idnits 2.17.1 draft-ietf-ice-trickle-19.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 9 instances of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 5, 2018) is 2205 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-18) exists of draft-ietf-mmusic-trickle-ice-sip-14 == Outdated reference: A later version (-12) exists of draft-ietf-rtcweb-ip-handling-06 -- Obsolete informational reference (is this intentional?): RFC 4566 (Obsoleted by RFC 8866) -- Obsolete informational reference (is this intentional?): RFC 5389 (Obsoleted by RFC 8489) -- Obsolete informational reference (is this intentional?): RFC 5766 (Obsoleted by RFC 8656) -- Obsolete informational reference (is this intentional?): RFC 6336 (Obsoleted by RFC 8839) Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group E. Ivov 3 Internet-Draft Atlassian 4 Intended status: Standards Track E. Rescorla 5 Expires: October 7, 2018 RTFM, Inc. 6 J. Uberti 7 Google 8 P. Saint-Andre 9 Mozilla 10 April 5, 2018 12 Trickle ICE: Incremental Provisioning of Candidates for the Interactive 13 Connectivity Establishment (ICE) Protocol 14 draft-ietf-ice-trickle-19 16 Abstract 18 This document describes "Trickle ICE", an extension to the 19 Interactive Connectivity Establishment (ICE) protocol that enables 20 ICE agents to begin connectivity checks while they are still 21 gathering candidates, by incrementally "trickling" candidates over 22 time. This method can considerably accelerate the process of 23 establishing a communication session. 25 Status of This Memo 27 This Internet-Draft is submitted in full conformance with the 28 provisions of BCP 78 and BCP 79. 30 Internet-Drafts are working documents of the Internet Engineering 31 Task Force (IETF). Note that other groups may also distribute 32 working documents as Internet-Drafts. The list of current Internet- 33 Drafts is at https://datatracker.ietf.org/drafts/current/. 35 Internet-Drafts are draft documents valid for a maximum of six months 36 and may be updated, replaced, or obsoleted by other documents at any 37 time. It is inappropriate to use Internet-Drafts as reference 38 material or to cite them other than as "work in progress." 40 This Internet-Draft will expire on October 7, 2018. 42 Copyright Notice 44 Copyright (c) 2018 IETF Trust and the persons identified as the 45 document authors. All rights reserved. 47 This document is subject to BCP 78 and the IETF Trust's Legal 48 Provisions Relating to IETF Documents 49 (https://trustee.ietf.org/license-info) in effect on the date of 50 publication of this document. Please review these documents 51 carefully, as they describe your rights and restrictions with respect 52 to this document. Code Components extracted from this document must 53 include Simplified BSD License text as described in Section 4.e of 54 the Trust Legal Provisions and are provided without warranty as 55 described in the Simplified BSD License. 57 Table of Contents 59 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 60 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 61 3. Determining Support for Trickle ICE . . . . . . . . . . . . . 5 62 4. Conveying the Initial ICE Description . . . . . . . . . . . . 6 63 5. Responder Procedures . . . . . . . . . . . . . . . . . . . . 7 64 5.1. Conveying the Initial Response . . . . . . . . . . . . . 7 65 6. Initiator Procedures . . . . . . . . . . . . . . . . . . . . 8 66 7. Performing Connectivity Checks . . . . . . . . . . . . . . . 8 67 7.1. Forming Check Lists and Beginning Connectivity 68 Checks . . . . . . . . . . . . . . . . . . . . . . . . . 8 69 7.2. Scheduling Checks . . . . . . . . . . . . . . . . . . . . 8 70 7.3. Empty Check Lists . . . . . . . . . . . . . . . . . . . . 9 71 7.4. Setting Check List State to Failed . . . . . . . . . . . 9 72 8. Discovering and Conveying Additional Local Candidates . . . . 9 73 8.1. Pairing Newly Learned Candidates and Updating 74 Check Lists . . . . . . . . . . . . . . . . . . . . . . . 11 75 8.1.1. Inserting a New Pair in a Check List . . . . . . . . 11 76 8.2. Announcing End of Candidates . . . . . . . . . . . . . . 15 77 9. Receiving Additional Remote Candidates . . . . . . . . . . . 17 78 10. Receiving an End-Of-Candidates Indication . . . . . . . . . . 17 79 11. Subsequent Exchanges and ICE Restarts . . . . . . . . . . . . 17 80 12. Half Trickle . . . . . . . . . . . . . . . . . . . . . . . . 17 81 13. Trickle ICE and Peer Reflexive Candidates . . . . . . . . . . 19 82 14. Requirements for Using Protocols . . . . . . . . . . . . . . 19 83 15. Preserving Candidate Order while Trickling . . . . . . . . . 19 84 16. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 85 17. Security Considerations . . . . . . . . . . . . . . . . . . . 21 86 18. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 21 87 19. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 88 19.1. Normative References . . . . . . . . . . . . . . . . . . 21 89 19.2. Informative References . . . . . . . . . . . . . . . . . 22 90 Appendix A. Interaction with Regular ICE . . . . . . . . . . . . 23 91 Appendix B. Interaction with ICE Lite . . . . . . . . . . . . . 24 92 Appendix C. Changes from Earlier Versions . . . . . . . . . . . 25 93 C.1. Changes from draft-ietf-ice-trickle-18 . . . . . . . . . 26 94 C.2. Changes from draft-ietf-ice-trickle-17 . . . . . . . . . 26 95 C.3. Changes from draft-ietf-ice-trickle-16 . . . . . . . . . 26 96 C.4. Changes from draft-ietf-ice-trickle-15 . . . . . . . . . 26 97 C.5. Changes from draft-ietf-ice-trickle-14 . . . . . . . . . 26 98 C.6. Changes from draft-ietf-ice-trickle-13 . . . . . . . . . 26 99 C.7. Changes from draft-ietf-ice-trickle-12 . . . . . . . . . 27 100 C.8. Changes from draft-ietf-ice-trickle-11 . . . . . . . . . 27 101 C.9. Changes from draft-ietf-ice-trickle-10 . . . . . . . . . 27 102 C.10. Changes from draft-ietf-ice-trickle-09 . . . . . . . . . 27 103 C.11. Changes from draft-ietf-ice-trickle-08 . . . . . . . . . 27 104 C.12. Changes from draft-ietf-ice-trickle-07 . . . . . . . . . 27 105 C.13. Changes from draft-ietf-ice-trickle-06 . . . . . . . . . 27 106 C.14. Changes from draft-ietf-ice-trickle-05 . . . . . . . . . 28 107 C.15. Changes from draft-ietf-ice-trickle-04 . . . . . . . . . 28 108 C.16. Changes from draft-ietf-ice-trickle-03 . . . . . . . . . 28 109 C.17. Changes from draft-ietf-ice-trickle-02 . . . . . . . . . 28 110 C.18. Changes from draft-ietf-ice-trickle-01 . . . . . . . . . 28 111 C.19. Changes from draft-ietf-ice-trickle-00 . . . . . . . . . 28 112 C.20. Changes from draft-mmusic-trickle-ice-02 . . . . . . . . 29 113 C.21. Changes from draft-ivov-01 and draft-mmusic-00 . . . . . 29 114 C.22. Changes from draft-ivov-00 . . . . . . . . . . . . . . . 29 115 C.23. Changes from draft-rescorla-01 . . . . . . . . . . . . . 30 116 C.24. Changes from draft-rescorla-00 . . . . . . . . . . . . . 31 117 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 31 119 1. Introduction 121 The Interactive Connectivity Establishment (ICE) protocol 122 [rfc5245bis] describes how an ICE agent gathers candidates, exchanges 123 candidates with a peer ICE agent, and creates candidate pairs. Once 124 the pairs have been created, the ICE agent will perform connectivity 125 checks, and eventually nominate and select pairs that will be used 126 for sending and receiving data within a communication session. 128 Following the procedures in [rfc5245bis] can lead to somewhat lengthy 129 session establishment times, because candidate gathering often 130 involves querying STUN servers [RFC5389] and allocating relayed 131 candidates using TURN servers [RFC5766]. Although many ICE 132 procedures can be completed in parallel, the pacing requirements from 133 [rfc5245bis] still need to be followed. 135 This document defines a supplementary mode of ICE operation, "Trickle 136 ICE", in which candidates can be exchanged incrementally as soon as 137 they become available (and simultaneously with the gathering of other 138 candidates). Connectivity checks can also start as soon as candidate 139 pairs have been created. Because Trickle ICE enables candidate 140 gathering and connectivity checks to be done in parallel, the method 141 can considerably accelerate the process of establishing a 142 communication session. 144 This document also defines how to discover support for Trickle ICE, 145 how the procedures in [rfc5245bis] are modified or supplemented when 146 using Trickle ICE, and how a Trickle ICE agent can interoperate with 147 an ICE agent compliant to [rfc5245bis]. 149 This document does not define any protocol-specific usage of Trickle 150 ICE. Instead, protocol-specific details for Trickle ICE are defined 151 in separate usage documents. Examples of such documents are 152 [I-D.ietf-mmusic-trickle-ice-sip] (which defines usage with the 153 Session Initiation Protocol (SIP) [RFC3261] and the Session 154 Description Protocol [RFC3261]) and [XEP-0176] (which defines usage 155 with XMPP [RFC6120]). However, some of the examples in the document 156 use SDP and the offer/answer model [RFC3264] to explain the 157 underlying concepts. 159 The following diagram illustrates a successful Trickle ICE exchange 160 with a using protocol that follows the offer/answer model: 162 Alice Bob 163 | Offer | 164 |---------------------------------------------->| 165 | Additional Candidates | 166 |---------------------------------------------->| 167 | Answer | 168 |<----------------------------------------------| 169 | Additional Candidates | 170 |<----------------------------------------------| 171 | Additional Candidates and Connectivity Checks | 172 |<--------------------------------------------->| 173 |<========== CONNECTION ESTABLISHED ===========>| 175 Figure 1: Flow 177 There is quite a bit of operational experience with the technique 178 behind Trickle ICE, going back as far as 2005 (when the XMPP Jingle 179 extension defined a "dribble mode" as specified in [XEP-0176]); this 180 document incorporates feedback from those who have implemented and 181 deployed the technique over the years. 183 2. Terminology 185 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 186 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 187 document are to be interpreted as described in [RFC2119]. 189 This specification makes use of all terminology defined for 190 Interactive Connectivity Establishment in [rfc5245bis]. In addition, 191 it defines the following terms: 193 Full Trickle: The typical mode of operation for Trickle ICE agents, 194 in which the initial ICE description can include any number of 195 candidates (even zero candidates) and does not need to include a 196 full generation of candidates as in half trickle. 198 Generation: All of the candidates conveyed within an ICE session. 200 Half Trickle: A Trickle ICE mode of operation in which the initiator 201 gathers a full generation of candidates strictly before creating 202 and conveying the initial ICE description. Once conveyed, this 203 candidate information can be processed by regular ICE agents, 204 which do not require support for Trickle ICE. It also allows 205 Trickle ICE capable responders to still gather candidates and 206 perform connectivity checks in a non-blocking way, thus providing 207 roughly "half" the advantages of Trickle ICE. The half trickle 208 mechanism is mostly meant for use when the responder's support for 209 Trickle ICE cannot be confirmed prior to conveying the initial ICE 210 description. 212 ICE Description: Any attributes related to the ICE session (not 213 candidates) required to configure an ICE agent. These include but 214 are not limited to the username fragment, password, and other 215 attributes. 217 Trickled Candidates: Candidates that a Trickle ICE agent conveys 218 after conveying the initial ICE description or responding to the 219 initial ICE description, but within the same ICE session. 220 Trickled candidates can be conveyed in parallel with candidate 221 gathering and connectivity checks. 223 Trickling: The act of incrementally conveying trickled candidates. 225 Empty Check List: A check list that initially does not contain any 226 candidate pairs because they will be incrementally added as they 227 are trickled. (This scenario does not arise with a regular ICE 228 agent, because all candidate pairs are known when the agent 229 creates the check list set). 231 3. Determining Support for Trickle ICE 233 To fully support Trickle ICE, using protocols SHOULD incorporate one 234 of the following mechanisms so that implementations can determine 235 whether Trickle ICE is supported: 237 1. Provide a capabilities discovery method so that agents can verify 238 support of Trickle ICE prior to initiating a session (XMPP's 239 Service Discovery [XEP-0030] is one such mechanism). 241 2. Make support for Trickle ICE mandatory so that user agents can 242 assume support. 244 If a using protocol does not provide a method of determining ahead of 245 time whether Trickle ICE is supported, agents can make use of the 246 half trickle procedure described in Section 12. 248 Prior to conveying the initial ICE description, agents that implement 249 using protocols that support capabilities discovery can attempt to 250 verify whether or not the remote party supports Trickle ICE. If an 251 agent determines that the remote party does not support Trickle ICE, 252 it MUST fall back to using regular ICE or abandon the entire session. 254 Even if a using protocol does not include a capabilities discovery 255 method, a user agent can provide an indication within the ICE 256 description that it supports Trickle ICE by communicating an ICE 257 option of 'trickle'. This token MUST be provided either at the 258 session level or, if at the data stream level, for every data stream 259 (an agent MUST NOT specify Trickle ICE support for some data streams 260 but not others). Note: The encoding of the 'trickle' ICE option, and 261 the message(s) used to carry it to the peer, are protocol specific; 262 for instance, the encoding for the Session Description Protocol (SDP) 263 [RFC4566] is defined in [I-D.ietf-mmusic-trickle-ice-sip]. 265 Dedicated discovery semantics and half trickle are needed only prior 266 to session initiation. After a session is established and Trickle 267 ICE support is confirmed for both parties, either agent can use full 268 trickle for subsequent exchanges. 270 4. Conveying the Initial ICE Description 272 An initiator can start gathering candidates as soon as it has an 273 indication that communication is imminent (e.g., a user interface cue 274 or an explicit request to initiate a session). Unlike in regular 275 ICE, in Trickle ICE implementations do not need to gather candidates 276 in a blocking manner. Therefore, unless half trickle is being used, 277 the user experience is improved if the initiator generates and 278 transmits their initial ICE description as early as possible (thus 279 enabling the remote party to start gathering and trickling 280 candidates). 282 An initiator MAY include any mix of candidates when conveying the 283 initial ICE description. This includes the possibility of conveying 284 all the candidates the initiator plans to use (as in half trickle), 285 conveying only a publicly-reachable IP address (e.g., a candidate at 286 a data relay that is known to not be behind a firewall), or conveying 287 no candidates at all (in which case the initiator can obtain the 288 responder's initial candidate list sooner and the responder can begin 289 candidate gathering more quickly). 291 Methods for calculating priorities and foundations, as well as 292 determining redundancy of candidates, work just as in regular ICE 293 [rfc5245bis] (with the exception of pruning of duplicate peer 294 reflexive candidates as described under Section 7.1). 296 5. Responder Procedures 298 When a responder receives the initial ICE description, it will first 299 check if the ICE description or initiator indicates support for 300 Trickle ICE as explained in Section 3. If not, the responder MUST 301 process the initial ICE description according to regular ICE 302 procedures [rfc5245bis] (or, if no ICE support is detected at all, 303 according to relevant processing rules for the using protocol, such 304 as offer/answer processing rules [RFC3264]). However, if support for 305 Trickle ICE is confirmed, a responder will automatically assume 306 support for regular ICE as well. 308 If the initial ICE description indicates support for Trickle ICE, the 309 responder will determine its role and start gathering and 310 prioritizing candidates; while doing so, it will also respond by 311 conveying its own ICE description, so that both the initiator and the 312 responder can start forming check lists and begin connectivity 313 checks. 315 5.1. Conveying the Initial Response 317 A responder can respond to the initial ICE description at any point 318 while gathering candidates. The ICE description in the response MAY 319 contain any set of candidates, including all candidates or no 320 candidates. (The benefit of including no candidates is to convey the 321 ICE description as quickly as possible, so that both parties can 322 consider the overall session to be under active negotiation as soon 323 as possible.) 325 As noted in Section 3, in using protocols that use SDP the 326 responder's ICE description can indicate support for Trickle ICE by 327 including a token of "trickle" in the ice-options attribute. 329 6. Initiator Procedures 331 When processing the initial ICE description from a responder, the 332 initiator follows regular ICE procedures to determine its role, after 333 which it forms check lists (as described in Section 7.1) and begins 334 connectivity checks. 336 7. Performing Connectivity Checks 338 For the most part, Trickle ICE agents perform connectivity checks 339 following regular ICE procedures. However, the fact that gathering 340 and communicating candidates is asynchronous in Trickle ICE results 341 in several differences. 343 7.1. Forming Check Lists and Beginning Connectivity Checks 345 According to regular ICE procedures [rfc5245bis], in order for 346 candidate pairing to be possible and for duplicate candidates to be 347 pruned, the candidates would need to be provided in the relevant ICE 348 descriptions. By contrast, under Trickle ICE check lists can be 349 empty until candidates are conveyed or received. Therefore Trickle 350 ICE agents handle check list formation and candidate pairing in a 351 slightly different way than regular ICE agents: the agents still form 352 the check lists, but they populate a given check list only after they 353 actually have candidate pairs for that check list. Every check list 354 is initially placed in the Running state, even if the check list is 355 empty. An agent then begins connectivity checks (which includes 356 changing the state of some candidate pairs from Frozen to Waiting) as 357 defined in Section 6.1.2.6 of [rfc5245bis]. 359 With regard to pruning of duplicate candidate pairs, a Trickle ICE 360 agent SHOULD follow a policy of keeping the higher priority candidate 361 unless it is peer reflexive. 363 7.2. Scheduling Checks 365 As specified in [rfc5245bis], whenever timer Ta fires, only check 366 lists in the Running state will be picked when scheduling 367 connectivity checks for candidate pairs. 369 Therefore, a Trickle ICE agent MUST keep each check list in the 370 Running state as long as it expects candidate pairs to be 371 incrementally added to the check list. After that, the check list 372 state is set according to the procedures in [rfc5245bis]. 374 7.3. Empty Check Lists 376 The state of an empty check list is initially set to Running, in 377 accordance with Section 6.1.2.1 of [rfc5245bis]. 379 Whenever timer Ta fires, and an empty check list is picked, no action 380 is performed for the list. Without waiting for timer Ta to expire 381 again, the agent selects the next check list in the Running state, in 382 accordance with Section 6.1.4.2 of [rfc5245bis]. 384 In accordance with the rules defined in Section 8.1.1, when inserting 385 a new candidate pair into an empty check list, the agent sets the 386 pair to a state of Waiting or Frozen as appropriate. 388 7.4. Setting Check List State to Failed 390 Section 7.2.5.3.3 of [rfc5245bis] requires that agents update check 391 lists and timer states upon completing a connectivity check 392 transaction. During such an update, regular ICE agents would set the 393 state of a check list to Failed if both of the following two 394 conditions are satisfied: 396 o all of the pairs in the check list are either in the Failed state 397 or Succeeded state; and 399 o there is not a pair in the valid list for each component of the 400 data stream. 402 With Trickle ICE, the above situation would often occur when 403 candidate gathering and trickling are still in progress, even though 404 it is quite possible that future checks will succeed. For this 405 reason, Trickle ICE agents add the following conditions to the above 406 list: 408 o all candidate gathering has completed and the agent is not 409 expecting to discover any new local candidates; and 411 o the remote agent has conveyed an end-of-candidates indication for 412 that check list as described in Section 8.2. 414 8. Discovering and Conveying Additional Local Candidates 416 After candidate information has been conveyed, agents will most 417 likely continue discovering new local candidates as STUN, TURN, and 418 other non-host candidate gathering mechanisms begin to yield results. 419 Whenever an agent discovers such a new candidate it will compute its 420 priority, type, foundation, and component ID according to regular ICE 421 procedures. 423 The new candidate is then checked for redundancy against the existing 424 list of local candidates. If its transport address and base match 425 those of an existing candidate, it will be considered redundant and 426 will be ignored. This would often happen for server reflexive 427 candidates that match the host addresses they were obtained from 428 (e.g., when the latter are public IPv4 addresses). Contrary to 429 regular ICE, Trickle ICE agents will consider the new candidate 430 redundant regardless of its priority. 432 Next the agent "trickles" the newly discovered candidate(s) to the 433 remote agent. The actual delivery of the new candidates is handled 434 by a using protocol such as SIP or XMPP. Trickle ICE imposes no 435 restrictions on the way this is done (e.g., some using protocols 436 might choose not to trickle updates for server reflexive candidates 437 and instead rely on the discovery of peer reflexive ones). 439 When candidates are trickled, the using protocol MUST deliver each 440 candidate (and any end-of-candidates indication as described in 441 Section 8.2) to the receiving Trickle ICE implementation exactly once 442 and in the same order it was conveyed. If the using protocol 443 provides any candidate retransmissions, they need to be hidden from 444 the ICE implementation. 446 Also, candidate trickling needs to be correlated to a specific ICE 447 session, so that if there is an ICE restart, any delayed updates for 448 a previous session can be recognized as such and ignored by the 449 receiving party. For example, using protocols that signal candidates 450 via SDP might include a Username Fragment value in the corresponding 451 a=candidate line, such as: 453 a=candidate:1 1 UDP 2130706431 2001:db8::1 5000 typ host ufrag 8hhY 455 Or as another example, WebRTC implementations might include a 456 Username Fragment in the JavaScript objects that represent 457 candidates. 459 Note: The using protocol needs to provide a mechanism for both 460 parties to indicate and agree on the ICE session in force (as 461 identified by the Username Fragment and Password combination) so that 462 they have a consistent view of which candidates are to be paired. 463 This is especially important in the case of ICE restarts (see 464 Section 11). 466 Once the candidate has been conveyed to the remote party, the agent 467 checks if any remote candidates are currently known for this same 468 stream and component. If not, the new candidate will simply be added 469 to the list of local candidates. 471 Otherwise, if the agent has already learned of one or more remote 472 candidates for this stream and component, it will begin pairing the 473 new local candidates with them and adding the pairs to the existing 474 check lists according to their priority. 476 Note: A Trickle ICE agent MUST NOT pair a local candidate until it 477 has been trickled to the remote agent. 479 8.1. Pairing Newly Learned Candidates and Updating Check Lists 481 Forming candidate pairs works as described in the ICE specification 482 [rfc5245bis]. However, adding the new pair to a check list happens 483 according to the following rules: 485 1. If the new pair's local candidate is server reflexive, the agent 486 MUST replace the candidate with its base before completing the 487 redundancy check in step 2. 489 2. The agent eliminates redundant pairs by following the rules in 490 Section 5.1.3 of [rfc5245bis], but only if the old pair has a 491 state of Waiting or Frozen (thus avoiding removal of pairs for 492 which connectivity checks are in flight or for which connectivity 493 checks have already yielded a definitive result). 495 3. If after the foregoing redundancy test the check list where the 496 pair is to be added already contains the maximum number of 497 candidate pairs (100 by default as per [rfc5245bis]), the agent 498 SHOULD discard any pairs in the Failed state to make room for the 499 new pair. If there are no such pairs, the agent SHOULD discard 500 the new pair. 502 4. Otherwise, add the new pair to the check list. 504 8.1.1. Inserting a New Pair in a Check List 506 Consider the following tabular representation of all check lists in 507 an agent (note that initially for one of the foundations, i.e., f5, 508 there are no candidate pairs): 510 +-----------------+------+------+------+------+------+ 511 | | f1 | f2 | f3 | f4 | f5 | 512 +-----------------+------+------+------+------+------+ 513 | s1 (Audio.RTP) | F | F | F | | | 514 +-----------------+------+------+------+------+------+ 515 | s2 (Audio.RTCP) | F | F | F | F | | 516 +-----------------+------+------+------+------+------+ 517 | s3 (Video.RTP) | F | | | | | 518 +-----------------+------+------+------+------+------+ 519 | s4 (Video.RTCP) | F | | | | | 520 +-----------------+------+------+------+------+------+ 522 Figure 2: Example of Check List State 524 Each row in the table represents a component for a given data stream 525 (e.g., s1 and s2 might be the RTP and RTCP components for audio) and 526 thus a single check list in the check list set. Each column 527 represents one foundation. Each cell represents one candidate pair. 528 In the tables shown in this section, "F" stands for "frozen", "W" 529 stands for "waiting", and "S" stands for "succeeded"; in addition, 530 "^^" is used to notate newly-added candidate pairs. 532 When an agent commences ICE processing, in accordance with 533 Section 6.1.2.6 of [rfc5245bis], for each foundation it will unfreeze 534 the pair with the lowest component ID and, if the component IDs are 535 equal, with the highest priority (this is the topmost candidate pair 536 in every column). This initial state is shown in the following 537 table. 539 +-----------------+------+------+------+------+------+ 540 | | f1 | f2 | f3 | f4 | f5 | 541 +-----------------+------+------+------+------+------+ 542 | s1 (Audio.RTP) | W | W | W | | | 543 +-----------------+------+------+------+------+------+ 544 | s2 (Audio.RTCP) | F | F | F | W | | 545 +-----------------+------+------+------+------+------+ 546 | s3 (Video.RTP) | F | | | | | 547 +-----------------+------+------+------+------+------+ 548 | s4 (Video.RTCP) | F | | | | | 549 +-----------------+------+------+------+------+------+ 551 Figure 3: Initial Check List State 553 Then, as the checks proceed (see Section 7.2.5.4 of [rfc5245bis]), 554 for each pair that enters the Succeeded state (denoted here by "S"), 555 the agent will unfreeze all pairs for all data streams with the same 556 foundation (e.g., if the pair in column 1, row 1 succeeds then the 557 agent will unfreeze the pair in column 1, rows 2, 3, and 4). 559 +-----------------+------+------+------+------+------+ 560 | | f1 | f2 | f3 | f4 | f5 | 561 +-----------------+------+------+------+------+------+ 562 | s1 (Audio.RTP) | S | W | W | | | 563 +-----------------+------+------+------+------+------+ 564 | s2 (Audio.RTCP) | W | F | F | W | | 565 +-----------------+------+------+------+------+------+ 566 | s3 (Video.RTP) | W | | | | | 567 +-----------------+------+------+------+------+------+ 568 | s4 (Video.RTCP) | W | | | | | 569 +-----------------+------+------+------+------+------+ 571 Figure 4: Check List State with Succeeded Candidate Pair 573 Trickle ICE preserves all of these rules as they apply to "static" 574 check list sets. This implies that if a Trickle ICE agent were to 575 begin connectivity checks with all of its pairs already present, the 576 way that pair states change is indistinguishable from that of a 577 regular ICE agent. 579 Of course, the major difference with Trickle ICE is that check list 580 sets can be dynamically updated because candidates can arrive after 581 connectivity checks have started. When this happens, an agent sets 582 the state of the newly formed pair as described below. 584 Rule 1: If the newly formed pair has the lowest component ID and, if 585 the component IDs are equal, the highest priority of any candidate 586 pair for this foundation (i.e., if it is the topmost pair in the 587 column), set the state to Waiting. For example, this would be the 588 case if the newly formed pair were placed in column 5, row 1. This 589 rule is consistent with Section 6.1.2.6 of [rfc5245bis]. 591 +-----------------+------+------+------+------+------+ 592 | | f1 | f2 | f3 | f4 | f5 | 593 +-----------------+------+------+------+------+------+ 594 | s1 (Audio.RTP) | S | W | W | | ^W^ | 595 +-----------------+------+------+------+------+------+ 596 | s2 (Audio.RTCP) | W | F | F | W | | 597 +-----------------+------+------+------+------+------+ 598 | s3 (Video.RTP) | W | | | | | 599 +-----------------+------+------+------+------+------+ 600 | s4 (Video.RTCP) | W | | | | | 601 +-----------------+------+------+------+------+------+ 603 Figure 5: Check List State with Newly Formed Pair, Rule 1 605 Rule 2: If there is at least one pair in the Succeeded state for this 606 foundation, set the state to Waiting. For example, this would be the 607 case if the pair in column 5, row 1 succeeded and the newly formed 608 pair were placed in column 5, row 2. This rule is consistent with 609 Section 7.2.5.3.3 of [rfc5245bis]. 611 +-----------------+------+------+------+------+------+ 612 | | f1 | f2 | f3 | f4 | f5 | 613 +-----------------+------+------+------+------+------+ 614 | s1 (Audio.RTP) | S | W | W | | S | 615 +-----------------+------+------+------+------+------+ 616 | s2 (Audio.RTCP) | W | F | F | W | ^W^ | 617 +-----------------+------+------+------+------+------+ 618 | s3 (Video.RTP) | W | | | | | 619 +-----------------+------+------+------+------+------+ 620 | s4 (Video.RTCP) | W | | | | | 621 +-----------------+------+------+------+------+------+ 623 Figure 6: Check List State with Newly Formed Pair, Rule 2 625 Rule 3: In all other cases, set the state to Frozen. For example, 626 this would be the case if the newly formed pair were placed in column 627 3, row 3. 629 +-----------------+------+------+------+------+------+ 630 | | f1 | f2 | f3 | f4 | f5 | 631 +-----------------+------+------+------+------+------+ 632 | s1 (Audio.RTP) | S | W | W | | S | 633 +-----------------+------+------+------+------+------+ 634 | s2 (Audio.RTCP) | W | F | F | W | W | 635 +-----------------+------+------+------+------+------+ 636 | s3 (Video.RTP) | W | | ^F^ | | | 637 +-----------------+------+------+------+------+------+ 638 | s4 (Video.RTCP) | W | | | | | 639 +-----------------+------+------+------+------+------+ 641 Figure 7: Check List State with Newly Formed Pair, Rule 3 643 8.2. Announcing End of Candidates 645 Once all candidate gathering is completed or expires for an ICE 646 session associated with a specific data stream, the agent will 647 generate an "end-of-candidates" indication for that session and 648 convey it to the remote agent via the signaling channel. Although 649 the exact form of the indication depends on the using protocol, the 650 indication MUST specify the generation (Username Fragment and 651 Password combination) so that an agent can correlate the end-of- 652 candidates indication with a particular ICE session. The indication 653 can be conveyed in the following ways: 655 o As part of an initiation request (which would typically be the 656 case with the initial ICE description for half trickle) 658 o Along with the last candidate an agent can send for a stream 660 o As a standalone notification (e.g., after STUN Binding requests or 661 TURN Allocate requests to a server time out and the agent is no 662 longer actively gathering candidates) 664 Conveying an end-of-candidates indication in a timely manner is 665 important in order to avoid ambiguities and speed up the conclusion 666 of ICE processing. In particular: 668 o A controlled Trickle ICE agent SHOULD convey an end-of-candidates 669 indication after it has completed gathering for a data stream, 670 unless ICE processing terminates before the agent has had a chance 671 to complete gathering. 673 o A controlling agent MAY conclude ICE processing prior to conveying 674 end-of-candidates indications for all streams. However, it is 675 RECOMMENDED for a controlling agent to convey end-of-candidates 676 indications whenever possible for the sake of consistency and to 677 keep middleboxes and controlled agents up-to-date on the state of 678 ICE processing. 680 When conveying an end-of-candidates indication during trickling 681 (rather than as a part of the initial ICE description or a response 682 thereto), it is the responsibility of the using protocol to define 683 methods for associating the indication with one or more specific data 684 streams. 686 Receiving an end-of-candidates indication enables an agent to update 687 check list states and, in case valid pairs do not exist for every 688 component in every data stream, determine that ICE processing has 689 failed. It also enables an agent to speed up the conclusion of ICE 690 processing when a candidate pair has been validated but it involves 691 the use of lower-preference transports such as TURN. In such 692 situations, an implementation MAY choose to wait and see if higher- 693 priority candidates are received; in this case the end-of-candidates 694 indication provides a notification that such candidates are not 695 forthcoming. 697 An agent MAY also choose to generate an end-of-candidates indication 698 before candidate gathering has actually completed, if the agent 699 determines that gathering has continued for more than an acceptable 700 period of time. However, an agent MUST NOT convey any more 701 candidates after it has conveyed an end-of-candidates indication. 703 When performing half trickle, an agent SHOULD convey an end-of- 704 candidates indication together with its initial ICE description 705 unless it is planning to potentially trickle additional candidates 706 (e.g., in case the remote party turns out to support Trickle ICE). 708 After an agent conveys the end-of-candidates indication, it will 709 update the state of the corresponding check list as explained in 710 Section 7. Past that point, an agent MUST NOT trickle any new 711 candidates within this ICE session. Therefore, adding new candidates 712 to the negotiation is possible only through an ICE restart (see 713 Section 11). 715 This specification does not override regular ICE semantics for 716 concluding ICE processing. Therefore, even if end-of-candidates 717 indications are conveyed, an agent will still need to go through pair 718 nomination. Also, if pairs have been nominated for components and 719 data streams, ICE processing MAY still conclude even if end-of- 720 candidates indications have not been received for all streams. In 721 all cases, an agent MUST NOT trickle any new candidates within an ICE 722 session after nomination of a candidate pair as described in 723 Section 8.1.1 of [rfc5245bis]. 725 9. Receiving Additional Remote Candidates 727 At any time during ICE processing, a Trickle ICE agent might receive 728 new candidates from the remote agent. When this happens and no local 729 candidates are currently known for this same stream, the new remote 730 candidates are added to the list of remote candidates. 732 Otherwise, the new candidates are used for forming candidate pairs 733 with the pool of local candidates and they are added to the local 734 check lists as described in Section 8.1. 736 Once the remote agent has completed candidate gathering, it will 737 convey an end-of-candidates indication. Upon receiving such an 738 indication, the local agent MUST update check list states as per 739 Section 7. This might lead to some check lists being marked as 740 Failed. 742 10. Receiving an End-Of-Candidates Indication 744 When an agent receives an end-of-candidates indication for a specific 745 data stream, it will update the state of the relevant check list as 746 per Section 7. If the check list is still in the Running state after 747 the update, the agent will persist the fact that an end-of-candidates 748 indication has been received and take it into account in future 749 updates to the check list. After an agent has received an end-of- 750 candidates indication, it MUST ignore any newly received candidates 751 for that data stream or data session. 753 11. Subsequent Exchanges and ICE Restarts 755 Before conveying an end-of-candidates indication, either agent MAY 756 convey subsequent candidate information at any time allowed by the 757 using protocol. When this happens, agents will use [rfc5245bis] 758 semantics (e.g., checking of the Username Fragment and Password 759 combination to determine whether or not the new candidate information 760 requires an ICE restart. If an ICE restart occurs, the agents can 761 assume that Trickle ICE is still supported if support was determined 762 previously, and thus can engage in Trickle ICE behavior as they would 763 in an initial exchange of ICE descriptions where support was 764 determined through a capabilities discovery method. 766 12. Half Trickle 768 In half trickle, the initiator conveys the initial ICE description 769 with a usable but not necessarily full generation of candidates. 770 This ensures that the ICE description can be processed by a regular 771 ICE responder and is mostly meant for use in cases where support for 772 Trickle ICE cannot be confirmed prior to conveying the initial ICE 773 description. The initial ICE description indicates support for 774 Trickle ICE, so that the responder can respond with something less 775 than a full generation of candidates and then trickle the rest. The 776 initial ICE description for half trickle can contain an end-of- 777 candidates indication, although this is not mandatory because if 778 trickle support is confirmed then the initiator can choose to trickle 779 additional candidates before it conveys an end-of-candidates 780 indication. 782 The half trickle mechanism can be used in cases where there is no way 783 for an agent to verify in advance whether a remote party supports 784 Trickle ICE. Because the initial ICE description contain a full 785 generation of candidates, it can thus be handled by a regular ICE 786 agent, while still allowing a Trickle ICE agent to use the 787 optimization defined in this specification. This prevents 788 negotiation from failing in the former case while still giving 789 roughly half the Trickle ICE benefits in the latter. 791 Use of half trickle is only necessary during an initial exchange of 792 ICE descriptions. After both parties have received an ICE 793 description from their peer, they can each reliably determine Trickle 794 ICE support and use it for all subsequent exchanges. 796 In some instances, using half trickle might bring more than just half 797 the improvement in terms of user experience. This can happen when an 798 agent starts gathering candidates upon user interface cues that the 799 user will soon be initiating an interaction, such as activity on a 800 keypad or the phone going off hook. This would mean that some or all 801 of the candidate gathering could be completed before the agent 802 actually needs to convey the candidate information. Because the 803 responder will be able to trickle candidates, both agents will be 804 able to start connectivity checks and complete ICE processing earlier 805 than with regular ICE and potentially even as early as with full 806 trickle. 808 However, such anticipation is not always possible. For example, a 809 multipurpose user agent or a WebRTC web page where communication is a 810 non-central feature (e.g., calling a support line in case of a 811 problem with the main features) would not necessarily have a way of 812 distinguishing between call intentions and other user activity. In 813 such cases, using full trickle is most likely to result in an ideal 814 user experience. Even so, using half trickle would be an improvement 815 over regular ICE because it would result in a better experience for 816 responders. 818 13. Trickle ICE and Peer Reflexive Candidates 820 Even though Trickle ICE does not explicitly modify the procedures for 821 handling peer-reflexive candidates, use of Trickle ICE can have an 822 impact on how they are processed. With Trickle ICE, it is possible 823 that server reflexive candidates can be discovered as peer reflexive 824 in cases where incoming connectivity checks are received from these 825 candidates before the trickle updates that carry them. 827 While this would certainly increase the number of cases where ICE 828 processing nominates and selects candidates discovered as peer- 829 reflexive, it does not require any change in processing. 831 It is also likely that some using protocols would prefer not to 832 trickle server reflexive candidates to entities that are known to be 833 publicly accessible and where sending a direct STUN binding request 834 is likely to reach the destination faster than the trickle update 835 that travels through the signaling path. 837 14. Requirements for Using Protocols 839 In order to fully enable the use of Trickle ICE, this specification 840 defines the following requirements for using protocols. 842 o A using protocol SHOULD provide a way for parties to advertise and 843 discover support for Trickle ICE before an ICE session begins (see 844 Section 3). 846 o A using protocol MUST provide methods for incrementally conveying 847 (i.e., "trickling") additional candidates after conveying the 848 initial ICE description (see Section 8). 850 o A using protocol MUST deliver each trickled candidate or end-of- 851 candidates indication exactly once and in the same order it was 852 conveyed (see Section 8). 854 o A using protocol MUST provide a mechanism for both parties to 855 indicate and agree on the ICE session in force (see Section 8). 857 o A using protocol MUST provide a way for parties to communicate the 858 end-of-candidates indication, which MUST specify the particular 859 ICE session to which the indication applies (see Section 8.2). 861 15. Preserving Candidate Order while Trickling 863 One important aspect of regular ICE is that connectivity checks for a 864 specific foundation and component are attempted simultaneously by 865 both agents, so that any firewalls or NATs fronting the agents would 866 whitelist both endpoints and allow all except for the first 867 ("suicide") packets to go through. This is also important to 868 unfreezing candidates at the right time. While not crucial, 869 preserving this behavior in Trickle ICE is likely to improve ICE 870 performance. 872 To achieve this, when trickling candidates, agents SHOULD respect the 873 order of components as reflected by their component IDs; that is, 874 candidates for a given component SHOULD NOT be conveyed prior to 875 candidates for a component with a lower ID number within the same 876 foundation. In addition, candidates SHOULD be paired, following the 877 procedures in Section 8.1.1, in the same order they are conveyed. 879 For example, the following SDP description contains two components 880 (RTP and RTCP) and two foundations (host and server reflexive): 882 v=0 883 o=jdoe 2890844526 2890842807 IN IP4 10.0.1.1 884 s= 885 c=IN IP4 10.0.1.1 886 t=0 0 887 a=ice-pwd:asd88fgpdd777uzjYhagZg 888 a=ice-ufrag:8hhY 889 m=audio 5000 RTP/AVP 0 890 a=rtpmap:0 PCMU/8000 891 a=candidate:1 1 UDP 2130706431 10.0.1.1 5000 typ host 892 a=candidate:1 2 UDP 2130706431 10.0.1.1 5001 typ host 893 a=candidate:2 1 UDP 1694498815 192.0.2.3 5000 typ srflx 894 raddr 10.0.1.1 rport 8998 895 a=candidate:2 2 UDP 1694498815 192.0.2.3 5001 typ srflx 896 raddr 10.0.1.1 rport 8998 898 For this candidate information the RTCP host candidate would not be 899 conveyed prior to the RTP host candidate. Similarly the RTP server 900 reflexive candidate would be conveyed together with or prior to the 901 RTCP server reflexive candidate. 903 16. IANA Considerations 905 IANA is requested to register the following ICE option in the "ICE 906 Options" sub-registry of the "Interactive Connectivity Establishment 907 (ICE) registry", following the procedures defined in [RFC6336]. 909 ICE Option: trickle 911 Contact: IESG, iesg@ietf.org 912 Change control: IESG 914 Description: An ICE option of "trickle" indicates support for 915 incremental communication of ICE candidates. 917 Reference: RFC XXXX 919 17. Security Considerations 921 This specification inherits most of its semantics from [rfc5245bis] 922 and as a result all security considerations described there apply to 923 Trickle ICE. 925 If the privacy implications of revealing host addresses on an 926 endpoint device are a concern (see for example the discussion in 927 [I-D.ietf-rtcweb-ip-handling] and in Section 19 of [rfc5245bis]), 928 agents can generate ICE descriptions that contain no candidates and 929 then only trickle candidates that do not reveal host addresses (e.g., 930 relayed candidates). 932 18. Acknowledgements 934 The authors would like to thank Bernard Aboba, Flemming Andreasen, 935 Rajmohan Banavi, Taylor Brandstetter, Philipp Hancke, Christer 936 Holmberg, Ari Keranen, Paul Kyzivat, Jonathan Lennox, Enrico Marocco, 937 Pal Martinsen, Nils Ohlmeier, Thomas Stach, Peter Thatcher, Martin 938 Thomson, Dale R. Worley, and Brandon Williams for their reviews and 939 suggestions on improving this document. Thanks also to Ari Keranen 940 and Peter Thatcher in their role as chairs, and Ben Campbell in his 941 role as responsible Area Director. 943 19. References 945 19.1. Normative References 947 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 948 Requirement Levels", BCP 14, RFC 2119, 949 DOI 10.17487/RFC2119, March 1997, 950 . 952 [rfc5245bis] 953 Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive 954 Connectivity Establishment (ICE): A Protocol for Network 955 Address Translator (NAT) Traversal", draft-ietf-ice- 956 rfc5245bis-20 (work in progress), March 2018. 958 19.2. Informative References 960 [I-D.ietf-mmusic-trickle-ice-sip] 961 Ivov, E., Stach, T., Marocco, E., and C. Holmberg, "A 962 Session Initiation Protocol (SIP) usage for Trickle ICE", 963 draft-ietf-mmusic-trickle-ice-sip-14 (work in progress), 964 February 2018. 966 [I-D.ietf-rtcweb-ip-handling] 967 Uberti, J. and G. Shieh, "WebRTC IP Address Handling 968 Requirements", draft-ietf-rtcweb-ip-handling-06 (work in 969 progress), March 2018. 971 [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., 972 and E. Lear, "Address Allocation for Private Internets", 973 BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996, 974 . 976 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 977 A., Peterson, J., Sparks, R., Handley, M., and E. 978 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 979 DOI 10.17487/RFC3261, June 2002, 980 . 982 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 983 with Session Description Protocol (SDP)", RFC 3264, 984 DOI 10.17487/RFC3264, June 2002, 985 . 987 [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session 988 Description Protocol", RFC 4566, DOI 10.17487/RFC4566, 989 July 2006, . 991 [RFC4787] Audet, F., Ed. and C. Jennings, "Network Address 992 Translation (NAT) Behavioral Requirements for Unicast 993 UDP", BCP 127, RFC 4787, DOI 10.17487/RFC4787, January 994 2007, . 996 [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, 997 "Session Traversal Utilities for NAT (STUN)", RFC 5389, 998 DOI 10.17487/RFC5389, October 2008, 999 . 1001 [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using 1002 Relays around NAT (TURN): Relay Extensions to Session 1003 Traversal Utilities for NAT (STUN)", RFC 5766, 1004 DOI 10.17487/RFC5766, April 2010, 1005 . 1007 [RFC6120] Saint-Andre, P., "Extensible Messaging and Presence 1008 Protocol (XMPP): Core", RFC 6120, DOI 10.17487/RFC6120, 1009 March 2011, . 1011 [RFC6336] Westerlund, M. and C. Perkins, "IANA Registry for 1012 Interactive Connectivity Establishment (ICE) Options", 1013 RFC 6336, DOI 10.17487/RFC6336, July 2011, 1014 . 1016 [XEP-0030] 1017 Hildebrand, J., Millard, P., Eatmon, R., and P. Saint- 1018 Andre, "XEP-0030: Service Discovery", XEP XEP-0030, June 1019 2008. 1021 [XEP-0176] 1022 Beda, J., Ludwig, S., Saint-Andre, P., Hildebrand, J., 1023 Egan, S., and R. McQueen, "XEP-0176: Jingle ICE-UDP 1024 Transport Method", XEP XEP-0176, June 2009. 1026 Appendix A. Interaction with Regular ICE 1028 The ICE protocol was designed to be flexible enough to work in and 1029 adapt to as many network environments as possible. Despite that 1030 flexibility, ICE as specified in [rfc5245bis] does not by itself 1031 support trickle ICE. This section describes how trickling of 1032 candidates interacts with ICE. 1034 [rfc5245bis] describes the conditions required to update check lists 1035 and timer states while an ICE agent is in the Running state. These 1036 conditions are verified upon transaction completion and one of them 1037 stipulates that: 1039 If there is not a pair in the valid list for each component of the 1040 data stream, the state of the check list is set to Failed. 1042 This could be a problem and cause ICE processing to fail prematurely 1043 in a number of scenarios. Consider the following case: 1045 1. Alice and Bob are both located in different networks with Network 1046 Address Translation (NAT). Alice and Bob themselves have 1047 different address but both networks use the same private internet 1048 block (e.g., the "20-bit block" 172.16/12 specified in 1049 [RFC1918]). 1051 2. Alice conveys to Bob the candidate 172.16.0.1 which also happens 1052 to correspond to an existing host on Bob's network. 1054 3. Bob creates a check list consisting solely of 172.16.0.1 and 1055 starts checks. 1057 4. These checks reach the host at 172.16.0.1 in Bob's network, which 1058 responds with an ICMP "port unreachable" error; per [rfc5245bis] 1059 Bob marks the transaction as Failed. 1061 At this point the check list only contains Failed candidates and the 1062 valid list is empty. This causes the data stream and potentially all 1063 ICE processing to fail, even though if Trickle ICE agents could 1064 subsequently convey candidates that would cause previously empty 1065 check lists to become non-empty. 1067 A similar race condition would occur if the initial ICE description 1068 from Alice contain only candidates that can be determined as 1069 unreachable from any of the candidates that Bob has gathered (e.g., 1070 this would be the case if Bob's candidates only contain IPv4 1071 addresses and the first candidate that he receives from Alice is an 1072 IPv6 one). 1074 Another potential problem could arise when a non-trickle ICE 1075 implementation initiates an interaction with a Trickle ICE 1076 implementation. Consider the following case: 1078 1. Alice's client has a non-Trickle ICE implementation. 1080 2. Bob's client has support for Trickle ICE. 1082 3. Alice and Bob are behind NATs with address-dependent filtering 1083 [RFC4787]. 1085 4. Bob has two STUN servers but one of them is currently 1086 unreachable. 1088 After Bob's agent receives Alice's initial ICE description it would 1089 immediately start connectivity checks. It would also start gathering 1090 candidates, which would take a long time because of the unreachable 1091 STUN server. By the time Bob's answer is ready and conveyed to 1092 Alice, Bob's connectivity checks might have failed: until Alice gets 1093 Bob's answer, she won't be able to start connectivity checks and 1094 punch holes in her NAT. The NAT would hence be filtering Bob's 1095 checks as originating from an unknown endpoint. 1097 Appendix B. Interaction with ICE Lite 1099 The behavior of ICE lite agents that are capable of Trickle ICE does 1100 not require any particular rules other than those already defined in 1101 this specification and [rfc5245bis]. This section is hence provided 1102 only for informational purposes. 1104 An ICE lite agent would generate candidate information as per 1105 [rfc5245bis] and would indicate support for Trickle ICE. Given that 1106 the candidate information will contain a full generation of 1107 candidates, it would also be accompanied by an end-of-candidates 1108 indication. 1110 When performing full trickle, a full ICE implementation could convey 1111 the initial ICE description or response thereto with no candidates. 1112 After receiving a response that identifies the remote agent as an ICE 1113 lite implementation, the initiator can choose to not trickle any 1114 additional candidates. The same is also true in the case when the 1115 ICE lite agent initiates the interaction and the full ICE agent is 1116 the responder. In these cases the connectivity checks would be 1117 enough for the ICE lite implementation to discover all potentially 1118 useful candidates as peer reflexive. The following example 1119 illustrates one such ICE session using SDP syntax: 1121 ICE Lite Bob 1122 Agent 1123 | Offer (a=ice-lite a=ice-options:trickle) | 1124 |---------------------------------------------->| 1125 | |no cand 1126 | Answer (a=ice-options:trickle) |trickling 1127 |<----------------------------------------------| 1128 | Connectivity Checks | 1129 |<--------------------------------------------->| 1130 peer rflx| | 1131 cand disco| | 1132 |<========== CONNECTION ESTABLISHED ===========>| 1134 Figure 8: Example 1136 In addition to reducing signaling traffic this approach also removes 1137 the need to discover STUN bindings or make TURN allocations, which 1138 can considerably lighten ICE processing. 1140 Appendix C. Changes from Earlier Versions 1142 Note to the RFC Editor: please remove this section prior to 1143 publication as an RFC. 1145 C.1. Changes from draft-ietf-ice-trickle-18 1147 o Cleaned up pairing and redundancy checking rules for newly 1148 discovered candidates per IESG feedback and WG discussion. 1150 o Improved wording in half trickle section. 1152 o Changed "not more than once" to "exactly once". 1154 o Changed NAT examples back to IPv4. 1156 C.2. Changes from draft-ietf-ice-trickle-17 1158 o Simplified the rules for inserting a new pair in a check list. 1160 o Clarified it is not allowed to nominate a candidate pair after a 1161 pair has already been nominated (a.k.a. renomination or 1162 continuous nomination). 1164 o Removed some text that referenced older versions of rfc5245bis. 1166 o Removed some text that duplicated concepts and procedures 1167 specified in rfc5245bis. 1169 o Removed the ill-defined concept of stream order. 1171 o Shortened the introduction. 1173 C.3. Changes from draft-ietf-ice-trickle-16 1175 o Made "ufrag" terminology consistent with 5245bis. 1177 o Applied in-order delivery rule to end-of-candidates indication. 1179 C.4. Changes from draft-ietf-ice-trickle-15 1181 o Adjustments to address AD review feedback. 1183 C.5. Changes from draft-ietf-ice-trickle-14 1185 o Minor modifications to track changes to ICE core. 1187 C.6. Changes from draft-ietf-ice-trickle-13 1189 o Removed independent monitoring of check list "states" of frozen or 1190 active, since this is handled by placing a check list in the 1191 Running state defined in ICE core. 1193 C.7. Changes from draft-ietf-ice-trickle-12 1195 o Specified that the end-of-candidates indication must include the 1196 generation (ufrag/pwd) to enable association with a particular ICE 1197 session. 1199 o Further editorial fixes to address WGLC feedback. 1201 C.8. Changes from draft-ietf-ice-trickle-11 1203 o Editorial and terminological fixes to address WGLC feedback. 1205 C.9. Changes from draft-ietf-ice-trickle-10 1207 o Minor editorial fixes. 1209 C.10. Changes from draft-ietf-ice-trickle-09 1211 o Removed immediate unfreeze upon Fail. 1213 o Specified MUST NOT regarding ice-options. 1215 o Changed terminology regarding initial ICE parameters to avoid 1216 implementer confusion. 1218 C.11. Changes from draft-ietf-ice-trickle-08 1220 o Reinstated text about in-order processing of messages as a 1221 requirement for signaling protocols. 1223 o Added IANA registration template for ICE option. 1225 o Corrected Case 3 rule in Section 8.1.1 to ensure consistency with 1226 regular ICE rules. 1228 o Added tabular representations to Section 8.1.1 in order to 1229 illustrate the new pair rules. 1231 C.12. Changes from draft-ietf-ice-trickle-07 1233 o Changed "ICE description" to "candidate information" for 1234 consistency with 5245bis. 1236 C.13. Changes from draft-ietf-ice-trickle-06 1238 o Addressed editorial feedback from chairs' review. 1240 o Clarified terminology regarding generations. 1242 C.14. Changes from draft-ietf-ice-trickle-05 1244 o Rewrote the text on inserting a new pair into a check list. 1246 C.15. Changes from draft-ietf-ice-trickle-04 1248 o Removed dependency on SDP and offer/answer model. 1250 o Removed mentions of aggressive nomination, since it is deprecated 1251 in 5245bis. 1253 o Added section on requirements for signaling protocols. 1255 o Clarified terminology. 1257 o Addressed various WG feedback. 1259 C.16. Changes from draft-ietf-ice-trickle-03 1261 o Provided more detailed description of unfreezing behavior, 1262 specifically how to replace pre-existing peer-reflexive candidates 1263 with higher-priority ones received via trickling. 1265 C.17. Changes from draft-ietf-ice-trickle-02 1267 o Adjusted unfreezing behavior when there are disparate foundations. 1269 C.18. Changes from draft-ietf-ice-trickle-01 1271 o Changed examples to use IPv6. 1273 C.19. Changes from draft-ietf-ice-trickle-00 1275 o Removed dependency on SDP (which is to be provided in a separate 1276 specification). 1278 o Clarified text about the fact that a check list can be empty if no 1279 candidates have been sent or received yet. 1281 o Clarified wording about check list states so as not to define new 1282 states for "Active" and "Frozen" because those states are not 1283 defined for check lists (only for candidate pairs) in ICE core. 1285 o Removed open issues list because it was out of date. 1287 o Completed a thorough copy edit. 1289 C.20. Changes from draft-mmusic-trickle-ice-02 1291 o Addressed feedback from Rajmohan Banavi and Brandon Williams. 1293 o Clarified text about determining support and about how to proceed 1294 if it can be determined that the answering agent does not support 1295 Trickle ICE. 1297 o Clarified text about check list and timer updates. 1299 o Clarified when it is appropriate to use half trickle or to send no 1300 candidates in an offer or answer. 1302 o Updated the list of open issues. 1304 C.21. Changes from draft-ivov-01 and draft-mmusic-00 1306 o Added a requirement to trickle candidates by order of components 1307 to avoid deadlocks in the unfreezing algorithm. 1309 o Added an informative note on peer-reflexive candidates explaining 1310 that nothing changes for them semantically but they do become a 1311 more likely occurrence for Trickle ICE. 1313 o Limit the number of pairs to 100 to comply with 5245. 1315 o Added clarifications on the non-importance of how newly discovered 1316 candidates are trickled/sent to the remote party or if this is 1317 done at all. 1319 o Added transport expectations for trickled candidates as per Dale 1320 Worley's recommendation. 1322 C.22. Changes from draft-ivov-00 1324 o Specified that end-of-candidates is a media level attribute which 1325 can of course appear as session level, which is equivalent to 1326 having it appear in all m-lines. Also made end-of-candidates 1327 optional for cases such as aggressive nomination for controlled 1328 agents. 1330 o Added an example for ICE lite and Trickle ICE to illustrate how, 1331 when talking to an ICE lite agent doesn't need to send or even 1332 discover any candidates. 1334 o Added an example for ICE lite and Trickle ICE to illustrate how, 1335 when talking to an ICE lite agent doesn't need to send or even 1336 discover any candidates. 1338 o Added wording that explicitly states ICE lite agents have to be 1339 prepared to receive no candidates over signaling and that they 1340 should not freak out if this happens. (Closed the corresponding 1341 open issue). 1343 o It is now mandatory to use MID when trickling candidates and using 1344 m-line indexes is no longer allowed. 1346 o Replaced use of 0.0.0.0 to IP6 :: in order to avoid potential 1347 issues with RFC2543 SDP libraries that interpret 0.0.0.0 as an on- 1348 hold operation. Also changed the port number here from 1 to 9 1349 since it already has a more appropriate meaning. (Port change 1350 suggested by Jonathan Lennox). 1352 o Closed the Open Issue about use about what to do with cands 1353 received after end-of-cands. Solution: ignore, do an ICE restart 1354 if you want to add something. 1356 o Added more terminology, including trickling, trickled candidates, 1357 half trickle, full trickle, 1359 o Added a reference to the SIP usage for Trickle ICE as requested at 1360 the Boston interim. 1362 C.23. Changes from draft-rescorla-01 1364 o Brought back explicit use of Offer/Answer. There are no more 1365 attempts to try to do this in an O/A independent way. Also 1366 removed the use of ICE Descriptions. 1368 o Added SDP specification for trickled candidates, the trickle 1369 option and 0.0.0.0 addresses in m-lines, and end-of-candidates. 1371 o Support and Discovery. Changed that section to be less abstract. 1372 As discussed in IETF85, the draft now says implementations and 1373 usages need to either determine support in advance and directly 1374 use trickle, or do half trickle. Removed suggestion about use of 1375 discovery in SIP or about letting implementing protocols do what 1376 they want. 1378 o Defined Half Trickle. Added a section that says how it works. 1379 Mentioned that it only needs to happen in the first o/a (not 1380 necessary in updates), and added Jonathan's comment about how it 1381 could, in some cases, offer more than half the improvement if you 1382 can pre-gather part or all of your candidates before the user 1383 actually presses the call button. 1385 o Added a short section about subsequent offer/answer exchanges. 1387 o Added a short section about interactions with ICE Lite 1388 implementations. 1390 o Added two new entries to the open issues section. 1392 C.24. Changes from draft-rescorla-00 1394 o Relaxed requirements about verifying support following a 1395 discussion on MMUSIC. 1397 o Introduced ICE descriptions in order to remove ambiguous use of 1398 3264 language and inappropriate references to offers and answers. 1400 o Removed inappropriate assumption of adoption by RTCWEB pointed out 1401 by Martin Thomson. 1403 Authors' Addresses 1405 Emil Ivov 1406 Atlassian 1407 303 Colorado Street, #1600 1408 Austin, TX 78701 1409 USA 1411 Phone: +1-512-640-3000 1412 Email: eivov@atlassian.com 1414 Eric Rescorla 1415 RTFM, Inc. 1416 2064 Edgewood Drive 1417 Palo Alto, CA 94303 1418 USA 1420 Phone: +1 650 678 2350 1421 Email: ekr@rtfm.com 1423 Justin Uberti 1424 Google 1425 747 6th St S 1426 Kirkland, WA 98033 1427 USA 1429 Phone: +1 857 288 8888 1430 Email: justin@uberti.name 1431 Peter Saint-Andre 1432 Mozilla 1433 P.O. Box 787 1434 Parker, CO 80134 1435 USA 1437 Phone: +1 720 256 6756 1438 Email: stpeter@mozilla.com 1439 URI: https://www.mozilla.com/