connectivity 9 (ICE PAC) 10 draft-ietf-ice-pac-03 12 Abstract 14 During the process of establishing peer-to-peer connectivity, ICE 15 agents can encounter situations where they have no candidate pairs to 16 check, and, as a result, conclude that ICE processing has failed. 17 However, because additional candidate pairs can be discovered during 18 ICE processing, declaring failure at this point may be premature. 19 This document discusses when these situations can occur and proposes 20 a way to avoid premature failure. This document updates RFC 8445 and 21 RFC XXXX. 23 [RFC EDITOR NOTE: Please replace RFC XXXX with the RFC number of 24 draft-ietf-ice-trickle once it has been published. Please also 25 indicate that this specification updates RFC XXXX.] 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at http://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on April 15, 2020. 44 Copyright Notice 46 Copyright (c) 2019 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (http://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 62 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 3. Relevant Scenarios . . . . . . . . . . . . . . . . . . . . . 3 64 3.1. No Candidates From Peer . . . . . . . . . . . . . . . . . 3 65 3.2. All Candidates Discarded . . . . . . . . . . . . . . . . 3 66 3.3. Immediate Candidate Pair Failure . . . . . . . . . . . . 4 67 4. Update to RFC 8445 . . . . . . . . . . . . . . . . . . . . . 4 68 5. Update to RFC XXXX . . . . . . . . . . . . . . . . . . . . . 5 69 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 70 7. IANA considerations . . . . . . . . . . . . . . . . . . . . . 6 71 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 72 9. Normative References . . . . . . . . . . . . . . . . . . . . 6 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 75 1. Introduction 77 [RFC8445] describes a protocol, Interactive Connectivity 78 Establishment (ICE), for Network Address Translator (NAT) traversal 79 for UDP-based communication. 81 When using ICE, endpoints will typically exchange ICE candidates, 82 form a list of candidate pairs, and then test each candidate pair to 83 see if connectivity can be established. If the test for a given pair 84 fails, it is marked accordingly, and if all pairs have failed, the 85 overall ICE process typically is considered to have failed. 87 During the process of connectivity checks, additional candidates may 88 be created as a result of successful inbound checks from the remote 89 peer. Such candidates are referred to as peer-reflexive candidates, 90 and once discovered, will be used to form new candidate pairs which 91 will be tested like any other. However, there is an inherent race 92 condition here; if, before learning about any peer-reflexive 93 candidates, an endpoint runs out of candidate pairs to check, either 94 because it has none, or it considers them all to have failed, it will 95 prematurely declare failure and terminate ICE processing. This race 96 condition can occur in many common situations. 98 This specification updates [RFC8445], by simply requiring that an ICE 99 agent wait a minimum amount of time before declaring ICE failure, 100 even if there are no candidate pairs to check, or if all candidate 101 pairs have failed. This delay provides enough time for the discovery 102 of peer-reflexive candidates, which may eventually lead to ICE 103 processing completing successfully. 105 2. Conventions 107 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 108 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 109 "OPTIONAL" in this document are to be interpreted as described in BCP 110 14 [RFC2119] [RFC8174] when, and only when, they appear in all 111 capitals, as shown here. 113 3. Relevant Scenarios 115 As noted above, the core problem this specification attempts to 116 address is the situation where even after local gathering and remote 117 candidate signaling has completed, the ICE agent immediately ends up 118 with no valid pairs and no candidate pairs left to check, resulting 119 in a premature ICE failure. This failure is premature because not 120 enough time has elapsed to allow for discovery of peer-reflexive 121 candidates from inbound connectivity checks; if discovered, these 122 candidates are very likely to result in a valid pair. 124 In most ICE scenarios, the lengthy timeouts for connectivity check 125 transactions, typically tens of seconds, will prevent this problem 126 from occurring. However, there are certain specific cases where this 127 problem will frequently occur. 129 3.1. No Candidates From Peer 131 It is entirely legal for an ICE agent to provide zero candidates of 132 its own. If the agent somehow knows that the remote endpoint is 133 directly reachable, gathering local candidates is unnecessary and 134 will only cause delays; the peer agent can discover the appropriate 135 local candidate via connectivity checks. 137 However, following the procedures from [RFC8445] strictly will result 138 in immediate ICE failure, since the checklist at the peer agent will 139 be empty. 141 3.2. All Candidates Discarded 143 Even if the ICE agent provides candidates, they may be discarded by 144 the peer agent if it does not know what to do with them. For 145 example, candidates may use an address family that the peer agent 146 does not support, (e.g., a host candidate with an IPv6 address in a 147 NAT64 scenario), or may not be usable for some other reason. 149 In these scenarios, when the candidates are discarded, the checklist 150 at the peer agent will once again be empty, leading to immediate ICE 151 failure. 153 3.3. Immediate Candidate Pair Failure 155 Section 7.2.5.2 of [RFC8445] describes several situations in which a 156 candidate pair will be considered to have failed, well before the 157 connectivity check transaction timeout. 159 As a result, even if the ICE agent provides usable candidates, the 160 pairs created by the peer agent may fail immediately when checked, 161 e.g., a check to a non-routable address that receives an immediate 162 ICMP error. 164 In this situation, the checklist at the peer agent may contain only 165 failed pairs, resulting in immediate ICE failure. 167 4. Update to RFC 8445 169 In order to avoid the problem raised by this document, the ICE agent 170 needs to wait enough time to allow peer-reflexive candidates to be 171 discovered. Accordingly, when a full ICE implementation begins its 172 ICE processing, as described in [RFC8445], Section 6.1, it MUST set a 173 timer, henceforth known as the PAC timer, to ensure ICE will run for 174 a minimum amount of time before determining failure. 176 Specifically, the ICE agent will start its timer once it believes ICE 177 connectivity checks are starting. This occurs when the agent has 178 sent the values needed to perform connectivity checks (e.g., the 179 Username Fragment and Password denoted in [RFC8445], Section 5.3) and 180 has received some indication that the remote side is ready to start 181 connectivity checks, typically via receipt of the values mentioned 182 above. Note that the agent will start the timer even if it has not 183 sent or received any ICE candidates. 185 The RECOMMENDED duration for the timer is equal to the agent's 186 connectivity check transaction timeout, including all 187 retransmissions. This timeout value is chosen to roughly coincide 188 with the maximum possible duration of ICE connectivity checks from 189 the remote peer, which, if successful, could create peer-reflexive 190 candidates. Because the ICE agent doesn't know the exact number of 191 candidate pairs and pacing interval in use by the remote side, this 192 timeout value is simply a guess, albeit an educated one. Regardless, 193 for this particular problem, the desired benefits will be realized as 194 long as the agent waits some reasonable amount of time, and, as 195 usual, the application is in the best position to determine what is 196 reasonable for its scenario. 198 While the timer is running, the ICE agent MUST NOT set the state of a 199 checklist to Failed, even if the checklist has no pairs left to 200 check. As a result, the ICE agent will not remove any data streams 201 or set the state of the ICE session to Failed as long as the timer is 202 running. 204 When the timer eventually elapses, the ICE agent MUST resume typical 205 ICE processing, including setting any checklists containing only 206 Failed pairs to the Failed state, as usual, and handling any 207 consequences as indicated in [RFC8445], Section 8.1.2. Naturally, if 208 there are no such checklists, no action is necessary. 210 One consequence of this behavior is that in cases where ICE should 211 fail, e.g., where both sides provide candidates with unsupported 212 address families, ICE will no longer fail immediately, and only fail 213 when the PAC timer expires. However, because most ICE scenarios 214 require an extended period of time to determine failure, the fact 215 that some specific scenarios no longer fail fast should have minimal 216 application impact, if any. 218 Note also that the PAC timer is potentially relevant to the ICE 219 nomination procedure described in [RFC8445], Section 8.1.1. That 220 specification does not define a minimum duration for ICE processing 221 prior to nomination of a candidate pair, but in order to select the 222 best candidate pair, ICE needs to run for enough time in order to 223 allow peer-reflexive candidates to be discovered and checked, as 224 noted above. Accordingly, the controlling ICE agent SHOULD wait a 225 sufficient amount of time before nominating candidate pairs, and it 226 MAY use the PAC timer to do so. As always, the controlling ICE agent 227 retains full discretion, and MAY decide, based on its own criteria, 228 to nominate pairs prior to the timer elapsing. 230 5. Update to RFC XXXX 232 [RFC EDITOR NOTE: Please replace RFC XXXX with the RFC number of 233 draft-ietf-ice-trickle once it has been published.] 235 Trickle ICE [I-D.ietf-ice-trickle] considers a similar problem, 236 namely whether an ICE agent should allow a checklist to enter the 237 Failed state if more candidates might still be provided by the remote 238 peer. The solution, specified in [I-D.ietf-ice-trickle], Section 8, 239 is to wait until an end-of-candidates indication has been received 240 before determining ICE failure. 242 However, for the same reasons described above, the ICE agent may 243 discover peer-reflexive candidates after it has received the end-of- 244 candidates indication, and so the solution proposed by this document 245 MUST still be used even when the ICE agent is using Trickle ICE. 247 Note also that sending an end-of-candidates indication is only a 248 SHOULD-strength requirement, which means that ICE agents will need to 249 implement an backup mechanism to decide when all candidates have been 250 received, typically a timer. Accordingly, ICE agents MAY use the PAC 251 timer to also serve as an end-of-candidates fallback. 253 6. Security Considerations 255 The security considerations for ICE are defined in [RFC8445]. This 256 specification only recommends that ICE agents wait for a certain time 257 of period before they declare ICE failure, and does not introduce new 258 security considerations. 260 7. IANA considerations 262 This specification makes no requests to IANA. 264 8. Acknowledgements 266 9. Normative References 268 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 269 Requirement Levels", BCP 14, RFC 2119, 270 DOI 10.17487/RFC2119, March 1997, . 273 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 274 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 275 May 2017, . 277 [RFC8445] Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive 278 Connectivity Establishment (ICE): A Protocol for Network 279 Address Translator (NAT) Traversal", RFC 8445, 280 DOI 10.17487/RFC8445, July 2018, . 283 [I-D.ietf-ice-trickle] 284 Ivov, E., Rescorla, E., Uberti, J., and P. Saint-Andre, 285 "Trickle ICE: Incremental Provisioning of Candidates for 286 the Interactive Connectivity Establishment (ICE) 287 Protocol", draft-ietf-ice-trickle-21 (work in progress), 288 April 2018. 290 Authors' Addresses 292 Christer Holmberg 293 Ericsson 294 Hirsalantie 11 295 Jorvas 02420 296 Finland 298 Email: christer.holmberg@ericsson.com 300 Justin Uberti 301 Google 302 747 6th St W 303 Kirkland 98033 304 USA 306 Email: justin@uberti.name