idnits 2.17.1 draft-ietf-mmusic-ice-sip-sdp-22.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 3 instances of too long lines in the document, the longest one being 12 characters in excess of 72. == There are 3 instances of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. == There are 1 instance of lines with non-RFC3849-compliant IPv6 addresses in the document. If these are example addresses, they should be changed. -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? -- The draft header indicates that this document obsoletes RFC5245, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: 2. The transport address from the peer for the default destination correspond to IP address values "0.0.0.0"/"::" and port value of "9". This MUST not be considered as a ICE failure by the peer agent and the ICE processing MUST continue as usual. == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 9, 2018) is 2025 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 1601 -- Looks like a reference, but probably isn't: '2' on line 1603 -- Looks like a reference, but probably isn't: '3' on line 1605 -- Looks like a reference, but probably isn't: '4' on line 1607 -- Looks like a reference, but probably isn't: '5' on line 1609 -- Looks like a reference, but probably isn't: '6' on line 1611 -- Looks like a reference, but probably isn't: '7' on line 1613 -- Looks like a reference, but probably isn't: '8' on line 1615 -- Looks like a reference, but probably isn't: '9' on line 1810 -- Looks like a reference, but probably isn't: '10' on line 1816 -- Looks like a reference, but probably isn't: '11' on line 1820 == Outdated reference: A later version (-20) exists of draft-ietf-ice-rfc5245bis-00 ** Obsolete normative reference: RFC 4091 (Obsoleted by RFC 5245) ** Obsolete normative reference: RFC 4092 (Obsoleted by RFC 5245) ** Obsolete normative reference: RFC 4566 (Obsoleted by RFC 8866) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Obsolete normative reference: RFC 5245 (Obsoleted by RFC 8445, RFC 8839) ** Obsolete normative reference: RFC 6336 (Obsoleted by RFC 8839) Summary: 7 errors (**), 0 flaws (~~), 6 warnings (==), 14 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 MMUSIC M. Petit-Huguenin 3 Internet-Draft Impedance Mismatch 4 Obsoletes: 5245 (if approved) S. Nandakumar 5 Intended status: Standards Track Cisco Systems 6 Expires: April 12, 2019 A. Keranen 7 Ericsson 8 October 9, 2018 10 Session Description Protocol (SDP) Offer/Answer procedures for 11 Interactive Connectivity Establishment (ICE) 12 draft-ietf-mmusic-ice-sip-sdp-22 14 Abstract 16 This document describes Session Description Protocol (SDP) Offer/ 17 Answer procedures for carrying out Interactive Connectivity 18 Establishment (ICE) between the agents. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on April 12, 2019. 37 Copyright Notice 39 Copyright (c) 2018 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 This document may contain material from IETF Documents or IETF 53 Contributions published or made publicly available before November 54 10, 2008. The person(s) controlling the copyright in some of this 55 material may not have granted the IETF Trust the right to allow 56 modifications of such material outside the IETF Standards Process. 57 Without obtaining an adequate license from the person(s) controlling 58 the copyright in such materials, this document may not be modified 59 outside the IETF Standards Process, and derivative works of it may 60 not be created outside the IETF Standards Process, except to format 61 it for publication as an RFC or to translate it into languages other 62 than English. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 67 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 68 3. SDP Offer/Answer Procedures . . . . . . . . . . . . . . . . . 4 69 3.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 4 70 3.2. Generic Procedures . . . . . . . . . . . . . . . . . . . 4 71 3.2.1. Encoding . . . . . . . . . . . . . . . . . . . . . . 4 72 3.2.2. RTP/RTCP Considerations . . . . . . . . . . . . . . . 6 73 3.2.3. Determining Role . . . . . . . . . . . . . . . . . . 6 74 3.2.4. STUN Considerations . . . . . . . . . . . . . . . . . 6 75 3.2.5. Verifying ICE Support Procedures . . . . . . . . . . 6 76 3.2.6. SDP Example . . . . . . . . . . . . . . . . . . . . . 7 77 3.3. Initial Offer/Answer Exchange . . . . . . . . . . . . . . 7 78 3.3.1. Sending the Initial Offer . . . . . . . . . . . . . . 7 79 3.3.2. Sending the Initial Answer . . . . . . . . . . . . . 8 80 3.3.3. Receiving the Initial Answer . . . . . . . . . . . . 8 81 3.3.4. Concluding ICE . . . . . . . . . . . . . . . . . . . 8 82 3.4. Subsequent Offer/Answer Exchanges . . . . . . . . . . . . 9 83 3.4.1. Sending Subsequent Offer . . . . . . . . . . . . . . 9 84 3.4.2. Sending Subsequent Answer . . . . . . . . . . . . . . 11 85 3.4.3. Receiving Answer for a Subsequent Offer . . . . . . . 13 86 4. Grammar . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 87 4.1. "candidate" Attribute . . . . . . . . . . . . . . . . . . 15 88 4.2. "remote-candidates" Attribute . . . . . . . . . . . . . . 18 89 4.3. "ice-lite" and "ice-mismatch" Attributes . . . . . . . . 18 90 4.4. "ice-ufrag" and "ice-pwd" Attributes . . . . . . . . . . 18 91 4.5. "ice-pacing" Attribute . . . . . . . . . . . . . . . . . 19 92 4.6. "ice-options" Attribute . . . . . . . . . . . . . . . . . 20 93 5. Keepalives . . . . . . . . . . . . . . . . . . . . . . . . . 20 94 6. SIP Considerations . . . . . . . . . . . . . . . . . . . . . 21 95 6.1. Latency Guidelines . . . . . . . . . . . . . . . . . . . 21 96 6.1.1. Offer in INVITE . . . . . . . . . . . . . . . . . . . 21 97 6.1.2. Offer in Response . . . . . . . . . . . . . . . . . . 23 98 6.2. SIP Option Tags and Media Feature Tags . . . . . . . . . 23 99 6.3. Interactions with Forking . . . . . . . . . . . . . . . . 23 100 6.4. Interactions with Preconditions . . . . . . . . . . . . . 24 101 6.5. Interactions with Third Party Call Control . . . . . . . 24 102 7. Relationship with ANAT . . . . . . . . . . . . . . . . . . . 25 103 8. Security Considerations . . . . . . . . . . . . . . . . . . . 25 104 8.1. Attacks on the Offer/Answer Exchanges . . . . . . . . . . 25 105 8.2. Insider Attacks . . . . . . . . . . . . . . . . . . . . . 25 106 8.2.1. The Voice Hammer Attack . . . . . . . . . . . . . . . 25 107 8.2.2. Interactions with Application Layer Gateways and SIP 26 108 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 109 9.1. SDP Attributes . . . . . . . . . . . . . . . . . . . . . 27 110 9.1.1. candidate Attribute . . . . . . . . . . . . . . . . . 27 111 9.1.2. remote-candidates Attribute . . . . . . . . . . . . . 28 112 9.1.3. ice-lite Attribute . . . . . . . . . . . . . . . . . 28 113 9.1.4. ice-mismatch Attribute . . . . . . . . . . . . . . . 29 114 9.1.5. ice-pwd Attribute . . . . . . . . . . . . . . . . . . 29 115 9.1.6. ice-ufrag Attribute . . . . . . . . . . . . . . . . . 30 116 9.1.7. ice-options Attribute . . . . . . . . . . . . . . . . 30 117 9.1.8. ice-pacing Attribute . . . . . . . . . . . . . . . . 31 118 9.2. Interactive Connectivity Establishment (ICE) Options 119 Registry . . . . . . . . . . . . . . . . . . . . . . . . 31 120 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 32 121 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 122 11.1. Normative References . . . . . . . . . . . . . . . . . . 32 123 11.2. Informative References . . . . . . . . . . . . . . . . . 34 124 11.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 35 125 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 35 126 Appendix B. The remote-candidates Attribute . . . . . . . . . . 37 127 Appendix C. Why Is the Conflict Resolution Mechanism Needed? . . 37 128 Appendix D. Why Send an Updated Offer? . . . . . . . . . . . . . 38 129 Appendix E. Contributors . . . . . . . . . . . . . . . . . . . . 39 130 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 132 1. Introduction 134 This document describes how Interactive Connectivity Establishment 135 (ICE) is used with Session Description Protocol (SDP) offer/answer 136 [RFC3264]. The ICE specification [ICE-BIS] describes procedures that 137 are common to all usages of ICE and this document gives the 138 additional details needed to use ICE with SDP offer/answer. 140 2. Terminology 142 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 143 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 144 "OPTIONAL" in this document are to be interpreted as described in RFC 145 2119 [RFC2119]. 147 Readers should be familiar with the terminology defined in [RFC3264], 148 in [ICE-BIS] and the following: 150 Default Destination/Candidate: The default destination for a 151 component of a data stream is the transport address that would be 152 used by an agent that is not ICE aware. A default candidate for a 153 component is one whose transport address matches the default 154 destination for that component. For the RTP component, the 155 default IP address is in the "c=" line of the SDP, and the port is 156 in the "m=" line. For the RTCP component, the address and port 157 are indicated using the "a=rtcp" attribute defined in [RFC3605], 158 if present; otherwise, the RTCP component address is same as the 159 address of the RTP component, and its port is one greater than the 160 port of the RTP component. 162 3. SDP Offer/Answer Procedures 164 3.1. Introduction 166 [ICE-BIS] defines ICE candidate exchange as the process for ICE 167 agents (Initiator and Responder) to exchange their candidate 168 information required for ICE processing at the agents. For the 169 purposes of this specification, the candidate exchange process 170 corresponds to the [RFC3264] Offer/Answer protocol and the 171 terminologies offerer and answerer correspond to the initiator and 172 responder terminologies from [ICE-BIS] respectively. 174 Once the initiating agent has gathered, pruned and prioritized its 175 set of candidates [ICE-BIS], the candidate exchange with the peer 176 agent begins. 178 3.2. Generic Procedures 180 3.2.1. Encoding 182 Section 4 provides detailed rules for constructing various SDP 183 attributes defined in this specification. 185 3.2.1.1. Data Streams 187 Each data stream [ICE-BIS] is represented by an SDP media description 188 ("m=" section). 190 3.2.1.2. Candidates 192 With in a "m=" section, each candidate (including the default 193 candidate) associated with the data stream is represented by an SDP 194 candidate attribute. 196 Prior to nomination, the "c=" line associated with an "m=" section 197 contains the IP address of the default candidate, while the "m=" line 198 contains the port and transport of the default candidate for that 199 "m=" section. 201 After nomination, the "c=" line for a given "m=" section contains the 202 IP address of the nominated candidate (the local candidate of the 203 nominated candidate pair) and the "m=" line contains the port and 204 transport corresponding to the nominated candidate for that "m=" 205 section. 207 3.2.1.3. Username and Password 209 The ICE username is represented by an SDP ice-ufrag attribute and the 210 ICE password is represented by an SDP ice-pwd attribute. 212 3.2.1.4. Lite Implementations 214 An ICE lite implementation [ICE-BIS] MUST include an SDP ice-lite 215 attribute. A full implementation MUST NOT include that attribute. 217 3.2.1.5. ICE Extensions 219 An agent uses the SDP ice-options attribute to indicate support of 220 ICE extensions. 222 An agent compliant to this specification MUST include an SDP ice- 223 options attribute with an "ice2" attribute value. If an agent 224 receives an SDP offer or answer with ICE attributes but without the 225 "ice2" ice-options attribute value, the agent assumes that the peer 226 is compliant to [RFC5245]. 228 3.2.1.6. Inactive and Disabled Data Streams 230 If an "m=" section is marked as inactive [RFC4566], or has a 231 bandwidth value of zero [RFC4566], the agent MUST still include ICE 232 related SDP attributes. 234 If the port value associated with an "m=" section is set to zero 235 (implying a disabled stream) as defined in section 8.2 of [RFC3264], 236 the agent SHOULD NOT include ICE related SDP candidate attributes in 237 that "m=" section, unless an SDP extension specifying otherwise is 238 used. 240 3.2.2. RTP/RTCP Considerations 242 If an agent utilizes both RTP and RTCP, the agent MUST include SDP 243 candidate attributes for both the RTP and RTCP components in the "m=" 244 section. 246 If an agent uses separate ports for RTP and RTCP, the agent MUST 247 include an SDP rtcp attribute in the "m=" section, as described in 248 [RFC3605]. In the cases where the port number for the RTCP is one 249 higher than the RTP port and RTCP component address is same as the 250 address of the RTP component, the SDP rtcp attribute MAY be omitted. 252 If the agent does not utilize RTCP, it indicates that by including 253 b=RS:0 and b=RR:0 SDP attributes, as described in [RFC3556]. 255 3.2.3. Determining Role 257 The offerer acts as the Initiating agent. The answerer acts as the 258 Responding agent. The ICE roles (controlling and controlled) are 259 determined using the procedures in [ICE-BIS]. 261 3.2.4. STUN Considerations 263 Once an agent has provided its local candidates to its peer in an SDP 264 offer or answer, the agent MUST be prepared to receive STUN 265 connectivity check Binding requests on those candidates. 267 3.2.5. Verifying ICE Support Procedures 269 The agents will proceed with the ICE procedures defined in [ICE-BIS] 270 and this specification if, for each data stream in the SDP it 271 received, the default destination for each component of that data 272 stream appears in a candidate attribute. For example, in the case of 273 RTP, the IP address and port in the "c=" and "m=" lines, 274 respectively, appear in a candidate attribute and the value in the 275 rtcp attribute appears in a candidate attribute. 277 If this condition is not met, the agents MUST process the SDP based 278 on normal [RFC3264] procedures, without using any of the ICE 279 mechanisms described in the remainder of this specification with the 280 few exceptions noted below: 282 1. The presence of certain application layer gateways MAY modify the 283 transport address information as described in Section 8.2.2. The 284 behavior of the responding agent in such a situation is 285 implementation defined. Informally, the responding agent MAY 286 consider the mismatched transport address information as a 287 plausible new candidate learnt from the peer and continue its ICE 288 processing with that transport address included. Alternatively, 289 the responding agent MAY include an "a=ice-mismatch" attribute in 290 its answer and MAY also omit a=candidate attributes for such data 291 streams. 293 2. The transport address from the peer for the default destination 294 correspond to IP address values "0.0.0.0"/"::" and port value of 295 "9". This MUST not be considered as a ICE failure by the peer 296 agent and the ICE processing MUST continue as usual. 298 Also to note, this specification provides no guidance on how an 299 controlling/initiator agent should proceed in scenarios where the the 300 SDP answer includes "a=ice-mismatch" from the peer. 302 3.2.6. SDP Example 304 The following is an example SDP message that includes ICE attributes 305 (lines folded for readability): 307 v=0 308 o=jdoe 2890844526 2890842807 IN IP4 10.0.1.1 309 s= 310 c=IN IP4 192.0.2.3 311 t=0 0 312 a=ice-options:ice2 313 a=ice-pwd:asd88fgpdd777uzjYhagZg 314 a=ice-ufrag:8hhY 315 m=audio 45664 RTP/AVP 0 316 b=RS:0 317 b=RR:0 318 a=rtpmap:0 PCMU/8000 319 a=candidate:1 1 UDP 2130706431 10.0.1.1 8998 typ host 320 a=candidate:2 1 UDP 1694498815 192.0.2.3 45664 typ srflx raddr 321 10.0.1.1 rport 8998 323 3.3. Initial Offer/Answer Exchange 325 3.3.1. Sending the Initial Offer 327 When an offerer generates the initial offer, in each "m=" section it 328 MUST include SDP candidate attributes for each available candidate 329 associated with the "m=" section. In addition, the offerer MUST 330 include an SDP ice-ufrag and an SDP ice-pwd attribute in the offer. 332 Note: Within the scope of this document, "Initial Offer" refers to 333 the first SDP offer that is sent in order to negotiate usage of 334 ICE. It might, or might not, be the initial SDP offer of the SDP 335 session. 337 Note: The procedures in this document only consider "m=" sections 338 associated with data streams where ICE is used. 340 3.3.2. Sending the Initial Answer 342 When an answerer receives an initial offer that indicates that the 343 offerer supports ICE, and if the answerer accepts the offer and the 344 usage of ICE, in each "m=" section within the answer, it MUST include 345 SDP candidate attributes for each available candidate associated with 346 the "m=" section. In addition, the answerer MUST include an SDP ice- 347 ufrag and an SDP ice-pwd attribute in the answer. 349 Once the answerer has sent the answer, it can start performing 350 connectivity checks towards the peer candidates that were provided in 351 the offer. 353 If the offer does not indicate support of ICE, the answerer MUST NOT 354 accept the usage of ICE. If the answerer still accepts the offer, 355 the answerer MUST NOT include any ICE related SDP attributes in the 356 answer. Instead the answerer will generate the answer according to 357 normal offer/answer procedures [RFC3264]. 359 If the answerer detects a possibility of the ICE mismatch, procedures 360 described in (Section 3.2.5) are followed. 362 3.3.3. Receiving the Initial Answer 364 When an offerer receives an initial answer that indicates that the 365 answerer supports ICE, it can start performing connectivity checks 366 towards the peer candidates that were provided in the answer. 368 If the answer does not indicate that the answerer supports ICE, or if 369 the offerer detects an ICE mismatch in the answer, the offerer MUST 370 terminate the usage of ICE. The subsequent actions taken by the 371 offerer are implementation dependent and are out of the scope of this 372 specification. 374 3.3.4. Concluding ICE 376 Once the state of each check list is Completed, and if the agent is 377 the controlling agent, it nominates a candidate pair [ICE-BIS] and 378 checks for each data stream whether the nominated pair matches the 379 default candidate pair. If there are one or more data streams with a 380 match, and the peer did not indicate support for the 'ice2' ice- 381 option, the controlling agent MUST generate a subsequent offer 382 (Section 3.4.1), in which the IP address, port and transport in the 383 "c=" and "m=" lines associated with each data stream match the 384 corresponding local information of the nominated pair for that data 385 stream. 387 However, If the support for 'ice2' ice-option is in use, the 388 nominated candidate is noted and sent in the subsequent offer/answer 389 exchange as the default candidate and no updated offer is needed to 390 fix the default candidate. 392 Also as described in [ICE-BIS], once the controlling agent has 393 nominated a candidate pair for a data stream, the agent MUST NOT 394 nominate another pair for that data stream during the lifetime of the 395 ICE session (i.e. until ICE is restarted). 397 3.4. Subsequent Offer/Answer Exchanges 399 Either agent MAY generate a subsequent offer at any time allowed by 400 [RFC3264]. This section defines rules for construction of subsequent 401 offers and answers. 403 Should a subsequent offer fail, ICE processing continues as if the 404 subsequent offer had never been made. 406 3.4.1. Sending Subsequent Offer 408 3.4.1.1. Procedures for All Implementations 410 3.4.1.1.1. ICE Restarts 412 An agent MAY restart ICE processing for an existing data stream 413 [ICE-BIS]. 415 The rules governing the ICE restart imply that setting the IP address 416 in the "c=" line to 0.0.0.0 (for IPv4)/ :: (for IPv6) will cause an 417 ICE restart. Consequently, ICE implementations MUST NOT utilize this 418 mechanism for call hold, and instead MUST use a=inactive and 419 a=sendonly as described in [RFC3264]. 421 To restart ICE, an agent MUST change both the ice-pwd and the ice- 422 ufrag for the data stream in an offer. However, it is permissible to 423 use a session-level attribute in one offer, but to provide the same 424 ice-pwd or ice-ufrag as a media-level attribute in a subsequent 425 offer. This MUST NOT be considered as ICE restart. 427 An agent sets the rest of the ice related fields in the SDP for this 428 data stream as it would in an initial offer of this data stream (see 429 Section 3.2.1). Consequently, the set of candidates MAY include 430 some, none, or all of the previous candidates for that data stream 431 and MAY include a totally new set of candidates. 433 3.4.1.1.2. Removing a Data Stream 435 If an agent removes a data stream by setting its port to zero, it 436 MUST NOT include any candidate attributes for that data stream and 437 SHOULD NOT include any other ICE-related attributes defined in 438 Section 4 for that data stream. 440 3.4.1.1.3. Adding a Data Stream 442 If an agent wishes to add a new data stream, it sets the fields in 443 the SDP for this data stream as if this was an initial offer for that 444 data stream (see Section 3.2.1). This will cause ICE processing to 445 begin for this data stream. 447 3.4.1.2. Procedures for Full Implementations 449 This section describes additional procedures for full 450 implementations, covering existing data streams. 452 3.4.1.2.1. Before Nomination 454 When an offerer sends a subsequent offer; in each "m=" section for 455 which a candidate pair has not yet been nominated, the offer MUST 456 include the same set of ICE-related information that the offerer 457 included in the previous offer or answer. The agent MAY include 458 additional candidates it did not offer previously, but which it has 459 gathered since the last offer/ answer exchange, including peer 460 reflexive candidates. 462 The agent MAY change the default destination for media. As with 463 initial offers, there MUST be a set of candidate attributes in the 464 offer matching this default destination. 466 3.4.1.2.2. After Nomination 468 Once a candidate pair has been nominated for a data stream, the IP 469 address, port and transport in each "c=" and "m=" line associated 470 with that data stream MUST match the data associated with the 471 nominated pair for that data stream. In addition, the offerer only 472 includes SDP candidates representing the local candidates of the 473 nominated candidate pair. The offerer MUST NOT include any other SDP 474 candidate attributes in the subsequent offer. 476 In addition, if the agent is controlling, it MUST include the 477 a=remote-candidates attribute for each data stream whose check list 478 is in the completed state. The attribute contains the remote 479 candidates corresponding to the nominated pair in the valid list for 480 each component of that data stream. It is needed to avoid a race 481 condition whereby the controlling agent chooses its pairs, but the 482 updated offer beats the connectivity checks to the controlled agent, 483 which doesn't even know these pairs are valid, let alone selected. 484 See Appendix B for elaboration on this race condition. 486 3.4.1.3. Procedures for Lite Implementations 488 If the ICE state is running, a lite implementation MUST include all 489 of its candidates for each component of each data stream in 490 a=candidate attribute in any subsequent offer. The candidates are 491 formed identical to the procedures for initial offers. 493 A lite implementation MUST NOT add additional host candidates in a 494 subsequent offer. If an agent needs to offer additional candidates, 495 it MUST restart ICE. Similarly, the username fragments or passwords 496 MUST remain the same as used previously. If an agent needs to change 497 one of these, it MUST restart ICE for that media stream. 499 If ICE has completed for a data stream and if the agent is 500 controlled, the default destination for that data stream MUST be set 501 to the remote candidate of the candidate pair for that component in 502 the valid list. For a lite implementation, there is always just a 503 single candidate pair in the valid list for each component of a data 504 stream. Additionally, the agent MUST include a candidate attribute 505 for each default destination. 507 If ICE state is completed and if the agent is controlling (which only 508 happens when both agents are lite), the agent MUST include the 509 a=remote-candidates attribute for each data stream. The attribute 510 contains the remote candidates from the candidate pairs in the valid 511 list (one pair for each component of each data stream). 513 3.4.2. Sending Subsequent Answer 515 If ICE is Completed for a data stream, and the offer for that data 516 stream lacked the a=remote-candidates attribute, the rules for 517 construction of the answer are identical to those for the offerer, 518 except that the answerer MUST NOT include the a=remote-candidates 519 attribute in the answer. 521 A controlled agent will receive an offer with the a=remote-candidates 522 attribute for a data stream when its peer has concluded ICE 523 processing for that data stream. This attribute is present in the 524 offer to deal with a race condition between the receipt of the offer, 525 and the receipt of the Binding Response that tells the answerer the 526 candidate that will be selected by ICE. See Appendix B for an 527 explanation of this race condition. Consequently, processing of an 528 offer with this attribute depends on the winner of the race. 530 The agent forms a candidate pair for each component of the data 531 stream by: 533 o Setting the remote candidate equal to the offerer's default 534 destination for that component (i.e. the contents of the "m=" and 535 "c=" lines for RTP, and the a=rtcp attribute for RTCP) 537 o Setting the local candidate equal to the transport address for 538 that same component in the a=remote-candidates attribute in the 539 offer. 541 The agent then sees if each of these candidate pairs is present in 542 the valid list. If a particular pair is not in the valid list, the 543 check has "lost" the race. Call such a pair a "losing pair". 545 The agent finds all the pairs in the check list whose remote 546 candidates equal the remote candidate in the losing pair: 548 o If none of the pairs are In-Progress, and at least one is Failed, 549 it is most likely that a network failure, such as a network 550 partition or serious packet loss, has occurred. The agent SHOULD 551 generate an answer for this data stream as if the remote- 552 candidates attribute had not been present, and then restart ICE 553 for this stream. 555 o If at least one of the pairs is In-Progress, the agent SHOULD wait 556 for those checks to complete, and as each completes, redo the 557 processing in this section until there are no losing pairs. 559 Once there are no losing pairs, the agent can generate the answer. 560 It MUST set the default destination for media to the candidates in 561 the remote-candidates attribute from the offer (each of which will 562 now be the local candidate of a candidate pair in the valid list). 563 It MUST include a candidate attribute in the answer for each 564 candidate in the remote-candidates attribute in the offer. 566 3.4.2.1. ICE Restart 568 If the offerer in a subsequent offer requested an ICE restart for a 569 data stream, and if the answerer accepts the offer, the answerer 570 follows the procedures for generating an initial answer. 572 For a given data stream, the answerer MAY include the same candidates 573 that were used in the previous ICE session, but it MUST change the 574 SDP ice-pwd and ice-ufrag attribute values. 576 3.4.2.2. Lite Implementation specific procedures 578 If the received offer contains the remote-candidates attribute for a 579 data stream, the agent forms a candidate pair for each component of 580 the data stream by: 582 o Setting the remote candidate equal to the offerer's default 583 destination for that component (i.e., the contents of the "m=" and 584 "c=" lines for RTP, and the a=rtcp attribute for RTCP). 586 o Setting the local candidate equal to the transport address for 587 that same component in the a=remote-candidates attribute in the 588 offer. 590 The state of ICE processing for that data stream is set to Completed. 592 Furthermore, if the agent believed it was controlling, but the offer 593 contained the a=remote-candidates attribute, both agents believe they 594 are controlling. In this case, both would have sent updated offers 595 around the same time. 597 However, the signaling protocol carrying the offer/answer exchanges 598 will have resolved this glare condition, so that one agent is always 599 the 'winner' by having its offer received before its peer has sent an 600 offer. The winner takes the role of controlling, so that the loser 601 (the answerer under consideration in this section) MUST change its 602 role to controlled. 604 Consequently, if the agent was going to send an updated offer since, 605 based on the rules in section 8.2 of [ICE-BIS], it was controlling, 606 it no longer needs to. 608 Besides the potential role change, change in the Valid list, and 609 state changes, the construction of the answer is performed 610 identically to the construction of an offer. 612 3.4.3. Receiving Answer for a Subsequent Offer 614 3.4.3.1. Procedures for Full Implementations 616 There may be certain situations where the offerer receives an SDP 617 answer that lacks ICE candidates although the initial answer did. 618 One example of such an "unexpected" answer might be happen when an 619 ICE-unaware B2BUA introduces a media server during call hold using 620 3rd party call-control procedures. Omitting further details how this 621 is done, this could result in an answer being received at the holding 622 UA that was constructed by the B2BUA. With the B2BUA being ICE- 623 unaware, that answer would not include ICE candidates. 625 Receiving an answer without ICE attributes in this situation might be 626 unexpected, but would not necessarily impair the user experience. 628 When the offerer receives an answer indicating support for ICE, the 629 offer performs on of the following actions: 631 o If the offer was a restart, the agent MUST perform ICE restart 632 procedures as specified in Section 3.4.3.1.1 634 o If the offer/answer exchange removed a data stream, or an answer 635 rejected an offered data stream, an agent MUST flush the Valid 636 list for that data stream. It MUST also terminate any STUN 637 transactions in progress for that data stream. 639 o If the offer/answer exchange added a new data stream, the agent 640 MUST create a new check list for it (and an empty Valid list to 641 start of course) which in turn triggers the candidate processing 642 procedures [ICE-BIS]. 644 o If ICE state is running for a given data stream, the agent 645 recomputes the check list. If a pair on the new check list was 646 also on the previous check list, and its state is not Frozen, its 647 state is copied over. Otherwise, its state is set to Frozen. If 648 none of the check lists are active (meaning that the pairs in each 649 check list are Frozen), appropriate procedures in [ICE-BIS] are 650 performed to move candidate(s) to the Waiting state to further 651 continue ICE processing. 653 o If ICE state is completed and the SDP answer conforms to 654 Section 3.4.2, the agent MUST reman in the ICE completed state. 656 However, if the ICE support is no longer indicated in the SDP answer, 657 the agent MUST fall-back to [RFC3264] procedures and SHOULD NOT drop 658 the dialog because of the missing ICE support or unexpected answer. 659 Once the agent sends a new offer later on, it MUST perform an ICE 660 restart. 662 3.4.3.1.1. ICE Restarts 664 The agent MUST remember the nominated pair in the Valid list for each 665 component of the data stream, called the previous selected pair prior 666 to the restart. The agent will continue to send media using this 667 pair, as described in section 12 of [ICE-BIS]. Once these 668 destinations are noted, the agent MUST flush the valid and check 669 lists, and then recompute the check list and its states, thus 670 triggering the candidate processing procedures [ICE-BIS] 672 3.4.3.2. Procedures for Lite Implementations 674 If ICE is restarting for a data stream, the agent MUST start a new 675 Valid list for that data stream. It MUST remember the nominated pair 676 in the previous Valid list for each component of the data stream, 677 called the previous selected pairs, and continue to send media there 678 as described in section 12 of [ICE-BIS]. The state of ICE processing 679 for each data stream MUST change to Running, and the state of ICE 680 processing MUST change to Running 682 4. Grammar 684 This specification defines eight new SDP attributes -- the 685 "candidate", "remote-candidates", "ice-lite", "ice-mismatch", "ice- 686 ufrag", "ice-pwd", "ice-pacing", and "ice-options" attributes. 688 This section also provides non-normative examples of the attributes 689 defined. 691 The syntax for the attributes follow Augmented BNF as defined in 692 [RFC5234]. 694 4.1. "candidate" Attribute 696 The candidate attribute is a media-level attribute only. It contains 697 a transport address for a candidate that can be used for connectivity 698 checks. 700 candidate-attribute = "candidate" ":" foundation SP component-id SP 701 transport SP 702 priority SP 703 connection-address SP ;from RFC 4566 704 port ;port from RFC 4566 705 SP cand-type 706 [SP rel-addr] 707 [SP rel-port] 708 *(SP extension-att-name SP 709 extension-att-value) 711 foundation = 1*32ice-char 712 component-id = 1*5DIGIT 713 transport = "UDP" / transport-extension 714 transport-extension = token ; from RFC 3261 715 priority = 1*10DIGIT 716 cand-type = "typ" SP candidate-types 717 candidate-types = "host" / "srflx" / "prflx" / "relay" / token 718 rel-addr = "raddr" SP connection-address 719 rel-port = "rport" SP port 720 extension-att-name = token 721 extension-att-value = *VCHAR 722 ice-char = ALPHA / DIGIT / "+" / "/" 724 This grammar encodes the primary information about a candidate: its 725 IP address, port and transport protocol, and its properties: the 726 foundation, component ID, priority, type, and related transport 727 address: 729 : is taken from RFC 4566 [RFC4566]. It is the 730 IP address of the candidate. When parsing this field, an agent 731 can differentiate an IPv4 address and an IPv6 address by presence 732 of a colon in its value -- the presence of a colon indicates IPv6. 733 An agent MUST ignore candidate lines that include candidates with 734 IP address versions that are not supported or recognized. 736 : is also taken from RFC 4566 [RFC4566]. It is the port of 737 the candidate. 739 : indicates the transport protocol for the candidate. 740 This specification only defines UDP. However, extensibility is 741 provided to allow for future transport protocols to be used with 742 ICE by extending the sub-registry "ICE Transport Protocols" under 743 "Interactive Connectivity Establishment (ICE)" registry. 745 : is composed of 1 to 32 s. It is an 746 identifier that is equivalent for two candidates that are of the 747 same type, share the same base, and come from the same STUN 748 server. The foundation is used to optimize ICE performance in the 749 Frozen algorithm as described in [ICE-BIS] 751 : is a positive integer between 1 and 256 (inclusive) 752 that identifies the specific component of the dta stream for which 753 this is a candidate. It MUST start at 1 and MUST increment by 1 754 for each component of a particular candidate. For data streams 755 based on RTP, candidates for the actual RTP media MUST have a 756 component ID of 1, and candidates for RTCP MUST have a component 757 ID of 2. See section 13 in [ICE-BIS] for additional discussion on 758 extending ICE to new data streams. 760 : is a positive integer between 1 and (2**31 - 1) 761 inclusive. The procedures for computing candidate's priority is 762 described in section 5.1.2 of [ICE-BIS]. 764 : encodes the type of candidate. This specification 765 defines the values "host", "srflx", "prflx", and "relay" for host, 766 server reflexive, peer reflexive, and relayed candidates, 767 respectively. Specifications for new candidate types MUST define 768 how, if at all, various steps in the ICE processing differ from 769 the ones defined by this specification. 771 and : convey transport addresses related to the 772 candidate, useful for diagnostics and other purposes. 773 and MUST be present for server reflexive, peer 774 reflexive, and relayed candidates. If a candidate is server or 775 peer reflexive, and are equal to the base 776 for that server or peer reflexive candidate. If the candidate is 777 relayed, and are equal to the mapped address 778 in the Allocate response that provided the client with that 779 relayed candidate (see Appendix B.3 of [ICE-BIS] for a discussion 780 of its purpose). If the candidate is a host candidate, 781 and MUST be omitted. 783 In some cases, e.g., for privacy reasons, an agent may not want to 784 reveal the related address and port. In this case the address 785 MUST be set to "0.0.0.0" (for IPv4 candidates) or "::" (for IPv6 786 candidates) and the port to zero. 788 The candidate attribute can itself be extended. The grammar allows 789 for new name/value pairs to be added at the end of the attribute. 790 Such extensions MUST be made through IETF Review or IESG Approval 791 [RFC5226] and the assignments MUST contain the specific extension and 792 a reference to the document defining the usage of the extension 794 An implementation MUST ignore any name/value pairs it doesn't 795 understand. 797 Example: SDP line for UDP server reflexive candidate attribute for the RTP component 799 a=candidate:2 1 UDP 1694498815 192.0.2.3 45664 typ srflx raddr 10.0.1.1 rport 8998 801 4.2. "remote-candidates" Attribute 803 The syntax of the "remote-candidates" attribute is defined using 804 Augmented BNF as defined in [RFC5234]. The remote-candidates 805 attribute is a media-level attribute only. 807 remote-candidate-att = "remote-candidates:" remote-candidate 808 0*(SP remote-candidate) 809 remote-candidate = component-ID SP connection-address SP port 811 The attribute contains a connection-address and port for each 812 component. The ordering of components is irrelevant. However, a 813 value MUST be present for each component of a data stream. This 814 attribute MUST be included in an offer by a controlling agent for a 815 data stream that is Completed, and MUST NOT be included in any other 816 case. 818 Example: Remote candidates SDP lines for the RTP and RTCP components: 820 a=remote-candidates:1 192.0.2.3 45664 821 a=remote-candidates:2 192.0.2.3 45665 823 4.3. "ice-lite" and "ice-mismatch" Attributes 825 The syntax of the "ice-lite" and "ice-mismatch" attributes, both of 826 which are flags, is: 828 ice-lite = "ice-lite" 829 ice-mismatch = "ice-mismatch" 831 "ice-lite" is a session-level attribute only, and indicates that an 832 agent is a lite implementation. "ice-mismatch" is a media-level 833 attribute only, and when present in an answer, indicates that the 834 offer arrived with a default destination for a media component that 835 didn't have a corresponding candidate attribute. 837 4.4. "ice-ufrag" and "ice-pwd" Attributes 839 The "ice-ufrag" and "ice-pwd" attributes convey the username fragment 840 and password used by ICE for message integrity. Their syntax is: 842 ice-pwd-att = "ice-pwd:" password 843 ice-ufrag-att = "ice-ufrag:" ufrag 844 password = 22*256ice-char 845 ufrag = 4*256ice-char 847 The "ice-pwd" and "ice-ufrag" attributes can appear at either the 848 session-level or media-level. When present in both, the value in the 849 media-level takes precedence. Thus, the value at the session-level 850 is effectively a default that applies to all data streams, unless 851 overridden by a media-level value. Whether present at the session or 852 media-level, there MUST be an ice-pwd and ice-ufrag attribute for 853 each data stream. If two data streams have identical ice-ufrag's, 854 they MUST have identical ice-pwd's. 856 The ice-ufrag and ice-pwd attributes MUST be chosen randomly at the 857 beginning of a session (the same applies when ICE is restarting for 858 an agent). 860 The ice-ufrag attribute MUST contain at least 24 bits of randomness, 861 and the ice-pwd attribute MUST contain at least 128 bits of 862 randomness. This means that the ice-ufrag attribute will be at least 863 4 characters long, and the ice-pwd at least 22 characters long, since 864 the grammar for these attributes allows for 6 bits of information per 865 character. The attributes MAY be longer than 4 and 22 characters, 866 respectively, of course, up to 256 characters. The upper limit 867 allows for buffer sizing in implementations. Its large upper limit 868 allows for increased amounts of randomness to be added over time. 869 For compatibility with the 512 character limitation for the STUN 870 username attribute value and for bandwidth conservation 871 considerations, the ice-ufrag attribute MUST NOT be longer than 32 872 characters when sending, but an implementation MUST accept up to 256 873 characters when receiving. 875 Example shows sample ice-ufrag and ice-pwd SDP lines: 877 a=ice-pwd:asd88fgpdd777uzjYhagZg 878 a=ice-ufrag:8hhY 880 4.5. "ice-pacing" Attribute 882 The "ice-pacing" is a session level attribute that indicates the 883 desired connectivity check pacing, in milliseconds, for this agent 884 (see section 14 of [ICE-BIS]). The syntax is: 886 ice-pacing-att = "ice-pacing:" pacing-value 887 pacing-value = 1*10DIGIT 888 Following the procedures defined in [ICE-BIS], a default value of 889 50ms is used for an agent when ice-pacing attribute is omitted in the 890 offer or the answer. 892 The same rule applies for ice-pacing attribute values lower than 893 50ms. This mandates that, if an agent includes the ice-pacing 894 attribute, its value MUST be greater than 50ms or else a value of 895 50ms is considered by default for that agent. 897 Also the larger of the ice-pacing attribute values between the offer 898 and the answer (determined either by the one provided in the ice- 899 pacing attribute or by picking the default value) MUST be considered 900 for a given ICE session. 902 Example shows ice-pacing value of 5 ms: 904 a=ice-pacing:5 906 4.6. "ice-options" Attribute 908 The "ice-options" attribute is a session- and media-level attribute. 909 It contains a series of tokens that identify the options supported by 910 the agent. Its grammar is: 912 ice-options = "ice-options:" ice-option-tag 913 0*(SP ice-option-tag) 914 ice-option-tag = 1*ice-char 916 The existence of an ice-option in an offer indicates that a certain 917 extension is supported by the agent and is willing to use it, if the 918 peer agent also includes the same extension in the answer. There 919 might be further extension specific negotiation needed between the 920 agents that determine how the extensions gets used in a given 921 session. The details of the negotiation procedures, if present, MUST 922 be defined by the specification defining the extension (see 923 Section 9.2). 925 Example shows 'rtp+ecn' ice-option SDP line from <>: 927 a=ice-options:rtp+ecn 929 5. Keepalives 931 All the ICE agents MUST follow the procedures defined in section 11 932 of [ICE-BIS] for sending keepalives. The keepalives MUST be sent 933 regardless of whether the data stream is currently inactive, 934 sendonly, recvonly, or sendrecv, and regardless of the presence or 935 value of the bandwidth attribute. An agent can determine that its 936 peer supports ICE by the presence of a=candidate attributes for each 937 media session. 939 6. SIP Considerations 941 Note that ICE is not intended for NAT traversal for SIP, which is 942 assumed to be provided via another mechanism [RFC5626]. 944 When ICE is used with SIP, forking may result in a single offer 945 generating a multiplicity of answers. In that case, ICE proceeds 946 completely in parallel and independently for each answer, treating 947 the combination of its offer and each answer as an independent offer/ 948 answer exchange, with its own set of local candidates, pairs, check 949 lists, states, and so on. 951 Once ICE processing has reached the Completed state for all peers for 952 media streams using those candidates, the agent SHOULD wait an 953 additional three seconds, and then it MAY cease responding to checks 954 or generating triggered checks on that candidate. It MAY free the 955 candidate at that time. Freeing of server reflexive candidates is 956 never explicit; it happens by lack of a keepalive. The three-second 957 delay handles cases when aggressive nomination is used, and the 958 selected pairs can quickly change after ICE has completed. 960 6.1. Latency Guidelines 962 ICE requires a series of STUN-based connectivity checks to take place 963 between endpoints. These checks start from the answerer on 964 generation of its answer, and start from the offerer when it receives 965 the answer. These checks can take time to complete, and as such, the 966 selection of messages to use with offers and answers can affect 967 perceived user latency. Two latency figures are of particular 968 interest. These are the post-pickup delay and the post-dial delay. 969 The post-pickup delay refers to the time between when a user "answers 970 the phone" and when any speech they utter can be delivered to the 971 caller. The post-dial delay refers to the time between when a user 972 enters the destination address for the user and ringback begins as a 973 consequence of having successfully started alerting the called user 974 agent. 976 Two cases can be considered -- one where the offer is present in the 977 initial INVITE and one where it is in a response. 979 6.1.1. Offer in INVITE 981 To reduce post-dial delays, it is RECOMMENDED that the caller begin 982 gathering candidates prior to actually sending its initial INVITE. 984 This can be started upon user interface cues that a call is pending, 985 such as activity on a keypad or the phone going off-hook. 987 On the receipt of the offer, the answerer SHOULD generate an answer 988 in a provisional response once it has completed candidate gathering. 989 ICE requires that a provisional response with an SDP be transmitted 990 reliably. This can be done through the existing Provisional Response 991 Acknowledgment (PRACK) mechanism [RFC3262] or through an ICE specific 992 optimization, wherein, the agent retransmits the provisional response 993 with the exponential backoff timers described in [RFC3262]. Such 994 retransmissions MUST cease on receipt of a STUN Binding request for 995 one of the data streams signaled in that SDP or on transmission of 996 the answer in a 2xx response. If no Binding request is received 997 prior to the last retransmit, the agent does not consider the session 998 terminated. For the ICE lite peers, the agent MUST cease 999 retransmitting the 18x after sending it four times (ICE will actually 1000 work even if the peer never receives the 18x; however, experience has 1001 shown that sending it is important for middleboxes and firewall 1002 traversal). 1004 It should be noted that the ICE specific optimization is very 1005 specific to provisional response carrying answers that start ICE 1006 processing and it is not a general technique for 1xx reliability. 1007 Also such an optimization SHOULD NOT be used if both agents support 1008 PRACK. 1010 Despite the fact that the provisional response will be delivered 1011 reliably, the rules for when an agent can send an updated offer or 1012 answer do not change from those specified in [RFC3262]. 1013 Specifically, if the INVITE contained an offer, the same answer 1014 appears in all of the 1xx and in the 2xx response to the INVITE. 1015 Only after that 2xx has been sent can an updated offer/answer 1016 exchange occur. 1018 Alternatively, an agent MAY delay sending an answer until the 200 OK; 1019 however, this results in a poor user experience and is NOT 1020 RECOMMENDED. 1022 Once the answer has been sent, the agent SHOULD begin its 1023 connectivity checks. Once candidate pairs for each component of a 1024 data stream enter the valid list, the answerer can begin sending 1025 media on that data stream. 1027 However, prior to this point, any media that needs to be sent towards 1028 the caller (such as SIP early media [RFC3960]) MUST NOT be 1029 transmitted. For this reason, implementations SHOULD delay alerting 1030 the called party until candidates for each component of each data 1031 stream have entered the valid list. In the case of a PSTN gateway, 1032 this would mean that the setup message into the PSTN is delayed until 1033 this point. Doing this increases the post-dial delay, but has the 1034 effect of eliminating 'ghost rings'. Ghost rings are cases where the 1035 called party hears the phone ring, picks up, but hears nothing and 1036 cannot be heard. This technique works without requiring support for, 1037 or usage of, preconditions [RFC3312]. It also has the benefit of 1038 guaranteeing that not a single packet of media will get clipped, so 1039 that post-pickup delay is zero. If an agent chooses to delay local 1040 alerting in this way, it SHOULD generate a 180 response once alerting 1041 begins. 1043 6.1.2. Offer in Response 1045 In addition to uses where the offer is in an INVITE, and the answer 1046 is in the provisional and/or 200 OK response, ICE works with cases 1047 where the offer appears in the response. In such cases, which are 1048 common in third party call control [RFC3725], ICE agents SHOULD 1049 generate their offers in a reliable provisional response (which MUST 1050 utilize [RFC3262]), and not alert the user on receipt of the INVITE. 1051 The answer will arrive in a PRACK. This allows for ICE processing to 1052 take place prior to alerting, so that there is no post-pickup delay, 1053 at the expense of increased call setup delays. Once ICE completes, 1054 the callee can alert the user and then generate a 200 OK when they 1055 answer. The 200 OK would contain no SDP, since the offer/answer 1056 exchange has completed. 1058 Alternatively, agents MAY place the offer in a 2xx instead (in which 1059 case the answer comes in the ACK). When this happens, the callee 1060 will alert the user on receipt of the INVITE, and the ICE exchanges 1061 will take place only after the user answers. This has the effect of 1062 reducing call setup delay, but can cause substantial post-pickup 1063 delays and media clipping. 1065 6.2. SIP Option Tags and Media Feature Tags 1067 [RFC5768] specifies a SIP option tag and media feature tag for usage 1068 with ICE. ICE implementations using SIP SHOULD support this 1069 specification, which uses a feature tag in registrations to 1070 facilitate interoperability through signaling intermediaries. 1072 6.3. Interactions with Forking 1074 ICE interacts very well with forking. Indeed, ICE fixes some of the 1075 problems associated with forking. Without ICE, when a call forks and 1076 the caller receives multiple incoming data streams, it cannot 1077 determine which data stream corresponds to which callee. 1079 With ICE, this problem is resolved. The connectivity checks which 1080 occur prior to transmission of media carry username fragments, which 1081 in turn are correlated to a specific callee. Subsequent media 1082 packets that arrive on the same candidate pair as the connectivity 1083 check will be associated with that same callee. Thus, the caller can 1084 perform this correlation as long as it has received an answer. 1086 6.4. Interactions with Preconditions 1088 Quality of Service (QoS) preconditions, which are defined in 1089 [RFC3312] and [RFC4032], apply only to the transport addresses listed 1090 as the default targets for media in an offer/answer. If ICE changes 1091 the transport address where media is received, this change is 1092 reflected in an updated offer that changes the default destination 1093 for media to match ICE's selection. As such, it appears like any 1094 other re-INVITE would, and is fully treated in RFCs 3312 and 4032, 1095 which apply without regard to the fact that the destination for media 1096 is changing due to ICE negotiations occurring "in the background". 1098 Indeed, an agent SHOULD NOT indicate that QoS preconditions have been 1099 met until the checks have completed and selected the candidate pairs 1100 to be used for media. 1102 ICE also has (purposeful) interactions with connectivity 1103 preconditions [RFC5898]. Those interactions are described there. 1104 Note that the procedures described in Section 6.1 describe their own 1105 type of "preconditions", albeit with less functionality than those 1106 provided by the explicit preconditions in [RFC5898]. 1108 6.5. Interactions with Third Party Call Control 1110 ICE works with Flows I, III, and IV as described in [RFC3725]. Flow 1111 I works without the controller supporting or being aware of ICE. 1112 Flow IV will work as long as the controller passes along the ICE 1113 attributes without alteration. Flow II is fundamentally incompatible 1114 with ICE; each agent will believe itself to be the answerer and thus 1115 never generate a re-INVITE. 1117 The flows for continued operation, as described in Section 7 of 1118 [RFC3725], require additional behavior of ICE implementations to 1119 support. In particular, if an agent receives a mid-dialog re-INVITE 1120 that contains no offer, it MUST restart ICE for each data stream and 1121 go through the process of gathering new candidates. Furthermore, 1122 that list of candidates SHOULD include the ones currently being used 1123 for media. 1125 7. Relationship with ANAT 1127 [RFC4091], the Alternative Network Address Types (ANAT) Semantics for 1128 the SDP grouping framework, and [RFC4092], its usage with SIP, define 1129 a mechanism for indicating that an agent can support both IPv4 and 1130 IPv6 for a data stream, and it does so by including two "m=" lines, 1131 one for v4 and one for v6. This is similar to ICE, which allows for 1132 an agent to indicate multiple transport addresses using the candidate 1133 attribute. However, ANAT relies on static selection to pick between 1134 choices, rather than a dynamic connectivity check used by ICE. 1136 It is RECOMMENDED that ICE be used in realizing the dual-stack use- 1137 cases in agents that support ICE. 1139 8. Security Considerations 1141 8.1. Attacks on the Offer/Answer Exchanges 1143 An attacker that can modify or disrupt the offer/answer exchanges 1144 themselves can readily launch a variety of attacks with ICE. They 1145 could direct media to a target of a DoS attack, they could insert 1146 themselves into the data stream, and so on. These are similar to the 1147 general security considerations for offer/answer exchanges, and the 1148 security considerations in [RFC3264] apply. These require techniques 1149 for message integrity and encryption for offers and answers, which 1150 are satisfied by the TLS mechanism [RFC3261] when SIP is used. As 1151 such, the usage of TLS with ICE is RECOMMENDED. 1153 8.2. Insider Attacks 1155 In addition to attacks where the attacker is a third party trying to 1156 insert fake offers, answers, or STUN messages, there are several 1157 attacks possible with ICE when the attacker is an authenticated and 1158 valid participant in the ICE exchange. 1160 8.2.1. The Voice Hammer Attack 1162 The voice hammer attack is an amplification attack. In this attack, 1163 the attacker initiates sessions to other agents, and maliciously 1164 includes the IP address and port of a DoS target as the destination 1165 for media traffic signaled in the SDP. This causes substantial 1166 amplification; a single offer/answer exchange can create a continuing 1167 flood of media packets, possibly at high rates (consider video 1168 sources). This attack is not specific to ICE, but ICE can help 1169 provide remediation. 1171 Specifically, if ICE is used, the agent receiving the malicious SDP 1172 will first perform connectivity checks to the target of media before 1173 sending media there. If this target is a third-party host, the 1174 checks will not succeed, and media is never sent. 1176 Unfortunately, ICE doesn't help if it's not used, in which case an 1177 attacker could simply send the offer without the ICE parameters. 1178 However, in environments where the set of clients is known, and is 1179 limited to ones that support ICE, the server can reject any offers or 1180 answers that don't indicate ICE support. 1182 SIP User Agents (UA) [RFC3261] that are not willing to receive non- 1183 ICE answers MUST include an "ice" Option Tag in the SIP Require 1184 Header Field in their offer. UAs that rejects non-ICE offers SHOULD 1185 use a 421 response code, together with an Option Tag "ice" in the 1186 Require Header Field in the response. 1188 8.2.2. Interactions with Application Layer Gateways and SIP 1190 Application Layer Gateways (ALGs) are functions present in a Network 1191 Address Translation (NAT) device that inspect the contents of packets 1192 and modify them, in order to facilitate NAT traversal for application 1193 protocols. Session Border Controllers (SBCs) are close cousins of 1194 ALGs, but are less transparent since they actually exist as 1195 application-layer SIP intermediaries. ICE has interactions with SBCs 1196 and ALGs. 1198 If an ALG is SIP aware but not ICE aware, ICE will work through it as 1199 long as the ALG correctly modifies the SDP. A correct ALG 1200 implementation behaves as follows: 1202 o The ALG does not modify the "m=" and "c=" lines or the rtcp 1203 attribute if they contain external addresses. 1205 o If the "m=" and "c=" lines contain internal addresses, the 1206 modification depends on the state of the ALG: 1208 * If the ALG already has a binding established that maps an 1209 external port to an internal IP address and port matching the 1210 values in the "m=" and "c=" lines or rtcp attribute, the ALG 1211 uses that binding instead of creating a new one. 1213 * If the ALG does not already have a binding, it creates a new 1214 one and modifies the SDP, rewriting the "m=" and "c=" lines and 1215 rtcp attribute. 1217 Unfortunately, many ALGs are known to work poorly in these corner 1218 cases. ICE does not try to work around broken ALGs, as this is 1219 outside the scope of its functionality. ICE can help diagnose these 1220 conditions, which often show up as a mismatch between the set of 1221 candidates and the "m=" and "c=" lines and rtcp attributes. The ice- 1222 mismatch attribute is used for this purpose. 1224 ICE works best through ALGs when the signaling is run over TLS. This 1225 prevents the ALG from manipulating the SDP messages and interfering 1226 with ICE operation. Implementations that are expected to be deployed 1227 behind ALGs SHOULD provide for TLS transport of the SDP. 1229 If an SBC is SIP aware but not ICE aware, the result depends on the 1230 behavior of the SBC. If it is acting as a proper Back-to-Back User 1231 Agent (B2BUA), the SBC will remove any SDP attributes it doesn't 1232 understand, including the ICE attributes. Consequently, the call 1233 will appear to both endpoints as if the other side doesn't support 1234 ICE. This will result in ICE being disabled, and media flowing 1235 through the SBC, if the SBC has requested it. If, however, the SBC 1236 passes the ICE attributes without modification, yet modifies the 1237 default destination for media (contained in the "m=" and "c=" lines 1238 and rtcp attribute), this will be detected as an ICE mismatch, and 1239 ICE processing is aborted for the call. It is outside of the scope 1240 of ICE for it to act as a tool for "working around" SBCs. If one is 1241 present, ICE will not be used and the SBC techniques take precedence. 1243 9. IANA Considerations 1245 9.1. SDP Attributes 1247 The original ICE specification defined seven new SDP attributes per 1248 the procedures of Section 8.2.4 of [RFC4566]. The registration 1249 information from the original specification is included here with 1250 modifications to include Mux Category and also defines a new SDP 1251 attribute 'ice-pacing'. 1253 9.1.1. candidate Attribute 1255 Attribute Name: candidate 1257 Type of Attribute: media-level 1259 Subject to charset: No 1261 Purpose: This attribute is used with Interactive Connectivity 1262 Establishment (ICE), and provides one of many possible candidate 1263 addresses for communication. These addresses are validated with 1264 an end-to-end connectivity check using Session Traversal Utilities 1265 for NAT (STUN). 1267 Appropriate Values: See Section 4 of RFC XXXX. 1269 Contact Name: IESG 1271 Contact e-mail: iesg@ietf.org [1] 1273 Reference: RFCXXXX 1275 Mux Category: TRANSPORT 1277 9.1.2. remote-candidates Attribute 1279 Attribute Name: remote-candidates 1281 Type of Attribute: media-level 1283 Subject to charset: No 1285 Purpose: This attribute is used with Interactive Connectivity 1286 Establishment (ICE), and provides the identity of the remote 1287 candidates that the offerer wishes the answerer to use in its 1288 answer. 1290 Appropriate Values: See Section 4 of RFC XXXX. 1292 Contact Name: IESG 1294 Contact e-mail: iesg@ietf.org [2] 1296 Reference: RFCXXXX 1298 Mux Category: TRANSPORT 1300 9.1.3. ice-lite Attribute 1302 Attribute Name: ice-lite 1304 Type of Attribute: session-level 1306 Subject to charset: No 1308 Purpose: This attribute is used with Interactive Connectivity 1309 Establishment (ICE), and indicates that an agent has the minimum 1310 functionality required to support ICE inter-operation with a peer 1311 that has a full implementation. 1313 Appropriate Values: See Section 4 of RFC XXXX. 1315 Contact Name: IESG 1316 Contact e-mail: iesg@ietf.org [3] 1318 Reference: RFCXXXX 1320 Mux Category: NORMAL 1322 9.1.4. ice-mismatch Attribute 1324 Attribute Name: ice-mismatch 1326 Type of Attribute: media-level 1328 Subject to charset: No 1330 Purpose: This attribute is used with Interactive Connectivity 1331 Establishment (ICE), and indicates that an agent is ICE capable, 1332 but did not proceed with ICE due to a mismatch of candidates with 1333 the default destination for media signaled in the SDP. 1335 Appropriate Values: See Section 4 of RFC XXXX. 1337 Contact Name: IESG 1339 Contact e-mail: iesg@ietf.org [4] 1341 Reference: RFCXXXX 1343 Mux Category: NORMAL 1345 9.1.5. ice-pwd Attribute 1347 Attribute Name: ice-pwd 1349 Type of Attribute: session- or media-level 1351 Subject to charset: No 1353 Purpose: This attribute is used with Interactive Connectivity 1354 Establishment (ICE), and provides the password used to protect 1355 STUN connectivity checks. 1357 Appropriate Values: See Section 4 of RFC XXXX. 1359 Contact Name: IESG 1361 Contact e-mail: iesg@ietf.org [5] 1363 Reference: RFCXXXX 1364 Mux Category: TRANSPORT 1366 9.1.6. ice-ufrag Attribute 1368 Attribute Name: ice-ufrag 1370 Type of Attribute: session- or media-level 1372 Subject to charset: No 1374 Purpose: This attribute is used with Interactive Connectivity 1375 Establishment (ICE), and provides the fragments used to construct 1376 the username in STUN connectivity checks. 1378 Appropriate Values: See Section 4 of RFC XXXX. 1380 Contact Name: IESG 1382 Contact e-mail: iesg@ietf.org [6] 1384 Reference: RFCXXXX 1386 Mux Category: TRANSPORT 1388 9.1.7. ice-options Attribute 1390 Attribute Name: ice-options 1392 Long Form: ice-options 1394 Type of Attribute: session-level 1396 Subject to charset: No 1398 Purpose: This attribute is used with Interactive Connectivity 1399 Establishment (ICE), and indicates the ICE options or extensions 1400 used by the agent. 1402 Appropriate Values: See Section 4 of RFC XXXX. 1404 Contact Name: IESG 1406 Contact e-mail: iesg@ietf.org [7] 1408 Reference: RFCXXXX 1410 Mux Category: NORMAL 1412 9.1.8. ice-pacing Attribute 1414 This specification also defines a new SDP attribute, "ice-pacing" 1415 according to the following data: 1417 Attribute Name: ice-pacing 1419 Type of Attribute: session-level 1421 Subject to charset: No 1423 Purpose: This attribute is used with Interactive Connectivity 1424 Establishment (ICE) to indicate desired connectivity check pacing 1425 values. 1427 Appropriate Values: See Section 4 of RFC XXXX. 1429 Contact Name: IESG 1431 Contact e-mail: iesg@ietf.org [8] 1433 Reference: RFCXXXX 1435 Mux Category: NORMAL 1437 9.2. Interactive Connectivity Establishment (ICE) Options Registry 1439 IANA maintains a registry for ice-options identifiers under the 1440 Specification Required policy as defined in "Guidelines for Writing 1441 an IANA Considerations Section in RFCs" [RFC5226]. 1443 ICE options are of unlimited length according to the syntax in 1444 Section 4.6; however, they are RECOMMENDED to be no longer than 20 1445 characters. This is to reduce message sizes and allow for efficient 1446 parsing. ICE options are defined at the session leve.. 1448 A registration request MUST include the following information: 1450 o The ICE option identifier to be registered 1452 o Name, Email, and Address of a contact person for the registration 1454 o Organization or individuals having the change control 1456 o Short description of the ICE extension to which the option relates 1458 o Reference(s) to the specification defining the ICE option and the 1459 related extensions 1461 10. Acknowledgments 1463 A large part of the text in this document was taken from [RFC5245], 1464 authored by Jonathan Rosenberg. 1466 Some of the text in this document was taken from [RFC6336], authored 1467 by Magnus Westerlund and Colin Perkins. 1469 Many thanks to Christer Holmberg for providing text suggestions in 1470 Section 3 that aligns with [ICE-BIS] 1472 Thanks to Thomas Stach for text help, Roman Shpount for suggesting 1473 RTCP candidate handling and Simon Perreault for advising on IPV6 1474 address selection when candidate-address includes FQDN. 1476 Many thanks to Flemming Andreasen for shepherd review feedback. 1478 Thanks to following experts for their reviews and constructive 1479 feedback: Christer Holmberg, Adam Roach, Peter Saint-Andre and the 1480 MMUSIC WG. 1482 11. References 1484 11.1. Normative References 1486 [ICE-BIS] Keranen, A. and J. Rosenberg, "Interactive Connectivity 1487 Establishment (ICE): A Protocol for Network Address 1488 Translator (NAT) Traversal for Offer/Answer Protocols", 1489 draft-ietf-ice-rfc5245bis-00 (work in progress), March 1490 2015. 1492 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1493 Requirement Levels", BCP 14, RFC 2119, 1494 DOI 10.17487/RFC2119, March 1997, 1495 . 1497 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 1498 A., Peterson, J., Sparks, R., Handley, M., and E. 1499 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 1500 DOI 10.17487/RFC3261, June 2002, 1501 . 1503 [RFC3262] Rosenberg, J. and H. Schulzrinne, "Reliability of 1504 Provisional Responses in Session Initiation Protocol 1505 (SIP)", RFC 3262, DOI 10.17487/RFC3262, June 2002, 1506 . 1508 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 1509 with Session Description Protocol (SDP)", RFC 3264, 1510 DOI 10.17487/RFC3264, June 2002, 1511 . 1513 [RFC3312] Camarillo, G., Ed., Marshall, W., Ed., and J. Rosenberg, 1514 "Integration of Resource Management and Session Initiation 1515 Protocol (SIP)", RFC 3312, DOI 10.17487/RFC3312, October 1516 2002, . 1518 [RFC3556] Casner, S., "Session Description Protocol (SDP) Bandwidth 1519 Modifiers for RTP Control Protocol (RTCP) Bandwidth", 1520 RFC 3556, DOI 10.17487/RFC3556, July 2003, 1521 . 1523 [RFC3605] Huitema, C., "Real Time Control Protocol (RTCP) attribute 1524 in Session Description Protocol (SDP)", RFC 3605, 1525 DOI 10.17487/RFC3605, October 2003, 1526 . 1528 [RFC4032] Camarillo, G. and P. Kyzivat, "Update to the Session 1529 Initiation Protocol (SIP) Preconditions Framework", 1530 RFC 4032, DOI 10.17487/RFC4032, March 2005, 1531 . 1533 [RFC4091] Camarillo, G. and J. Rosenberg, "The Alternative Network 1534 Address Types (ANAT) Semantics for the Session Description 1535 Protocol (SDP) Grouping Framework", RFC 4091, June 2005, 1536 . 1538 [RFC4092] Camarillo, G. and J. Rosenberg, "Usage of the Session 1539 Description Protocol (SDP) Alternative Network Address 1540 Types (ANAT) Semantics in the Session Initiation Protocol 1541 (SIP)", RFC 4092, June 2005, 1542 . 1544 [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session 1545 Description Protocol", RFC 4566, DOI 10.17487/RFC4566, 1546 July 2006, . 1548 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1549 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1550 DOI 10.17487/RFC5226, May 2008, 1551 . 1553 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 1554 Specifications: ABNF", STD 68, RFC 5234, 1555 DOI 10.17487/RFC5234, January 2008, 1556 . 1558 [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment 1559 (ICE): A Protocol for Network Address Translator (NAT) 1560 Traversal for Offer/Answer Protocols", RFC 5245, 1561 DOI 10.17487/RFC5245, April 2010, 1562 . 1564 [RFC5768] Rosenberg, J., "Indicating Support for Interactive 1565 Connectivity Establishment (ICE) in the Session Initiation 1566 Protocol (SIP)", RFC 5768, DOI 10.17487/RFC5768, April 1567 2010, . 1569 [RFC6336] Westerlund, M. and C. Perkins, "IANA Registry for 1570 Interactive Connectivity Establishment (ICE) Options", 1571 RFC 6336, April 2010, 1572 . 1574 11.2. Informative References 1576 [RFC3725] Rosenberg, J., Peterson, J., Schulzrinne, H., and G. 1577 Camarillo, "Best Current Practices for Third Party Call 1578 Control (3pcc) in the Session Initiation Protocol (SIP)", 1579 BCP 85, RFC 3725, DOI 10.17487/RFC3725, April 2004, 1580 . 1582 [RFC3960] Camarillo, G. and H. Schulzrinne, "Early Media and Ringing 1583 Tone Generation in the Session Initiation Protocol (SIP)", 1584 RFC 3960, DOI 10.17487/RFC3960, December 2004, 1585 . 1587 [RFC5626] Jennings, C., Ed., Mahy, R., Ed., and F. Audet, Ed., 1588 "Managing Client-Initiated Connections in the Session 1589 Initiation Protocol (SIP)", RFC 5626, 1590 DOI 10.17487/RFC5626, October 2009, 1591 . 1593 [RFC5898] Andreasen, F., Camarillo, G., Oran, D., and D. Wing, 1594 "Connectivity Preconditions for Session Description 1595 Protocol (SDP) Media Streams", RFC 5898, 1596 DOI 10.17487/RFC5898, July 2010, 1597 . 1599 11.3. URIs 1601 [1] mailto:iesg@ietf.org 1603 [2] mailto:iesg@ietf.org 1605 [3] mailto:iesg@ietf.org 1607 [4] mailto:iesg@ietf.org 1609 [5] mailto:iesg@ietf.org 1611 [6] mailto:iesg@ietf.org 1613 [7] mailto:iesg@ietf.org 1615 [8] mailto:iesg@ietf.org 1617 [9] mailto:christer.holmberg@ericsson.com 1619 [10] mailto:rshpount@turbobridge.com 1621 [11] mailto:thomass.stach@gmail.com 1623 Appendix A. Examples 1625 For the example shown in section 16 of [ICE-BIS] the resulting offer 1626 (message 5) encoded in SDP looks like: 1628 v=0 1629 o=jdoe 2890844526 2890842807 IN IP6 $L-PRIV-1.IP 1630 s= 1631 c=IN IP6 $NAT-PUB-1.IP 1632 t=0 0 1633 a=ice-pwd:asd88fgpdd777uzjYhagZg 1634 a=ice-ufrag:8hhY 1635 m=audio $NAT-PUB-1.PORT RTP/AVP 0 1636 b=RS:0 1637 b=RR:0 1638 a=rtpmap:0 PCMU/8000 1639 a=candidate:1 1 UDP 2130706431 $L-PRIV-1.IP $L-PRIV-1.PORT typ host 1640 a=candidate:2 1 UDP 1694498815 $NAT-PUB-1.IP $NAT-PUB-1.PORT typ 1641 srflx raddr $L-PRIV-1.IP rport $L-PRIV-1.PORT 1643 The offer, with the variables replaced with their values, will look 1644 like (lines folded for clarity): 1646 v=0 1647 o=jdoe 2890844526 2890842807 IN IP6 fe80::6676:baff:fe9c:ee4a 1648 s= 1649 c=IN IP6 2001:420:c0e0:1005::61 1650 t=0 0 1651 a=ice-pwd:asd88fgpdd777uzjYhagZg 1652 a=ice-ufrag:8hhY 1653 m=audio 45664 RTP/AVP 0 1654 b=RS:0 1655 b=RR:0 1656 a=rtpmap:0 PCMU/8000 1657 a=candidate:1 1 UDP 2130706431 fe80::6676:baff:fe9c:ee4a 8998 typ host 1658 a=candidate:2 1 UDP 1694498815 2001:420:c0e0:1005::61 45664 typ srflx raddr 1659 fe80::6676:baff:fe9c:ee4a rport 8998 1661 The resulting answer looks like: 1663 v=0 1664 o=bob 2808844564 2808844564 IN IP4 $R-PUB-1.IP 1665 s= 1666 c=IN IP4 $R-PUB-1.IP 1667 t=0 0 1668 a=ice-pwd:YH75Fviy6338Vbrhrlp8Yh 1669 a=ice-ufrag:9uB6 1670 m=audio $R-PUB-1.PORT RTP/AVP 0 1671 b=RS:0 1672 b=RR:0 1673 a=rtpmap:0 PCMU/8000 1674 a=candidate:1 1 UDP 2130706431 $R-PUB-1.IP $R-PUB-1.PORT typ host 1676 With the variables filled in: 1678 v=0 1679 o=bob 2808844564 2808844564 IN IP4 192.0.2.1 1680 s= 1681 c=IN IP4 192.0.2.1 1682 t=0 0 1683 a=ice-pwd:YH75Fviy6338Vbrhrlp8Yh 1684 a=ice-ufrag:9uB6 1685 m=audio 3478 RTP/AVP 0 1686 b=RS:0 1687 b=RR:0 1688 a=rtpmap:0 PCMU/8000 1689 a=candidate:1 1 UDP 2130706431 192.0.2.1 3478 typ host 1691 Appendix B. The remote-candidates Attribute 1693 The a=remote-candidates attribute exists to eliminate a race 1694 condition between the updated offer and the response to the STUN 1695 Binding request that moved a candidate into the Valid list. This 1696 race condition is shown in Figure 1. On receipt of message 4, agent 1697 L adds a candidate pair to the valid list. If there was only a 1698 single data stream with a single component, agent L could now send an 1699 updated offer. However, the check from agent R has not yet generated 1700 a response, and agent R receives the updated offer (message 7) before 1701 getting the response (message 9). Thus, it does not yet know that 1702 this particular pair is valid. To eliminate this condition, the 1703 actual candidates at R that were selected by the offerer (the remote 1704 candidates) are included in the offer itself, and the answerer delays 1705 its answer until those pairs validate. 1707 Agent L Network Agent R 1708 |(1) Offer | | 1709 |------------------------------------------>| 1710 |(2) Answer | | 1711 |<------------------------------------------| 1712 |(3) STUN Req. | | 1713 |------------------------------------------>| 1714 |(4) STUN Res. | | 1715 |<------------------------------------------| 1716 |(5) STUN Req. | | 1717 |<------------------------------------------| 1718 |(6) STUN Res. | | 1719 |-------------------->| | 1720 | |Lost | 1721 |(7) Offer | | 1722 |------------------------------------------>| 1723 |(8) STUN Req. | | 1724 |<------------------------------------------| 1725 |(9) STUN Res. | | 1726 |------------------------------------------>| 1727 |(10) Answer | | 1728 |<------------------------------------------| 1730 Figure 1: Race Condition Flow 1732 Appendix C. Why Is the Conflict Resolution Mechanism Needed? 1734 When ICE runs between two peers, one agent acts as controlled, and 1735 the other as controlling. Rules are defined as a function of 1736 implementation type and offerer/answerer to determine who is 1737 controlling and who is controlled. However, the specification 1738 mentions that, in some cases, both sides might believe they are 1739 controlling, or both sides might believe they are controlled. How 1740 can this happen? 1742 The condition when both agents believe they are controlled shows up 1743 in third party call control cases. Consider the following flow: 1745 A Controller B 1746 |(1) INV() | | 1747 |<-------------| | 1748 |(2) 200(SDP1) | | 1749 |------------->| | 1750 | |(3) INV() | 1751 | |------------->| 1752 | |(4) 200(SDP2) | 1753 | |<-------------| 1754 |(5) ACK(SDP2) | | 1755 |<-------------| | 1756 | |(6) ACK(SDP1) | 1757 | |------------->| 1759 Figure 2: Role Conflict Flow 1761 This flow is a variation on flow III of RFC 3725 [RFC3725]. In fact, 1762 it works better than flow III since it produces fewer messages. In 1763 this flow, the controller sends an offerless INVITE to agent A, which 1764 responds with its offer, SDP1. The agent then sends an offerless 1765 INVITE to agent B, which it responds to with its offer, SDP2. The 1766 controller then uses the offer from each agent to generate the 1767 answers. When this flow is used, ICE will run between agents A and 1768 B, but both will believe they are in the controlling role. With the 1769 role conflict resolution procedures, this flow will function properly 1770 when ICE is used. 1772 At this time, there are no documented flows that can result in the 1773 case where both agents believe they are controlled. However, the 1774 conflict resolution procedures allow for this case, should a flow 1775 arise that would fit into this category. 1777 Appendix D. Why Send an Updated Offer? 1779 Section 11.1 describes rules for sending media. Both agents can send 1780 media once ICE checks complete, without waiting for an updated offer. 1781 Indeed, the only purpose of the updated offer is to "correct" the SDP 1782 so that the default destination for media matches where media is 1783 being sent based on ICE procedures (which will be the highest- 1784 priority nominated candidate pair). 1786 This begs the question -- why is the updated offer/answer exchange 1787 needed at all? Indeed, in a pure offer/answer environment, it would 1788 not be. The offerer and answerer will agree on the candidates to use 1789 through ICE, and then can begin using them. As far as the agents 1790 themselves are concerned, the updated offer/answer provides no new 1791 information. However, in practice, numerous components along the 1792 signaling path look at the SDP information. These include entities 1793 performing off-path QoS reservations, NAT traversal components such 1794 as ALGs and Session Border Controllers (SBCs), and diagnostic tools 1795 that passively monitor the network. For these tools to continue to 1796 function without change, the core property of SDP -- that the 1797 existing, pre-ICE definitions of the addresses used for media -- the 1798 "m=" and "c=" lines and the rtcp attribute -- must be retained. For 1799 this reason, an updated offer must be sent. 1801 Appendix E. Contributors 1803 Following experts have contributed textual and structural 1804 improvements for this work 1806 1. Christer Holmberg 1808 * Ericsson 1810 * Email: christer.holmberg@ericsson.com [9] 1812 2. Roman Shpount 1814 * TurboBridge 1816 * rshpount@turbobridge.com [10] 1818 3. Thomas Stach 1820 * thomass.stach@gmail.com [11] 1822 Authors' Addresses 1824 Marc Petit-Huguenin 1825 Impedance Mismatch 1827 Email: marc@petit-huguenin.org 1828 Suhas Nandakumar 1829 Cisco Systems 1830 707 Tasman Dr 1831 Milpitas, CA 95035 1832 USA 1834 Email: snandaku@cisco.com 1836 Ari Keranen 1837 Ericsson 1838 Jorvas 02420 1839 Finland 1841 Email: ari.keranen@ericsson.com