idnits 2.17.1 draft-ietf-mmusic-ice-sip-sdp-30.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 3 instances of too long lines in the document, the longest one being 12 characters in excess of 72. == There are 3 instances of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. == There are 1 instance of lines with non-RFC3849-compliant IPv6 addresses in the document. If these are example addresses, they should be changed. -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? -- The draft header indicates that this document obsoletes RFC5245, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: 2. The transport address from the peer for the default destination correspond to IP address values "0.0.0.0"/"::" and port value of "9". This MUST not be considered as a ICE failure by the peer agent and the ICE processing MUST continue as usual. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: 4. The transport address from the peer for the default destination is an FQDN. Regardless of the procedures used to resolve FQDN or the resolution result, this MUST not be considered as a ICE failure by the peer agent and the ICE processing MUST continue as usual. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: : is taken from RFC 4566 [RFC4566]. It is the IP address of the candidate, allowing for IPv4 addresses, IPv6 addresses, and fully qualified domain names (FQDNs). When parsing this field, an agent can differentiate an IPv4 address and an IPv6 address by presence of a colon in its value - the presence of a colon indicates IPv6. An agent generating local candidates MUST not use FQDN addresses. An agent processing remote candidates MUST ignore candidate lines that include candidates with FQDN or IP address versions that are not supported or recognized. The procedures for generation and handling of FQDN candidates, as well as, how agents indicate support for such procedures, need to be specified in an extension specification. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: "ice-lite" is a session-level attribute only, and indicates that an agent is a lite implementation. "ice-mismatch" is a media-level attribute and only reported in the answer. It indicates that the offer arrived with a default destination for a media component that didn't have a corresponding candidate attribute. Inclusion of "a=ice-mismatch" attribute for a given data stream implies that even though both agents support ICE, ICE procedures MUST not used for this data stream and [RFC3264] procedures MUST be used instead. == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 1, 2019) is 1790 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 1663 -- Looks like a reference, but probably isn't: '2' on line 1665 -- Looks like a reference, but probably isn't: '3' on line 1667 -- Looks like a reference, but probably isn't: '4' on line 1669 -- Looks like a reference, but probably isn't: '5' on line 1671 -- Looks like a reference, but probably isn't: '6' on line 1673 -- Looks like a reference, but probably isn't: '7' on line 1675 -- Looks like a reference, but probably isn't: '8' on line 1677 -- Looks like a reference, but probably isn't: '9' on line 1871 -- Looks like a reference, but probably isn't: '10' on line 1877 -- Looks like a reference, but probably isn't: '11' on line 1881 ** Obsolete normative reference: RFC 4091 (Obsoleted by RFC 5245) ** Obsolete normative reference: RFC 4092 (Obsoleted by RFC 5245) ** Obsolete normative reference: RFC 4566 (Obsoleted by RFC 8866) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Obsolete normative reference: RFC 6336 (Obsoleted by RFC 8839) -- Obsolete informational reference (is this intentional?): RFC 5245 (Obsoleted by RFC 8445, RFC 8839) Summary: 6 errors (**), 0 flaws (~~), 8 warnings (==), 15 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 MMUSIC M. Petit-Huguenin 3 Internet-Draft Impedance Mismatch 4 Obsoletes: 5245 (if approved) S. Nandakumar 5 Intended status: Standards Track Cisco Systems 6 Expires: December 3, 2019 A. Keranen 7 Ericsson 8 June 1, 2019 10 Session Description Protocol (SDP) Offer/Answer procedures for 11 Interactive Connectivity Establishment (ICE) 12 draft-ietf-mmusic-ice-sip-sdp-30 14 Abstract 16 This document describes Session Description Protocol (SDP) Offer/ 17 Answer procedures for carrying out Interactive Connectivity 18 Establishment (ICE) between the agents. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at https://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on December 3, 2019. 37 Copyright Notice 39 Copyright (c) 2019 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (https://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 This document may contain material from IETF Documents or IETF 53 Contributions published or made publicly available before November 54 10, 2008. The person(s) controlling the copyright in some of this 55 material may not have granted the IETF Trust the right to allow 56 modifications of such material outside the IETF Standards Process. 57 Without obtaining an adequate license from the person(s) controlling 58 the copyright in such materials, this document may not be modified 59 outside the IETF Standards Process, and derivative works of it may 60 not be created outside the IETF Standards Process, except to format 61 it for publication as an RFC or to translate it into languages other 62 than English. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 67 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 68 3. SDP Offer/Answer Procedures . . . . . . . . . . . . . . . . . 4 69 3.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 4 70 3.2. Generic Procedures . . . . . . . . . . . . . . . . . . . 4 71 3.2.1. Encoding . . . . . . . . . . . . . . . . . . . . . . 4 72 3.2.2. RTP/RTCP Considerations . . . . . . . . . . . . . . . 6 73 3.2.3. Determining Role . . . . . . . . . . . . . . . . . . 6 74 3.2.4. STUN Considerations . . . . . . . . . . . . . . . . . 6 75 3.2.5. Verifying ICE Support Procedures . . . . . . . . . . 6 76 3.2.6. SDP Example . . . . . . . . . . . . . . . . . . . . . 7 77 3.3. Initial Offer/Answer Exchange . . . . . . . . . . . . . . 8 78 3.3.1. Sending the Initial Offer . . . . . . . . . . . . . . 8 79 3.3.2. Sending the Initial Answer . . . . . . . . . . . . . 8 80 3.3.3. Receiving the Initial Answer . . . . . . . . . . . . 9 81 3.3.4. Concluding ICE . . . . . . . . . . . . . . . . . . . 10 82 3.4. Subsequent Offer/Answer Exchanges . . . . . . . . . . . . 10 83 3.4.1. Sending Subsequent Offer . . . . . . . . . . . . . . 10 84 3.4.2. Sending Subsequent Answer . . . . . . . . . . . . . . 13 85 3.4.3. Receiving Answer for a Subsequent Offer . . . . . . . 15 86 4. Grammar . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 87 4.1. "candidate" Attribute . . . . . . . . . . . . . . . . . . 16 88 4.2. "remote-candidates" Attribute . . . . . . . . . . . . . . 19 89 4.3. "ice-lite" and "ice-mismatch" Attributes . . . . . . . . 19 90 4.4. "ice-ufrag" and "ice-pwd" Attributes . . . . . . . . . . 20 91 4.5. "ice-pacing" Attribute . . . . . . . . . . . . . . . . . 21 92 4.6. "ice-options" Attribute . . . . . . . . . . . . . . . . . 21 93 5. Keepalives . . . . . . . . . . . . . . . . . . . . . . . . . 22 94 6. SIP Considerations . . . . . . . . . . . . . . . . . . . . . 22 95 6.1. Latency Guidelines . . . . . . . . . . . . . . . . . . . 22 96 6.1.1. Offer in INVITE . . . . . . . . . . . . . . . . . . . 23 97 6.1.2. Offer in Response . . . . . . . . . . . . . . . . . . 24 98 6.2. SIP Option Tags and Media Feature Tags . . . . . . . . . 24 99 6.3. Interactions with Forking . . . . . . . . . . . . . . . . 24 100 6.4. Interactions with Preconditions . . . . . . . . . . . . . 25 101 6.5. Interactions with Third Party Call Control . . . . . . . 25 102 7. Relationship with ANAT . . . . . . . . . . . . . . . . . . . 25 103 8. Security Considerations . . . . . . . . . . . . . . . . . . . 26 104 8.1. Attacks on the Offer/Answer Exchanges . . . . . . . . . . 26 105 8.2. Insider Attacks . . . . . . . . . . . . . . . . . . . . . 26 106 8.2.1. The Voice Hammer Attack . . . . . . . . . . . . . . . 26 107 8.2.2. Interactions with Application Layer Gateways and SIP 27 108 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 109 9.1. SDP Attributes . . . . . . . . . . . . . . . . . . . . . 28 110 9.1.1. candidate Attribute . . . . . . . . . . . . . . . . . 28 111 9.1.2. remote-candidates Attribute . . . . . . . . . . . . . 29 112 9.1.3. ice-lite Attribute . . . . . . . . . . . . . . . . . 29 113 9.1.4. ice-mismatch Attribute . . . . . . . . . . . . . . . 30 114 9.1.5. ice-pwd Attribute . . . . . . . . . . . . . . . . . . 30 115 9.1.6. ice-ufrag Attribute . . . . . . . . . . . . . . . . . 31 116 9.1.7. ice-options Attribute . . . . . . . . . . . . . . . . 31 117 9.1.8. ice-pacing Attribute . . . . . . . . . . . . . . . . 32 118 9.2. Interactive Connectivity Establishment (ICE) Options 119 Registry . . . . . . . . . . . . . . . . . . . . . . . . 32 120 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33 121 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 122 11.1. Normative References . . . . . . . . . . . . . . . . . . 33 123 11.2. Informative References . . . . . . . . . . . . . . . . . 35 124 11.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 36 125 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 36 126 Appendix B. The remote-candidates Attribute . . . . . . . . . . 38 127 Appendix C. Why Is the Conflict Resolution Mechanism Needed? . . 39 128 Appendix D. Why Send an Updated Offer? . . . . . . . . . . . . . 40 129 Appendix E. Contributors . . . . . . . . . . . . . . . . . . . . 41 130 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 41 132 1. Introduction 134 This document describes how Interactive Connectivity Establishment 135 (ICE) is used with Session Description Protocol (SDP) offer/answer 136 [RFC3264]. The ICE specification [RFC8445] describes procedures that 137 are common to all usages of ICE and this document gives the 138 additional details needed to use ICE with SDP offer/answer. 140 2. Terminology 142 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 143 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 144 "OPTIONAL" in this document are to be interpreted as described in RFC 145 2119 [RFC2119]. 147 Readers should be familiar with the terminology defined in [RFC3264], 148 in [RFC8445] and the following: 150 Default Destination/Candidate: The default destination for a 151 component of a data stream is the transport address that would be 152 used by an agent that is not ICE aware. A default candidate for a 153 component is one whose transport address matches the default 154 destination for that component. For the RTP component, the 155 default connection address is in the "c=" line of the SDP, and the 156 port and transport protocol are in the "m=" line. For the RTCP 157 component, the address and port are indicated using the "a=rtcp" 158 attribute defined in [RFC3605], if present; otherwise, the RTCP 159 component address is same as the address of the RTP component, and 160 its port is one greater than the port of the RTP component. 162 3. SDP Offer/Answer Procedures 164 3.1. Introduction 166 [RFC8445] defines ICE candidate exchange as the process for ICE 167 agents (Initiator and Responder) to exchange their candidate 168 information required for ICE processing at the agents. For the 169 purposes of this specification, the candidate exchange process 170 corresponds to the [RFC3264] Offer/Answer protocol and the 171 terminologies offerer and answerer correspond to the initiator and 172 responder terminologies from [RFC8445] respectively. 174 Once the initiating agent has gathered, pruned and prioritized its 175 set of candidates [RFC8445], the candidate exchange with the peer 176 agent begins. 178 3.2. Generic Procedures 180 3.2.1. Encoding 182 Section 4 provides detailed rules for constructing various SDP 183 attributes defined in this specification. 185 3.2.1.1. Data Streams 187 Each data stream [RFC8445] is represented by an SDP media description 188 ("m=" section). 190 3.2.1.2. Candidates 192 With in a "m=" section, each candidate (including the default 193 candidate) associated with the data stream is represented by an SDP 194 candidate attribute. 196 Prior to nomination, the "c=" line associated with an "m=" section 197 contains the connection address of the default candidate, while the 198 "m=" line contains the port and transport protocol of the default 199 candidate for that "m=" section. 201 After nomination, the "c=" line for a given "m=" section contains the 202 connection address of the nominated candidate (the local candidate of 203 the nominated candidate pair) and the "m=" line contains the port and 204 transport protocol corresponding to the nominated candidate for that 205 "m=" section. 207 3.2.1.3. Username and Password 209 The ICE username is represented by an SDP ice-ufrag attribute and the 210 ICE password is represented by an SDP ice-pwd attribute. 212 3.2.1.4. Lite Implementations 214 An ICE lite implementation [RFC8445] MUST include an SDP ice-lite 215 attribute. A full implementation MUST NOT include that attribute. 217 3.2.1.5. ICE Extensions 219 An agent uses the SDP ice-options attribute to indicate support of 220 ICE extensions. 222 An agent compliant to this specification MUST include an SDP ice- 223 options attribute with an "ice2" attribute value. If an agent 224 receives an SDP offer or answer with ICE attributes but without the 225 "ice2" ice-options attribute value, the agent assumes that the peer 226 is compliant to [RFC5245]. 228 3.2.1.6. Inactive and Disabled Data Streams 230 If an "m=" section is marked as inactive [RFC4566], or has a 231 bandwidth value of zero [RFC4566], the agent MUST still include ICE 232 related SDP attributes. 234 If the port value associated with an "m=" section is set to zero 235 (implying a disabled stream) as defined in section 8.2 of [RFC3264], 236 the agent SHOULD NOT include ICE related SDP candidate attributes in 237 that "m=" section, unless an SDP extension specifying otherwise is 238 used. 240 3.2.2. RTP/RTCP Considerations 242 If an agent utilizes both RTP and RTCP, and separate ports are used 243 for RTP and RTCP, the agent MUST include SDP candidate attributes for 244 both the RTP and RTCP components and SDP rtcp attribute SHOULD be 245 included in the "m=" section, as described in [RFC3605] 247 In the cases where the port number for the RTCP is one higher than 248 the RTP port and RTCP component address is same as the address of the 249 RTP component, the SDP rtcp attribute MAY be omitted. 251 If the agent does not utilize RTCP, it indicates that by including 252 b=RS:0 and b=RR:0 SDP attributes, as described in [RFC3556]. 254 3.2.3. Determining Role 256 The offerer acts as the Initiating agent. The answerer acts as the 257 Responding agent. The ICE roles (controlling and controlled) are 258 determined using the procedures in [RFC8445]. 260 3.2.4. STUN Considerations 262 Once an agent has provided its local candidates to its peer in an SDP 263 offer or answer, the agent MUST be prepared to receive STUN 264 connectivity check Binding requests on those candidates. 266 3.2.5. Verifying ICE Support Procedures 268 The agents will proceed with the ICE procedures defined in [RFC8445] 269 and this specification if, for each data stream in the SDP it 270 received, the default destination for each component of that data 271 stream appears in a candidate attribute. For example, in the case of 272 RTP, the connection address, port and transport protocol are in the 273 "c=" and "m=" lines, respectively, appear in a candidate attribute 274 and the value in the rtcp attribute appears in a candidate attribute. 276 This specification provides no guidance on how an agent should 277 proceed in the cases where the above condition is not met with the 278 few exceptions noted below: 280 1. The presence of certain application layer gateways MAY modify the 281 transport address information as described in Section 8.2.2. The 282 behavior of the responding agent in such a situation is 283 implementation defined. Informally, the responding agent MAY 284 consider the mismatched transport address information as a 285 plausible new candidate learnt from the peer and continue its ICE 286 processing with that transport address included. Alternatively, 287 the responding agent MAY include an "a=ice-mismatch" attribute in 288 its answer for such data streams. If agent chooses to include an 289 "a=ice-mismatch" attribute in its answer for a data stream, then 290 it MUST also omit "a=candidate" attributes, MUST terminate the 291 usage of ICE procedures and [RFC3264] procedures MUST be used 292 instead for this data stream. 294 2. The transport address from the peer for the default destination 295 correspond to IP address values "0.0.0.0"/"::" and port value of 296 "9". This MUST not be considered as a ICE failure by the peer 297 agent and the ICE processing MUST continue as usual. 299 3. In some cases, controlling/initiator agent may receive the SDP 300 answer that may omit "a=candidate" attributes for the data 301 stream, and instead include a media level "a=ice-mismatch" 302 attribute. This signals to the offerer that the answerer 303 supports ICE, but that ICE processing was not used for this data 304 stream. In this case, ICE processing MUST be terminated for this 305 data stream and [RFC3264] procedures MUST be followed instead. 307 4. The transport address from the peer for the default destination 308 is an FQDN. Regardless of the procedures used to resolve FQDN or 309 the resolution result, this MUST not be considered as a ICE 310 failure by the peer agent and the ICE processing MUST continue as 311 usual. 313 3.2.6. SDP Example 315 The following is an example SDP message that includes ICE attributes 316 (lines folded for readability): 318 v=0 319 o=jdoe 2890844526 2890842807 IN IP4 10.0.1.1 320 s= 321 c=IN IP4 192.0.2.3 322 t=0 0 323 a=ice-options:ice2 324 a=ice-pwd:asd88fgpdd777uzjYhagZg 325 a=ice-ufrag:8hhY 326 m=audio 45664 RTP/AVP 0 327 b=RS:0 328 b=RR:0 329 a=rtpmap:0 PCMU/8000 330 a=candidate:1 1 UDP 2130706431 10.0.1.1 8998 typ host 331 a=candidate:2 1 UDP 1694498815 192.0.2.3 45664 typ srflx raddr 332 10.0.1.1 rport 8998 334 3.3. Initial Offer/Answer Exchange 336 3.3.1. Sending the Initial Offer 338 When an offerer generates the initial offer, in each "m=" section it 339 MUST include SDP candidate attributes for each available candidate 340 associated with the "m=" section. In addition, the offerer MUST 341 include an SDP ice-ufrag and an SDP ice-pwd attribute in the offer. 343 It is valid for an offer "m=" line to include no SDP candidate 344 attributes and with default destination corresponding to the IP 345 address values "0.0.0.0"/"::" and port value of "9". This implies 346 that offering agent is only going to use peer reflexive candidates or 347 that additional candidates would be provided in subsequent signaling 348 messages. 350 Note: Within the scope of this document, "Initial Offer" refers to 351 the first SDP offer that is sent in order to negotiate usage of 352 ICE. It might, or might not, be the initial SDP offer of the SDP 353 session. 355 Note: The procedures in this document only consider "m=" sections 356 associated with data streams where ICE is used. 358 3.3.2. Sending the Initial Answer 360 When an answerer receives an initial offer that indicates that the 361 offerer supports ICE, and if the answerer accepts the offer and the 362 usage of ICE, in each "m=" section within the answer, it MUST include 363 SDP candidate attributes for each available candidate associated with 364 the "m=" section. In addition, the answerer MUST include an SDP ice- 365 ufrag and an SDP ice-pwd attribute in the answer. 367 In each "m=" line, the answerer MUST use the same transport protocol 368 as was used in the offer "m=" line. If none of the candidates in the 369 "m=" line in the answer use the same transport protocol as indicated 370 in the offer "m=" line, then, in order to avoid ICE mismatch, the 371 default destination MUST be set to IP address values "0.0.0.0"/"::" 372 and port value of "9". 374 It is also valid for an answer "m=" line to include no SDP candidate 375 attributes and with default destination corresponding to the IP 376 address values "0.0.0.0"/"::" and port value of "9". This implies 377 that answering agent is only going to use peer reflexive candidates 378 or that additional candidates would be provided in subsequent 379 signaling messages. 381 Once the answerer has sent the answer, it can start performing 382 connectivity checks towards the peer candidates that were provided in 383 the offer. 385 If the offer does not indicate support of ICE, the answerer MUST NOT 386 accept the usage of ICE. If the answerer still accepts the offer, 387 the answerer MUST NOT include any ICE related SDP attributes in the 388 answer. Instead the answerer will generate the answer according to 389 normal offer/answer procedures [RFC3264]. 391 If the answerer detects a possibility of the ICE mismatch, procedures 392 described in (Section 3.2.5) are followed. 394 Note: > provides guidance on finding working 395 candidate pairs and thus preventing premature declaration of ICE 396 failure is certain scenarios such as, if the peer has not provided 397 any candidates, or if all provided candidates have failed or have 398 been discarded. 400 3.3.3. Receiving the Initial Answer 402 When an offerer receives an initial answer that indicates that the 403 answerer supports ICE, it can start performing connectivity checks 404 towards the peer candidates that were provided in the answer. 406 If the answer does not indicate that the answerer supports ICE, or if 407 the answerer included "a=ice-mismatch" attributes for all the active 408 data streams in the answer, the offerer MUST terminate the usage of 409 ICE for the entire session and [RFC3264] procedures MUST be followed 410 instead. 412 On the other hand, if the answer indicates the support for ICE but 413 includes "a=ice-mismatch" in certain active data streams, then the 414 offerer MUST terminate the usage of ICE procedures and [RFC3264] 415 procedures MUST be used instead for only these data streams. Also, 416 ICE procedures MUST be used for data streams where "a=ice-mismatch" 417 attribute was not included. 419 If the offerer detects an ICE mismatch for one or more data streams 420 in the answer, as described in (Section 3.2.5), the offerer MUST 421 terminate the usage of ICE for the entire session. The subsequent 422 actions taken by the offerer are implementation dependent and are out 423 of the scope of this specification. 425 Note: > provides guidance on finding working 426 candidate pairs and thus preventing premature declaration of ICE 427 failure is certain scenarios such as, if the peer has not provided 428 any candidates, or if all provided candidates have failed or have 429 been discarded. 431 3.3.4. Concluding ICE 433 Once the state of each check list is Completed, and if the agent is 434 the controlling agent, it nominates a candidate pair [RFC8445] and 435 checks for each data stream whether the nominated pair matches the 436 default candidate pair. If there are one or more data streams with a 437 match, and the peer did not indicate support for the 'ice2' ice- 438 option, the controlling agent MUST generate a subsequent offer 439 (Section 3.4.1), in which the connection address, port and transport 440 protocol in the "c=" and "m=" lines associated with each data stream 441 match the corresponding local information of the nominated pair for 442 that data stream. 444 However, If the support for 'ice2' ice-option is in use, the 445 nominated candidate is noted and sent in the subsequent offer/answer 446 exchange as the default candidate and no updated offer is needed to 447 fix the default candidate. 449 Also as described in [RFC8445], once the controlling agent has 450 nominated a candidate pair for a data stream, the agent MUST NOT 451 nominate another pair for that data stream during the lifetime of the 452 ICE session (i.e. until ICE is restarted). 454 3.4. Subsequent Offer/Answer Exchanges 456 Either agent MAY generate a subsequent offer at any time allowed by 457 [RFC3264]. This section defines rules for construction of subsequent 458 offers and answers. 460 Should a subsequent offer fail, ICE processing continues as if the 461 subsequent offer had never been made. 463 3.4.1. Sending Subsequent Offer 465 3.4.1.1. Procedures for All Implementations 467 3.4.1.1.1. ICE Restarts 469 An agent MAY restart ICE processing for an existing data stream 470 [RFC8445]. 472 The rules governing the ICE restart imply that setting the connection 473 address in the "c=" line to 0.0.0.0 (for IPv4)/ :: (for IPv6) will 474 cause an ICE restart. Consequently, ICE implementations MUST NOT 475 utilize this mechanism for call hold, and instead MUST use 476 "a=inactive" and "a=sendonly" as described in [RFC3264]. 478 To restart ICE, an agent MUST change both the ice-pwd and the ice- 479 ufrag for the data stream in an offer. However, it is permissible to 480 use a session-level attribute in one offer, but to provide the same 481 ice-pwd or ice-ufrag as a media-level attribute in a subsequent 482 offer. This MUST NOT be considered as ICE restart. 484 An agent sets the rest of the ice related fields in the SDP for this 485 data stream as it would in an initial offer of this data stream (see 486 Section 3.2.1). Consequently, the set of candidates MAY include 487 some, none, or all of the previous candidates for that data stream 488 and MAY include a totally new set of candidates. 490 3.4.1.1.2. Removing a Data Stream 492 If an agent removes a data stream by setting its port to zero, it 493 MUST NOT include any candidate attributes for that data stream and 494 SHOULD NOT include any other ICE-related attributes defined in 495 Section 4 for that data stream. 497 3.4.1.1.3. Adding a Data Stream 499 If an agent wishes to add a new data stream, it sets the fields in 500 the SDP for this data stream as if this was an initial offer for that 501 data stream (see Section 3.2.1). This will cause ICE processing to 502 begin for this data stream. 504 3.4.1.2. Procedures for Full Implementations 506 This section describes additional procedures for full 507 implementations, covering existing data streams. 509 3.4.1.2.1. Before Nomination 511 When an offerer sends a subsequent offer; in each "m=" section for 512 which a candidate pair has not yet been nominated, the offer MUST 513 include the same set of ICE-related information that the offerer 514 included in the previous offer or answer. The agent MAY include 515 additional candidates it did not offer previously, but which it has 516 gathered since the last offer/ answer exchange, including peer 517 reflexive candidates. 519 The agent MAY change the default destination for media. As with 520 initial offers, there MUST be a set of candidate attributes in the 521 offer matching this default destination. 523 3.4.1.2.2. After Nomination 525 Once a candidate pair has been nominated for a data stream, the 526 connection address, port and transport protocol in each "c=" and "m=" 527 line associated with that data stream MUST match the data associated 528 with the nominated pair for that data stream. In addition, the 529 offerer only includes SDP candidates representing the local 530 candidates of the nominated candidate pair. The offerer MUST NOT 531 include any other SDP candidate attributes in the subsequent offer. 533 In addition, if the agent is controlling, it MUST include the 534 "a=remote-candidates" attribute for each data stream whose check list 535 is in the completed state. The attribute contains the remote 536 candidates corresponding to the nominated pair in the valid list for 537 each component of that data stream. It is needed to avoid a race 538 condition whereby the controlling agent chooses its pairs, but the 539 updated offer beats the connectivity checks to the controlled agent, 540 which doesn't even know these pairs are valid, let alone selected. 541 See Appendix B for elaboration on this race condition. 543 3.4.1.3. Procedures for Lite Implementations 545 If the ICE state is running, a lite implementation MUST include all 546 of its candidates for each component of each data stream in 547 "a=candidate" attribute in any subsequent offer. The candidates are 548 formed identical to the procedures for initial offers. 550 A lite implementation MUST NOT add additional host candidates in a 551 subsequent offer. If an agent needs to offer additional candidates, 552 it MUST restart ICE. Similarly, the username fragments or passwords 553 MUST remain the same as used previously. If an agent needs to change 554 one of these, it MUST restart ICE for that data stream. 556 If ICE has completed for a data stream and if the agent is 557 controlled, the default destination for that data stream MUST be set 558 to the remote candidate of the candidate pair for that component in 559 the valid list. For a lite implementation, there is always just a 560 single candidate pair in the valid list for each component of a data 561 stream. Additionally, the agent MUST include a candidate attribute 562 for each default destination. 564 If ICE state is completed and if the agent is controlling (which only 565 happens when both agents are lite), the agent MUST include the 566 "a=remote-candidates" attribute for each data stream. The attribute 567 contains the remote candidates from the candidate pairs in the valid 568 list (one pair for each component of each data stream). 570 3.4.2. Sending Subsequent Answer 572 If ICE is Completed for a data stream, and the offer for that data 573 stream lacked the "a=remote-candidates" attribute, the rules for 574 construction of the answer are identical to those for the offerer, 575 except that the answerer MUST NOT include the "a=remote-candidates" 576 attribute in the answer. 578 A controlled agent will receive an offer with the "a=remote- 579 candidates" attribute for a data stream when its peer has concluded 580 ICE processing for that data stream. This attribute is present in 581 the offer to deal with a race condition between the receipt of the 582 offer, and the receipt of the Binding Response that tells the 583 answerer the candidate that will be selected by ICE. See Appendix B 584 for an explanation of this race condition. Consequently, processing 585 of an offer with this attribute depends on the winner of the race. 587 The agent forms a candidate pair for each component of the data 588 stream by: 590 o Setting the remote candidate equal to the offerer's default 591 destination for that component (i.e. the contents of the "m=" and 592 "c=" lines for RTP, and the "a=rtcp" attribute for RTCP) 594 o Setting the local candidate equal to the transport address for 595 that same component in the "a=remote-candidates" attribute in the 596 offer. 598 The agent then sees if each of these candidate pairs is present in 599 the valid list. If a particular pair is not in the valid list, the 600 check has "lost" the race. Call such a pair a "losing pair". 602 The agent finds all the pairs in the check list whose remote 603 candidates equal the remote candidate in the losing pair: 605 o If none of the pairs are In-Progress, and at least one is Failed, 606 it is most likely that a network failure, such as a network 607 partition or serious packet loss, has occurred. The agent SHOULD 608 generate an answer for this data stream as if the remote- 609 candidates attribute had not been present, and then restart ICE 610 for this stream. 612 o If at least one of the pairs is In-Progress, the agent SHOULD wait 613 for those checks to complete, and as each completes, redo the 614 processing in this section until there are no losing pairs. 616 Once there are no losing pairs, the agent can generate the answer. 617 It MUST set the default destination for media to the candidates in 618 the remote-candidates attribute from the offer (each of which will 619 now be the local candidate of a candidate pair in the valid list). 620 It MUST include a candidate attribute in the answer for each 621 candidate in the remote-candidates attribute in the offer. 623 3.4.2.1. ICE Restart 625 If the offerer in a subsequent offer requested an ICE restart for a 626 data stream, and if the answerer accepts the offer, the answerer 627 follows the procedures for generating an initial answer. 629 For a given data stream, the answerer MAY include the same candidates 630 that were used in the previous ICE session, but it MUST change the 631 SDP ice-pwd and ice-ufrag attribute values. 633 3.4.2.2. Lite Implementation specific procedures 635 If the received offer contains the remote-candidates attribute for a 636 data stream, the agent forms a candidate pair for each component of 637 the data stream by: 639 o Setting the remote candidate equal to the offerer's default 640 destination for that component (i.e., the contents of the "m=" and 641 "c=" lines for RTP, and the "a=rtcp" attribute for RTCP). 643 o Setting the local candidate equal to the transport address for 644 that same component in the "a=remote-candidates" attribute in the 645 offer. 647 The state of ICE processing for that data stream is set to Completed. 649 Furthermore, if the agent believed it was controlling, but the offer 650 contained the "a=remote-candidates" attribute, both agents believe 651 they are controlling. In this case, both would have sent updated 652 offers around the same time. 654 However, the signaling protocol carrying the offer/answer exchanges 655 will have resolved this glare condition, so that one agent is always 656 the 'winner' by having its offer received before its peer has sent an 657 offer. The winner takes the role of controlling, so that the loser 658 (the answerer under consideration in this section) MUST change its 659 role to controlled. 661 Consequently, if the agent was going to send an updated offer since, 662 based on the rules in section 8.2 of [RFC8445], it was controlling, 663 it no longer needs to. 665 Besides the potential role change, change in the Valid list, and 666 state changes, the construction of the answer is performed 667 identically to the construction of an offer. 669 3.4.3. Receiving Answer for a Subsequent Offer 671 3.4.3.1. Procedures for Full Implementations 673 There may be certain situations where the offerer receives an SDP 674 answer that lacks ICE candidates although the initial answer did. 675 One example of such an "unexpected" answer might be happen when an 676 ICE-unaware B2BUA introduces a media server during call hold using 677 3rd party call-control procedures. Omitting further details how this 678 is done, this could result in an answer being received at the holding 679 UA that was constructed by the B2BUA. With the B2BUA being ICE- 680 unaware, that answer would not include ICE candidates. 682 Receiving an answer without ICE attributes in this situation might be 683 unexpected, but would not necessarily impair the user experience. 685 When the offerer receives an answer indicating support for ICE, the 686 offer performs on of the following actions: 688 o If the offer was a restart, the agent MUST perform ICE restart 689 procedures as specified in Section 3.4.3.1.1 691 o If the offer/answer exchange removed a data stream, or an answer 692 rejected an offered data stream, an agent MUST flush the Valid 693 list for that data stream. It MUST also terminate any STUN 694 transactions in progress for that data stream. 696 o If the offer/answer exchange added a new data stream, the agent 697 MUST create a new check list for it (and an empty Valid list to 698 start of course) which in turn triggers the candidate processing 699 procedures [RFC8445]. 701 o If ICE state is running for a given data stream, the agent 702 recomputes the check list. If a pair on the new check list was 703 also on the previous check list, and its state is not Frozen, its 704 state is copied over. Otherwise, its state is set to Frozen. If 705 none of the check lists are active (meaning that the pairs in each 706 check list are Frozen), appropriate procedures in [RFC8445] are 707 performed to move candidate(s) to the Waiting state to further 708 continue ICE processing. 710 o If ICE state is completed and the SDP answer conforms to 711 Section 3.4.2, the agent MUST reman in the ICE completed state. 713 However, if the ICE support is no longer indicated in the SDP answer, 714 the agent MUST fall-back to [RFC3264] procedures and SHOULD NOT drop 715 the dialog because of the missing ICE support or unexpected answer. 716 Once the agent sends a new offer later on, it MUST perform an ICE 717 restart. 719 3.4.3.1.1. ICE Restarts 721 The agent MUST remember the nominated pair in the Valid list for each 722 component of the data stream, called the previous selected pair prior 723 to the restart. The agent will continue to send media using this 724 pair, as described in section 12 of [RFC8445]. Once these 725 destinations are noted, the agent MUST flush the valid and check 726 lists, and then recompute the check list and its states, thus 727 triggering the candidate processing procedures [RFC8445] 729 3.4.3.2. Procedures for Lite Implementations 731 If ICE is restarting for a data stream, the agent MUST start a new 732 Valid list for that data stream. It MUST remember the nominated pair 733 in the previous Valid list for each component of the data stream, 734 called the previous selected pairs, and continue to send media there 735 as described in section 12 of [RFC8445]. The state of ICE processing 736 for each data stream MUST change to Running, and the state of ICE 737 processing MUST change to Running 739 4. Grammar 741 This specification defines eight new SDP attributes -- the 742 "candidate", "remote-candidates", "ice-lite", "ice-mismatch", "ice- 743 ufrag", "ice-pwd", "ice-pacing", and "ice-options" attributes. 745 This section also provides non-normative examples of the attributes 746 defined. 748 The syntax for the attributes follow Augmented BNF as defined in 749 [RFC5234]. 751 4.1. "candidate" Attribute 753 The candidate attribute is a media-level attribute only. It contains 754 a transport address for a candidate that can be used for connectivity 755 checks. 757 candidate-attribute = "candidate" ":" foundation SP component-id SP 758 transport SP 759 priority SP 760 connection-address SP ;from RFC 4566 761 port ;port from RFC 4566 762 SP cand-type 763 [SP rel-addr] 764 [SP rel-port] 765 *(SP extension-att-name SP 766 extension-att-value) 768 foundation = 1*32ice-char 769 component-id = 1*5DIGIT 770 transport = "UDP" / transport-extension 771 transport-extension = token ; from RFC 3261 772 priority = 1*10DIGIT 773 cand-type = "typ" SP candidate-types 774 candidate-types = "host" / "srflx" / "prflx" / "relay" / token 775 rel-addr = "raddr" SP connection-address 776 rel-port = "rport" SP port 777 extension-att-name = token 778 extension-att-value = *VCHAR 779 ice-char = ALPHA / DIGIT / "+" / "/" 781 This grammar encodes the primary information about a candidate: its 782 IP address, port and transport protocol, and its properties: the 783 foundation, component ID, priority, type, and related transport 784 address: 786 : is taken from RFC 4566 [RFC4566]. It is the 787 IP address of the candidate, allowing for IPv4 addresses, IPv6 788 addresses, and fully qualified domain names (FQDNs). When parsing 789 this field, an agent can differentiate an IPv4 address and an IPv6 790 address by presence of a colon in its value - the presence of a 791 colon indicates IPv6. An agent generating local candidates MUST 792 not use FQDN addresses. An agent processing remote candidates 793 MUST ignore candidate lines that include candidates with FQDN or 794 IP address versions that are not supported or recognized. The 795 procedures for generation and handling of FQDN candidates, as well 796 as, how agents indicate support for such procedures, need to be 797 specified in an extension specification. 799 : is also taken from RFC 4566 [RFC4566]. It is the port of 800 the candidate. 802 : indicates the transport protocol for the candidate. 803 This specification only defines UDP. However, extensibility is 804 provided to allow for future transport protocols to be used with 805 ICE by extending the sub-registry "ICE Transport Protocols" under 806 "Interactive Connectivity Establishment (ICE)" registry. 808 : is composed of 1 to 32 s. It is an 809 identifier that is equivalent for two candidates that are of the 810 same type, share the same base, and come from the same STUN 811 server. The foundation is used to optimize ICE performance in the 812 Frozen algorithm as described in [RFC8445] 814 : is a positive integer between 1 and 256 (inclusive) 815 that identifies the specific component of the dta stream for which 816 this is a candidate. It MUST start at 1 and MUST increment by 1 817 for each component of a particular candidate. For data streams 818 based on RTP, candidates for the actual RTP media MUST have a 819 component ID of 1, and candidates for RTCP MUST have a component 820 ID of 2. See section 13 in [RFC8445] for additional discussion on 821 extending ICE to new data streams. 823 : is a positive integer between 1 and (2**31 - 1) 824 inclusive. The procedures for computing candidate's priority is 825 described in section 5.1.2 of [RFC8445]. 827 : encodes the type of candidate. This specification 828 defines the values "host", "srflx", "prflx", and "relay" for host, 829 server reflexive, peer reflexive, and relayed candidates, 830 respectively. Specifications for new candidate types MUST define 831 how, if at all, various steps in the ICE processing differ from 832 the ones defined by this specification. 834 and : convey transport addresses related to the 835 candidate, useful for diagnostics and other purposes. 836 and MUST be present for server reflexive, peer 837 reflexive, and relayed candidates. If a candidate is server or 838 peer reflexive, and are equal to the base 839 for that server or peer reflexive candidate. If the candidate is 840 relayed, and are equal to the mapped address 841 in the Allocate response that provided the client with that 842 relayed candidate (see Appendix B.3 of [RFC8445] for a discussion 843 of its purpose). If the candidate is a host candidate, 844 and MUST be omitted. 846 In some cases, e.g., for privacy reasons, an agent may not want to 847 reveal the related address and port. In this case the address 848 MUST be set to "0.0.0.0" (for IPv4 candidates) or "::" (for IPv6 849 candidates) and the port to zero. 851 The candidate attribute can itself be extended. The grammar allows 852 for new name/value pairs to be added at the end of the attribute. 854 Such extensions MUST be made through IETF Review or IESG Approval 855 [RFC5226] and the assignments MUST contain the specific extension and 856 a reference to the document defining the usage of the extension 858 An implementation MUST ignore any name/value pairs it doesn't 859 understand. 861 Example: SDP line for UDP server reflexive candidate attribute for the RTP component 863 a=candidate:2 1 UDP 1694498815 192.0.2.3 45664 typ srflx raddr 10.0.1.1 rport 8998 865 4.2. "remote-candidates" Attribute 867 The syntax of the "remote-candidates" attribute is defined using 868 Augmented BNF as defined in [RFC5234]. The remote-candidates 869 attribute is a media-level attribute only. 871 remote-candidate-att = "remote-candidates:" remote-candidate 872 0*(SP remote-candidate) 873 remote-candidate = component-ID SP connection-address SP port 875 The attribute contains a connection-address and port for each 876 component. The ordering of components is irrelevant. However, a 877 value MUST be present for each component of a data stream. This 878 attribute MUST be included in an offer by a controlling agent for a 879 data stream that is Completed, and MUST NOT be included in any other 880 case. 882 Example: Remote candidates SDP lines for the RTP and RTCP components: 884 a=remote-candidates:1 192.0.2.3 45664 885 a=remote-candidates:2 192.0.2.3 45665 887 4.3. "ice-lite" and "ice-mismatch" Attributes 889 The syntax of the "ice-lite" and "ice-mismatch" attributes, both of 890 which are flags, is: 892 ice-lite = "ice-lite" 893 ice-mismatch = "ice-mismatch" 895 "ice-lite" is a session-level attribute only, and indicates that an 896 agent is a lite implementation. "ice-mismatch" is a media-level 897 attribute and only reported in the answer. It indicates that the 898 offer arrived with a default destination for a media component that 899 didn't have a corresponding candidate attribute. Inclusion of 900 "a=ice-mismatch" attribute for a given data stream implies that even 901 though both agents support ICE, ICE procedures MUST not used for this 902 data stream and [RFC3264] procedures MUST be used instead. 904 4.4. "ice-ufrag" and "ice-pwd" Attributes 906 The "ice-ufrag" and "ice-pwd" attributes convey the username fragment 907 and password used by ICE for message integrity. Their syntax is: 909 ice-pwd-att = "ice-pwd:" password 910 ice-ufrag-att = "ice-ufrag:" ufrag 911 password = 22*256ice-char 912 ufrag = 4*256ice-char 914 The "ice-pwd" and "ice-ufrag" attributes can appear at either the 915 session-level or media-level. When present in both, the value in the 916 media-level takes precedence. Thus, the value at the session-level 917 is effectively a default that applies to all data streams, unless 918 overridden by a media-level value. Whether present at the session or 919 media-level, there MUST be an ice-pwd and ice-ufrag attribute for 920 each data stream. If two data streams have identical ice-ufrag's, 921 they MUST have identical ice-pwd's. 923 The ice-ufrag and ice-pwd attributes MUST be chosen randomly at the 924 beginning of a session (the same applies when ICE is restarting for 925 an agent). 927 The ice-ufrag attribute MUST contain at least 24 bits of randomness, 928 and the ice-pwd attribute MUST contain at least 128 bits of 929 randomness. This means that the ice-ufrag attribute will be at least 930 4 characters long, and the ice-pwd at least 22 characters long, since 931 the grammar for these attributes allows for 6 bits of information per 932 character. The attributes MAY be longer than 4 and 22 characters, 933 respectively, of course, up to 256 characters. The upper limit 934 allows for buffer sizing in implementations. Its large upper limit 935 allows for increased amounts of randomness to be added over time. 936 For compatibility with the 512 character limitation for the STUN 937 username attribute value and for bandwidth conservation 938 considerations, the ice-ufrag attribute MUST NOT be longer than 32 939 characters when sending, but an implementation MUST accept up to 256 940 characters when receiving. 942 Example shows sample ice-ufrag and ice-pwd SDP lines: 944 a=ice-pwd:asd88fgpdd777uzjYhagZg 945 a=ice-ufrag:8hhY 947 4.5. "ice-pacing" Attribute 949 The "ice-pacing" is a session level attribute that indicates the 950 desired connectivity check pacing, in milliseconds, for this agent 951 (see section 14 of [RFC8445]). The syntax is: 953 ice-pacing-att = "ice-pacing:" pacing-value 954 pacing-value = 1*10DIGIT 956 Following the procedures defined in [RFC8445], a default value of 957 50ms is used for an agent when ice-pacing attribute is omitted in the 958 offer or the answer. 960 The same rule applies for ice-pacing attribute values lower than 961 50ms. This mandates that, if an agent includes the ice-pacing 962 attribute, its value MUST be greater than 50ms or else a value of 963 50ms is considered by default for that agent. 965 Also the larger of the ice-pacing attribute values between the offer 966 and the answer (determined either by the one provided in the ice- 967 pacing attribute or by picking the default value) MUST be considered 968 for a given ICE session. 970 Example shows ice-pacing value of 5 ms: 972 a=ice-pacing:5 974 4.6. "ice-options" Attribute 976 The "ice-options" attribute is a session- and media-level attribute. 977 It contains a series of tokens that identify the options supported by 978 the agent. Its grammar is: 980 ice-options = "ice-options:" ice-option-tag 981 0*(SP ice-option-tag) 982 ice-option-tag = 1*ice-char 984 The existence of an ice-option in an offer indicates that a certain 985 extension is supported by the agent and is willing to use it, if the 986 peer agent also includes the same extension in the answer. There 987 might be further extension specific negotiation needed between the 988 agents that determine how the extensions gets used in a given 989 session. The details of the negotiation procedures, if present, MUST 990 be defined by the specification defining the extension (see 991 Section 9.2). 993 Example shows 'rtp+ecn' ice-option SDP line from <>: 995 a=ice-options:rtp+ecn 997 5. Keepalives 999 All the ICE agents MUST follow the procedures defined in section 11 1000 of [RFC8445] for sending keepalives. The keepalives MUST be sent 1001 regardless of whether the data stream is currently inactive, 1002 sendonly, recvonly, or sendrecv, and regardless of the presence or 1003 value of the bandwidth attribute. An agent can determine that its 1004 peer supports ICE by the presence of "a=candidate" attributes for 1005 each media session. 1007 6. SIP Considerations 1009 Note that ICE is not intended for NAT traversal for SIP, which is 1010 assumed to be provided via another mechanism [RFC5626]. 1012 When ICE is used with SIP, forking may result in a single offer 1013 generating a multiplicity of answers. In that case, ICE proceeds 1014 completely in parallel and independently for each answer, treating 1015 the combination of its offer and each answer as an independent offer/ 1016 answer exchange, with its own set of local candidates, pairs, check 1017 lists, states, and so on. 1019 Once ICE processing has reached the Completed state for all peers for 1020 media streams using those candidates, the agent SHOULD wait an 1021 additional three seconds, and then it MAY cease responding to checks 1022 or generating triggered checks on that candidate. It MAY free the 1023 candidate at that time. Freeing of server reflexive candidates is 1024 never explicit; it happens by lack of a keepalive. The three-second 1025 delay handles cases when aggressive nomination is used, and the 1026 selected pairs can quickly change after ICE has completed. 1028 6.1. Latency Guidelines 1030 ICE requires a series of STUN-based connectivity checks to take place 1031 between endpoints. These checks start from the answerer on 1032 generation of its answer, and start from the offerer when it receives 1033 the answer. These checks can take time to complete, and as such, the 1034 selection of messages to use with offers and answers can affect 1035 perceived user latency. Two latency figures are of particular 1036 interest. These are the post-pickup delay and the post-dial delay. 1037 The post-pickup delay refers to the time between when a user "answers 1038 the phone" and when any speech they utter can be delivered to the 1039 caller. The post-dial delay refers to the time between when a user 1040 enters the destination address for the user and ringback begins as a 1041 consequence of having successfully started alerting the called user 1042 agent. 1044 Two cases can be considered -- one where the offer is present in the 1045 initial INVITE and one where it is in a response. 1047 6.1.1. Offer in INVITE 1049 To reduce post-dial delays, it is RECOMMENDED that the caller begin 1050 gathering candidates prior to actually sending its initial INVITE, so 1051 that the candidates can be provided in the INVITE. This can be 1052 started upon user interface cues that a call is pending, such as 1053 activity on a keypad or the phone going off-hook. 1055 On the receipt of the offer, the answerer SHOULD generate an answer 1056 in a provisional response as soon as it has completed gathering the 1057 candidates. ICE requires that a provisional response with an SDP be 1058 transmitted reliably. This can be done through the existing 1059 Provisional Response Acknowledgment (PRACK) mechanism [RFC3262] or 1060 through an ICE specific optimization, wherein, the agent retransmits 1061 the provisional response with the exponential backoff timers 1062 described in [RFC3262]. Such retransmissions MUST cease on receipt 1063 of a STUN Binding request with transport address matching candidate 1064 address for one of the data streams signaled in that SDP or on 1065 transmission of the answer in a 2xx response. If no Binding request 1066 is received prior to the last retransmit, the agent does not consider 1067 the session terminated. For the ICE lite peers , the agent MUST 1068 cease retransmitting the 18x after sending it four times since there 1069 will be no Binding request sent and the number four is arbitrarily 1070 chosen to limit the number of 18x retransmits ('poor man's version of 1071 [RFC3262]' basically). (ICE will actually work even if the peer 1072 never receives the 18x; however, experience has shown that sending it 1073 is important for middleboxes and firewall traversal). 1075 Once the answer has been sent, the agent SHOULD begin its 1076 connectivity checks. Once candidate pairs for each component of a 1077 data stream enter the valid list, the answerer can begin sending 1078 media on that data stream. 1080 However, prior to this point, any media that needs to be sent towards 1081 the caller (such as SIP early media [RFC3960]) MUST NOT be 1082 transmitted. For this reason, implementations SHOULD delay alerting 1083 the called party until candidates for each component of each data 1084 stream have entered the valid list. In the case of a PSTN gateway, 1085 this would mean that the setup message into the PSTN is delayed until 1086 this point. Doing this increases the post-dial delay, but has the 1087 effect of eliminating 'ghost rings'. Ghost rings are cases where the 1088 called party hears the phone ring, picks up, but hears nothing and 1089 cannot be heard. This technique works without requiring support for, 1090 or usage of, preconditions [RFC3312]. It also has the benefit of 1091 guaranteeing that not a single packet of media will get clipped, so 1092 that post-pickup delay is zero. If an agent chooses to delay local 1093 alerting in this way, it SHOULD generate a 180 response once alerting 1094 begins. 1096 6.1.2. Offer in Response 1098 In addition to uses where the offer is in an INVITE, and the answer 1099 is in the provisional and/or 200 OK response, ICE works with cases 1100 where the offer appears in the response. In such cases, which are 1101 common in third party call control [RFC3725], ICE agents SHOULD 1102 generate their offers in a reliable provisional response (which MUST 1103 utilize [RFC3262]), and not alert the user on receipt of the INVITE. 1104 The answer will arrive in a PRACK. This allows for ICE processing to 1105 take place prior to alerting, so that there is no post-pickup delay, 1106 at the expense of increased call setup delays. Once ICE completes, 1107 the callee can alert the user and then generate a 200 OK when they 1108 answer. The 200 OK would contain no SDP, since the offer/answer 1109 exchange has completed. 1111 Alternatively, agents MAY place the offer in a 2xx instead (in which 1112 case the answer comes in the ACK). When this happens, the callee 1113 will alert the user on receipt of the INVITE, and the ICE exchanges 1114 will take place only after the user answers. This has the effect of 1115 reducing call setup delay, but can cause substantial post-pickup 1116 delays and media clipping. 1118 6.2. SIP Option Tags and Media Feature Tags 1120 [RFC5768] specifies a SIP option tag and media feature tag for usage 1121 with ICE. ICE implementations using SIP SHOULD support this 1122 specification, which uses a feature tag in registrations to 1123 facilitate interoperability through signaling intermediaries. 1125 6.3. Interactions with Forking 1127 ICE interacts very well with forking. Indeed, ICE fixes some of the 1128 problems associated with forking. Without ICE, when a call forks and 1129 the caller receives multiple incoming data streams, it cannot 1130 determine which data stream corresponds to which callee. 1132 With ICE, this problem is resolved. The connectivity checks which 1133 occur prior to transmission of media carry username fragments, which 1134 in turn are correlated to a specific callee. Subsequent media 1135 packets that arrive on the same candidate pair as the connectivity 1136 check will be associated with that same callee. Thus, the caller can 1137 perform this correlation as long as it has received an answer. 1139 6.4. Interactions with Preconditions 1141 Quality of Service (QoS) preconditions, which are defined in 1142 [RFC3312] and [RFC4032], apply only to the transport addresses listed 1143 as the default targets for media in an offer/answer. If ICE changes 1144 the transport address where media is received, this change is 1145 reflected in an updated offer that changes the default destination 1146 for media to match ICE's selection. As such, it appears like any 1147 other re-INVITE would, and is fully treated in RFCs 3312 and 4032, 1148 which apply without regard to the fact that the destination for media 1149 is changing due to ICE negotiations occurring "in the background". 1151 Indeed, an agent SHOULD NOT indicate that QoS preconditions have been 1152 met until the checks have completed and selected the candidate pairs 1153 to be used for media. 1155 ICE also has (purposeful) interactions with connectivity 1156 preconditions [RFC5898]. Those interactions are described there. 1157 Note that the procedures described in Section 6.1 describe their own 1158 type of "preconditions", albeit with less functionality than those 1159 provided by the explicit preconditions in [RFC5898]. 1161 6.5. Interactions with Third Party Call Control 1163 ICE works with Flows I, III, and IV as described in [RFC3725]. Flow 1164 I works without the controller supporting or being aware of ICE. 1165 Flow IV will work as long as the controller passes along the ICE 1166 attributes without alteration. Flow II is fundamentally incompatible 1167 with ICE; each agent will believe itself to be the answerer and thus 1168 never generate a re-INVITE. 1170 The flows for continued operation, as described in Section 7 of 1171 [RFC3725], require additional behavior of ICE implementations to 1172 support. In particular, if an agent receives a mid-dialog re-INVITE 1173 that contains no offer, it MUST restart ICE for each data stream and 1174 go through the process of gathering new candidates. Furthermore, 1175 that list of candidates SHOULD include the ones currently being used 1176 for media. 1178 7. Relationship with ANAT 1180 [RFC4091], the Alternative Network Address Types (ANAT) Semantics for 1181 the SDP grouping framework, and [RFC4092], its usage with SIP, define 1182 a mechanism for indicating that an agent can support both IPv4 and 1183 IPv6 for a data stream, and it does so by including two "m=" lines, 1184 one for v4 and one for v6. This is similar to ICE, which allows for 1185 an agent to indicate multiple transport addresses using the candidate 1186 attribute. However, ANAT relies on static selection to pick between 1187 choices, rather than a dynamic connectivity check used by ICE. 1189 It is RECOMMENDED that ICE be used in realizing the dual-stack use- 1190 cases in agents that support ICE. 1192 8. Security Considerations 1194 8.1. Attacks on the Offer/Answer Exchanges 1196 An attacker that can modify or disrupt the offer/answer exchanges 1197 themselves can readily launch a variety of attacks with ICE. They 1198 could direct media to a target of a DoS attack, they could insert 1199 themselves into the data stream, and so on. These are similar to the 1200 general security considerations for offer/answer exchanges, and the 1201 security considerations in [RFC3264] apply. These require techniques 1202 for message integrity and encryption for offers and answers, which 1203 are satisfied by the TLS mechanism [RFC3261] when SIP is used. As 1204 such, the usage of TLS with ICE is RECOMMENDED. 1206 8.2. Insider Attacks 1208 In addition to attacks where the attacker is a third party trying to 1209 insert fake offers, answers, or STUN messages, there are several 1210 attacks possible with ICE when the attacker is an authenticated and 1211 valid participant in the ICE exchange. 1213 8.2.1. The Voice Hammer Attack 1215 The voice hammer attack is an amplification attack. In this attack, 1216 the attacker initiates sessions to other agents, and maliciously 1217 includes the connection address and port of a DoS target as the 1218 destination for media traffic signaled in the SDP. This causes 1219 substantial amplification; a single offer/answer exchange can create 1220 a continuing flood of media packets, possibly at high rates (consider 1221 video sources). This attack is not specific to ICE, but ICE can help 1222 provide remediation. 1224 Specifically, if ICE is used, the agent receiving the malicious SDP 1225 will first perform connectivity checks to the target of media before 1226 sending media there. If this target is a third-party host, the 1227 checks will not succeed, and media is never sent. 1229 Unfortunately, ICE doesn't help if it's not used, in which case an 1230 attacker could simply send the offer without the ICE parameters. 1231 However, in environments where the set of clients is known, and is 1232 limited to ones that support ICE, the server can reject any offers or 1233 answers that don't indicate ICE support. 1235 SIP User Agents (UA) [RFC3261] that are not willing to receive non- 1236 ICE answers MUST include an "ice" Option Tag in the SIP Require 1237 Header Field in their offer. UAs that rejects non-ICE offers SHOULD 1238 use a 421 response code, together with an Option Tag "ice" in the 1239 Require Header Field in the response. 1241 8.2.2. Interactions with Application Layer Gateways and SIP 1243 Application Layer Gateways (ALGs) are functions present in a Network 1244 Address Translation (NAT) device that inspect the contents of packets 1245 and modify them, in order to facilitate NAT traversal for application 1246 protocols. Session Border Controllers (SBCs) are close cousins of 1247 ALGs, but are less transparent since they actually exist as 1248 application-layer SIP intermediaries. ICE has interactions with SBCs 1249 and ALGs. 1251 If an ALG is SIP aware but not ICE aware, ICE will work through it as 1252 long as the ALG correctly modifies the SDP. A correct ALG 1253 implementation behaves as follows: 1255 o The ALG does not modify the "m=" and "c=" lines or the rtcp 1256 attribute if they contain external addresses. 1258 o If the "m=" and "c=" lines contain internal addresses, the 1259 modification depends on the state of the ALG: 1261 * If the ALG already has a binding established that maps an 1262 external port to an internal connection address and port 1263 matching the values in the "m=" and "c=" lines or rtcp 1264 attribute, the ALG uses that binding instead of creating a new 1265 one. 1267 * If the ALG does not already have a binding, it creates a new 1268 one and modifies the SDP, rewriting the "m=" and "c=" lines and 1269 rtcp attribute. 1271 Unfortunately, many ALGs are known to work poorly in these corner 1272 cases. ICE does not try to work around broken ALGs, as this is 1273 outside the scope of its functionality. ICE can help diagnose these 1274 conditions, which often show up as a mismatch between the set of 1275 candidates and the "m=" and "c=" lines and rtcp attributes. The ice- 1276 mismatch attribute is used for this purpose. 1278 ICE works best through ALGs when the signaling is run over TLS. This 1279 prevents the ALG from manipulating the SDP messages and interfering 1280 with ICE operation. Implementations that are expected to be deployed 1281 behind ALGs SHOULD provide for TLS transport of the SDP. 1283 If an SBC is SIP aware but not ICE aware, the result depends on the 1284 behavior of the SBC. If it is acting as a proper Back-to-Back User 1285 Agent (B2BUA), the SBC will remove any SDP attributes it doesn't 1286 understand, including the ICE attributes. Consequently, the call 1287 will appear to both endpoints as if the other side doesn't support 1288 ICE. This will result in ICE being disabled, and media flowing 1289 through the SBC, if the SBC has requested it. If, however, the SBC 1290 passes the ICE attributes without modification, yet modifies the 1291 default destination for media (contained in the "m=" and "c=" lines 1292 and rtcp attribute), this will be detected as an ICE mismatch, and 1293 ICE processing is aborted for the call. It is outside of the scope 1294 of ICE for it to act as a tool for "working around" SBCs. If one is 1295 present, ICE will not be used and the SBC techniques take precedence. 1297 9. IANA Considerations 1299 9.1. SDP Attributes 1301 The original ICE specification defined seven new SDP attributes per 1302 the procedures of Section 8.2.4 of [RFC4566]. The registration 1303 information from the original specification is included here with 1304 modifications to include Mux Category and also defines a new SDP 1305 attribute 'ice-pacing'. 1307 9.1.1. candidate Attribute 1309 Attribute Name: candidate 1311 Type of Attribute: media-level 1313 Subject to charset: No 1315 Purpose: This attribute is used with Interactive Connectivity 1316 Establishment (ICE), and provides one of many possible candidate 1317 addresses for communication. These addresses are validated with 1318 an end-to-end connectivity check using Session Traversal Utilities 1319 for NAT (STUN). 1321 Appropriate Values: See Section 4 of RFC XXXX. 1323 Contact Name: IESG 1325 Contact e-mail: iesg@ietf.org [1] 1327 Reference: RFCXXXX 1328 Mux Category: TRANSPORT 1330 9.1.2. remote-candidates Attribute 1332 Attribute Name: remote-candidates 1334 Type of Attribute: media-level 1336 Subject to charset: No 1338 Purpose: This attribute is used with Interactive Connectivity 1339 Establishment (ICE), and provides the identity of the remote 1340 candidates that the offerer wishes the answerer to use in its 1341 answer. 1343 Appropriate Values: See Section 4 of RFC XXXX. 1345 Contact Name: IESG 1347 Contact e-mail: iesg@ietf.org [2] 1349 Reference: RFCXXXX 1351 Mux Category: TRANSPORT 1353 9.1.3. ice-lite Attribute 1355 Attribute Name: ice-lite 1357 Type of Attribute: session-level 1359 Subject to charset: No 1361 Purpose: This attribute is used with Interactive Connectivity 1362 Establishment (ICE), and indicates that an agent has the minimum 1363 functionality required to support ICE inter-operation with a peer 1364 that has a full implementation. 1366 Appropriate Values: See Section 4 of RFC XXXX. 1368 Contact Name: IESG 1370 Contact e-mail: iesg@ietf.org [3] 1372 Reference: RFCXXXX 1374 Mux Category: NORMAL 1376 9.1.4. ice-mismatch Attribute 1378 Attribute Name: ice-mismatch 1380 Type of Attribute: media-level 1382 Subject to charset: No 1384 Purpose: This attribute is used with Interactive Connectivity 1385 Establishment (ICE), and indicates that an agent is ICE capable, 1386 but did not proceed with ICE due to a mismatch of candidates with 1387 the default destination for media signaled in the SDP. 1389 Appropriate Values: See Section 4 of RFC XXXX. 1391 Contact Name: IESG 1393 Contact e-mail: iesg@ietf.org [4] 1395 Reference: RFCXXXX 1397 Mux Category: NORMAL 1399 9.1.5. ice-pwd Attribute 1401 Attribute Name: ice-pwd 1403 Type of Attribute: session- or media-level 1405 Subject to charset: No 1407 Purpose: This attribute is used with Interactive Connectivity 1408 Establishment (ICE), and provides the password used to protect 1409 STUN connectivity checks. 1411 Appropriate Values: See Section 4 of RFC XXXX. 1413 Contact Name: IESG 1415 Contact e-mail: iesg@ietf.org [5] 1417 Reference: RFCXXXX 1419 Mux Category: TRANSPORT 1421 9.1.6. ice-ufrag Attribute 1423 Attribute Name: ice-ufrag 1425 Type of Attribute: session- or media-level 1427 Subject to charset: No 1429 Purpose: This attribute is used with Interactive Connectivity 1430 Establishment (ICE), and provides the fragments used to construct 1431 the username in STUN connectivity checks. 1433 Appropriate Values: See Section 4 of RFC XXXX. 1435 Contact Name: IESG 1437 Contact e-mail: iesg@ietf.org [6] 1439 Reference: RFCXXXX 1441 Mux Category: TRANSPORT 1443 9.1.7. ice-options Attribute 1445 Attribute Name: ice-options 1447 Long Form: ice-options 1449 Type of Attribute: session-level 1451 Subject to charset: No 1453 Purpose: This attribute is used with Interactive Connectivity 1454 Establishment (ICE), and indicates the ICE options or extensions 1455 used by the agent. 1457 Appropriate Values: See Section 4 of RFC XXXX. 1459 Contact Name: IESG 1461 Contact e-mail: iesg@ietf.org [7] 1463 Reference: RFCXXXX 1465 Mux Category: NORMAL 1467 9.1.8. ice-pacing Attribute 1469 This specification also defines a new SDP attribute, "ice-pacing" 1470 according to the following data: 1472 Attribute Name: ice-pacing 1474 Type of Attribute: session-level 1476 Subject to charset: No 1478 Purpose: This attribute is used with Interactive Connectivity 1479 Establishment (ICE) to indicate desired connectivity check pacing 1480 values. 1482 Appropriate Values: See Section 4 of RFC XXXX. 1484 Contact Name: IESG 1486 Contact e-mail: iesg@ietf.org [8] 1488 Reference: RFCXXXX 1490 Mux Category: NORMAL 1492 9.2. Interactive Connectivity Establishment (ICE) Options Registry 1494 IANA maintains a registry for ice-options identifiers under the 1495 Specification Required policy as defined in "Guidelines for Writing 1496 an IANA Considerations Section in RFCs" [RFC5226]. 1498 ICE options are of unlimited length according to the syntax in 1499 Section 4.6; however, they are RECOMMENDED to be no longer than 20 1500 characters. This is to reduce message sizes and allow for efficient 1501 parsing. ICE options are defined at the session leve.. 1503 A registration request MUST include the following information: 1505 o The ICE option identifier to be registered 1507 o Name, Email, and Address of a contact person for the registration 1509 o Organization or individuals having the change control 1511 o Short description of the ICE extension to which the option relates 1513 o Reference(s) to the specification defining the ICE option and the 1514 related extensions 1516 10. Acknowledgments 1518 A large part of the text in this document was taken from [RFC5245], 1519 authored by Jonathan Rosenberg. 1521 Some of the text in this document was taken from [RFC6336], authored 1522 by Magnus Westerlund and Colin Perkins. 1524 Many thanks to Christer Holmberg for providing text suggestions in 1525 Section 3 that aligns with [RFC8445] 1527 Thanks to Thomas Stach for text help, Roman Shpount for suggesting 1528 RTCP candidate handling and Simon Perreault for advising on IPV6 1529 address selection when candidate-address includes FQDN. 1531 Many thanks to Flemming Andreasen for shepherd review feedback. 1533 Thanks to following experts for their reviews and constructive 1534 feedback: Christer Holmberg, Adam Roach, Peter Saint-Andre and the 1535 MMUSIC WG. 1537 11. References 1539 11.1. Normative References 1541 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1542 Requirement Levels", BCP 14, RFC 2119, 1543 DOI 10.17487/RFC2119, March 1997, 1544 . 1546 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 1547 A., Peterson, J., Sparks, R., Handley, M., and E. 1548 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 1549 DOI 10.17487/RFC3261, June 2002, 1550 . 1552 [RFC3262] Rosenberg, J. and H. Schulzrinne, "Reliability of 1553 Provisional Responses in Session Initiation Protocol 1554 (SIP)", RFC 3262, DOI 10.17487/RFC3262, June 2002, 1555 . 1557 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 1558 with Session Description Protocol (SDP)", RFC 3264, 1559 DOI 10.17487/RFC3264, June 2002, 1560 . 1562 [RFC3312] Camarillo, G., Ed., Marshall, W., Ed., and J. Rosenberg, 1563 "Integration of Resource Management and Session Initiation 1564 Protocol (SIP)", RFC 3312, DOI 10.17487/RFC3312, October 1565 2002, . 1567 [RFC3556] Casner, S., "Session Description Protocol (SDP) Bandwidth 1568 Modifiers for RTP Control Protocol (RTCP) Bandwidth", 1569 RFC 3556, DOI 10.17487/RFC3556, July 2003, 1570 . 1572 [RFC3605] Huitema, C., "Real Time Control Protocol (RTCP) attribute 1573 in Session Description Protocol (SDP)", RFC 3605, 1574 DOI 10.17487/RFC3605, October 2003, 1575 . 1577 [RFC4032] Camarillo, G. and P. Kyzivat, "Update to the Session 1578 Initiation Protocol (SIP) Preconditions Framework", 1579 RFC 4032, DOI 10.17487/RFC4032, March 2005, 1580 . 1582 [RFC4091] Camarillo, G. and J. Rosenberg, "The Alternative Network 1583 Address Types (ANAT) Semantics for the Session Description 1584 Protocol (SDP) Grouping Framework", RFC 4091, June 2005, 1585 . 1587 [RFC4092] Camarillo, G. and J. Rosenberg, "Usage of the Session 1588 Description Protocol (SDP) Alternative Network Address 1589 Types (ANAT) Semantics in the Session Initiation Protocol 1590 (SIP)", RFC 4092, June 2005, 1591 . 1593 [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session 1594 Description Protocol", RFC 4566, DOI 10.17487/RFC4566, 1595 July 2006, . 1597 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1598 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1599 DOI 10.17487/RFC5226, May 2008, 1600 . 1602 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 1603 Specifications: ABNF", STD 68, RFC 5234, 1604 DOI 10.17487/RFC5234, January 2008, 1605 . 1607 [RFC5768] Rosenberg, J., "Indicating Support for Interactive 1608 Connectivity Establishment (ICE) in the Session Initiation 1609 Protocol (SIP)", RFC 5768, DOI 10.17487/RFC5768, April 1610 2010, . 1612 [RFC6336] Westerlund, M. and C. Perkins, "IANA Registry for 1613 Interactive Connectivity Establishment (ICE) Options", 1614 RFC 6336, April 2010, 1615 . 1617 [RFC8445] Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive 1618 Connectivity Establishment (ICE): A Protocol for Network 1619 Address Translator (NAT) Traversal", RFC 8445, 1620 DOI 10.17487/RFC8445, July 2018, 1621 . 1623 11.2. Informative References 1625 [draft-holmberg-ice-pac] 1626 Holmberg, C. and J. Uberti, "Interactive Connectivity 1627 Establishment Patiently Awaiting Connectivity (ICE PAC)", 1628 draft-holmberg-ice-pac-01 (work in progress), March 2019, 1629 . 1632 [RFC3725] Rosenberg, J., Peterson, J., Schulzrinne, H., and G. 1633 Camarillo, "Best Current Practices for Third Party Call 1634 Control (3pcc) in the Session Initiation Protocol (SIP)", 1635 BCP 85, RFC 3725, DOI 10.17487/RFC3725, April 2004, 1636 . 1638 [RFC3960] Camarillo, G. and H. Schulzrinne, "Early Media and Ringing 1639 Tone Generation in the Session Initiation Protocol (SIP)", 1640 RFC 3960, DOI 10.17487/RFC3960, December 2004, 1641 . 1643 [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment 1644 (ICE): A Protocol for Network Address Translator (NAT) 1645 Traversal for Offer/Answer Protocols", RFC 5245, 1646 DOI 10.17487/RFC5245, April 2010, 1647 . 1649 [RFC5626] Jennings, C., Ed., Mahy, R., Ed., and F. Audet, Ed., 1650 "Managing Client-Initiated Connections in the Session 1651 Initiation Protocol (SIP)", RFC 5626, 1652 DOI 10.17487/RFC5626, October 2009, 1653 . 1655 [RFC5898] Andreasen, F., Camarillo, G., Oran, D., and D. Wing, 1656 "Connectivity Preconditions for Session Description 1657 Protocol (SDP) Media Streams", RFC 5898, 1658 DOI 10.17487/RFC5898, July 2010, 1659 . 1661 11.3. URIs 1663 [1] mailto:iesg@ietf.org 1665 [2] mailto:iesg@ietf.org 1667 [3] mailto:iesg@ietf.org 1669 [4] mailto:iesg@ietf.org 1671 [5] mailto:iesg@ietf.org 1673 [6] mailto:iesg@ietf.org 1675 [7] mailto:iesg@ietf.org 1677 [8] mailto:iesg@ietf.org 1679 [9] mailto:christer.holmberg@ericsson.com 1681 [10] mailto:rshpount@turbobridge.com 1683 [11] mailto:thomass.stach@gmail.com 1685 Appendix A. Examples 1687 For the example shown in section 15 of [RFC8445] the resulting offer 1688 (message 5) encoded in SDP looks like: 1690 v=0 1691 o=jdoe 2890844526 2890842807 IN IP6 $L-PRIV-1.IP 1692 s= 1693 c=IN IP6 $NAT-PUB-1.IP 1694 t=0 0 1695 a=ice-pwd:asd88fgpdd777uzjYhagZg 1696 a=ice-ufrag:8hhY 1697 m=audio $NAT-PUB-1.PORT RTP/AVP 0 1698 b=RS:0 1699 b=RR:0 1700 a=rtpmap:0 PCMU/8000 1701 a=candidate:1 1 UDP 2130706431 $L-PRIV-1.IP $L-PRIV-1.PORT typ host 1702 a=candidate:2 1 UDP 1694498815 $NAT-PUB-1.IP $NAT-PUB-1.PORT typ 1703 srflx raddr $L-PRIV-1.IP rport $L-PRIV-1.PORT 1705 The offer, with the variables replaced with their values, will look 1706 like (lines folded for clarity): 1708 v=0 1709 o=jdoe 2890844526 2890842807 IN IP6 fe80::6676:baff:fe9c:ee4a 1710 s= 1711 c=IN IP6 2001:420:c0e0:1005::61 1712 t=0 0 1713 a=ice-pwd:asd88fgpdd777uzjYhagZg 1714 a=ice-ufrag:8hhY 1715 m=audio 45664 RTP/AVP 0 1716 b=RS:0 1717 b=RR:0 1718 a=rtpmap:0 PCMU/8000 1719 a=candidate:1 1 UDP 2130706431 fe80::6676:baff:fe9c:ee4a 8998 typ host 1720 a=candidate:2 1 UDP 1694498815 2001:420:c0e0:1005::61 45664 typ srflx raddr 1721 fe80::6676:baff:fe9c:ee4a rport 8998 1723 The resulting answer looks like: 1725 v=0 1726 o=bob 2808844564 2808844564 IN IP4 $R-PUB-1.IP 1727 s= 1728 c=IN IP4 $R-PUB-1.IP 1729 t=0 0 1730 a=ice-pwd:YH75Fviy6338Vbrhrlp8Yh 1731 a=ice-ufrag:9uB6 1732 m=audio $R-PUB-1.PORT RTP/AVP 0 1733 b=RS:0 1734 b=RR:0 1735 a=rtpmap:0 PCMU/8000 1736 a=candidate:1 1 UDP 2130706431 $R-PUB-1.IP $R-PUB-1.PORT typ host 1737 With the variables filled in: 1739 v=0 1740 o=bob 2808844564 2808844564 IN IP4 192.0.2.1 1741 s= 1742 c=IN IP4 192.0.2.1 1743 t=0 0 1744 a=ice-pwd:YH75Fviy6338Vbrhrlp8Yh 1745 a=ice-ufrag:9uB6 1746 m=audio 3478 RTP/AVP 0 1747 b=RS:0 1748 b=RR:0 1749 a=rtpmap:0 PCMU/8000 1750 a=candidate:1 1 UDP 2130706431 192.0.2.1 3478 typ host 1752 Appendix B. The remote-candidates Attribute 1754 The "a=remote-candidates" attribute exists to eliminate a race 1755 condition between the updated offer and the response to the STUN 1756 Binding request that moved a candidate into the Valid list. This 1757 race condition is shown in Figure 1. On receipt of message 4, agent 1758 L adds a candidate pair to the valid list. If there was only a 1759 single data stream with a single component, agent L could now send an 1760 updated offer. However, the check from agent R has not yet generated 1761 a response, and agent R receives the updated offer (message 7) before 1762 getting the response (message 9). Thus, it does not yet know that 1763 this particular pair is valid. To eliminate this condition, the 1764 actual candidates at R that were selected by the offerer (the remote 1765 candidates) are included in the offer itself, and the answerer delays 1766 its answer until those pairs validate. 1768 Agent L Network Agent R 1769 |(1) Offer | | 1770 |------------------------------------------>| 1771 |(2) Answer | | 1772 |<------------------------------------------| 1773 |(3) STUN Req. | | 1774 |------------------------------------------>| 1775 |(4) STUN Res. | | 1776 |<------------------------------------------| 1777 |(5) STUN Req. | | 1778 |<------------------------------------------| 1779 |(6) STUN Res. | | 1780 |-------------------->| | 1781 | |Lost | 1782 |(7) Offer | | 1783 |------------------------------------------>| 1784 |(8) STUN Req. | | 1785 |<------------------------------------------| 1786 |(9) STUN Res. | | 1787 |------------------------------------------>| 1788 |(10) Answer | | 1789 |<------------------------------------------| 1791 Figure 1: Race Condition Flow 1793 Appendix C. Why Is the Conflict Resolution Mechanism Needed? 1795 When ICE runs between two peers, one agent acts as controlled, and 1796 the other as controlling. Rules are defined as a function of 1797 implementation type and offerer/answerer to determine who is 1798 controlling and who is controlled. However, the specification 1799 mentions that, in some cases, both sides might believe they are 1800 controlling, or both sides might believe they are controlled. How 1801 can this happen? 1803 The condition when both agents believe they are controlled shows up 1804 in third party call control cases. Consider the following flow: 1806 A Controller B 1807 |(1) INV() | | 1808 |<-------------| | 1809 |(2) 200(SDP1) | | 1810 |------------->| | 1811 | |(3) INV() | 1812 | |------------->| 1813 | |(4) 200(SDP2) | 1814 | |<-------------| 1815 |(5) ACK(SDP2) | | 1816 |<-------------| | 1817 | |(6) ACK(SDP1) | 1818 | |------------->| 1820 Figure 2: Role Conflict Flow 1822 This flow is a variation on flow III of RFC 3725 [RFC3725]. In fact, 1823 it works better than flow III since it produces fewer messages. In 1824 this flow, the controller sends an offerless INVITE to agent A, which 1825 responds with its offer, SDP1. The agent then sends an offerless 1826 INVITE to agent B, which it responds to with its offer, SDP2. The 1827 controller then uses the offer from each agent to generate the 1828 answers. When this flow is used, ICE will run between agents A and 1829 B, but both will believe they are in the controlling role. With the 1830 role conflict resolution procedures, this flow will function properly 1831 when ICE is used. 1833 At this time, there are no documented flows that can result in the 1834 case where both agents believe they are controlled. However, the 1835 conflict resolution procedures allow for this case, should a flow 1836 arise that would fit into this category. 1838 Appendix D. Why Send an Updated Offer? 1840 Section 11.1 describes rules for sending media. Both agents can send 1841 media once ICE checks complete, without waiting for an updated offer. 1842 Indeed, the only purpose of the updated offer is to "correct" the SDP 1843 so that the default destination for media matches where media is 1844 being sent based on ICE procedures (which will be the highest- 1845 priority nominated candidate pair). 1847 This begs the question -- why is the updated offer/answer exchange 1848 needed at all? Indeed, in a pure offer/answer environment, it would 1849 not be. The offerer and answerer will agree on the candidates to use 1850 through ICE, and then can begin using them. As far as the agents 1851 themselves are concerned, the updated offer/answer provides no new 1852 information. However, in practice, numerous components along the 1853 signaling path look at the SDP information. These include entities 1854 performing off-path QoS reservations, NAT traversal components such 1855 as ALGs and Session Border Controllers (SBCs), and diagnostic tools 1856 that passively monitor the network. For these tools to continue to 1857 function without change, the core property of SDP -- that the 1858 existing, pre-ICE definitions of the addresses used for media -- the 1859 "m=" and "c=" lines and the rtcp attribute -- must be retained. For 1860 this reason, an updated offer must be sent. 1862 Appendix E. Contributors 1864 Following experts have contributed textual and structural 1865 improvements for this work 1867 1. Christer Holmberg 1869 * Ericsson 1871 * Email: christer.holmberg@ericsson.com [9] 1873 2. Roman Shpount 1875 * TurboBridge 1877 * rshpount@turbobridge.com [10] 1879 3. Thomas Stach 1881 * thomass.stach@gmail.com [11] 1883 Authors' Addresses 1885 Marc Petit-Huguenin 1886 Impedance Mismatch 1888 Email: marc@petit-huguenin.org 1890 Suhas Nandakumar 1891 Cisco Systems 1892 707 Tasman Dr 1893 Milpitas, CA 95035 1894 USA 1896 Email: snandaku@cisco.com 1897 Ari Keranen 1898 Ericsson 1899 Jorvas 02420 1900 Finland 1902 Email: ari.keranen@ericsson.com