idnits 2.17.1 draft-ietf-mmusic-ice-sip-sdp-18.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 2 instances of too long lines in the document, the longest one being 12 characters in excess of 72. == There are 4 instances of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. == There are 1 instance of lines with non-RFC3849-compliant IPv6 addresses in the document. If these are example addresses, they should be changed. -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? -- The draft header indicates that this document obsoletes RFC5245, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: If an agent uses separate ports for RTP and RTCP, the agent MUST include an SDP rtcp attribute in the "m=" section, as described in [RFC3605]. In the cases where the port number for the RTCP is one higher than the RTP port and RTCP component address is same as the address of the RTP component, the SDP rtcp attribute MUST not be included. == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 30, 2018) is 2217 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 1661 -- Looks like a reference, but probably isn't: '2' on line 1663 -- Looks like a reference, but probably isn't: '3' on line 1665 -- Looks like a reference, but probably isn't: '4' on line 1667 -- Looks like a reference, but probably isn't: '5' on line 1669 -- Looks like a reference, but probably isn't: '6' on line 1671 -- Looks like a reference, but probably isn't: '7' on line 1673 -- Looks like a reference, but probably isn't: '8' on line 1675 -- Looks like a reference, but probably isn't: '9' on line 1870 -- Looks like a reference, but probably isn't: '10' on line 1876 -- Looks like a reference, but probably isn't: '11' on line 1880 == Unused Reference: 'RFC7656' is defined on line 1628, but no explicit reference was found in the text == Outdated reference: A later version (-19) exists of draft-ietf-mmusic-sdp-mux-attributes-17 == Outdated reference: A later version (-20) exists of draft-ietf-ice-rfc5245bis-00 ** Obsolete normative reference: RFC 4091 (Obsoleted by RFC 5245) ** Obsolete normative reference: RFC 4092 (Obsoleted by RFC 5245) ** Obsolete normative reference: RFC 4566 (Obsoleted by RFC 8866) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Obsolete normative reference: RFC 5245 (Obsoleted by RFC 8445, RFC 8839) ** Obsolete normative reference: RFC 6336 (Obsoleted by RFC 8839) ** Downref: Normative reference to an Informational RFC: RFC 7656 Summary: 8 errors (**), 0 flaws (~~), 8 warnings (==), 14 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 MMUSIC M. Petit-Huguenin 3 Internet-Draft Impedance Mismatch 4 Obsoletes: 5245 (if approved) S. Nandakumar 5 Intended status: Standards Track Cisco Systems 6 Expires: October 1, 2018 A. Keranen 7 Ericsson 8 March 30, 2018 10 Session Description Protocol (SDP) Offer/Answer procedures for 11 Interactive Connectivity Establishment (ICE) 12 draft-ietf-mmusic-ice-sip-sdp-18 14 Abstract 16 This document describes Session Description Protocol (SDP) Offer/ 17 Answer procedures for carrying out Interactive Connectivity 18 Establishment (ICE) between the agents. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on October 1, 2018. 37 Copyright Notice 39 Copyright (c) 2018 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 This document may contain material from IETF Documents or IETF 53 Contributions published or made publicly available before November 54 10, 2008. The person(s) controlling the copyright in some of this 55 material may not have granted the IETF Trust the right to allow 56 modifications of such material outside the IETF Standards Process. 57 Without obtaining an adequate license from the person(s) controlling 58 the copyright in such materials, this document may not be modified 59 outside the IETF Standards Process, and derivative works of it may 60 not be created outside the IETF Standards Process, except to format 61 it for publication as an RFC or to translate it into languages other 62 than English. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 67 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 68 3. SDP Offer/Answer Procedures . . . . . . . . . . . . . . . . . 4 69 3.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 4 70 3.2. Generic Procedures . . . . . . . . . . . . . . . . . . . 4 71 3.2.1. Encoding . . . . . . . . . . . . . . . . . . . . . . 4 72 3.2.2. RTP/RTCP Considerations . . . . . . . . . . . . . . . 6 73 3.2.3. Determining Role . . . . . . . . . . . . . . . . . . 6 74 3.2.4. STUN Considerations . . . . . . . . . . . . . . . . . 6 75 3.2.5. ICE Mismatch . . . . . . . . . . . . . . . . . . . . 6 76 3.2.6. SDP Example . . . . . . . . . . . . . . . . . . . . . 7 77 3.3. Initial Offer/Answer Exchange . . . . . . . . . . . . . . 7 78 3.3.1. Sending the Initial Offer . . . . . . . . . . . . . . 7 79 3.3.2. Sending the Initial Answer . . . . . . . . . . . . . 8 80 3.3.3. Receiving the Initial Answer . . . . . . . . . . . . 8 81 3.3.4. Concluding ICE . . . . . . . . . . . . . . . . . . . 8 82 3.4. Subsequent Offer/Answer Exchanges . . . . . . . . . . . . 9 83 3.4.1. Sending Subsequent Offer . . . . . . . . . . . . . . 9 84 3.4.2. Sending Subsequent Answer . . . . . . . . . . . . . . 11 85 3.4.3. Receiving Answer for a Subsequent Offer . . . . . . . 13 86 4. Grammar . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 87 4.1. "candidate" Attribute . . . . . . . . . . . . . . . . . . 15 88 4.2. "remote-candidates" Attribute . . . . . . . . . . . . . . 18 89 4.3. "ice-lite" and "ice-mismatch" Attributes . . . . . . . . 18 90 4.4. "ice-ufrag" and "ice-pwd" Attributes . . . . . . . . . . 19 91 4.5. "ice-pacing" Attribute . . . . . . . . . . . . . . . . . 20 92 4.6. "ice-options" Attribute . . . . . . . . . . . . . . . . . 20 93 5. Keepalives . . . . . . . . . . . . . . . . . . . . . . . . . 21 94 6. SIP Considerations . . . . . . . . . . . . . . . . . . . . . 21 95 6.1. Latency Guidelines . . . . . . . . . . . . . . . . . . . 21 96 6.1.1. Offer in INVITE . . . . . . . . . . . . . . . . . . . 22 97 6.1.2. Offer in Response . . . . . . . . . . . . . . . . . . 23 98 6.2. SIP Option Tags and Media Feature Tags . . . . . . . . . 23 99 6.3. Interactions with Forking . . . . . . . . . . . . . . . . 24 100 6.4. Interactions with Preconditions . . . . . . . . . . . . . 24 101 6.5. Interactions with Third Party Call Control . . . . . . . 24 102 7. Relationship with ANAT . . . . . . . . . . . . . . . . . . . 25 103 8. Setting Ta and RTO for RTP Media Streams . . . . . . . . . . 25 104 9. Security Considerations . . . . . . . . . . . . . . . . . . . 25 105 9.1. Attacks on the Offer/Answer Exchanges . . . . . . . . . . 25 106 9.2. Insider Attacks . . . . . . . . . . . . . . . . . . . . . 26 107 9.2.1. The Voice Hammer Attack . . . . . . . . . . . . . . . 26 108 9.2.2. Interactions with Application Layer Gateways and SIP 26 109 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 110 10.1. SDP Attributes . . . . . . . . . . . . . . . . . . . . . 27 111 10.1.1. candidate Attribute . . . . . . . . . . . . . . . . 28 112 10.1.2. remote-candidates Attribute . . . . . . . . . . . . 28 113 10.1.3. ice-lite Attribute . . . . . . . . . . . . . . . . . 29 114 10.1.4. ice-mismatch Attribute . . . . . . . . . . . . . . . 29 115 10.1.5. ice-pwd Attribute . . . . . . . . . . . . . . . . . 30 116 10.1.6. ice-ufrag Attribute . . . . . . . . . . . . . . . . 30 117 10.1.7. ice-options Attribute . . . . . . . . . . . . . . . 31 118 10.1.8. ice-pacing Attribute . . . . . . . . . . . . . . . . 31 119 10.2. Interactive Connectivity Establishment (ICE) Options 120 Registry . . . . . . . . . . . . . . . . . . . . . . . . 32 121 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33 122 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 123 12.1. Normative References . . . . . . . . . . . . . . . . . . 33 124 12.2. Informative References . . . . . . . . . . . . . . . . . 35 125 12.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 36 126 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 37 127 Appendix B. The remote-candidates Attribute . . . . . . . . . . 38 128 Appendix C. Why Is the Conflict Resolution Mechanism Needed? . . 39 129 Appendix D. Why Send an Updated Offer? . . . . . . . . . . . . . 40 130 Appendix E. Contributors . . . . . . . . . . . . . . . . . . . . 41 131 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 41 133 1. Introduction 135 This document describes how Interactive Connectivity Establishment 136 (ICE) is used with Session Description Protocol (SDP) offer/answer 137 [RFC3264]. The ICE specification [ICE-BIS] describes procedures that 138 are common to all usages of ICE and this document gives the 139 additional details needed to use ICE with SDP offer/answer. 141 2. Terminology 143 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 144 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 145 "OPTIONAL" in this document are to be interpreted as described in RFC 146 2119 [RFC2119]. 148 Readers should be familiar with the terminology defined in [RFC3264], 149 in [ICE-BIS] and the following: 151 Default Destination/Candidate: The default destination for a 152 component of a data stream is the transport address that would be 153 used by an agent that is not ICE aware. A default candidate for a 154 component is one whose transport address matches the default 155 destination for that component. For the RTP component, the 156 default IP address is in the "c=" line of the SDP, and the port is 157 in the "m=" line. For the RTCP component, the address and port 158 are indicated using the "a=rtcp" attribute defined in [RFC3605], 159 if present; otherwise, the RTCP component address is same as the 160 address of the RTP component, and its port is one greater than the 161 port of the RTP component. 163 3. SDP Offer/Answer Procedures 165 3.1. Introduction 167 [ICE-BIS] defines ICE candidate exchange as the process for ICE 168 agents (Initiator and Responder) to exchange their candidate 169 information required for ICE processing at the agents. For the 170 purposes of this specification, the candidate exchange process 171 corresponds to the [RFC3264] Offer/Answer protocol and the 172 terminologies offerer and answerer correspond to the initiator and 173 responder terminologies from [ICE-BIS] respectively. 175 Once the initiating agent has gathered, pruned and prioritized its 176 set of candidates [ICE-BIS], the candidate exchange with the peer 177 agent begins. 179 3.2. Generic Procedures 181 3.2.1. Encoding 183 Section 4 provides detailed rules for constructing various SDP 184 attributes defined in this specification. 186 3.2.1.1. Data Streams 188 Each data stream [ICE-BIS] is represented by an SDP media description 189 ("m=" section). 191 3.2.1.2. Candidates 193 With in a "m=" section, each candidate (including the default 194 candidate) associated with the data stream is represented by an SDP 195 candidate attribute. 197 Prior to nomination, the "c=" line associated with an "m=" section 198 contains the IP address of the default candidate, while the "m=" line 199 contains the port and transport of the default candidate for that 200 "m=" section. 202 After nomination, the "c=" line for a given "m=" section contains the 203 IP address of the nominated candidate (the local candidate of the 204 nominated candidate pair) and the "m=" line contains the port and 205 transport corresponding to the nominated candidate for that "m=" 206 section. 208 3.2.1.3. Username and Password 210 The ICE username is represented by an SDP ice-ufrag attribute and the 211 ICE password is represented by an SDP ice-pwd attribute. 213 3.2.1.4. Lite Implementations 215 An ICE lite implementation [ICE-BIS] MUST include an SDP ice-lite 216 attribute. A full implementation MUST NOT include that attribute. 218 3.2.1.5. ICE Extensions 220 An agent uses the SDP ice-options attribute to indicate support of 221 ICE extensions. 223 An agent compliant to this specification MUST include an SDP ice- 224 options attribute with an "ice2" attribute value. If an agent 225 receives an SDP offer or answer that does not include the attribute 226 value, the agent assumes that the peer is compliant to [RFC5245]. 228 3.2.1.6. Inactive and Disabled Data Streams 230 If an "m=" section is marked as inactive [RFC4566], or has a 231 bandwidth value of zero [RFC4566], the agent MUST still include ICE 232 related SDP attributes. 234 If the port value associated with an "m=" section is set to zero 235 (implying a disabled stream), the agent SHOULD NOT include ICE 236 related SDP candidate attributes in that "m=" section, unless an SDP 237 extension specifying otherwise is used. 239 3.2.2. RTP/RTCP Considerations 241 If an agent utilizes both RTP and RTCP, the agent MUST include SDP 242 candidate attributes for both the RTP and RTCP components in the "m=" 243 section. 245 If an agent uses separate ports for RTP and RTCP, the agent MUST 246 include an SDP rtcp attribute in the "m=" section, as described in 247 [RFC3605]. In the cases where the port number for the RTCP is one 248 higher than the RTP port and RTCP component address is same as the 249 address of the RTP component, the SDP rtcp attribute MUST not be 250 included. 252 If the agent does not utilize RTCP, it indicates that by including 253 b=RS:0 and b=RR:0 SDP attributes, as described in [RFC3556]. 255 3.2.3. Determining Role 257 The offerer acts as the Initiating agent. The answerer acts as the 258 Responding agent. The ICE roles (controlling and controlled) are 259 determined using the procedures in [ICE-BIS]. 261 3.2.4. STUN Considerations 263 Once an agent has provided its local candidates to its peer, within 264 an SDP offer or answer, the agent MUST be prepared to receive STUN 265 connectivity check Binding requests on those candidates. 267 3.2.5. ICE Mismatch 269 The agent will proceed with the ICE procedures defined in [ICE-BIS] 270 and this specification if, for each data stream in the SDP it 271 received, the default destination for each component of that data 272 stream appears in a candidate attribute. For example, in the case of 273 RTP, the IP address and port in the "c=" and "m=" lines, 274 respectively, appear in a candidate attribute and the value in the 275 rtcp attribute appears in a candidate attribute. 277 If this condition is not met, the agent MUST process the SDP based on 278 normal [RFC3264] procedures, without using any of the ICE mechanisms 279 described in the remainder of this specification with the following 280 exceptions: 282 1. The agent MUST follow the rules of section 11 of [ICE-BIS], which 283 describe keepalive procedures for all agents. 285 2. If the agent is not proceeding with ICE because there were 286 a=candidate attributes, but none that matched the default 287 destination of the data stream, the agent MUST include an a=ice- 288 mismatch attribute in its answer and may omit a=candidate 289 attributes for such data streams. See Section 9.2.2 for a 290 discussion of cases where this can happen. This specification 291 provides no guidance on how an agent should proceed in such a 292 failure case. 294 3. If the default candidates were relayed candidates learned through 295 a TURN server, the agent MUST create permissions in the TURN 296 server for the IP addresses learned from its peer in the SDP it 297 just received. If this is not done, initial packets in the data 298 stream from the peer may be lost. 300 3.2.6. SDP Example 302 The following is an example SDP message that includes ICE attributes 303 (lines folded for readability): 305 v=0 306 o=jdoe 2890844526 2890842807 IN IP4 10.0.1.1 307 s= 308 c=IN IP4 192.0.2.3 309 t=0 0 310 a=ice-options:ice2 311 a=ice-pwd:asd88fgpdd777uzjYhagZg 312 a=ice-ufrag:8hhY 313 m=audio 45664 RTP/AVP 0 314 b=RS:0 315 b=RR:0 316 a=rtpmap:0 PCMU/8000 317 a=candidate:1 1 UDP 2130706431 10.0.1.1 8998 typ host 318 a=candidate:2 1 UDP 1694498815 192.0.2.3 45664 typ srflx raddr 319 10.0.1.1 rport 8998 321 3.3. Initial Offer/Answer Exchange 323 3.3.1. Sending the Initial Offer 325 When an offerer generates the initial offer, in each "m=" section it 326 MUST include SDP candidate attributes for each available candidate 327 associated with the "m=" section. In addition, the offerer MUST 328 include an SDP ice-ufrag and an SDP ice-pwd attribute in the offer. 330 Note: Within the scope of this document, "Initial Offer" refers to 331 the first SDP offer that is sent in order to negotiate usage of 332 ICE. It might, or might not, be the initial SDP offer of the SDP 333 session. 335 Note: The procedures in this document only consider "m=" sections 336 associated with data streams where ICE is used. 338 3.3.2. Sending the Initial Answer 340 When an answerer receives an initial offer that indicates that the 341 offerer supports ICE, and if the answerer accepts the offer and the 342 usage of ICE, in each "m=" section within the answer, it MUST include 343 SDP candidate attributes for each available candidate associated with 344 the "m=" section. In addition, the answerer MUST include an SDP ice- 345 ufrag and an SDP ice-pwd attribute in the answer. 347 Once the answerer has sent the answer, it can start performing 348 connectivity checks towards the peer candidates that were provided in 349 the offer. 351 If the offer does not indicate support of ICE, the answerer MUST NOT 352 accept the usage of ICE. If the answerer still accepts the offer, 353 the answerer MUST NOT include any ICE related SDP attributes in the 354 answer. Instead the answerer will generate the answer according to 355 normal offer/answer procedures [RFC3264]. 357 If the answerer detects a possibility of the ICE mismatch, procedures 358 described in (Section 3.2.5) are followed. 360 3.3.3. Receiving the Initial Answer 362 When an offerer receives an initial answer that indicates that the 363 answerer supports ICE, it can start performing connectivity checks 364 towards the peer candidates that were provided in the answer. 366 If the answer does not indicate that the answerer supports ICE, or if 367 the offerer detects an ICE mismatch in the answer, the offerer MUST 368 terminate the usage of ICE. The subsequent actions taken by the 369 offerer are implementation dependent and are out of the scope of this 370 specification. 372 3.3.4. Concluding ICE 374 Once the state of each check list is Completed, and if the agent is 375 the controlling, it nominates a candidate pair [ICE-BIS], it checks 376 for each data stream whether the nominated pair matches the default 377 candidate pair. If there are one or more data streams with a match, 378 the controlling agent MUST generate a subsequent offer 379 (Section 3.4.1), in which the IP address, port and transport in the 380 "c=" and "m=" lines associated with each data stream match the 381 corresponding local information of the nominated pair for that data 382 stream. 384 However, If the support for 'ice2' ice-option is in use, the 385 nominated candidate is noted and sent in the subsequent offer/answer 386 exchange as the default candidate and no updated offer is needed to 387 fix the default candidate. 389 Also as described in [ICE-BIS], once the controlling agent has 390 nominated a candidate pair for a data stream, the agent MUST NOT 391 nominate another pair for that data stream during the lifetime of the 392 ICE session. 394 3.4. Subsequent Offer/Answer Exchanges 396 Either agent MAY generate a subsequent offer at any time allowed by 397 [RFC3264]. This section defines rules for construction of subsequent 398 offers and answers. 400 Should a subsequent offer fail, ICE processing continues as if the 401 subsequent offer had never been made. 403 3.4.1. Sending Subsequent Offer 405 3.4.1.1. Procedures for All Implementations 407 3.4.1.1.1. ICE Restarts 409 An agent MAY restart ICE processing for an existing data stream 410 [ICE-BIS]. 412 The rules governing the ICE restart imply that setting the IP address 413 in the "c=" line to 0.0.0.0 will cause an ICE restart. Consequently, 414 ICE implementations MUST NOT utilize this mechanism for call hold, 415 and instead MUST use a=inactive and a=sendonly as described in 416 [RFC3264]. 418 To restart ICE, an agent MUST change both the ice-pwd and the ice- 419 ufrag for the data stream in an offer. Note that it is permissible 420 to use a session-level attribute in one offer, but to provide the 421 same ice-pwd or ice-ufrag as a media-level attribute in a subsequent 422 offer. This is not a change in password, just a change in its 423 representation, and does not cause an ICE restart. 425 An agent sets the rest of the ice related fields in the SDP for this 426 data stream as it would in an initial offer of this data stream (see 427 Section 3.2.1). Consequently, the set of candidates MAY include 428 some, none, or all of the previous candidates for that data stream 429 and MAY include a totally new set of candidates. 431 3.4.1.1.2. Removing a Data Stream 433 If an agent removes a data stream by setting its port to zero, it 434 MUST NOT include any candidate attributes for that data stream and 435 SHOULD NOT include any other ICE-related attributes defined in 436 Section 4 for that data stream. 438 3.4.1.1.3. Adding a Data Stream 440 If an agent wishes to add a new data stream, it sets the fields in 441 the SDP for this data stream as if this was an initial offer for that 442 data stream (see Section 3.2.1). This will cause ICE processing to 443 begin for this data stream. 445 3.4.1.2. Procedures for Full Implementations 447 This section describes additional procedures for full 448 implementations, covering existing data streams. 450 3.4.1.2.1. Before Nomination 452 When an offerer sends a subsequent offer, each "m=" section for which 453 a candidate pair has not yet been nominated, the offer MUST include 454 the same set of ICE-related information that the offerer included in 455 the previous offer or answer. The agent MAY include additional 456 candidates it did not offer previously, but which it has gathered 457 since the last offer/ answer exchange, including peer reflexive 458 candidates. 460 The agent MAY change the default destination for media. As with 461 initial offers, there MUST be a set of candidate attributes in the 462 offer matching this default destination. 464 3.4.1.2.2. After Nomination 466 Once a candidate pair has been nominated for a data stream, the IP 467 address, port and transport in each "c=" and "m=" line associated 468 with that data stream MUST match the data associated with the 469 nominated pair for that data stream. In addition, the offerer only 470 includes SDP candidates representing the local candidates of the 471 nominated candidate pair. The offerer MUST NOT include any other SDP 472 candidate attributes in the subsequent offer. 474 In addition, if the agent is controlling, it MUST include the 475 a=remote-candidates attribute for each data stream whose check list 476 is in the completed state. The attribute contains the remote 477 candidates corresponding to the nominated pair in the valid list for 478 each component of that data stream. It is needed to avoid a race 479 condition whereby the controlling agent chooses its pairs, but the 480 updated offer beats the connectivity checks to the controlled agent, 481 which doesn't even know these pairs are valid, let alone selected. 482 See Appendix B for elaboration on this race condition. 484 3.4.1.3. Procedures for Lite Implementations 486 If the ICE state is running, a lite implementation MUST include all 487 of its candidates for each component of each data stream in 488 a=candidate attribute in any subsequent offer. The candidates are 489 formed identical to the procedures for initial offers. 491 A lite implementation MUST NOT add additional host candidates or 492 change username fragments, password in a subsequent offer. 493 Otherwise, it MUST restart ICE. 495 If ICE has completed for a data stream and if the agent is 496 controlled, the default destination for that data stream MUST be set 497 to the remote candidate of the candidate pair for that component in 498 the valid list. For a lite implementation, there is always just a 499 single candidate pair in the valid list for each component of a data 500 stream. Additionally, the agent MUST include a candidate attribute 501 for each default destination. 503 If ICE state is completed and if the agent is controlling (which only 504 happens when both agents are lite), the agent MUST include the 505 a=remote-candidates attribute for each data stream. The attribute 506 contains the remote candidates from the candidate pairs in the valid 507 list (one pair for each component of each data stream). 509 3.4.2. Sending Subsequent Answer 511 If ICE is Completed for a data stream, and the offer for that data 512 stream lacked the a=remote-candidates attribute, the rules for 513 construction of the answer are identical to those for the offerer, 514 except that the answerer MUST NOT include the a=remote-candidates 515 attribute in the answer. 517 A controlled agent will receive an offer with the a=remote-candidates 518 attribute for a data stream when its peer has concluded ICE 519 processing for that data stream. This attribute is present in the 520 offer to deal with a race condition between the receipt of the offer, 521 and the receipt of the Binding Response that tells the answerer the 522 candidate that will be selected by ICE. See Appendix B for an 523 explanation of this race condition. Consequently, processing of an 524 offer with this attribute depends on the winner of the race. 526 The agent forms a candidate pair for each component of the data 527 stream by: 529 o Setting the remote candidate equal to the offerer's default 530 destination for that component (e.g., the contents of the "m=" and 531 "c=" lines for RTP, and the a=rtcp attribute for RTCP) 533 o Setting the local candidate equal to the transport address for 534 that same component in the a=remote-candidates attribute in the 535 offer. 537 The agent then sees if each of these candidate pairs is present in 538 the valid list. If a particular pair is not in the valid list, the 539 check has "lost" the race. Call such a pair a "losing pair". 541 The agent finds all the pairs in the check list whose remote 542 candidates equal the remote candidate in the losing pair: 544 o If none of the pairs are In-Progress, and at least one is Failed, 545 it is most likely that a network failure, such as a network 546 partition or serious packet loss, has occurred. The agent SHOULD 547 generate an answer for this data stream as if the remote- 548 candidates attribute had not been present, and then restart ICE 549 for this stream. 551 o If at least one of the pairs is In-Progress, the agent SHOULD wait 552 for those checks to complete, and as each completes, redo the 553 processing in this section until there are no losing pairs. 555 Once there are no losing pairs, the agent can generate the answer. 556 It MUST set the default destination for media to the candidates in 557 the remote-candidates attribute from the offer (each of which will 558 now be the local candidate of a candidate pair in the valid list). 559 It MUST include a candidate attribute in the answer for each 560 candidate in the remote-candidates attribute in the offer. 562 3.4.2.1. Detecting ICE Restart 564 If the offerer in a subsequent offer requested an ICE restart for a 565 data stream, and if the answerer accepts the offer, the answerer 566 follows the procedures for generating an initial answer. 568 For a given data stream, the answerer MAY include the same candidates 569 that were used in the previous ICE session, but it MUST change the 570 SDP ice-pwd and ice-ufrag attribute values. 572 3.4.2.2. Lite Implementation specific procedures 574 If the received offer contains the remote-candidates attribute for a 575 data stream, the agent forms a candidate pair for each component of 576 the data stream by: 578 o Setting the remote candidate equal to the offerer's default 579 destination for that component (e.g., the contents of the "m=" and 580 "c=" lines for RTP, and the a=rtcp attribute for RTCP). 582 o Setting the local candidate equal to the transport address for 583 that same component in the a=remote-candidates attribute in the 584 offer. 586 The state of ICE processing for that data stream is set to Completed. 588 Furthermore, if the agent believed it was controlling, but the offer 589 contained the a=remote-candidates attribute, both agents believe they 590 are controlling. In this case, both would have sent updated offers 591 around the same time. 593 However, the signaling protocol carrying the offer/answer exchanges 594 will have resolved this glare condition, so that one agent is always 595 the 'winner' by having its offer received before its peer has sent an 596 offer. The winner takes the role of controlling, so that the loser 597 (the answerer under consideration in this section) MUST change its 598 role to controlled. 600 Consequently, if the agent was going to send an updated offer since, 601 based on the rules in section 8.2 of [ICE-BIS], it was controlling, 602 it no longer needs to. 604 Besides the potential role change, change in the Valid list, and 605 state changes, the construction of the answer is performed 606 identically to the construction of an offer. 608 3.4.3. Receiving Answer for a Subsequent Offer 610 3.4.3.1. Procedures for Full Implementations 612 There may be certain situations where the offerer might receive SDP 613 answer that lacks ICE candidates although the initial answer did. 614 One example of such an "unexpected" answer might be happen when a 615 ICE-unaware B2BUA introduces a media server during call hold using 616 3rd party call-control procedures. Omitting further details how this 617 is done, this could result in an answer being received at the holding 618 UA that was constructed by the B2BUA. With the B2BUA being ICE- 619 unaware, that answer would not include ICE candidates. 621 Receiving an answer without ICE attributes in this situation might be 622 unexpected, but would not necessarily impair the user experience. 624 When the offerer receives an answer indicating support for ICE, the 625 offer performs on of the following actions: 627 o If the offer was a restart, the agent MUST perform ICE restart 628 procedures as specified in Section 3.4.3.1.1 630 o If the offer/answer exchange removed a data stream, or an answer 631 rejected an offered data stream, an agent MUST flush the Valid 632 list for that data stream. It MUST also terminate any STUN 633 transactions in progress for that data stream. 635 o If the offer/answer exchange added a new data stream, the agent 636 MUST create a new check list for it (and an empty Valid list to 637 start of course) which in turn triggers the candidate processing 638 procedures [ICE-BIS]. 640 o If ICE state is running for a given data stream, the agent 641 recomputes the check list. If a pair on the new check list was 642 also on the previous check list, and its state was Waiting, In- 643 Progress, Succeeded, or Failed, its state is copied over. 644 Otherwise, its state is set to Frozen. If none of the check lists 645 are active (meaning that the pairs in each check list are Frozen), 646 appropriate procedures in [ICE-BIS] are performed to move 647 candidate(s) to the Waiting state to further continue ICE 648 processing. 650 o If ICE state is completed and the SDP answer conforms to 651 Section 3.4.2, the agent MUST reman in the ICE completed state. 653 However, if the ICE support is no longer indicated in the SDP answer, 654 the agent MUST fall-back to [RFC3264] procedures and SHOULD NOT drop 655 the dialog because of the missing ICE support or unexpected answer. 656 Once the agent sends a new offer later on, it MUST perform an ICE 657 restart. 659 3.4.3.1.1. ICE Restarts 661 The agent MUST remember the nominated pair in the Valid list for each 662 component of the data stream, called the previous selected pair prior 663 to the restart. The agent will continue to send media using this 664 pair, as described in section 12 of [ICE-BIS]. Once these 665 destinations are noted, the agent MUST flush the valid and check 666 lists, and then recompute the check list and its states, thus 667 triggering the candidate processing procedures [ICE-BIS] 669 3.4.3.2. Procedures for Lite Implementations 671 If ICE is restarting for a data stream, the agent MUST start a new 672 Valid list for that data stream. It MUST remember the nominated pair 673 in the previous Valid list for each component of the data stream, 674 called the previous selected pairs, and continue to send media there 675 as described in section 12 of [ICE-BIS]. The state of ICE processing 676 for each data stream MUST change to Running, and the state of ICE 677 processing MUST change to Running 679 4. Grammar 681 This specification defines eight new SDP attributes -- the 682 "candidate", "remote-candidates", "ice-lite", "ice-mismatch", "ice- 683 ufrag", "ice-pwd", "ice-pacing", and "ice-options" attributes. 685 This section also provides non-normative examples of the attributes 686 defined. 688 The syntax for the attributes follow Augmented BNF as defined in 689 [RFC5234]. 691 4.1. "candidate" Attribute 693 The candidate attribute is a media-level attribute only. It contains 694 a transport address for a candidate that can be used for connectivity 695 checks. 697 candidate-attribute = "candidate" ":" foundation SP component-id SP 698 transport SP 699 priority SP 700 connection-address SP ;from RFC 4566 701 port ;port from RFC 4566 702 SP cand-type 703 [SP rel-addr] 704 [SP rel-port] 705 *(SP extension-att-name SP 706 extension-att-value) 708 foundation = 1*32ice-char 709 component-id = 1*5DIGIT 710 transport = "UDP" / transport-extension 711 transport-extension = token ; from RFC 3261 712 priority = 1*10DIGIT 713 cand-type = "typ" SP candidate-types 714 candidate-types = "host" / "srflx" / "prflx" / "relay" / token 715 rel-addr = "raddr" SP connection-address 716 rel-port = "rport" SP port 717 extension-att-name = token 718 extension-att-value = *VCHAR 719 ice-char = ALPHA / DIGIT / "+" / "/" 721 This grammar encodes the primary information about a candidate: its 722 IP address, port and transport protocol, and its properties: the 723 foundation, component ID, priority, type, and related transport 724 address: 726 : is taken from RFC 4566 [RFC4566]. It is the 727 IP address of the candidate. When parsing this field, an agent 728 can differentiate an IPv4 address and an IPv6 address by presence 729 of a colon in its value -- the presence of a colon indicates IPv6. 730 An agent MUST ignore candidate lines that include candidates with 731 IP address versions that are not supported or recognized. An IP 732 address SHOULD be used, but an FQDN MAY be used in place of an IP 733 address. In that case, when receiving an offer or answer 734 containing an FQDN in an a=candidate attribute, the FQDN is looked 735 up in the DNS first using an AAAA record (assuming the agent 736 supports IPv6), and if no result is found or the agent only 737 supports IPv4, using an A record. The rules from section 6 of 738 [RFC6724] is followed by fixing the source address to be one from 739 the candidate pair to be matched against destination addresses 740 reported by FQDN, in cases where the DNS query returns more than 741 one IP address. 743 : is also taken from RFC 4566 [RFC4566]. It is the port of 744 the candidate. 746 : indicates the transport protocol for the candidate. 747 This specification only defines UDP. However, extensibility is 748 provided to allow for future transport protocols to be used with 749 ICE by extending the sub-registry "ICE Transport Protocols" under 750 "Interactive Connectivity Establishment (ICE)" registry. 752 : is composed of 1 to 32 s. It is an 753 identifier that is equivalent for two candidates that are of the 754 same type, share the same base, and come from the same STUN 755 server. The foundation is used to optimize ICE performance in the 756 Frozen algorithm as described in [ICE-BIS] 758 : is a positive integer between 1 and 256 (inclusive) 759 that identifies the specific component of the dta stream for which 760 this is a candidate. It MUST start at 1 and MUST increment by 1 761 for each component of a particular candidate. For data streams 762 based on RTP, candidates for the actual RTP media MUST have a 763 component ID of 1, and candidates for RTCP MUST have a component 764 ID of 2. See section 13 in [ICE-BIS] for additional discussion on 765 extending ICE to new data streams. 767 : is a positive integer between 1 and (2**31 - 1) 768 inclusive. The procedures for computing candidate's priority is 769 described in section 5.1.2 of [ICE-BIS]. 771 : encodes the type of candidate. This specification 772 defines the values "host", "srflx", "prflx", and "relay" for host, 773 server reflexive, peer reflexive, and relayed candidates, 774 respectively. Specifications for new candidate types MUST define 775 how, if at all, various steps in the ICE processing differ from 776 the ones defined by this specification. 778 and : convey transport addresses related to the 779 candidate, useful for diagnostics and other purposes. 780 and MUST be present for server reflexive, peer 781 reflexive, and relayed candidates. If a candidate is server or 782 peer reflexive, and are equal to the base 783 for that server or peer reflexive candidate. If the candidate is 784 relayed, and are equal to the mapped address 785 in the Allocate response that provided the client with that 786 relayed candidate (see section Appendix B.3 of [ICE-BIS] for a 787 discussion of its purpose). If the candidate is a host candidate, 788 and MUST be omitted. 790 In some cases, e.g., for privacy reasons, an agent may not want to 791 reveal the related address and port. In this case the address 792 MUST be set to "0.0.0.0" (for IPv4 candidates) or "::" (for IPv6 793 candidates) and the port to zero. 795 The candidate attribute can itself be extended. The grammar allows 796 for new name/value pairs to be added at the end of the attribute. 797 Such extensions MUST be made through IETF Review or IESG Approval 798 [RFC5226] and the assignments MUST contain the specific extension and 799 a reference to the document defining the usage of the extension 801 An implementation MUST ignore any name/value pairs it doesn't 802 understand. 804 Example: SDP line for UDP server reflexive candidate attribute for the RTP component 806 a=candidate:2 1 UDP 1694498815 192.0.2.3 45664 typ 807 srflx raddr 10.0.1.1 rport 8998 809 4.2. "remote-candidates" Attribute 811 The syntax of the "remote-candidates" attribute is defined using 812 Augmented BNF as defined in [RFC5234]. The remote-candidates 813 attribute is a media-level attribute only. 815 remote-candidate-att = "remote-candidates:" remote-candidate 816 0*(SP remote-candidate) 817 remote-candidate = component-ID SP connection-address SP port 819 The attribute contains a connection-address and port for each 820 component. The ordering of components is irrelevant. However, a 821 value MUST be present for each component of a data stream. This 822 attribute MUST be included in an offer by a controlling agent for a 823 data stream that is Completed, and MUST NOT be included in any other 824 case. 826 Example: Remote candidates SDP lines for the RTP and RTCP components: 828 a=remote-candidates:1 192.0.2.3 45664 829 a=remote-candidates:2 192.0.2.3 45665 831 4.3. "ice-lite" and "ice-mismatch" Attributes 833 The syntax of the "ice-lite" and "ice-mismatch" attributes, both of 834 which are flags, is: 836 ice-lite = "ice-lite" 837 ice-mismatch = "ice-mismatch" 839 "ice-lite" is a session-level attribute only, and indicates that an 840 agent is a lite implementation. "ice-mismatch" is a media-level 841 attribute only, and when present in an answer, indicates that the 842 offer arrived with a default destination for a media component that 843 didn't have a corresponding candidate attribute. 845 4.4. "ice-ufrag" and "ice-pwd" Attributes 847 The "ice-ufrag" and "ice-pwd" attributes convey the username fragment 848 and password used by ICE for message integrity. Their syntax is: 850 ice-pwd-att = "ice-pwd:" password 851 ice-ufrag-att = "ice-ufrag:" ufrag 852 password = 22*256ice-char 853 ufrag = 4*256ice-char 855 The "ice-pwd" and "ice-ufrag" attributes can appear at either the 856 session-level or media-level. When present in both, the value in the 857 media-level takes precedence. Thus, the value at the session-level 858 is effectively a default that applies to all data streams, unless 859 overridden by a media-level value. Whether present at the session or 860 media-level, there MUST be an ice-pwd and ice-ufrag attribute for 861 each data stream. If two data streams have identical ice-ufrag's, 862 they MUST have identical ice-pwd's. 864 The ice-ufrag and ice-pwd attributes MUST be chosen randomly at the 865 beginning of a session (the same applies when ICE is restarting for 866 an agent.). 868 The ice-ufrag attribute MUST contain at least 24 bits of randomness, 869 and the ice-pwd attribute MUST contain at least 128 bits of 870 randomness. This means that the ice-ufrag attribute will be at least 871 4 characters long, and the ice-pwd at least 22 characters long, since 872 the grammar for these attributes allows for 6 bits of information per 873 character. The attributes MAY be longer than 4 and 22 characters, 874 respectively, of course, up to 256 characters. The upper limit 875 allows for buffer sizing in implementations. Its large upper limit 876 allows for increased amounts of randomness to be added over time. 877 For compatibility with the 512 character limitation for the STUN 878 username attribute value and for bandwidth conservation 879 considerations, the ice-ufrag attribute MUST NOT be longer than 32 880 characters when sending, but an implementation MUST accept up to 256 881 characters when receiving. 883 Example shows sample ice-ufrag and ice-pwd SDP lines: 885 a=ice-pwd:asd88fgpdd777uzjYhagZg 886 a=ice-ufrag:8hhY 888 4.5. "ice-pacing" Attribute 890 The "ice-pacing" is a session level attribute that indicates the 891 desired connectivity check pacing, in milliseconds, for this agent 892 (see section 14 of [ICE-BIS]). The syntax is: 894 ice-pacing-att = "ice-pacing:" pacing-value 895 pacing-value = 1*10DIGIT 897 Following the procedures defined in [ICE-BIS], a default value of 898 50ms is used for an agent when ice-pacing attribute is omitted in the 899 offer or the answer. 901 The same rule applies for ice-pacing attribute values lower than 902 50ms. This mandates that, if an agent includes the ice-pacing 903 attribute, its value MUST be greater than 50ms or else a value of 904 50ms is considered by default for that agent. 906 Also the larger of the ice-pacing attribute values between the offer 907 and the answer (determined either by the one provided in the ice- 908 pacing attribute or by picking the default value) MUST be considered 909 for a given ICE session. 911 The mux category [I-D.ietf-mmusic-sdp-mux-attributes] for the 'ice- 912 pacing' attribute is 'TRANSPORT'. 914 Example shows ice-pacing value of 5 ms: 916 a=ice-pacing:5 918 4.6. "ice-options" Attribute 920 The "ice-options" attribute is a session- and media-level attribute. 921 It contains a series of tokens that identify the options supported by 922 the agent. Its grammar is: 924 ice-options = "ice-options:" ice-option-tag 925 0*(SP ice-option-tag) 926 ice-option-tag = 1*ice-char 928 The existence of an ice-option in an offer indicates that a certain 929 extension is supported by the agent and is willing to use it, if the 930 peer agent also includes the same extension in the answer. There 931 might be further extension specific negotiations needed between the 932 agents that determine how the extensions gets used in a given 933 session. The details of the negotiation procedures, if present, MUST 934 be defined by the specification defining the extension (see 935 Section 10.2). 937 Example shows 'rtp+ecn' ice-option SDP line from <>: 939 a=ice-options:rtp+ecn 941 5. Keepalives 943 All the ICE agents MUST follow the procedures defined in section 11 944 of [ICE-BIS] for sending keepalives. The keepalives MUST be sent 945 regardless of whether the data stream is currently inactive, 946 sendonly, recvonly, or sendrecv, and regardless of the presence or 947 value of the bandwidth attribute. An agent can determine that its 948 peer supports ICE by the presence of a=candidate attributes for each 949 media session. 951 6. SIP Considerations 953 Note that ICE is not intended for NAT traversal for SIP, which is 954 assumed to be provided via another mechanism [RFC5626]. 956 When ICE is used with SIP, forking may result in a single offer 957 generating a multiplicity of answers. In that case, ICE proceeds 958 completely in parallel and independently for each answer, treating 959 the combination of its offer and each answer as an independent offer/ 960 answer exchange, with its own set of local candidates, pairs, check 961 lists, states, and so on. 963 Once ICE processing has reached the Completed state for all peers for 964 media streams using those candidates, the agent SHOULD wait an 965 additional three seconds, and then it MAY cease responding to checks 966 or generating triggered checks on that candidate. It MAY free the 967 candidate at that time. Freeing of server reflexive candidates is 968 never explicit; it happens by lack of a keepalive. The three-second 969 delay handles cases when aggressive nomination is used, and the 970 selected pairs can quickly change after ICE has completed. 972 6.1. Latency Guidelines 974 ICE requires a series of STUN-based connectivity checks to take place 975 between endpoints. These checks start from the answerer on 976 generation of its answer, and start from the offerer when it receives 977 the answer. These checks can take time to complete, and as such, the 978 selection of messages to use with offers and answers can affect 979 perceived user latency. Two latency figures are of particular 980 interest. These are the post-pickup delay and the post-dial delay. 981 The post-pickup delay refers to the time between when a user "answers 982 the phone" and when any speech they utter can be delivered to the 983 caller. The post-dial delay refers to the time between when a user 984 enters the destination address for the user and ringback begins as a 985 consequence of having successfully started alerting the called user 986 agent. 988 Two cases can be considered -- one where the offer is present in the 989 initial INVITE and one where it is in a response. 991 6.1.1. Offer in INVITE 993 To reduce post-dial delays, it is RECOMMENDED that the caller begin 994 gathering candidates prior to actually sending its initial INVITE. 995 This can be started upon user interface cues that a call is pending, 996 such as activity on a keypad or the phone going off-hook. 998 On the receipt of the offer, the answerer SHOULD generate an answer 999 in a provisional response once it has completed candidate gathering. 1000 ICE requires that a provisional response with an SDP be transmitted 1001 reliably. This can be done through the existing Provisional Response 1002 Acknowledgment (PRACK) mechanism [RFC3262] or through an ICE specific 1003 optimization, wherein, the agent retransmits the provisional response 1004 with the exponential backoff timers described in [RFC3262]. Such 1005 retransmissions MUST cease on receipt of a STUN Binding request for 1006 one of the data streams signaled in that SDP or on transmission of 1007 the answer in a 2xx response. If no Binding request is received 1008 prior to the last retransmit, the agent does not consider the session 1009 terminated. For the ICE lite peers, the agent MUST cease 1010 retransmitting the 18x after sending it four times (ICE will actually 1011 work even if the peer never receives the 18x; however, experience has 1012 shown that sending it is important for middleboxes and firewall 1013 traversal). 1015 It should be noted that the ICE specific optimization is very 1016 specific to provisional response carrying answers that start ICE 1017 processing and it is not a general technique for 1xx reliability. 1018 Also such an optimization SHOULD NOT be used if both agents support 1019 PRACK. 1021 Despite the fact that the provisional response will be delivered 1022 reliably, the rules for when an agent can send an updated offer or 1023 answer do not change from those specified in [RFC3262]. 1024 Specifically, if the INVITE contained an offer, the same answer 1025 appears in all of the 1xx and in the 2xx response to the INVITE. 1026 Only after that 2xx has been sent can an updated offer/answer 1027 exchange occur. 1029 Alternatively, an agent MAY delay sending an answer until the 200 OK; 1030 however, this results in a poor user experience and is NOT 1031 RECOMMENDED. 1033 Once the answer has been sent, the agent SHOULD begin its 1034 connectivity checks. Once candidate pairs for each component of a 1035 data stream enter the valid list, the answerer can begin sending 1036 media on that data stream. 1038 However, prior to this point, any media that needs to be sent towards 1039 the caller (such as SIP early media [RFC3960]) MUST NOT be 1040 transmitted. For this reason, implementations SHOULD delay alerting 1041 the called party until candidates for each component of each data 1042 stream have entered the valid list. In the case of a PSTN gateway, 1043 this would mean that the setup message into the PSTN is delayed until 1044 this point. Doing this increases the post-dial delay, but has the 1045 effect of eliminating 'ghost rings'. Ghost rings are cases where the 1046 called party hears the phone ring, picks up, but hears nothing and 1047 cannot be heard. This technique works without requiring support for, 1048 or usage of, preconditions [RFC3312]. It also has the benefit of 1049 guaranteeing that not a single packet of media will get clipped, so 1050 that post-pickup delay is zero. If an agent chooses to delay local 1051 alerting in this way, it SHOULD generate a 180 response once alerting 1052 begins. 1054 6.1.2. Offer in Response 1056 In addition to uses where the offer is in an INVITE, and the answer 1057 is in the provisional and/or 200 OK response, ICE works with cases 1058 where the offer appears in the response. In such cases, which are 1059 common in third party call control [RFC3725], ICE agents SHOULD 1060 generate their offers in a reliable provisional response (which MUST 1061 utilize [RFC3262]), and not alert the user on receipt of the INVITE. 1062 The answer will arrive in a PRACK. This allows for ICE processing to 1063 take place prior to alerting, so that there is no post-pickup delay, 1064 at the expense of increased call setup delays. Once ICE completes, 1065 the callee can alert the user and then generate a 200 OK when they 1066 answer. The 200 OK would contain no SDP, since the offer/answer 1067 exchange has completed. 1069 Alternatively, agents MAY place the offer in a 2xx instead (in which 1070 case the answer comes in the ACK). When this happens, the callee 1071 will alert the user on receipt of the INVITE, and the ICE exchanges 1072 will take place only after the user answers. This has the effect of 1073 reducing call setup delay, but can cause substantial post-pickup 1074 delays and media clipping. 1076 6.2. SIP Option Tags and Media Feature Tags 1078 [RFC5768] specifies a SIP option tag and media feature tag for usage 1079 with ICE. ICE implementations using SIP SHOULD support this 1080 specification, which uses a feature tag in registrations to 1081 facilitate interoperability through signaling intermediaries. 1083 6.3. Interactions with Forking 1085 ICE interacts very well with forking. Indeed, ICE fixes some of the 1086 problems associated with forking. Without ICE, when a call forks and 1087 the caller receives multiple incoming data streams, it cannot 1088 determine which data stream corresponds to which callee. 1090 With ICE, this problem is resolved. The connectivity checks which 1091 occur prior to transmission of media carry username fragments, which 1092 in turn are correlated to a specific callee. Subsequent media 1093 packets that arrive on the same candidate pair as the connectivity 1094 check will be associated with that same callee. Thus, the caller can 1095 perform this correlation as long as it has received an answer. 1097 6.4. Interactions with Preconditions 1099 Quality of Service (QoS) preconditions, which are defined in 1100 [RFC3312] and [RFC4032], apply only to the transport addresses listed 1101 as the default targets for media in an offer/answer. If ICE changes 1102 the transport address where media is received, this change is 1103 reflected in an updated offer that changes the default destination 1104 for media to match ICE's selection. As such, it appears like any 1105 other re-INVITE would, and is fully treated in RFCs 3312 and 4032, 1106 which apply without regard to the fact that the destination for media 1107 is changing due to ICE negotiations occurring "in the background". 1109 Indeed, an agent SHOULD NOT indicate that QoS preconditions have been 1110 met until the checks have completed and selected the candidate pairs 1111 to be used for media. 1113 ICE also has (purposeful) interactions with connectivity 1114 preconditions [RFC5898]. Those interactions are described there. 1115 Note that the procedures described in Section 6.1 describe their own 1116 type of "preconditions", albeit with less functionality than those 1117 provided by the explicit preconditions in [RFC5898]. 1119 6.5. Interactions with Third Party Call Control 1121 ICE works with Flows I, III, and IV as described in [RFC3725]. Flow 1122 I works without the controller supporting or being aware of ICE. 1123 Flow IV will work as long as the controller passes along the ICE 1124 attributes without alteration. Flow II is fundamentally incompatible 1125 with ICE; each agent will believe itself to be the answerer and thus 1126 never generate a re-INVITE. 1128 The flows for continued operation, as described in Section 7 of 1129 [RFC3725], require additional behavior of ICE implementations to 1130 support. In particular, if an agent receives a mid-dialog re-INVITE 1131 that contains no offer, it MUST restart ICE for each data stream and 1132 go through the process of gathering new candidates. Furthermore, 1133 that list of candidates SHOULD include the ones currently being used 1134 for media. 1136 7. Relationship with ANAT 1138 [RFC4091], the Alternative Network Address Types (ANAT) Semantics for 1139 the SDP grouping framework, and [RFC4092], its usage with SIP, define 1140 a mechanism for indicating that an agent can support both IPv4 and 1141 IPv6 for a data stream, and it does so by including two "m=" lines, 1142 one for v4 and one for v6. This is similar to ICE, which allows for 1143 an agent to indicate multiple transport addresses using the candidate 1144 attribute. However, ANAT relies on static selection to pick between 1145 choices, rather than a dynamic connectivity check used by ICE. 1147 It is RECOMMENDED that ICE be used in realizing the dual-stack use- 1148 cases in agents that support ICE. 1150 8. Setting Ta and RTO for RTP Media Streams 1152 During the gathering phase of ICE and while ICE is performing 1153 connectivity checks, an agent sends STUN and TURN transactions. 1154 These transactions are paced at a rate of one every Ta milliseconds, 1155 and utilize a specific RTO. See Section 14 of [ICE-BIS] for details 1156 on how the values of Ta and RTO are computed with a real-time media 1157 stream of known maximum bandwidth to rate-control the ICE exchanges. 1159 9. Security Considerations 1161 9.1. Attacks on the Offer/Answer Exchanges 1163 An attacker that can modify or disrupt the offer/answer exchanges 1164 themselves can readily launch a variety of attacks with ICE. They 1165 could direct media to a target of a DoS attack, they could insert 1166 themselves into the data stream, and so on. These are similar to the 1167 general security considerations for offer/answer exchanges, and the 1168 security considerations in [RFC3264] apply. These require techniques 1169 for message integrity and encryption for offers and answers, which 1170 are satisfied by the TLS mechanism [RFC3261] when SIP is used. As 1171 such, the usage of TLS with ICE is RECOMMENDED. 1173 9.2. Insider Attacks 1175 In addition to attacks where the attacker is a third party trying to 1176 insert fake offers, answers, or STUN messages, there are several 1177 attacks possible with ICE when the attacker is an authenticated and 1178 valid participant in the ICE exchange. 1180 9.2.1. The Voice Hammer Attack 1182 The voice hammer attack is an amplification attack. In this attack, 1183 the attacker initiates sessions to other agents, and maliciously 1184 includes the IP address and port of a DoS target as the destination 1185 for media traffic signaled in the SDP. This causes substantial 1186 amplification; a single offer/answer exchange can create a continuing 1187 flood of media packets, possibly at high rates (consider video 1188 sources). This attack is not specific to ICE, but ICE can help 1189 provide remediation. 1191 Specifically, if ICE is used, the agent receiving the malicious SDP 1192 will first perform connectivity checks to the target of media before 1193 sending media there. If this target is a third-party host, the 1194 checks will not succeed, and media is never sent. 1196 Unfortunately, ICE doesn't help if it's not used, in which case an 1197 attacker could simply send the offer without the ICE parameters. 1198 However, in environments where the set of clients is known, and is 1199 limited to ones that support ICE, the server can reject any offers or 1200 answers that don't indicate ICE support. 1202 User Agents that are not willing to receive non-ICE answers MUST 1203 include an "ice" Option Tag in the Require Header Field in their 1204 offer. Clients that rejects non-ICE offers SHOULD use a 421 response 1205 code, together with an Option Tag "ice" in the Require Header Field 1206 in the response. 1208 9.2.2. Interactions with Application Layer Gateways and SIP 1210 Application Layer Gateways (ALGs) are functions present in a Network 1211 Address Translation (NAT) device that inspect the contents of packets 1212 and modify them, in order to facilitate NAT traversal for application 1213 protocols. Session Border Controllers (SBCs) are close cousins of 1214 ALGs, but are less transparent since they actually exist as 1215 application-layer SIP intermediaries. ICE has interactions with SBCs 1216 and ALGs. 1218 If an ALG is SIP aware but not ICE aware, ICE will work through it as 1219 long as the ALG correctly modifies the SDP. A correct ALG 1220 implementation behaves as follows: 1222 o The ALG does not modify the "m=" and "c=" lines or the rtcp 1223 attribute if they contain external addresses. 1225 o If the "m=" and "c=" lines contain internal addresses, the 1226 modification depends on the state of the ALG: 1228 * If the ALG already has a binding established that maps an 1229 external port to an internal IP address and port matching the 1230 values in the "m=" and "c=" lines or rtcp attribute, the ALG 1231 uses that binding instead of creating a new one. 1233 * If the ALG does not already have a binding, it creates a new 1234 one and modifies the SDP, rewriting the "m=" and "c=" lines and 1235 rtcp attribute. 1237 Unfortunately, many ALGs are known to work poorly in these corner 1238 cases. ICE does not try to work around broken ALGs, as this is 1239 outside the scope of its functionality. ICE can help diagnose these 1240 conditions, which often show up as a mismatch between the set of 1241 candidates and the "m=" and "c=" lines and rtcp attributes. The ice- 1242 mismatch attribute is used for this purpose. 1244 ICE works best through ALGs when the signaling is run over TLS. This 1245 prevents the ALG from manipulating the SDP messages and interfering 1246 with ICE operation. Implementations that are expected to be deployed 1247 behind ALGs SHOULD provide for TLS transport of the SDP. 1249 If an SBC is SIP aware but not ICE aware, the result depends on the 1250 behavior of the SBC. If it is acting as a proper Back-to-Back User 1251 Agent (B2BUA), the SBC will remove any SDP attributes it doesn't 1252 understand, including the ICE attributes. Consequently, the call 1253 will appear to both endpoints as if the other side doesn't support 1254 ICE. This will result in ICE being disabled, and media flowing 1255 through the SBC, if the SBC has requested it. If, however, the SBC 1256 passes the ICE attributes without modification, yet modifies the 1257 default destination for media (contained in the "m=" and "c=" lines 1258 and rtcp attribute), this will be detected as an ICE mismatch, and 1259 ICE processing is aborted for the call. It is outside of the scope 1260 of ICE for it to act as a tool for "working around" SBCs. If one is 1261 present, ICE will not be used and the SBC techniques take precedence. 1263 10. IANA Considerations 1265 10.1. SDP Attributes 1267 The original ICE specification defined seven new SDP attributes per 1268 the procedures of Section 8.2.4 of [RFC4566]. The registration 1269 information from the original specification is included here with 1270 modifications to include Mux Category and to align with the recent 1271 recommendations for populating Contact information. 1273 10.1.1. candidate Attribute 1275 Attribute Name: candidate 1277 Type of Attribute: media-level 1279 Subject to charset: No 1281 Purpose: This attribute is used with Interactive Connectivity 1282 Establishment (ICE), and provides one of many possible candidate 1283 addresses for communication. These addresses are validated with 1284 an end-to-end connectivity check using Session Traversal Utilities 1285 for NAT (STUN). 1287 Appropriate Values: See Section 4 of RFC XXXX. 1289 Contact Name: IESG 1291 Contact e-mail: iesg@ietf.org [1] 1293 Reference: RFCXXXX 1295 Mux Category: TRANSPORT 1297 10.1.2. remote-candidates Attribute 1299 Attribute Name: remote-candidates 1301 Type of Attribute: media-level 1303 Subject to charset: No 1305 Purpose: This attribute is used with Interactive Connectivity 1306 Establishment (ICE), and provides the identity of the remote 1307 candidates that the offerer wishes the answerer to use in its 1308 answer. 1310 Appropriate Values: See Section 4 of RFC XXXX. 1312 Contact Name: IESG 1314 Contact e-mail: iesg@ietf.org [2] 1316 Reference: RFCXXXX 1317 Mux Category: TRANSPORT 1319 10.1.3. ice-lite Attribute 1321 Attribute Name: ice-lite 1323 Type of Attribute: session-level 1325 Subject to charset: No 1327 Purpose: This attribute is used with Interactive Connectivity 1328 Establishment (ICE), and indicates that an agent has the minimum 1329 functionality required to support ICE inter-operation with a peer 1330 that has a full implementation. 1332 Appropriate Values: See Section 4 of RFC XXXX. 1334 Contact Name: IESG 1336 Contact e-mail: iesg@ietf.org [3] 1338 Reference: RFCXXXX 1340 Mux Category: NORMAL 1342 10.1.4. ice-mismatch Attribute 1344 Attribute Name: ice-mismatch 1346 Type of Attribute: media-level 1348 Subject to charset: No 1350 Purpose: This attribute is used with Interactive Connectivity 1351 Establishment (ICE), and indicates that an agent is ICE capable, 1352 but did not proceed with ICE due to a mismatch of candidates with 1353 the default destination for media signaled in the SDP. 1355 Appropriate Values: See Section 4 of RFC XXXX. 1357 Contact Name: IESG 1359 Contact e-mail: iesg@ietf.org [4] 1361 Reference: RFCXXXX 1363 Mux Category: NORMAL 1365 10.1.5. ice-pwd Attribute 1367 Attribute Name: ice-pwd 1369 Type of Attribute: session- or media-level 1371 Subject to charset: No 1373 Purpose: This attribute is used with Interactive Connectivity 1374 Establishment (ICE), and provides the password used to protect 1375 STUN connectivity checks. 1377 Appropriate Values: See Section 4 of RFC XXXX. 1379 Contact Name: IESG 1381 Contact e-mail: iesg@ietf.org [5] 1383 Reference: RFCXXXX 1385 Mux Category: TRANSPORT 1387 10.1.6. ice-ufrag Attribute 1389 Attribute Name: ice-ufrag 1391 Type of Attribute: session- or media-level 1393 Subject to charset: No 1395 Purpose: This attribute is used with Interactive Connectivity 1396 Establishment (ICE), and provides the fragments used to construct 1397 the username in STUN connectivity checks. 1399 Appropriate Values: See Section 4 of RFC XXXX. 1401 Contact Name: IESG 1403 Contact e-mail: iesg@ietf.org [6] 1405 Reference: RFCXXXX 1407 Mux Category: TRANSPORT 1409 10.1.7. ice-options Attribute 1411 Attribute Name: ice-options 1413 Long Form: ice-options 1415 Type of Attribute: session- or media-level 1417 Subject to charset: No 1419 Purpose: This attribute is used with Interactive Connectivity 1420 Establishment (ICE), and indicates the ICE options or extensions 1421 used by the agent. 1423 Appropriate Values: See Section 4 of RFC XXXX. 1425 Contact Name: IESG 1427 Contact e-mail: iesg@ietf.org [7] 1429 Reference: RFCXXXX 1431 Mux Category: NORMAL 1433 10.1.8. ice-pacing Attribute 1435 This specification also defines a new SDP attribute, "ice-pacing" 1436 according to the following data: 1438 Attribute Name: ice-pacing 1440 Type of Attribute: session-level 1442 Subject to charset: No 1444 Purpose: This attribute is used with Interactive Connectivity 1445 Establishment (ICE) to indicate desired connectivity check pacing 1446 values. 1448 Appropriate Values: See Section 4 of RFC XXXX. 1450 Contact Name: IESG 1452 Contact e-mail: iesg@ietf.org [8] 1454 Reference: RFCXXXX 1456 Mux Category: TRANSPORT 1458 10.2. Interactive Connectivity Establishment (ICE) Options Registry 1460 IANA maintains a registry for ice-options identifiers under the 1461 Specification Required policy as defined in "Guidelines for Writing 1462 an IANA Considerations Section in RFCs" [RFC5226]. 1464 ICE options are of unlimited length according to the syntax in 1465 Section 4.6; however, they are RECOMMENDED to be no longer than 20 1466 characters. This is to reduce message sizes and allow for efficient 1467 parsing. 1469 In [RFC5245] ICE options could only be defined at the session level. 1470 ICE options can now also be defined at the media level. This can be 1471 used when aggregating between different ICE agents in the same 1472 endpoint, but future options may require to be defined at the media- 1473 level. To ensure compatibility with legacy implementation, the 1474 media-level ICE options MUST be aggregated into a session-level ICE 1475 option. Because aggregation rules depend on the specifics of each 1476 option, all new ICE options MUST also define in their specification 1477 how the media-level ICE option values are aggregated to generate the 1478 value of the session-level ICE option. 1480 [RFC6679] defines the "rtp+ecn" ICE option. The aggregation rule for 1481 this ICE option is that if all aggregated media using ICE contain a 1482 media-level "rtp+ecn" ICE option then an "rtp+ecn" ICE option MUST be 1483 inserted at the session-level. If one of the media does not contain 1484 the option, then it MUST NOT be inserted at the session-level. 1486 Section 10 of [ICE-BIS] defines "ice2" ICE option. Since "ice2" is a 1487 session level ICE option, no aggregation rules apply. 1489 A registration request MUST include the following information: 1491 o The ICE option identifier to be registered 1493 o Name, Email, and Address of a contact person for the registration 1495 o Organization or individuals having the change control 1497 o Short description of the ICE extension to which the option relates 1499 o Reference(s) to the specification defining the ICE option and the 1500 related extensions 1502 11. Acknowledgments 1504 A large part of the text in this document was taken from [RFC5245], 1505 authored by Jonathan Rosenberg. 1507 Some of the text in this document was taken from [RFC6336], authored 1508 by Magnus Westerlund and Colin Perkins. 1510 Many thanks to Christer Holmberg for providing text suggestions in 1511 Section 4 that aligns with [ICE-BIS] 1513 Thanks to Thomas Stach for text help, Roman Shpount for suggesting 1514 RTCP candidate handling and Simon Perreault for advising on IPV6 1515 address selection when candidate-address includes FQDN. 1517 Thanks to following experts for their reviews and constructive 1518 feedback: Christer Holmberg, Adam Roach and the MMUSIC WG. 1520 12. References 1522 12.1. Normative References 1524 [I-D.ietf-mmusic-sdp-mux-attributes] 1525 Nandakumar, S., "A Framework for SDP Attributes when 1526 Multiplexing", draft-ietf-mmusic-sdp-mux-attributes-17 1527 (work in progress), February 2018, 1528 . 1530 [ICE-BIS] Keranen, A. and J. Rosenberg, "Interactive Connectivity 1531 Establishment (ICE): A Protocol for Network Address 1532 Translator (NAT) Traversal for Offer/Answer Protocols", 1533 draft-ietf-ice-rfc5245bis-00 (work in progress), March 1534 2015. 1536 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1537 Requirement Levels", BCP 14, RFC 2119, 1538 DOI 10.17487/RFC2119, March 1997, 1539 . 1541 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 1542 A., Peterson, J., Sparks, R., Handley, M., and E. 1543 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 1544 DOI 10.17487/RFC3261, June 2002, 1545 . 1547 [RFC3262] Rosenberg, J. and H. Schulzrinne, "Reliability of 1548 Provisional Responses in Session Initiation Protocol 1549 (SIP)", RFC 3262, DOI 10.17487/RFC3262, June 2002, 1550 . 1552 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 1553 with Session Description Protocol (SDP)", RFC 3264, 1554 DOI 10.17487/RFC3264, June 2002, 1555 . 1557 [RFC3312] Camarillo, G., Ed., Marshall, W., Ed., and J. Rosenberg, 1558 "Integration of Resource Management and Session Initiation 1559 Protocol (SIP)", RFC 3312, DOI 10.17487/RFC3312, October 1560 2002, . 1562 [RFC3556] Casner, S., "Session Description Protocol (SDP) Bandwidth 1563 Modifiers for RTP Control Protocol (RTCP) Bandwidth", 1564 RFC 3556, DOI 10.17487/RFC3556, July 2003, 1565 . 1567 [RFC3605] Huitema, C., "Real Time Control Protocol (RTCP) attribute 1568 in Session Description Protocol (SDP)", RFC 3605, 1569 DOI 10.17487/RFC3605, October 2003, 1570 . 1572 [RFC4032] Camarillo, G. and P. Kyzivat, "Update to the Session 1573 Initiation Protocol (SIP) Preconditions Framework", 1574 RFC 4032, DOI 10.17487/RFC4032, March 2005, 1575 . 1577 [RFC4091] Camarillo, G. and J. Rosenberg, "The Alternative Network 1578 Address Types (ANAT) Semantics for the Session Description 1579 Protocol (SDP) Grouping Framework", RFC 4091, June 2005, 1580 . 1582 [RFC4092] Camarillo, G. and J. Rosenberg, "Usage of the Session 1583 Description Protocol (SDP) Alternative Network Address 1584 Types (ANAT) Semantics in the Session Initiation Protocol 1585 (SIP)", RFC 4092, June 2005, 1586 . 1588 [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session 1589 Description Protocol", RFC 4566, DOI 10.17487/RFC4566, 1590 July 2006, . 1592 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1593 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1594 DOI 10.17487/RFC5226, May 2008, 1595 . 1597 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 1598 Specifications: ABNF", STD 68, RFC 5234, 1599 DOI 10.17487/RFC5234, January 2008, 1600 . 1602 [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment 1603 (ICE): A Protocol for Network Address Translator (NAT) 1604 Traversal for Offer/Answer Protocols", RFC 5245, 1605 DOI 10.17487/RFC5245, April 2010, 1606 . 1608 [RFC5768] Rosenberg, J., "Indicating Support for Interactive 1609 Connectivity Establishment (ICE) in the Session Initiation 1610 Protocol (SIP)", RFC 5768, DOI 10.17487/RFC5768, April 1611 2010, . 1613 [RFC6336] Westerlund, M. and C. Perkins, "IANA Registry for 1614 Interactive Connectivity Establishment (ICE) Options", 1615 RFC 6336, April 2010, 1616 . 1618 [RFC6679] Westerlund, M., Johansson, I., Perkins, C., O'Hanlon, P., 1619 and K. Carlberg, "Explicit Congestion Notification (ECN) 1620 for RTP over UDP", RFC 6679, DOI 10.17487/RFC6679, August 1621 2012, . 1623 [RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown, 1624 "Default Address Selection for Internet Protocol Version 6 1625 (IPv6)", RFC 6724, September 2012, 1626 . 1628 [RFC7656] Lennox, J., Gross, K., Nandakumar, S., Salgueiro, G., and 1629 B. Burman, Ed., "A Taxonomy of Semantics and Mechanisms 1630 for Real-Time Transport Protocol (RTP) Sources", RFC 7656, 1631 DOI 10.17487/RFC7656, November 2015, 1632 . 1634 12.2. Informative References 1636 [RFC3725] Rosenberg, J., Peterson, J., Schulzrinne, H., and G. 1637 Camarillo, "Best Current Practices for Third Party Call 1638 Control (3pcc) in the Session Initiation Protocol (SIP)", 1639 BCP 85, RFC 3725, DOI 10.17487/RFC3725, April 2004, 1640 . 1642 [RFC3960] Camarillo, G. and H. Schulzrinne, "Early Media and Ringing 1643 Tone Generation in the Session Initiation Protocol (SIP)", 1644 RFC 3960, DOI 10.17487/RFC3960, December 2004, 1645 . 1647 [RFC5626] Jennings, C., Ed., Mahy, R., Ed., and F. Audet, Ed., 1648 "Managing Client-Initiated Connections in the Session 1649 Initiation Protocol (SIP)", RFC 5626, 1650 DOI 10.17487/RFC5626, October 2009, 1651 . 1653 [RFC5898] Andreasen, F., Camarillo, G., Oran, D., and D. Wing, 1654 "Connectivity Preconditions for Session Description 1655 Protocol (SDP) Media Streams", RFC 5898, 1656 DOI 10.17487/RFC5898, July 2010, 1657 . 1659 12.3. URIs 1661 [1] mailto:iesg@ietf.org 1663 [2] mailto:iesg@ietf.org 1665 [3] mailto:iesg@ietf.org 1667 [4] mailto:iesg@ietf.org 1669 [5] mailto:iesg@ietf.org 1671 [6] mailto:iesg@ietf.org 1673 [7] mailto:iesg@ietf.org 1675 [8] mailto:iesg@ietf.org 1677 [9] mailto:christer.holmberg@ericsson.com 1679 [10] mailto:rshpount@turbobridge.com 1681 [11] mailto:thomass.stach@gmail.com 1683 Appendix A. Examples 1685 For the example shown in section 16 of [ICE-BIS] the resulting offer 1686 (message 5) encoded in SDP looks like: 1688 v=0 1689 o=jdoe 2890844526 2890842807 IN IP6 $L-PRIV-1.IP 1690 s= 1691 c=IN IP6 $NAT-PUB-1.IP 1692 t=0 0 1693 a=ice-pwd:asd88fgpdd777uzjYhagZg 1694 a=ice-ufrag:8hhY 1695 m=audio $NAT-PUB-1.PORT RTP/AVP 0 1696 b=RS:0 1697 b=RR:0 1698 a=rtpmap:0 PCMU/8000 1699 a=candidate:1 1 UDP 2130706431 $L-PRIV-1.IP $L-PRIV-1.PORT typ host 1700 a=candidate:2 1 UDP 1694498815 $NAT-PUB-1.IP $NAT-PUB-1.PORT typ 1701 srflx raddr $L-PRIV-1.IP rport $L-PRIV-1.PORT 1703 The offer, with the variables replaced with their values, will look 1704 like (lines folded for clarity): 1706 v=0 1707 o=jdoe 2890844526 2890842807 IN IP6 fe80::6676:baff:fe9c:ee4a 1708 s= 1709 c=IN IP6 2001:420:c0e0:1005::61 1710 t=0 0 1711 a=ice-pwd:asd88fgpdd777uzjYhagZg 1712 a=ice-ufrag:8hhY 1713 m=audio 45664 RTP/AVP 0 1714 b=RS:0 1715 b=RR:0 1716 a=rtpmap:0 PCMU/8000 1717 a=candidate:1 1 UDP 2130706431 fe80::6676:baff:fe9c:ee4a 8998 typ host 1718 a=candidate:2 1 UDP 1694498815 2001:420:c0e0:1005::61 45664 typ srflx raddr 1719 fe80::6676:baff:fe9c:ee4a rport 8998 1721 The resulting answer looks like: 1723 v=0 1724 o=bob 2808844564 2808844564 IN IP4 $R-PUB-1.IP 1725 s= 1726 c=IN IP4 $R-PUB-1.IP 1727 t=0 0 1728 a=ice-pwd:YH75Fviy6338Vbrhrlp8Yh 1729 a=ice-ufrag:9uB6 1730 m=audio $R-PUB-1.PORT RTP/AVP 0 1731 b=RS:0 1732 b=RR:0 1733 a=rtpmap:0 PCMU/8000 1734 a=candidate:1 1 UDP 2130706431 $R-PUB-1.IP $R-PUB-1.PORT typ host 1736 With the variables filled in: 1738 v=0 1739 o=bob 2808844564 2808844564 IN IP4 192.0.2.1 1740 s= 1741 c=IN IP4 192.0.2.1 1742 t=0 0 1743 a=ice-pwd:YH75Fviy6338Vbrhrlp8Yh 1744 a=ice-ufrag:9uB6 1745 m=audio 3478 RTP/AVP 0 1746 b=RS:0 1747 b=RR:0 1748 a=rtpmap:0 PCMU/8000 1749 a=candidate:1 1 UDP 2130706431 192.0.2.1 3478 typ host 1751 Appendix B. The remote-candidates Attribute 1753 The a=remote-candidates attribute exists to eliminate a race 1754 condition between the updated offer and the response to the STUN 1755 Binding request that moved a candidate into the Valid list. This 1756 race condition is shown in Figure 1. On receipt of message 4, agent 1757 L adds a candidate pair to the valid list. If there was only a 1758 single data stream with a single component, agent L could now send an 1759 updated offer. However, the check from agent R has not yet generated 1760 a response, and agent R receives the updated offer (message 7) before 1761 getting the response (message 9). Thus, it does not yet know that 1762 this particular pair is valid. To eliminate this condition, the 1763 actual candidates at R that were selected by the offerer (the remote 1764 candidates) are included in the offer itself, and the answerer delays 1765 its answer until those pairs validate. 1767 Agent L Network Agent R 1768 |(1) Offer | | 1769 |------------------------------------------>| 1770 |(2) Answer | | 1771 |<------------------------------------------| 1772 |(3) STUN Req. | | 1773 |------------------------------------------>| 1774 |(4) STUN Res. | | 1775 |<------------------------------------------| 1776 |(5) STUN Req. | | 1777 |<------------------------------------------| 1778 |(6) STUN Res. | | 1779 |-------------------->| | 1780 | |Lost | 1781 |(7) Offer | | 1782 |------------------------------------------>| 1783 |(8) STUN Req. | | 1784 |<------------------------------------------| 1785 |(9) STUN Res. | | 1786 |------------------------------------------>| 1787 |(10) Answer | | 1788 |<------------------------------------------| 1790 Figure 1: Race Condition Flow 1792 Appendix C. Why Is the Conflict Resolution Mechanism Needed? 1794 When ICE runs between two peers, one agent acts as controlled, and 1795 the other as controlling. Rules are defined as a function of 1796 implementation type and offerer/answerer to determine who is 1797 controlling and who is controlled. However, the specification 1798 mentions that, in some cases, both sides might believe they are 1799 controlling, or both sides might believe they are controlled. How 1800 can this happen? 1802 The condition when both agents believe they are controlled shows up 1803 in third party call control cases. Consider the following flow: 1805 A Controller B 1806 |(1) INV() | | 1807 |<-------------| | 1808 |(2) 200(SDP1) | | 1809 |------------->| | 1810 | |(3) INV() | 1811 | |------------->| 1812 | |(4) 200(SDP2) | 1813 | |<-------------| 1814 |(5) ACK(SDP2) | | 1815 |<-------------| | 1816 | |(6) ACK(SDP1) | 1817 | |------------->| 1819 Figure 2: Role Conflict Flow 1821 This flow is a variation on flow III of RFC 3725 [RFC3725]. In fact, 1822 it works better than flow III since it produces fewer messages. In 1823 this flow, the controller sends an offerless INVITE to agent A, which 1824 responds with its offer, SDP1. The agent then sends an offerless 1825 INVITE to agent B, which it responds to with its offer, SDP2. The 1826 controller then uses the offer from each agent to generate the 1827 answers. When this flow is used, ICE will run between agents A and 1828 B, but both will believe they are in the controlling role. With the 1829 role conflict resolution procedures, this flow will function properly 1830 when ICE is used. 1832 At this time, there are no documented flows that can result in the 1833 case where both agents believe they are controlled. However, the 1834 conflict resolution procedures allow for this case, should a flow 1835 arise that would fit into this category. 1837 Appendix D. Why Send an Updated Offer? 1839 Section 11.1 describes rules for sending media. Both agents can send 1840 media once ICE checks complete, without waiting for an updated offer. 1841 Indeed, the only purpose of the updated offer is to "correct" the SDP 1842 so that the default destination for media matches where media is 1843 being sent based on ICE procedures (which will be the highest- 1844 priority nominated candidate pair). 1846 This begs the question -- why is the updated offer/answer exchange 1847 needed at all? Indeed, in a pure offer/answer environment, it would 1848 not be. The offerer and answerer will agree on the candidates to use 1849 through ICE, and then can begin using them. As far as the agents 1850 themselves are concerned, the updated offer/answer provides no new 1851 information. However, in practice, numerous components along the 1852 signaling path look at the SDP information. These include entities 1853 performing off-path QoS reservations, NAT traversal components such 1854 as ALGs and Session Border Controllers (SBCs), and diagnostic tools 1855 that passively monitor the network. For these tools to continue to 1856 function without change, the core property of SDP -- that the 1857 existing, pre-ICE definitions of the addresses used for media -- the 1858 "m=" and "c=" lines and the rtcp attribute -- must be retained. For 1859 this reason, an updated offer must be sent. 1861 Appendix E. Contributors 1863 Following experts have contributed a textual and structural 1864 suggestions for this work 1866 1. Christer Holmberg 1868 * Ericsson 1870 * Email: christer.holmberg@ericsson.com [9] 1872 2. Roman Shpount 1874 * TurboBridge 1876 * rshpount@turbobridge.com [10] 1878 3. Thomas Stach 1880 * thomass.stach@gmail.com [11] 1882 Authors' Addresses 1884 Marc Petit-Huguenin 1885 Impedance Mismatch 1887 Email: marc@petit-huguenin.org 1889 Suhas Nandakumar 1890 Cisco Systems 1891 707 Tasman Dr 1892 Milpitas, CA 95035 1893 USA 1895 Email: snandaku@cisco.com 1896 Ari Keranen 1897 Ericsson 1898 Jorvas 02420 1899 Finland 1901 Email: ari.keranen@ericsson.com