idnits 2.17.1 draft-ietf-ice-pac-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 29, 2020) is 1456 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5389 (Obsoleted by RFC 8489) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ICE Working Group C. Holmberg 3 Internet-Draft Ericsson 4 Updates: 8445 (if approved) J. Uberti 5 Intended status: Standards Track Google 6 Expires: October 31, 2020 April 29, 2020 8 Interactive Connectivity Establishment Patiently Awaiting Connectivity 9 (ICE PAC) 10 draft-ietf-ice-pac-06 12 Abstract 14 During the process of establishing peer-to-peer connectivity, ICE 15 agents can encounter situations where they have no candidate pairs to 16 check, and, as a result, conclude that ICE processing has failed. 17 However, because additional candidate pairs can be discovered during 18 ICE processing, declaring failure at this point may be premature. 19 This document discusses when these situations can occur and updates 20 RFC8445 and RFC XXXX by requiring that an ICE agent wait a minimum 21 amount of time before declaring ICE failure, even if there are no 22 candidate pairs left to check. 24 [RFC EDITOR NOTE: Please replace RFC XXXX with the RFC number of 25 draft-ietf-ice-trickle once it has been published. Please also 26 indicate that this specification updates RFC XXXX.] 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at http://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on October 31, 2020. 45 Copyright Notice 47 Copyright (c) 2020 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 63 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 64 3. Relevant Scenarios . . . . . . . . . . . . . . . . . . . . . 3 65 3.1. No Candidates From Peer . . . . . . . . . . . . . . . . . 3 66 3.2. All Candidates Discarded . . . . . . . . . . . . . . . . 4 67 3.3. Immediate Candidate Pair Failure . . . . . . . . . . . . 4 68 4. Update to RFC 8445 . . . . . . . . . . . . . . . . . . . . . 4 69 5. Update to RFC XXXX . . . . . . . . . . . . . . . . . . . . . 5 70 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 71 7. IANA considerations . . . . . . . . . . . . . . . . . . . . . 6 72 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 73 9. Normative References . . . . . . . . . . . . . . . . . . . . 6 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 76 1. Introduction 78 [RFC8445] describes a protocol, Interactive Connectivity 79 Establishment (ICE), for Network Address Translator (NAT) traversal 80 for UDP-based communication. 82 When using ICE, endpoints will typically exchange ICE candidates, 83 form a list of candidate pairs, and then test each candidate pair to 84 see if connectivity can be established. If the test for a given pair 85 fails, it is marked accordingly, and if all pairs have failed, the 86 overall ICE process typically is considered to have failed. 88 During the process of connectivity checks, additional candidates may 89 be created as a result of successful inbound checks from the remote 90 peer. Such candidates are referred to as peer-reflexive candidates, 91 and once discovered, will be used to form new candidate pairs which 92 will be tested like any other. However, there is an inherent problem 93 here; if, before learning about any peer-reflexive candidates, an 94 endpoint runs out of candidate pairs to check, either because it has 95 none, or it considers them all to have failed, it will prematurely 96 declare failure and terminate ICE processing. This problem can occur 97 in many common situations. 99 This specification updates [RFC8445], by simply requiring that an ICE 100 agent wait a minimum amount of time before declaring ICE failure, 101 even if there are no candidate pairs to check, or if all candidate 102 pairs have failed. This delay provides enough time for the discovery 103 of peer-reflexive candidates, which may eventually lead to ICE 104 processing completing successfully. 106 2. Conventions 108 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 109 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 110 "OPTIONAL" in this document are to be interpreted as described in BCP 111 14 [RFC2119] [RFC8174] when, and only when, they appear in all 112 capitals, as shown here. 114 3. Relevant Scenarios 116 As noted above, the core problem this specification attempts to 117 address is the situation where even after local gathering and remote 118 candidate signaling has completed, the ICE agent immediately ends up 119 with no valid pairs and no candidate pairs left to check, resulting 120 in a premature ICE failure. This failure is premature because not 121 enough time has elapsed to allow for discovery of peer-reflexive 122 candidates from inbound connectivity checks; if discovered, these 123 candidates are very likely to result in a valid pair. 125 In most ICE scenarios, the lengthy timeouts for connectivity check 126 transactions, typically tens of seconds, will prevent this problem 127 from occurring. However, there are certain specific cases where this 128 problem will frequently occur. 130 3.1. No Candidates From Peer 132 Per RFC XXXX, an ICE agent can provide zero candidates of its own. 133 If the agent somehow knows that the remote endpoint is directly 134 reachable, gathering local candidates is unnecessary and will only 135 cause delays; the peer agent can discover the appropriate local 136 candidate via connectivity checks. 138 However, following the procedures from [RFC8445] strictly will result 139 in immediate ICE failure, since the checklist at the peer agent will 140 be empty. 142 3.2. All Candidates Discarded 144 Even if the ICE agent provides candidates, they may be discarded by 145 the peer agent if it does not know what to do with them. For 146 example, candidates may use an address family that the peer agent 147 does not support, (e.g., a host candidate with an IPv6 address in a 148 NAT64 scenario), or may not be usable for some other reason. 150 In these scenarios, when the candidates are discarded, the checklist 151 at the peer agent will once again be empty, leading to immediate ICE 152 failure. 154 3.3. Immediate Candidate Pair Failure 156 Section 7.2.5.2 of [RFC8445] describes several situations in which a 157 candidate pair will be considered to have failed, well before the 158 connectivity check transaction timeout. 160 As a result, even if the ICE agent provides usable candidates, the 161 pairs created by the peer agent may fail immediately when checked, 162 e.g., a check to a non-routable address that receives an immediate 163 ICMP error. 165 In this situation, the checklist at the peer agent may contain only 166 failed pairs, resulting in immediate ICE failure. 168 4. Update to RFC 8445 170 In order to avoid the problem raised by this document, the ICE agent 171 needs to wait enough time to allow peer-reflexive candidates to be 172 discovered. Accordingly, when a full ICE implementation begins its 173 ICE processing, as described in [RFC8445], Section 6.1, it MUST set a 174 timer, henceforth known as the PAC timer, to ensure ICE will run for 175 a minimum amount of time before determining failure. 177 Specifically, the ICE agent will start its timer once it believes ICE 178 connectivity checks are starting. This occurs when the agent has 179 sent the values needed to perform connectivity checks (e.g., the 180 Username Fragment and Password denoted in [RFC8445], Section 5.3) and 181 has received some indication that the remote side is ready to start 182 connectivity checks, typically via receipt of the values mentioned 183 above. Note that the agent will start the timer even if it has not 184 sent or received any ICE candidates. 186 The RECOMMENDED duration for the PAC timer is equal to the agent's 187 connectivity check transaction timeout, including all 188 retransmissions. When using default values for RTO and Rc, this 189 amounts to 39.5 seconds, as explained in [RFC5389], Section 7.2.1. 191 This timeout value is chosen to roughly coincide with the maximum 192 possible duration of ICE connectivity checks from the remote peer, 193 which, if successful, could create peer-reflexive candidates. 194 Because the ICE agent doesn't know the exact number of candidate 195 pairs and pacing interval in use by the remote side, this timeout 196 value is simply a guess, albeit an educated one. Regardless, for 197 this particular problem, the desired benefits will be realized as 198 long as the agent waits some reasonable amount of time, and, as 199 usual, the application is in the best position to determine what is 200 reasonable for its scenario. 202 While the timer is still running, the ICE agent MUST NOT update a 203 checklist state from Running to Failed, even if there are no pairs 204 left in the checklist to check. As a result, the ICE agent will not 205 remove any data streams or set the state of the ICE session to Failed 206 as long as the timer is running. 208 When the timer eventually elapses, the ICE agent MUST resume typical 209 ICE processing, including setting the state of any checklists to 210 Failed if they have no pairs left to check, and handling any 211 consequences as indicated in [RFC8445], Section 8.1.2. Naturally, if 212 there are no such checklists, no action is necessary. 214 One consequence of this behavior is that in cases where ICE should 215 fail, e.g., where both sides provide candidates with unsupported 216 address families, ICE will no longer fail immediately, and only fail 217 when the PAC timer expires. However, because most ICE scenarios 218 require an extended period of time to determine failure, the fact 219 that some specific scenarios no longer fail fast should have minimal 220 application impact, if any. 222 Note also that the PAC timer is potentially relevant to the ICE 223 nomination procedure described in [RFC8445], Section 8.1.1. That 224 specification does not define a minimum duration for ICE processing 225 prior to nomination of a candidate pair, but in order to select the 226 best candidate pair, ICE needs to run for enough time in order to 227 allow peer-reflexive candidates to be discovered and checked, as 228 noted above. Accordingly, the controlling ICE agent SHOULD wait a 229 sufficient amount of time before nominating candidate pairs, and it 230 MAY use the PAC timer to do so. As always, the controlling ICE agent 231 retains full discretion, and MAY decide, based on its own criteria, 232 to nominate pairs prior to the PAC timer elapsing. 234 5. Update to RFC XXXX 236 [RFC EDITOR NOTE: Please replace RFC XXXX with the RFC number of 237 draft-ietf-ice-trickle once it has been published.] 238 Trickle ICE [I-D.ietf-ice-trickle] considers a similar problem, 239 namely whether an ICE agent should allow a checklist to enter the 240 Failed state if more candidates might still be provided by the remote 241 peer. The solution, specified in [I-D.ietf-ice-trickle], Section 8, 242 is to wait until an end-of-candidates indication has been received 243 before determining ICE failure. 245 However, for the same reasons described above, the ICE agent may 246 discover peer-reflexive candidates after it has received the end-of- 247 candidates indication, and so the solution proposed by this document 248 MUST still be used even when the ICE agent is using Trickle ICE. 250 Note also that sending an end-of-candidates indication is only a 251 SHOULD-strength requirement, which means that ICE agents will need to 252 implement a backup mechanism to decide when all candidates have been 253 received, typically a timer. Accordingly, ICE agents MAY use the PAC 254 timer to also serve as an end-of-candidates fallback. 256 6. Security Considerations 258 The security considerations for ICE are defined in [RFC8445]. This 259 specification only recommends that ICE agents wait for a certain time 260 of period before they declare ICE failure, and does not introduce new 261 security considerations. 263 7. IANA considerations 265 This specification makes no requests to IANA. 267 8. Acknowledgements 269 Roman Shpount, Nils Ohlmeier and Peter Thatcher provided lots of 270 useful input and comments. 272 9. Normative References 274 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 275 Requirement Levels", BCP 14, RFC 2119, 276 DOI 10.17487/RFC2119, March 1997, . 279 [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, 280 "Session Traversal Utilities for NAT (STUN)", RFC 5389, 281 DOI 10.17487/RFC5389, October 2008, . 284 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 285 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 286 May 2017, . 288 [RFC8445] Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive 289 Connectivity Establishment (ICE): A Protocol for Network 290 Address Translator (NAT) Traversal", RFC 8445, 291 DOI 10.17487/RFC8445, July 2018, . 294 [I-D.ietf-ice-trickle] 295 Ivov, E., Rescorla, E., Uberti, J., and P. Saint-Andre, 296 "Trickle ICE: Incremental Provisioning of Candidates for 297 the Interactive Connectivity Establishment (ICE) 298 Protocol", draft-ietf-ice-trickle-21 (work in progress), 299 April 2018. 301 Authors' Addresses 303 Christer Holmberg 304 Ericsson 305 Hirsalantie 11 306 Jorvas 02420 307 Finland 309 Email: christer.holmberg@ericsson.com 311 Justin Uberti 312 Google 313 747 6th St W 314 Kirkland 98033 315 USA 317 Email: justin@uberti.name