idnits 2.17.1 draft-ietf-mmusic-ice-sip-sdp-35.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 6, 2019) is 1785 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 1664 -- Looks like a reference, but probably isn't: '2' on line 1666 -- Looks like a reference, but probably isn't: '3' on line 1668 -- Looks like a reference, but probably isn't: '4' on line 1670 -- Looks like a reference, but probably isn't: '5' on line 1672 -- Looks like a reference, but probably isn't: '6' on line 1674 -- Looks like a reference, but probably isn't: '7' on line 1676 -- Looks like a reference, but probably isn't: '8' on line 1678 -- Looks like a reference, but probably isn't: '9' on line 1872 -- Looks like a reference, but probably isn't: '10' on line 1878 -- Looks like a reference, but probably isn't: '11' on line 1882 ** Obsolete normative reference: RFC 4566 (Obsoleted by RFC 8866) ** Obsolete normative reference: RFC 6336 (Obsoleted by RFC 8839) ** Obsolete normative reference: RFC 5226 (ref. 'RFC8126') (Obsoleted by RFC 8126) -- Obsolete informational reference (is this intentional?): RFC 4091 (Obsoleted by RFC 5245) -- Obsolete informational reference (is this intentional?): RFC 4092 (Obsoleted by RFC 5245) -- Obsolete informational reference (is this intentional?): RFC 5245 (Obsoleted by RFC 8445, RFC 8839) Summary: 3 errors (**), 0 flaws (~~), 2 warnings (==), 15 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 MMUSIC M. Petit-Huguenin 3 Internet-Draft Impedance Mismatch 4 Obsoletes: 5245 (if approved) S. Nandakumar 5 Intended status: Standards Track Cisco Systems 6 Expires: December 8, 2019 A. Keranen 7 Ericsson 8 June 6, 2019 10 Session Description Protocol (SDP) Offer/Answer procedures for 11 Interactive Connectivity Establishment (ICE) 12 draft-ietf-mmusic-ice-sip-sdp-35 14 Abstract 16 This document describes Session Description Protocol (SDP) Offer/ 17 Answer procedures for carrying out Interactive Connectivity 18 Establishment (ICE) between the agents. 20 This document obsoletes RFC 5245. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at https://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on December 8, 2019. 39 Copyright Notice 41 Copyright (c) 2019 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (https://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 This document may contain material from IETF Documents or IETF 55 Contributions published or made publicly available before November 56 10, 2008. The person(s) controlling the copyright in some of this 57 material may not have granted the IETF Trust the right to allow 58 modifications of such material outside the IETF Standards Process. 59 Without obtaining an adequate license from the person(s) controlling 60 the copyright in such materials, this document may not be modified 61 outside the IETF Standards Process, and derivative works of it may 62 not be created outside the IETF Standards Process, except to format 63 it for publication as an RFC or to translate it into languages other 64 than English. 66 Table of Contents 68 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 69 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 70 3. SDP Offer/Answer Procedures . . . . . . . . . . . . . . . . . 4 71 3.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 4 72 3.2. Generic Procedures . . . . . . . . . . . . . . . . . . . 4 73 3.2.1. Encoding . . . . . . . . . . . . . . . . . . . . . . 4 74 3.2.2. RTP/RTCP Considerations . . . . . . . . . . . . . . . 6 75 3.2.3. Determining Role . . . . . . . . . . . . . . . . . . 6 76 3.2.4. STUN Considerations . . . . . . . . . . . . . . . . . 6 77 3.2.5. Verifying ICE Support Procedures . . . . . . . . . . 6 78 3.2.6. SDP Example . . . . . . . . . . . . . . . . . . . . . 7 79 3.3. Initial Offer/Answer Exchange . . . . . . . . . . . . . . 8 80 3.3.1. Sending the Initial Offer . . . . . . . . . . . . . . 8 81 3.3.2. Sending the Initial Answer . . . . . . . . . . . . . 8 82 3.3.3. Receiving the Initial Answer . . . . . . . . . . . . 9 83 3.3.4. Concluding ICE . . . . . . . . . . . . . . . . . . . 10 84 3.4. Subsequent Offer/Answer Exchanges . . . . . . . . . . . . 10 85 3.4.1. Sending Subsequent Offer . . . . . . . . . . . . . . 11 86 3.4.2. Sending Subsequent Answer . . . . . . . . . . . . . . 13 87 3.4.3. Receiving Answer for a Subsequent Offer . . . . . . . 15 88 4. Grammar . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 89 4.1. "candidate" Attribute . . . . . . . . . . . . . . . . . . 17 90 4.2. "remote-candidates" Attribute . . . . . . . . . . . . . . 19 91 4.3. "ice-lite" and "ice-mismatch" Attributes . . . . . . . . 20 92 4.4. "ice-ufrag" and "ice-pwd" Attributes . . . . . . . . . . 20 93 4.5. "ice-pacing" Attribute . . . . . . . . . . . . . . . . . 21 94 4.6. "ice-options" Attribute . . . . . . . . . . . . . . . . . 21 95 5. Keepalives . . . . . . . . . . . . . . . . . . . . . . . . . 22 96 6. SIP Considerations . . . . . . . . . . . . . . . . . . . . . 22 97 6.1. Latency Guidelines . . . . . . . . . . . . . . . . . . . 22 98 6.1.1. Offer in INVITE . . . . . . . . . . . . . . . . . . . 23 99 6.1.2. Offer in Response . . . . . . . . . . . . . . . . . . 24 100 6.2. SIP Option Tags and Media Feature Tags . . . . . . . . . 24 101 6.3. Interactions with Forking . . . . . . . . . . . . . . . . 24 102 6.4. Interactions with Preconditions . . . . . . . . . . . . . 25 103 6.5. Interactions with Third Party Call Control . . . . . . . 25 104 7. Relationship with ANAT . . . . . . . . . . . . . . . . . . . 26 105 8. Security Considerations . . . . . . . . . . . . . . . . . . . 26 106 8.1. Attacks on the Offer/Answer Exchanges . . . . . . . . . . 26 107 8.2. Insider Attacks . . . . . . . . . . . . . . . . . . . . . 26 108 8.2.1. The Voice Hammer Attack . . . . . . . . . . . . . . . 26 109 8.2.2. Interactions with Application Layer Gateways and SIP 27 110 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 111 9.1. SDP Attributes . . . . . . . . . . . . . . . . . . . . . 28 112 9.1.1. candidate Attribute . . . . . . . . . . . . . . . . . 28 113 9.1.2. remote-candidates Attribute . . . . . . . . . . . . . 29 114 9.1.3. ice-lite Attribute . . . . . . . . . . . . . . . . . 29 115 9.1.4. ice-mismatch Attribute . . . . . . . . . . . . . . . 30 116 9.1.5. ice-pwd Attribute . . . . . . . . . . . . . . . . . . 30 117 9.1.6. ice-ufrag Attribute . . . . . . . . . . . . . . . . . 31 118 9.1.7. ice-options Attribute . . . . . . . . . . . . . . . . 31 119 9.1.8. ice-pacing Attribute . . . . . . . . . . . . . . . . 32 120 9.2. Interactive Connectivity Establishment (ICE) Options 121 Registry . . . . . . . . . . . . . . . . . . . . . . . . 32 122 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33 123 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 124 11.1. Normative References . . . . . . . . . . . . . . . . . . 33 125 11.2. Informative References . . . . . . . . . . . . . . . . . 35 126 11.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 36 127 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 36 128 Appendix B. The remote-candidates Attribute . . . . . . . . . . 38 129 Appendix C. Why Is the Conflict Resolution Mechanism Needed? . . 39 130 Appendix D. Why Send an Updated Offer? . . . . . . . . . . . . . 40 131 Appendix E. Contributors . . . . . . . . . . . . . . . . . . . . 41 132 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 41 134 1. Introduction 136 This document describes how Interactive Connectivity Establishment 137 (ICE) is used with Session Description Protocol (SDP) offer/answer 138 [RFC3264]. The ICE specification [RFC8445] describes procedures that 139 are common to all usages of ICE and this document gives the 140 additional details needed to use ICE with SDP offer/answer. 142 This document obsoletes RFC 5245. 144 2. Terminology 146 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 147 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 148 "OPTIONAL" in this document are to be interpreted as described in RFC 149 2119 [RFC2119]. 151 Readers should be familiar with the terminology defined in [RFC3264], 152 in [RFC8445] and the following: 154 Default Destination/Candidate: The default destination for a 155 component of a data stream is the transport address that would be 156 used by an agent that is not ICE aware. A default candidate for a 157 component is one whose transport address matches the default 158 destination for that component. For the RTP component, the 159 default connection address is in the "c=" line of the SDP, and the 160 port and transport protocol are in the "m=" line. For the RTCP 161 component, the address and port are indicated using the "a=rtcp" 162 attribute defined in [RFC3605], if present; otherwise, the RTCP 163 component address is the same as the address of the RTP component, 164 and its port is one greater than the port of the RTP component. 166 3. SDP Offer/Answer Procedures 168 3.1. Introduction 170 [RFC8445] defines ICE candidate exchange as the process for ICE 171 agents (Initiator and Responder) to exchange their candidate 172 information required for ICE processing at the agents. For the 173 purposes of this specification, the candidate exchange process 174 corresponds to the [RFC3264] Offer/Answer protocol and the 175 terminologies offerer and answerer correspond to the initiator and 176 responder terminologies from [RFC8445] respectively. 178 Once the initiating agent has gathered, pruned and prioritized its 179 set of candidates [RFC8445], the candidate exchange with the peer 180 agent begins. 182 3.2. Generic Procedures 184 3.2.1. Encoding 186 Section 4 provides detailed rules for constructing various SDP 187 attributes defined in this specification. 189 3.2.1.1. Data Streams 191 Each data stream [RFC8445] is represented by an SDP media description 192 ("m=" section). 194 3.2.1.2. Candidates 196 Within a "m=" section, each candidate (including the default 197 candidate) associated with the data stream is represented by an SDP 198 candidate attribute. 200 Prior to nomination, the "c=" line associated with an "m=" section 201 contains the connection address of the default candidate, while the 202 "m=" line contains the port and transport protocol of the default 203 candidate for that "m=" section. 205 After nomination, the "c=" line for a given "m=" section contains the 206 connection address of the nominated candidate (the local candidate of 207 the nominated candidate pair) and the "m=" line contains the port and 208 transport protocol corresponding to the nominated candidate for that 209 "m=" section. 211 3.2.1.3. Username and Password 213 The ICE username is represented by an SDP ice-ufrag attribute and the 214 ICE password is represented by an SDP ice-pwd attribute. 216 3.2.1.4. Lite Implementations 218 An ICE lite implementation [RFC8445] MUST include an SDP ice-lite 219 attribute. A full implementation MUST NOT include that attribute. 221 3.2.1.5. ICE Extensions 223 An agent uses the SDP ice-options attribute to indicate support of 224 ICE extensions. 226 An agent compliant to this specification MUST include an SDP ice- 227 options attribute with an "ice2" attribute value. If an agent 228 receives an SDP offer or answer with ICE attributes but without the 229 "ice2" ice-options attribute value, the agent assumes that the peer 230 is compliant to [RFC5245]. 232 3.2.1.6. Inactive and Disabled Data Streams 234 If an "m=" section is marked as inactive [RFC4566], or has a 235 bandwidth value of zero [RFC4566], the agent MUST still include ICE 236 related SDP attributes. 238 If the port value associated with an "m=" section is set to zero 239 (implying a disabled stream) as defined in section 8.2 of [RFC3264], 240 the agent SHOULD NOT include ICE related SDP candidate attributes in 241 that "m=" section, unless an SDP extension specifying otherwise is 242 used. 244 3.2.2. RTP/RTCP Considerations 246 If an agent utilizes both RTP and RTCP, and separate ports are used 247 for RTP and RTCP, the agent MUST include SDP candidate attributes for 248 both the RTP and RTCP components and SDP rtcp attribute SHOULD be 249 included in the "m=" section, as described in [RFC3605] 251 In the cases where the port number for the RTCP is one higher than 252 the RTP port and the RTCP component address is the same as the 253 address of the RTP component, the SDP rtcp attribute MAY be omitted. 255 If the agent does not utilize RTCP, it indicates that by including 256 b=RS:0 and b=RR:0 SDP attributes, as described in [RFC3556]. 258 3.2.3. Determining Role 260 The offerer acts as the Initiating agent. The answerer acts as the 261 Responding agent. The ICE roles (controlling and controlled) are 262 determined using the procedures in [RFC8445]. 264 3.2.4. STUN Considerations 266 Once an agent has provided its local candidates to its peer in an SDP 267 offer or answer, the agent MUST be prepared to receive STUN 268 connectivity check Binding requests on those candidates. 270 3.2.5. Verifying ICE Support Procedures 272 The agents will proceed with the ICE procedures defined in [RFC8445] 273 and this specification if, for each data stream in the SDP it 274 received, the default destination for each component of that data 275 stream appears in a candidate attribute. For example, in the case of 276 RTP, the connection address, port and transport protocol in the "c=" 277 and "m=" lines, respectively, appear in a candidate attribute and the 278 value in the rtcp attribute appears in a candidate attribute. 280 This specification provides no guidance on how an agent should 281 proceed in the cases where the above condition is not met with the 282 few exceptions noted below: 284 1. The presence of certain application layer gateways MAY modify the 285 transport address information as described in Section 8.2.2. The 286 behavior of the responding agent in such a situation is 287 implementation dependent. Informally, the responding agent MAY 288 consider the mismatched transport address information as a 289 plausible new candidate learnt from the peer and continue its ICE 290 processing with that transport address included. Alternatively, 291 the responding agent MAY include an "a=ice-mismatch" attribute in 292 its answer for such data streams. If an agent chooses to include 293 an "a=ice-mismatch" attribute in its answer for a data stream, 294 then it MUST also omit "a=candidate" attributes, MUST terminate 295 the usage of ICE procedures and [RFC3264] procedures MUST be used 296 instead for this data stream. 298 2. The transport address from the peer for the default destination 299 correspond to IPv4/IPv6 address values "0.0.0.0"/"::" and port 300 value of "9". This MUST NOT be considered as a ICE failure by 301 the peer agent and the ICE processing MUST continue as usual. 303 3. In some cases, the controlling/initiator agent may receive the 304 SDP answer that may omit "a=candidate" attributes for the data 305 stream, and instead include a media level "a=ice-mismatch" 306 attribute. This signals to the offerer that the answerer 307 supports ICE, but that ICE processing was not used for this data 308 stream. In this case, ICE processing MUST be terminated for this 309 data stream and [RFC3264] procedures MUST be followed instead. 311 4. The transport address from the peer for the default destination 312 is an FQDN. Regardless of the procedures used to resolve FQDN or 313 the resolution result, this MUST NOT be considered as a ICE 314 failure by the peer agent and the ICE processing MUST continue as 315 usual. 317 3.2.6. SDP Example 319 The following is an example SDP message that includes ICE attributes 320 (lines folded for readability): 322 v=0 323 o=jdoe 2890844526 2890842807 IN IP4 203.0.113.141 324 s= 325 c=IN IP4 192.0.2.3 326 t=0 0 327 a=ice-options:ice2 328 a=ice-pwd:asd88fgpdd777uzjYhagZg 329 a=ice-ufrag:8hhY 330 m=audio 45664 RTP/AVP 0 331 b=RS:0 332 b=RR:0 333 a=rtpmap:0 PCMU/8000 334 a=candidate:1 1 UDP 2130706431 203.0.113.141 8998 typ host 335 a=candidate:2 1 UDP 1694498815 192.0.2.3 45664 typ srflx raddr 336 203.0.113.141 rport 8998 338 3.3. Initial Offer/Answer Exchange 340 3.3.1. Sending the Initial Offer 342 When an offerer generates the initial offer, in each "m=" section it 343 MUST include SDP candidate attributes for each available candidate 344 associated with the "m=" section. In addition, the offerer MUST 345 include an SDP ice-ufrag and an SDP ice-pwd attribute in the offer. 347 It is valid for an offer "m=" line to include no SDP candidate 348 attributes and with default destination corresponding to the IP 349 address values "0.0.0.0"/"::" and port value of "9". This implies 350 that the offering agent is only going to use peer reflexive 351 candidates or that additional candidates would be provided in 352 subsequent signaling messages. 354 Note: Within the scope of this document, "Initial Offer" refers to 355 the first SDP offer that is sent in order to negotiate usage of 356 ICE. It might, or might not, be the initial SDP offer of the SDP 357 session. 359 Note: The procedures in this document only consider "m=" sections 360 associated with data streams where ICE is used. 362 3.3.2. Sending the Initial Answer 364 When an answerer receives an initial offer that indicates that the 365 offerer supports ICE, and if the answerer accepts the offer and the 366 usage of ICE, in each "m=" section within the answer, it MUST include 367 SDP candidate attributes for each available candidate associated with 368 the "m=" section. In addition, the answerer MUST include an SDP ice- 369 ufrag and an SDP ice-pwd attribute in the answer. 371 In each "m=" line, the answerer MUST use the same transport protocol 372 as was used in the offer "m=" line. If none of the candidates in the 373 "m=" line in the answer use the same transport protocol as indicated 374 in the offer "m=" line, then, in order to avoid ICE mismatch, the 375 default destination MUST be set to IP address values "0.0.0.0"/"::" 376 and port value of "9". 378 It is also valid for an answer "m=" line to include no SDP candidate 379 attributes and with default destination corresponding to the IP 380 address values "0.0.0.0"/"::" and port value of "9". This implies 381 that the answering agent is only going to use peer reflexive 382 candidates or that additional candidates would be provided in 383 subsequent signaling messages. 385 Once the answerer has sent the answer, it can start performing 386 connectivity checks towards the peer candidates that were provided in 387 the offer. 389 If the offer does not indicate support of ICE, the answerer MUST NOT 390 accept the usage of ICE. If the answerer still accepts the offer, 391 the answerer MUST NOT include any ICE related SDP attributes in the 392 answer. Instead the answerer will generate the answer according to 393 normal offer/answer procedures [RFC3264]. 395 If the answerer detects a possibility of the ICE mismatch, procedures 396 described in (Section 3.2.5) are followed. 398 Note: > provides guidance on finding working 399 candidate pairs and thus preventing premature declaration of ICE 400 failure in certain scenarios such as, if the peer has not provided 401 any candidates, or if all provided candidates have failed or have 402 been discarded. 404 3.3.3. Receiving the Initial Answer 406 When an offerer receives an initial answer that indicates that the 407 answerer supports ICE, it can start performing connectivity checks 408 towards the peer candidates that were provided in the answer. 410 If the answer does not indicate that the answerer supports ICE, or if 411 the answerer included "a=ice-mismatch" attributes for all the active 412 data streams in the answer, the offerer MUST terminate the usage of 413 ICE for the entire session and [RFC3264] procedures MUST be followed 414 instead. 416 On the other hand, if the answer indicates the support for ICE but 417 includes "a=ice-mismatch" in certain active data streams, then the 418 offerer MUST terminate the usage of ICE procedures and [RFC3264] 419 procedures MUST be used instead for only these data streams. Also, 420 ICE procedures MUST be used for data streams where an "a=ice- 421 mismatch" attribute was not included. 423 If the offerer detects an ICE mismatch for one or more data streams 424 in the answer, as described in (Section 3.2.5), the offerer MUST 425 terminate the usage of ICE for the entire session. The subsequent 426 actions taken by the offerer are implementation dependent and are out 427 of the scope of this specification. 429 Note: > provides guidance on finding working 430 candidate pairs and thus preventing premature declaration of ICE 431 failure in certain scenarios such as, if the peer has not provided 432 any candidates, or if all provided candidates have failed or have 433 been discarded. 435 3.3.4. Concluding ICE 437 Once the state of each check list is Completed, and if the agent is 438 the controlling agent, it nominates a candidate pair [RFC8445] and 439 checks for each data stream whether the nominated pair matches the 440 default candidate pair. If there are one or more data streams don't 441 match, and the peer did not indicate support for the 'ice2' ice- 442 option, the controlling agent MUST generate a subsequent offer 443 (Section 3.4.1), in which the connection address, port and transport 444 protocol in the "c=" and "m=" lines associated with each data stream 445 match the corresponding local information of the nominated pair for 446 that data stream. 448 However, if the support for 'ice2' ice-option is in use, the 449 nominated candidate is noted and sent in the subsequent offer/answer 450 exchange as the default candidate and no updated offer is needed to 451 fix the default candidate. 453 Also as described in [RFC8445], once the controlling agent has 454 nominated a candidate pair for a data stream, the agent MUST NOT 455 nominate another pair for that data stream during the lifetime of the 456 ICE session (i.e. until ICE is restarted). 458 3.4. Subsequent Offer/Answer Exchanges 460 Either agent MAY generate a subsequent offer at any time allowed by 461 [RFC3264]. This section defines rules for construction of subsequent 462 offers and answers. 464 Should a subsequent offer fail, ICE processing continues as if the 465 subsequent offer had never been made. 467 3.4.1. Sending Subsequent Offer 469 3.4.1.1. Procedures for All Implementations 471 3.4.1.1.1. ICE Restarts 473 An agent MAY restart ICE processing for an existing data stream 474 [RFC8445]. 476 The rules governing the ICE restart imply that setting the connection 477 address in the "c=" line to 0.0.0.0 (for IPv4)/ :: (for IPv6) will 478 cause an ICE restart. Consequently, ICE implementations MUST NOT 479 utilize this mechanism for call hold, and instead MUST use 480 "a=inactive" and "a=sendonly" as described in [RFC3264]. 482 To restart ICE, an agent MUST change both the ice-pwd and the ice- 483 ufrag for the data stream in an offer. However, it is permissible to 484 use a session-level attribute in one offer, but to provide the same 485 ice-pwd or ice-ufrag as a media-level attribute in a subsequent 486 offer. This MUST NOT be considered as ICE restart. 488 An agent sets the rest of the ice related fields in the SDP for this 489 data stream as it would in an initial offer of this data stream (see 490 Section 3.2.1). Consequently, the set of candidates MAY include 491 some, none, or all of the previous candidates for that data stream 492 and MAY include a totally new set of candidates. 494 3.4.1.1.2. Removing a Data Stream 496 If an agent removes a data stream by setting its port to zero, it 497 MUST NOT include any candidate attributes for that data stream and 498 SHOULD NOT include any other ICE-related attributes defined in 499 Section 4 for that data stream. 501 3.4.1.1.3. Adding a Data Stream 503 If an agent wishes to add a new data stream, it sets the fields in 504 the SDP for this data stream as if this was an initial offer for that 505 data stream (see Section 3.2.1). This will cause ICE processing to 506 begin for this data stream. 508 3.4.1.2. Procedures for Full Implementations 510 This section describes additional procedures for full 511 implementations, covering existing data streams. 513 3.4.1.2.1. Before Nomination 515 When an offerer sends a subsequent offer; in each "m=" section for 516 which a candidate pair has not yet been nominated, the offer MUST 517 include the same set of ICE-related information that the offerer 518 included in the previous offer or answer. The agent MAY include 519 additional candidates it did not offer previously, but which it has 520 gathered since the last offer/ answer exchange, including peer 521 reflexive candidates. 523 The agent MAY change the default destination for media. As with 524 initial offers, there MUST be a set of candidate attributes in the 525 offer matching this default destination. 527 3.4.1.2.2. After Nomination 529 Once a candidate pair has been nominated for a data stream, the 530 connection address, port and transport protocol in each "c=" and "m=" 531 line associated with that data stream MUST match the data associated 532 with the nominated pair for that data stream. In addition, the 533 offerer only includes SDP candidates representing the local 534 candidates of the nominated candidate pair. The offerer MUST NOT 535 include any other SDP candidate attributes in the subsequent offer. 537 In addition, if the agent is controlling, it MUST include the 538 "a=remote-candidates" attribute for each data stream whose check list 539 is in the completed state. The attribute contains the remote 540 candidates corresponding to the nominated pair in the valid list for 541 each component of that data stream. It is needed to avoid a race 542 condition whereby the controlling agent chooses its pairs, but the 543 updated offer beats the connectivity checks to the controlled agent, 544 which doesn't even know these pairs are valid, let alone selected. 545 See Appendix B for elaboration on this race condition. 547 3.4.1.3. Procedures for Lite Implementations 549 If the ICE state is running, a lite implementation MUST include all 550 of its candidates for each component of each data stream in 551 "a=candidate" attributes in any subsequent offer. The candidates are 552 formed identical to the procedures for initial offers. 554 A lite implementation MUST NOT add additional host candidates in a 555 subsequent offer. If an agent needs to offer additional candidates, 556 it MUST restart ICE. Similarly, the username fragments or passwords 557 MUST remain the same as used previously. If an agent needs to change 558 one of these, it MUST restart ICE for that data stream. 560 If ICE has completed for a data stream and if the agent is 561 controlled, the default destination for that data stream MUST be set 562 to the remote candidate of the candidate pair for that component in 563 the valid list. For a lite implementation, there is always just a 564 single candidate pair in the valid list for each component of a data 565 stream. Additionally, the agent MUST include a candidate attribute 566 for each default destination. 568 If ICE state is completed and if the agent is controlling (which only 569 happens when both agents are lite), the agent MUST include the 570 "a=remote-candidates" attribute for each data stream. The attribute 571 contains the remote candidates from the candidate pairs in the valid 572 list (one pair for each component of each data stream). 574 3.4.2. Sending Subsequent Answer 576 If ICE is Completed for a data stream, and the offer for that data 577 stream lacked the "a=remote-candidates" attribute, the rules for 578 construction of the answer are identical to those for the offerer, 579 except that the answerer MUST NOT include the "a=remote-candidates" 580 attribute in the answer. 582 A controlled agent will receive an offer with the "a=remote- 583 candidates" attribute for a data stream when its peer has concluded 584 ICE processing for that data stream. This attribute is present in 585 the offer to deal with a race condition between the receipt of the 586 offer, and the receipt of the Binding Response that tells the 587 answerer the candidate that will be selected by ICE. See Appendix B 588 for an explanation of this race condition. Consequently, processing 589 of an offer with this attribute depends on the winner of the race. 591 The agent forms a candidate pair for each component of the data 592 stream by: 594 o Setting the remote candidate equal to the offerer's default 595 destination for that component (i.e. the contents of the "m=" and 596 "c=" lines for RTP, and the "a=rtcp" attribute for RTCP) 598 o Setting the local candidate equal to the transport address for 599 that same component in the "a=remote-candidates" attribute in the 600 offer. 602 The agent then sees if each of these candidate pairs is present in 603 the valid list. If a particular pair is not in the valid list, the 604 check has "lost" the race. Call such a pair a "losing pair". 606 The agent finds all the pairs in the check list whose remote 607 candidates equal the remote candidate in the losing pair: 609 o If none of the pairs are In-Progress, and at least one is Failed, 610 it is most likely that a network failure, such as a network 611 partition or serious packet loss, has occurred. The agent SHOULD 612 generate an answer for this data stream as if the remote- 613 candidates attribute had not been present, and then restart ICE 614 for this stream. 616 o If at least one of the pairs is In-Progress, the agent SHOULD wait 617 for those checks to complete, and as each completes, redo the 618 processing in this section until there are no losing pairs. 620 Once there are no losing pairs, the agent can generate the answer. 621 It MUST set the default destination for media to the candidates in 622 the remote-candidates attribute from the offer (each of which will 623 now be the local candidate of a candidate pair in the valid list). 624 It MUST include a candidate attribute in the answer for each 625 candidate in the remote-candidates attribute in the offer. 627 3.4.2.1. ICE Restart 629 If the offerer in a subsequent offer requested an ICE restart for a 630 data stream, and if the answerer accepts the offer, the answerer 631 follows the procedures for generating an initial answer. 633 For a given data stream, the answerer MAY include the same candidates 634 that were used in the previous ICE session, but it MUST change the 635 SDP ice-pwd and ice-ufrag attribute values. 637 3.4.2.2. Lite Implementation specific procedures 639 If the received offer contains the remote-candidates attribute for a 640 data stream, the agent forms a candidate pair for each component of 641 the data stream by: 643 o Setting the remote candidate equal to the offerer's default 644 destination for that component (i.e., the contents of the "m=" and 645 "c=" lines for RTP, and the "a=rtcp" attribute for RTCP). 647 o Setting the local candidate equal to the transport address for 648 that same component in the "a=remote-candidates" attribute in the 649 offer. 651 The state of ICE processing for that data stream is set to Completed. 653 Furthermore, if the agent believed it was controlling, but the offer 654 contained the "a=remote-candidates" attribute, both agents believe 655 they are controlling. In this case, both would have sent updated 656 offers around the same time. 658 However, the signaling protocol carrying the offer/answer exchanges 659 will have resolved this glare condition, so that one agent is always 660 the 'winner' by having its offer received before its peer has sent an 661 offer. The winner takes the role of controlling, so that the loser 662 (the answerer under consideration in this section) MUST change its 663 role to controlled. 665 Consequently, if the agent was going to send an updated offer since, 666 based on the rules in section 8.2 of [RFC8445], it was controlling, 667 it no longer needs to. 669 Besides the potential role change, change in the Valid list, and 670 state changes, the construction of the answer is performed 671 identically to the construction of an offer. 673 3.4.3. Receiving Answer for a Subsequent Offer 675 3.4.3.1. Procedures for Full Implementations 677 There may be certain situations where the offerer receives an SDP 678 answer that lacks ICE candidates although the initial answer included 679 them. One example of such an "unexpected" answer might be happen 680 when an ICE-unaware Back-to-Back User Agent (B2BUA) introduces a 681 media server during call hold using 3rd party call-control 682 procedures. Omitting further details how this is done, this could 683 result in an answer being received at the holding UA that was 684 constructed by the B2BUA. With the B2BUA being ICE-unaware, that 685 answer would not include ICE candidates. 687 Receiving an answer without ICE attributes in this situation might be 688 unexpected, but would not necessarily impair the user experience. 690 When the offerer receives an answer indicating support for ICE, the 691 offer performs one of the following actions: 693 o If the offer was a restart, the agent MUST perform ICE restart 694 procedures as specified in Section 3.4.3.1.1 696 o If the offer/answer exchange removed a data stream, or an answer 697 rejected an offered data stream, an agent MUST flush the Valid 698 list for that data stream. It MUST also terminate any STUN 699 transactions in progress for that data stream. 701 o If the offer/answer exchange added a new data stream, the agent 702 MUST create a new check list for it (and an empty Valid list to 703 start of course) which in turn triggers the candidate processing 704 procedures [RFC8445]. 706 o If ICE state is running for a given data stream, the agent 707 recomputes the check list. If a pair on the new check list was 708 also on the previous check list, and its state is not Frozen, its 709 state is copied over. Otherwise, its state is set to Frozen. If 710 none of the check lists are active (meaning that the pairs in each 711 check list are Frozen), appropriate procedures in [RFC8445] are 712 performed to move candidate(s) to the Waiting state to further 713 continue ICE processing. 715 o If ICE state is completed and the SDP answer conforms to 716 Section 3.4.2, the agent MUST remain in the ICE completed state. 718 However, if the ICE support is no longer indicated in the SDP answer, 719 the agent MUST fall-back to [RFC3264] procedures and SHOULD NOT drop 720 the dialog because of the missing ICE support or unexpected answer. 721 Once the agent sends a new offer later on, it MUST perform an ICE 722 restart. 724 3.4.3.1.1. ICE Restarts 726 The agent MUST remember the nominated pair in the Valid list for each 727 component of the data stream, called the previous selected pair prior 728 to the restart. The agent will continue to send media using this 729 pair, as described in section 12 of [RFC8445]. Once these 730 destinations are noted, the agent MUST flush the valid and check 731 lists, and then recompute the check list and its states, thus 732 triggering the candidate processing procedures [RFC8445] 734 3.4.3.2. Procedures for Lite Implementations 736 If ICE is restarting for a data stream, the agent MUST start a new 737 Valid list for that data stream. It MUST remember the nominated pair 738 in the previous Valid list for each component of the data stream, 739 called the previous selected pairs, and continue to send media there 740 as described in section 12 of [RFC8445]. The state of ICE processing 741 for each data stream MUST change to Running, and the state of ICE 742 processing MUST change to Running 744 4. Grammar 746 This specification defines eight new SDP attributes -- the 747 "candidate", "remote-candidates", "ice-lite", "ice-mismatch", "ice- 748 ufrag", "ice-pwd", "ice-pacing", and "ice-options" attributes. 750 This section also provides non-normative examples of the attributes 751 defined. 753 The syntax for the attributes follow Augmented BNF as defined in 754 [RFC5234]. 756 4.1. "candidate" Attribute 758 The candidate attribute is a media-level attribute only. It contains 759 a transport address for a candidate that can be used for connectivity 760 checks. 762 candidate-attribute = "candidate" ":" foundation SP component-id SP 763 transport SP 764 priority SP 765 connection-address SP ;from RFC 4566 766 port ;port from RFC 4566 767 SP cand-type 768 [SP rel-addr] 769 [SP rel-port] 770 *(SP extension-att-name SP 771 extension-att-value) 773 foundation = 1*32ice-char 774 component-id = 1*5DIGIT 775 transport = "UDP" / transport-extension 776 transport-extension = token ; from RFC 3261 777 priority = 1*10DIGIT 778 cand-type = "typ" SP candidate-types 779 candidate-types = "host" / "srflx" / "prflx" / "relay" / token 780 rel-addr = "raddr" SP connection-address 781 rel-port = "rport" SP port 782 extension-att-name = token 783 extension-att-value = *VCHAR 784 ice-char = ALPHA / DIGIT / "+" / "/" 786 This grammar encodes the primary information about a candidate: its 787 IP address, port and transport protocol, and its properties: the 788 foundation, component ID, priority, type, and related transport 789 address: 791 : is taken from RFC 4566 [RFC4566]. It is the 792 IP address of the candidate, allowing for IPv4 addresses, IPv6 793 addresses, and fully qualified domain names (FQDNs). When parsing 794 this field, an agent can differentiate an IPv4 address and an IPv6 795 address by presence of a colon in its value - the presence of a 796 colon indicates IPv6. An agent generating local candidates MUST 797 NOT use FQDN addresses. An agent processing remote candidates 798 MUST ignore candidate lines that include candidates with FQDN or 799 IP address versions that are not supported or recognized. The 800 procedures for generation and handling of FQDN candidates, as well 801 as, how agents indicate support for such procedures, need to be 802 specified in an extension specification. 804 : is also taken from RFC 4566 [RFC4566]. It is the port of 805 the candidate. 807 : indicates the transport protocol for the candidate. 808 This specification only defines UDP. However, extensibility is 809 provided to allow for future transport protocols to be used with 810 ICE by extending the sub-registry "ICE Transport Protocols" under 811 "Interactive Connectivity Establishment (ICE)" registry. 813 : is composed of 1 to 32 s. It is an 814 identifier that is equivalent for two candidates that are of the 815 same type, share the same base, and come from the same STUN 816 server. The foundation is used to optimize ICE performance in the 817 Frozen algorithm as described in [RFC8445] 819 : is a positive integer between 1 and 256 (inclusive) 820 that identifies the specific component of the dta stream for which 821 this is a candidate. It MUST start at 1 and MUST increment by 1 822 for each component of a particular candidate. For data streams 823 based on RTP, candidates for the actual RTP media MUST have a 824 component ID of 1, and candidates for RTCP MUST have a component 825 ID of 2. See section 13 in [RFC8445] for additional discussion on 826 extending ICE to new data streams. 828 : is a positive integer between 1 and (2**31 - 1) 829 inclusive. The procedures for computing candidate's priority is 830 described in section 5.1.2 of [RFC8445]. 832 : encodes the type of candidate. This specification 833 defines the values "host", "srflx", "prflx", and "relay" for host, 834 server reflexive, peer reflexive, and relayed candidates, 835 respectively. Specifications for new candidate types MUST define 836 how, if at all, various steps in the ICE processing differ from 837 the ones defined by this specification. 839 and : convey transport addresses related to the 840 candidate, useful for diagnostics and other purposes. 841 and MUST be present for server reflexive, peer 842 reflexive, and relayed candidates. If a candidate is server or 843 peer reflexive, and are equal to the base 844 for that server or peer reflexive candidate. If the candidate is 845 relayed, and are equal to the mapped address 846 in the Allocate response that provided the client with that 847 relayed candidate (see Appendix B.3 of [RFC8445] for a discussion 848 of its purpose). If the candidate is a host candidate, 849 and MUST be omitted. 851 In some cases, e.g., for privacy reasons, an agent may not want to 852 reveal the related address and port. In this case the address 853 MUST be set to "0.0.0.0" (for IPv4 candidates) or "::" (for IPv6 854 candidates) and the port to zero. 856 The candidate attribute can itself be extended. The grammar allows 857 for new name/value pairs to be added at the end of the attribute. 858 Such extensions MUST be made through IETF Review or IESG Approval 859 [RFC8126] and the assignments MUST contain the specific extension and 860 a reference to the document defining the usage of the extension 862 An implementation MUST ignore any name/value pairs it doesn't 863 understand. 865 Example: SDP line for UDP server reflexive candidate attribute for 866 the RTP component 868 a=candidate:2 1 UDP 1694498815 192.0.2.3 45664 typ srflx raddr 869 203.0.113.141 rport 8998 871 4.2. "remote-candidates" Attribute 873 The syntax of the "remote-candidates" attribute is defined using 874 Augmented BNF as defined in [RFC5234]. The remote-candidates 875 attribute is a media-level attribute only. 877 remote-candidate-att = "remote-candidates:" remote-candidate 878 0*(SP remote-candidate) 879 remote-candidate = component-ID SP connection-address SP port 881 The attribute contains a connection-address and port for each 882 component. The ordering of components is irrelevant. However, a 883 value MUST be present for each component of a data stream. This 884 attribute MUST be included in an offer by a controlling agent for a 885 data stream that is Completed, and MUST NOT be included in any other 886 case. 888 Example: Remote candidates SDP lines for the RTP and RTCP components: 890 a=remote-candidates:1 192.0.2.3 45664 891 a=remote-candidates:2 192.0.2.3 45665 893 4.3. "ice-lite" and "ice-mismatch" Attributes 895 The syntax of the "ice-lite" and "ice-mismatch" attributes, both of 896 which are flags, is: 898 ice-lite = "ice-lite" 899 ice-mismatch = "ice-mismatch" 901 "ice-lite" is a session-level attribute only, and indicates that an 902 agent is a lite implementation. "ice-mismatch" is a media-level 903 attribute and only reported in the answer. It indicates that the 904 offer arrived with a default destination for a media component that 905 didn't have a corresponding candidate attribute. Inclusion of 906 "a=ice-mismatch" attribute for a given data stream implies that even 907 though both agents support ICE, ICE procedures MUST NOT be used for 908 this data stream and [RFC3264] procedures MUST be used instead. 910 4.4. "ice-ufrag" and "ice-pwd" Attributes 912 The "ice-ufrag" and "ice-pwd" attributes convey the username fragment 913 and password used by ICE for message integrity. Their syntax is: 915 ice-pwd-att = "ice-pwd:" password 916 ice-ufrag-att = "ice-ufrag:" ufrag 917 password = 22*256ice-char 918 ufrag = 4*256ice-char 920 The "ice-pwd" and "ice-ufrag" attributes can appear at either the 921 session-level or media-level. When present in both, the value in the 922 media-level takes precedence. Thus, the value at the session-level 923 is effectively a default that applies to all data streams, unless 924 overridden by a media-level value. Whether present at the session or 925 media-level, there MUST be an ice-pwd and ice-ufrag attribute for 926 each data stream. If two data streams have identical ice-ufrag's, 927 they MUST have identical ice-pwd's. 929 The ice-ufrag and ice-pwd attributes MUST be chosen randomly at the 930 beginning of a session (the same applies when ICE is restarting for 931 an agent). 933 The ice-ufrag attribute MUST contain at least 24 bits of randomness, 934 and the ice-pwd attribute MUST contain at least 128 bits of 935 randomness. This means that the ice-ufrag attribute will be at least 936 4 characters long, and the ice-pwd at least 22 characters long, since 937 the grammar for these attributes allows for 6 bits of information per 938 character. The attributes MAY be longer than 4 and 22 characters, 939 respectively, of course, up to 256 characters. The upper limit 940 allows for buffer sizing in implementations. Its large upper limit 941 allows for increased amounts of randomness to be added over time. 942 For compatibility with the 512 character limitation for the STUN 943 username attribute value and for bandwidth conservation 944 considerations, the ice-ufrag attribute MUST NOT be longer than 32 945 characters when sending, but an implementation MUST accept up to 256 946 characters when receiving. 948 Example shows sample ice-ufrag and ice-pwd SDP lines: 950 a=ice-pwd:asd88fgpdd777uzjYhagZg 951 a=ice-ufrag:8hhY 953 4.5. "ice-pacing" Attribute 955 The "ice-pacing" is a session level attribute that indicates the 956 desired connectivity check pacing, in milliseconds, for this agent 957 (see section 14 of [RFC8445]). The syntax is: 959 ice-pacing-att = "ice-pacing:" pacing-value 960 pacing-value = 1*10DIGIT 962 Following the procedures defined in [RFC8445], a default value of 963 50ms is used for an agent when the ice-pacing attribute is omitted in 964 the offer or the answer. 966 The same rule applies for ice-pacing attribute values lower than 967 50ms. This mandates that, if an agent includes the ice-pacing 968 attribute, its value MUST be greater than 50ms or else a value of 969 50ms is considered by default for that agent. 971 Also the larger of the ice-pacing attribute values between the offer 972 and the answer (determined either by the one provided in the ice- 973 pacing attribute or by picking the default value) MUST be considered 974 for a given ICE session. 976 4.6. "ice-options" Attribute 978 The "ice-options" attribute is a session- and media-level attribute. 979 It contains a series of tokens that identify the options supported by 980 the agent. Its grammar is: 982 ice-options = "ice-options:" ice-option-tag 983 0*(SP ice-option-tag) 984 ice-option-tag = 1*ice-char 986 The existence of an ice-option in an offer indicates that a certain 987 extension is supported by the agent and it is willing to use it, if 988 the peer agent also includes the same extension in the answer. There 989 might be further extension specific negotiation needed between the 990 agents that determine how the extension gets used in a given session. 991 The details of the negotiation procedures, if present, MUST be 992 defined by the specification defining the extension (see 993 Section 9.2). 995 Example shows 'rtp+ecn' ice-option SDP line from <>: 997 a=ice-options:rtp+ecn 999 5. Keepalives 1001 All the ICE agents MUST follow the procedures defined in section 11 1002 of [RFC8445] for sending keepalives. The keepalives MUST be sent 1003 regardless of whether the data stream is currently inactive, 1004 sendonly, recvonly, or sendrecv, and regardless of the presence or 1005 value of the bandwidth attribute. An agent can determine that its 1006 peer supports ICE by the presence of "a=candidate" attributes for 1007 each media session. 1009 6. SIP Considerations 1011 Note that ICE is not intended for NAT traversal for SIP, which is 1012 assumed to be provided via another mechanism [RFC5626]. 1014 When ICE is used with SIP, forking may result in a single offer 1015 generating a multiplicity of answers. In that case, ICE proceeds 1016 completely in parallel and independently for each answer, treating 1017 the combination of its offer and each answer as an independent offer/ 1018 answer exchange, with its own set of local candidates, pairs, check 1019 lists, states, and so on. 1021 Once ICE processing has reached the Completed state for all peers for 1022 media streams using those candidates, the agent SHOULD wait an 1023 additional three seconds, and then it MAY cease responding to checks 1024 or generating triggered checks on that candidate. It MAY free the 1025 candidate at that time. Freeing of server reflexive candidates is 1026 never explicit; it happens by lack of a keepalive. The three-second 1027 delay handles cases when aggressive nomination is used, and the 1028 selected pairs can quickly change after ICE has completed. 1030 6.1. Latency Guidelines 1032 ICE requires a series of STUN-based connectivity checks to take place 1033 between endpoints. These checks start from the answerer on 1034 generation of its answer, and start from the offerer when it receives 1035 the answer. These checks can take time to complete, and as such, the 1036 selection of messages to use with offers and answers can affect 1037 perceived user latency. Two latency figures are of particular 1038 interest. These are the post-pickup delay and the post-dial delay. 1039 The post-pickup delay refers to the time between when a user "answers 1040 the phone" and when any speech they utter can be delivered to the 1041 caller. The post-dial delay refers to the time between when a user 1042 enters the destination address for the user and ringback begins as a 1043 consequence of having successfully started alerting the called user 1044 agent. 1046 Two cases can be considered -- one where the offer is present in the 1047 initial INVITE and one where it is in a response. 1049 6.1.1. Offer in INVITE 1051 To reduce post-dial delays, it is RECOMMENDED that the caller begin 1052 gathering candidates prior to actually sending its initial INVITE, so 1053 that the candidates can be provided in the INVITE. This can be 1054 started upon user interface cues that a call is pending, such as 1055 activity on a keypad or the phone going off-hook. 1057 On the receipt of the offer, the answerer SHOULD generate an answer 1058 in a provisional response as soon as it has completed gathering the 1059 candidates. ICE requires that a provisional response with an SDP be 1060 transmitted reliably. This can be done through the existing 1061 Provisional Response Acknowledgment (PRACK) mechanism [RFC3262] or 1062 through an ICE specific optimization, wherein, the agent retransmits 1063 the provisional response with the exponential backoff timers 1064 described in [RFC3262]. Such retransmissions MUST cease on receipt 1065 of a STUN Binding request with transport address matching candidate 1066 address for one of the data streams signaled in that SDP or on 1067 transmission of the answer in a 2xx response. If no Binding request 1068 is received prior to the last retransmit, the agent does not consider 1069 the session terminated. For the ICE lite peers , the agent MUST 1070 cease retransmitting the 18x after sending it four times since there 1071 will be no Binding request sent and the number four is arbitrarily 1072 chosen to limit the number of 18x retransmits (poor man's version of 1073 [RFC3262] basically). (ICE will actually work even if the peer never 1074 receives the 18x; however, experience has shown that sending it is 1075 important for middleboxes and firewall traversal). 1077 Once the answer has been sent, the agent SHOULD begin its 1078 connectivity checks. Once candidate pairs for each component of a 1079 data stream enter the valid list, the answerer can begin sending 1080 media on that data stream. 1082 However, prior to this point, any media that needs to be sent towards 1083 the caller (such as SIP early media [RFC3960]) MUST NOT be 1084 transmitted. For this reason, implementations SHOULD delay alerting 1085 the called party until candidates for each component of each data 1086 stream have entered the valid list. In the case of a PSTN gateway, 1087 this would mean that the setup message into the PSTN is delayed until 1088 this point. Doing this increases the post-dial delay, but has the 1089 effect of eliminating 'ghost rings'. Ghost rings are cases where the 1090 called party hears the phone ring, picks up, but hears nothing and 1091 cannot be heard. This technique works without requiring support for, 1092 or usage of, preconditions [RFC3312]. It also has the benefit of 1093 guaranteeing that not a single packet of media will get clipped, so 1094 that post-pickup delay is zero. If an agent chooses to delay local 1095 alerting in this way, it SHOULD generate a 180 response once alerting 1096 begins. 1098 6.1.2. Offer in Response 1100 In addition to uses where the offer is in an INVITE, and the answer 1101 is in the provisional and/or 200 OK response, ICE works with cases 1102 where the offer appears in the response. In such cases, which are 1103 common in third party call control [RFC3725], ICE agents SHOULD 1104 generate their offers in a reliable provisional response (which MUST 1105 utilize [RFC3262]), and not alert the user on receipt of the INVITE. 1106 The answer will arrive in a PRACK. This allows for ICE processing to 1107 take place prior to alerting, so that there is no post-pickup delay, 1108 at the expense of increased call setup delays. Once ICE completes, 1109 the callee can alert the user and then generate a 200 OK when they 1110 answer. The 200 OK would contain no SDP, since the offer/answer 1111 exchange has completed. 1113 Alternatively, agents MAY place the offer in a 2xx instead (in which 1114 case the answer comes in the ACK). When this happens, the callee 1115 will alert the user on receipt of the INVITE, and the ICE exchanges 1116 will take place only after the user answers. This has the effect of 1117 reducing call setup delay, but can cause substantial post-pickup 1118 delays and media clipping. 1120 6.2. SIP Option Tags and Media Feature Tags 1122 [RFC5768] specifies a SIP option tag and media feature tag for usage 1123 with ICE. ICE implementations using SIP SHOULD support this 1124 specification, which uses a feature tag in registrations to 1125 facilitate interoperability through signaling intermediaries. 1127 6.3. Interactions with Forking 1129 ICE interacts very well with forking. Indeed, ICE fixes some of the 1130 problems associated with forking. Without ICE, when a call forks and 1131 the caller receives multiple incoming data streams, it cannot 1132 determine which data stream corresponds to which callee. 1134 With ICE, this problem is resolved. The connectivity checks which 1135 occur prior to transmission of media carry username fragments, which 1136 in turn are correlated to a specific callee. Subsequent media 1137 packets that arrive on the same candidate pair as the connectivity 1138 check will be associated with that same callee. Thus, the caller can 1139 perform this correlation as long as it has received an answer. 1141 6.4. Interactions with Preconditions 1143 Quality of Service (QoS) preconditions, which are defined in 1144 [RFC3312] and [RFC4032], apply only to the transport addresses listed 1145 as the default targets for media in an offer/answer. If ICE changes 1146 the transport address where media is received, this change is 1147 reflected in an updated offer that changes the default destination 1148 for media to match ICE's selection. As such, it appears like any 1149 other re-INVITE would, and is fully treated in RFCs 3312 and 4032, 1150 which apply without regard to the fact that the destination for media 1151 is changing due to ICE negotiations occurring "in the background". 1153 Indeed, an agent SHOULD NOT indicate that QoS preconditions have been 1154 met until the checks have completed and selected the candidate pairs 1155 to be used for media. 1157 ICE also has (purposeful) interactions with connectivity 1158 preconditions [RFC5898]. Those interactions are described there. 1159 Note that the procedures described in Section 6.1 describe their own 1160 type of "preconditions", albeit with less functionality than those 1161 provided by the explicit preconditions in [RFC5898]. 1163 6.5. Interactions with Third Party Call Control 1165 ICE works with Flows I, III, and IV as described in [RFC3725]. Flow 1166 I works without the controller supporting or being aware of ICE. 1167 Flow IV will work as long as the controller passes along the ICE 1168 attributes without alteration. Flow II is fundamentally incompatible 1169 with ICE; each agent will believe itself to be the answerer and thus 1170 never generate a re-INVITE. 1172 The flows for continued operation, as described in Section 7 of 1173 [RFC3725], require additional behavior of ICE implementations to 1174 support. In particular, if an agent receives a mid-dialog re-INVITE 1175 that contains no offer, it MUST restart ICE for each data stream and 1176 go through the process of gathering new candidates. Furthermore, 1177 that list of candidates SHOULD include the ones currently being used 1178 for media. 1180 7. Relationship with ANAT 1182 [RFC4091], the Alternative Network Address Types (ANAT) Semantics for 1183 the SDP grouping framework, and [RFC4092], its usage with SIP, define 1184 a mechanism for indicating that an agent can support both IPv4 and 1185 IPv6 for a data stream, and it does so by including two "m=" lines, 1186 one for v4 and one for v6. This is similar to ICE, which allows for 1187 an agent to indicate multiple transport addresses using the candidate 1188 attribute. However, ANAT relies on static selection to pick between 1189 choices, rather than a dynamic connectivity check used by ICE. 1191 It is RECOMMENDED that ICE be used in realizing the dual-stack use- 1192 cases in agents that support ICE. 1194 8. Security Considerations 1196 8.1. Attacks on the Offer/Answer Exchanges 1198 An attacker that can modify or disrupt the offer/answer exchanges 1199 themselves can readily launch a variety of attacks with ICE. They 1200 could direct media to a target of a DoS attack, they could insert 1201 themselves into the data stream, and so on. These are similar to the 1202 general security considerations for offer/answer exchanges, and the 1203 security considerations in [RFC3264] apply. These require techniques 1204 for message integrity and encryption for offers and answers, which 1205 are satisfied by the TLS mechanism [RFC3261] when SIP is used. As 1206 such, the usage of TLS with ICE is RECOMMENDED. 1208 8.2. Insider Attacks 1210 In addition to attacks where the attacker is a third party trying to 1211 insert fake offers, answers, or STUN messages, there are several 1212 attacks possible with ICE when the attacker is an authenticated and 1213 valid participant in the ICE exchange. 1215 8.2.1. The Voice Hammer Attack 1217 The voice hammer attack is an amplification attack. In this attack, 1218 the attacker initiates sessions to other agents, and maliciously 1219 includes the connection address and port of a DoS target as the 1220 destination for media traffic signaled in the SDP. This causes 1221 substantial amplification; a single offer/answer exchange can create 1222 a continuing flood of media packets, possibly at high rates (consider 1223 video sources). This attack is not specific to ICE, but ICE can help 1224 provide remediation. 1226 Specifically, if ICE is used, the agent receiving the malicious SDP 1227 will first perform connectivity checks to the target of media before 1228 sending media there. If this target is a third-party host, the 1229 checks will not succeed, and media is never sent. 1231 Unfortunately, ICE doesn't help if it's not used, in which case an 1232 attacker could simply send the offer without the ICE parameters. 1233 However, in environments where the set of clients is known, and is 1234 limited to ones that support ICE, the server can reject any offers or 1235 answers that don't indicate ICE support. 1237 SIP User Agents (UA) [RFC3261] that are not willing to receive non- 1238 ICE answers MUST include an "ice" Option Tag [RFC5768] in the SIP 1239 Require Header Field in their offer. UAs that rejects non-ICE offers 1240 SHOULD use a 421 response code, together with an Option Tag "ice" in 1241 the Require Header Field in the response. 1243 8.2.2. Interactions with Application Layer Gateways and SIP 1245 Application Layer Gateways (ALGs) are functions present in a Network 1246 Address Translation (NAT) device that inspect the contents of packets 1247 and modify them, in order to facilitate NAT traversal for application 1248 protocols. Session Border Controllers (SBCs) are close cousins of 1249 ALGs, but are less transparent since they actually exist as 1250 application-layer SIP intermediaries. ICE has interactions with SBCs 1251 and ALGs. 1253 If an ALG is SIP aware but not ICE aware, ICE will work through it as 1254 long as the ALG correctly modifies the SDP. A correct ALG 1255 implementation behaves as follows: 1257 o The ALG does not modify the "m=" and "c=" lines or the rtcp 1258 attribute if they contain external addresses. 1260 o If the "m=" and "c=" lines contain internal addresses, the 1261 modification depends on the state of the ALG: 1263 * If the ALG already has a binding established that maps an 1264 external port to an internal connection address and port 1265 matching the values in the "m=" and "c=" lines or rtcp 1266 attribute, the ALG uses that binding instead of creating a new 1267 one. 1269 * If the ALG does not already have a binding, it creates a new 1270 one and modifies the SDP, rewriting the "m=" and "c=" lines and 1271 rtcp attribute. 1273 Unfortunately, many ALGs are known to work poorly in these corner 1274 cases. ICE does not try to work around broken ALGs, as this is 1275 outside the scope of its functionality. ICE can help diagnose these 1276 conditions, which often show up as a mismatch between the set of 1277 candidates and the "m=" and "c=" lines and rtcp attributes. The ice- 1278 mismatch attribute is used for this purpose. 1280 ICE works best through ALGs when the signaling is run over TLS. This 1281 prevents the ALG from manipulating the SDP messages and interfering 1282 with ICE operation. Implementations that are expected to be deployed 1283 behind ALGs SHOULD provide for TLS transport of the SDP. 1285 If an SBC is SIP aware but not ICE aware, the result depends on the 1286 behavior of the SBC. If it is acting as a proper Back-to-Back User 1287 Agent (B2BUA), the SBC will remove any SDP attributes it doesn't 1288 understand, including the ICE attributes. Consequently, the call 1289 will appear to both endpoints as if the other side doesn't support 1290 ICE. This will result in ICE being disabled, and media flowing 1291 through the SBC, if the SBC has requested it. If, however, the SBC 1292 passes the ICE attributes without modification, yet modifies the 1293 default destination for media (contained in the "m=" and "c=" lines 1294 and rtcp attribute), this will be detected as an ICE mismatch, and 1295 ICE processing is aborted for the call. It is outside of the scope 1296 of ICE for it to act as a tool for "working around" SBCs. If one is 1297 present, ICE will not be used and the SBC techniques take precedence. 1299 9. IANA Considerations 1301 9.1. SDP Attributes 1303 The original ICE specification defined seven new SDP attributes per 1304 the procedures of Section 8.2.4 of [RFC4566]. The registration 1305 information from the original specification is included here with 1306 modifications to include Mux Category and also defines a new SDP 1307 attribute 'ice-pacing'. 1309 9.1.1. candidate Attribute 1311 Attribute Name: candidate 1313 Type of Attribute: media-level 1315 Subject to charset: No 1317 Purpose: This attribute is used with Interactive Connectivity 1318 Establishment (ICE), and provides one of many possible candidate 1319 addresses for communication. These addresses are validated with 1320 an end-to-end connectivity check using Session Traversal Utilities 1321 for NAT (STUN). 1323 Appropriate Values: See Section 4 of RFC XXXX. 1325 Contact Name: IESG 1327 Contact e-mail: iesg@ietf.org [1] 1329 Reference: RFCXXXX 1331 Mux Category: TRANSPORT 1333 9.1.2. remote-candidates Attribute 1335 Attribute Name: remote-candidates 1337 Type of Attribute: media-level 1339 Subject to charset: No 1341 Purpose: This attribute is used with Interactive Connectivity 1342 Establishment (ICE), and provides the identity of the remote 1343 candidates that the offerer wishes the answerer to use in its 1344 answer. 1346 Appropriate Values: See Section 4 of RFC XXXX. 1348 Contact Name: IESG 1350 Contact e-mail: iesg@ietf.org [2] 1352 Reference: RFCXXXX 1354 Mux Category: TRANSPORT 1356 9.1.3. ice-lite Attribute 1358 Attribute Name: ice-lite 1360 Type of Attribute: session-level 1362 Subject to charset: No 1364 Purpose: This attribute is used with Interactive Connectivity 1365 Establishment (ICE), and indicates that an agent has the minimum 1366 functionality required to support ICE inter-operation with a peer 1367 that has a full implementation. 1369 Appropriate Values: See Section 4 of RFC XXXX. 1371 Contact Name: IESG 1372 Contact e-mail: iesg@ietf.org [3] 1374 Reference: RFCXXXX 1376 Mux Category: NORMAL 1378 9.1.4. ice-mismatch Attribute 1380 Attribute Name: ice-mismatch 1382 Type of Attribute: media-level 1384 Subject to charset: No 1386 Purpose: This attribute is used with Interactive Connectivity 1387 Establishment (ICE), and indicates that an agent is ICE capable, 1388 but did not proceed with ICE due to a mismatch of candidates with 1389 the default destination for media signaled in the SDP. 1391 Appropriate Values: See Section 4 of RFC XXXX. 1393 Contact Name: IESG 1395 Contact e-mail: iesg@ietf.org [4] 1397 Reference: RFCXXXX 1399 Mux Category: NORMAL 1401 9.1.5. ice-pwd Attribute 1403 Attribute Name: ice-pwd 1405 Type of Attribute: session- or media-level 1407 Subject to charset: No 1409 Purpose: This attribute is used with Interactive Connectivity 1410 Establishment (ICE), and provides the password used to protect 1411 STUN connectivity checks. 1413 Appropriate Values: See Section 4 of RFC XXXX. 1415 Contact Name: IESG 1417 Contact e-mail: iesg@ietf.org [5] 1419 Reference: RFCXXXX 1420 Mux Category: TRANSPORT 1422 9.1.6. ice-ufrag Attribute 1424 Attribute Name: ice-ufrag 1426 Type of Attribute: session- or media-level 1428 Subject to charset: No 1430 Purpose: This attribute is used with Interactive Connectivity 1431 Establishment (ICE), and provides the fragments used to construct 1432 the username in STUN connectivity checks. 1434 Appropriate Values: See Section 4 of RFC XXXX. 1436 Contact Name: IESG 1438 Contact e-mail: iesg@ietf.org [6] 1440 Reference: RFCXXXX 1442 Mux Category: TRANSPORT 1444 9.1.7. ice-options Attribute 1446 Attribute Name: ice-options 1448 Long Form: ice-options 1450 Type of Attribute: session-level 1452 Subject to charset: No 1454 Purpose: This attribute is used with Interactive Connectivity 1455 Establishment (ICE), and indicates the ICE options or extensions 1456 used by the agent. 1458 Appropriate Values: See Section 4 of RFC XXXX. 1460 Contact Name: IESG 1462 Contact e-mail: iesg@ietf.org [7] 1464 Reference: RFCXXXX 1466 Mux Category: NORMAL 1468 9.1.8. ice-pacing Attribute 1470 This specification also defines a new SDP attribute, "ice-pacing" 1471 according to the following data: 1473 Attribute Name: ice-pacing 1475 Type of Attribute: session-level 1477 Subject to charset: No 1479 Purpose: This attribute is used with Interactive Connectivity 1480 Establishment (ICE) to indicate desired connectivity check pacing 1481 values. 1483 Appropriate Values: See Section 4 of RFC XXXX. 1485 Contact Name: IESG 1487 Contact e-mail: iesg@ietf.org [8] 1489 Reference: RFCXXXX 1491 Mux Category: NORMAL 1493 9.2. Interactive Connectivity Establishment (ICE) Options Registry 1495 IANA maintains a registry for ice-options identifiers under the 1496 Specification Required policy as defined in "Guidelines for Writing 1497 an IANA Considerations Section in RFCs" [RFC8126]. 1499 ICE options are of unlimited length according to the syntax in 1500 Section 4.6; however, they are RECOMMENDED to be no longer than 20 1501 characters. This is to reduce message sizes and allow for efficient 1502 parsing. ICE options are defined at the session level. 1504 A registration request MUST include the following information: 1506 o The ICE option identifier to be registered 1508 o Name, Email, and Address of a contact person for the registration 1510 o Organization or individuals having the change control 1512 o Short description of the ICE extension to which the option relates 1514 o Reference(s) to the specification defining the ICE option and the 1515 related extensions 1517 10. Acknowledgments 1519 A large part of the text in this document was taken from [RFC5245], 1520 authored by Jonathan Rosenberg. 1522 Some of the text in this document was taken from [RFC6336], authored 1523 by Magnus Westerlund and Colin Perkins. 1525 Many thanks to Christer Holmberg for providing text suggestions in 1526 Section 3 that aligns with [RFC8445] 1528 Thanks to Thomas Stach for text help, Roman Shpount for suggesting 1529 RTCP candidate handling and Simon Perreault for advising on IPV6 1530 address selection when candidate-address includes FQDN. 1532 Many thanks to Flemming Andreasen for shepherd review feedback. 1534 Thanks to following experts for their reviews and constructive 1535 feedback: Christer Holmberg, Adam Roach, Peter Saint-Andre and the 1536 MMUSIC WG. 1538 11. References 1540 11.1. Normative References 1542 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1543 Requirement Levels", BCP 14, RFC 2119, 1544 DOI 10.17487/RFC2119, March 1997, 1545 . 1547 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 1548 A., Peterson, J., Sparks, R., Handley, M., and E. 1549 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 1550 DOI 10.17487/RFC3261, June 2002, 1551 . 1553 [RFC3262] Rosenberg, J. and H. Schulzrinne, "Reliability of 1554 Provisional Responses in Session Initiation Protocol 1555 (SIP)", RFC 3262, DOI 10.17487/RFC3262, June 2002, 1556 . 1558 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 1559 with Session Description Protocol (SDP)", RFC 3264, 1560 DOI 10.17487/RFC3264, June 2002, 1561 . 1563 [RFC3312] Camarillo, G., Ed., Marshall, W., Ed., and J. Rosenberg, 1564 "Integration of Resource Management and Session Initiation 1565 Protocol (SIP)", RFC 3312, DOI 10.17487/RFC3312, October 1566 2002, . 1568 [RFC3556] Casner, S., "Session Description Protocol (SDP) Bandwidth 1569 Modifiers for RTP Control Protocol (RTCP) Bandwidth", 1570 RFC 3556, DOI 10.17487/RFC3556, July 2003, 1571 . 1573 [RFC3605] Huitema, C., "Real Time Control Protocol (RTCP) attribute 1574 in Session Description Protocol (SDP)", RFC 3605, 1575 DOI 10.17487/RFC3605, October 2003, 1576 . 1578 [RFC4032] Camarillo, G. and P. Kyzivat, "Update to the Session 1579 Initiation Protocol (SIP) Preconditions Framework", 1580 RFC 4032, DOI 10.17487/RFC4032, March 2005, 1581 . 1583 [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session 1584 Description Protocol", RFC 4566, DOI 10.17487/RFC4566, 1585 July 2006, . 1587 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 1588 Specifications: ABNF", STD 68, RFC 5234, 1589 DOI 10.17487/RFC5234, January 2008, 1590 . 1592 [RFC5768] Rosenberg, J., "Indicating Support for Interactive 1593 Connectivity Establishment (ICE) in the Session Initiation 1594 Protocol (SIP)", RFC 5768, DOI 10.17487/RFC5768, April 1595 2010, . 1597 [RFC6336] Westerlund, M. and C. Perkins, "IANA Registry for 1598 Interactive Connectivity Establishment (ICE) Options", 1599 RFC 6336, April 2010, 1600 . 1602 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 1603 Writing an IANA Considerations Section in RFCs", BCP 26, 1604 RFC 8126, DOI 10.17487/RFC8126, June 2017, 1605 . 1607 [RFC8445] Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive 1608 Connectivity Establishment (ICE): A Protocol for Network 1609 Address Translator (NAT) Traversal", RFC 8445, 1610 DOI 10.17487/RFC8445, July 2018, 1611 . 1613 11.2. Informative References 1615 [draft-holmberg-ice-pac] 1616 Holmberg, C. and J. Uberti, "Interactive Connectivity 1617 Establishment Patiently Awaiting Connectivity (ICE PAC)", 1618 draft-holmberg-ice-pac-01 (work in progress), March 2019, 1619 . 1622 [RFC3725] Rosenberg, J., Peterson, J., Schulzrinne, H., and G. 1623 Camarillo, "Best Current Practices for Third Party Call 1624 Control (3pcc) in the Session Initiation Protocol (SIP)", 1625 BCP 85, RFC 3725, DOI 10.17487/RFC3725, April 2004, 1626 . 1628 [RFC3960] Camarillo, G. and H. Schulzrinne, "Early Media and Ringing 1629 Tone Generation in the Session Initiation Protocol (SIP)", 1630 RFC 3960, DOI 10.17487/RFC3960, December 2004, 1631 . 1633 [RFC4091] Camarillo, G. and J. Rosenberg, "The Alternative Network 1634 Address Types (ANAT) Semantics for the Session Description 1635 Protocol (SDP) Grouping Framework", RFC 4091, June 2005, 1636 . 1638 [RFC4092] Camarillo, G. and J. Rosenberg, "Usage of the Session 1639 Description Protocol (SDP) Alternative Network Address 1640 Types (ANAT) Semantics in the Session Initiation Protocol 1641 (SIP)", RFC 4092, June 2005, 1642 . 1644 [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment 1645 (ICE): A Protocol for Network Address Translator (NAT) 1646 Traversal for Offer/Answer Protocols", RFC 5245, 1647 DOI 10.17487/RFC5245, April 2010, 1648 . 1650 [RFC5626] Jennings, C., Ed., Mahy, R., Ed., and F. Audet, Ed., 1651 "Managing Client-Initiated Connections in the Session 1652 Initiation Protocol (SIP)", RFC 5626, 1653 DOI 10.17487/RFC5626, October 2009, 1654 . 1656 [RFC5898] Andreasen, F., Camarillo, G., Oran, D., and D. Wing, 1657 "Connectivity Preconditions for Session Description 1658 Protocol (SDP) Media Streams", RFC 5898, 1659 DOI 10.17487/RFC5898, July 2010, 1660 . 1662 11.3. URIs 1664 [1] mailto:iesg@ietf.org 1666 [2] mailto:iesg@ietf.org 1668 [3] mailto:iesg@ietf.org 1670 [4] mailto:iesg@ietf.org 1672 [5] mailto:iesg@ietf.org 1674 [6] mailto:iesg@ietf.org 1676 [7] mailto:iesg@ietf.org 1678 [8] mailto:iesg@ietf.org 1680 [9] mailto:christer.holmberg@ericsson.com 1682 [10] mailto:rshpount@turbobridge.com 1684 [11] mailto:thomass.stach@gmail.com 1686 Appendix A. Examples 1688 For the example shown in section 15 of [RFC8445] the resulting offer 1689 (message 5) encoded in SDP looks like: 1691 v=0 1692 o=jdoe 2890844526 2890842807 IN IP6 $L-PRIV-1.IP 1693 s= 1694 c=IN IP6 $NAT-PUB-1.IP 1695 t=0 0 1696 a=ice-pwd:asd88fgpdd777uzjYhagZg 1697 a=ice-ufrag:8hhY 1698 m=audio $NAT-PUB-1.PORT RTP/AVP 0 1699 b=RS:0 1700 b=RR:0 1701 a=rtpmap:0 PCMU/8000 1702 a=candidate:1 1 UDP 2130706431 $L-PRIV-1.IP $L-PRIV-1.PORT typ host 1703 a=candidate:2 1 UDP 1694498815 $NAT-PUB-1.IP $NAT-PUB-1.PORT typ 1704 srflx raddr $L-PRIV-1.IP rport $L-PRIV-1.PORT 1706 The offer, with the variables replaced with their values, will look 1707 like (lines folded for clarity): 1709 v=0 1710 o=jdoe 2890844526 2890842807 IN IP6 fe80::6676:baff:fe9c:ee4a 1711 s= 1712 c=IN IP6 2001:DB8:8101:3a55:4858:a2a9:22ff:99b9 1713 t=0 0 1714 a=ice-pwd:asd88fgpdd777uzjYhagZg 1715 a=ice-ufrag:8hhY 1716 m=audio 45664 RTP/AVP 0 1717 b=RS:0 1718 b=RR:0 1719 a=rtpmap:0 PCMU/8000 1720 a=candidate:1 1 UDP 2130706431 fe80::6676:baff:fe9c:ee4a 8998 typ host 1721 a=candidate:2 1 UDP 1694498815 2001:DB8:8101:3a55:4858:a2a9:22ff:99b9 1722 45664 typ srflx raddr fe80::6676:baff:fe9c:ee4a rport 8998 1724 The resulting answer looks like: 1726 v=0 1727 o=bob 2808844564 2808844564 IN IP4 $R-PUB-1.IP 1728 s= 1729 c=IN IP4 $R-PUB-1.IP 1730 t=0 0 1731 a=ice-pwd:YH75Fviy6338Vbrhrlp8Yh 1732 a=ice-ufrag:9uB6 1733 m=audio $R-PUB-1.PORT RTP/AVP 0 1734 b=RS:0 1735 b=RR:0 1736 a=rtpmap:0 PCMU/8000 1737 a=candidate:1 1 UDP 2130706431 $R-PUB-1.IP $R-PUB-1.PORT typ host 1738 With the variables filled in: 1740 v=0 1741 o=bob 2808844564 2808844564 IN IP4 192.0.2.1 1742 s= 1743 c=IN IP4 192.0.2.1 1744 t=0 0 1745 a=ice-pwd:YH75Fviy6338Vbrhrlp8Yh 1746 a=ice-ufrag:9uB6 1747 m=audio 3478 RTP/AVP 0 1748 b=RS:0 1749 b=RR:0 1750 a=rtpmap:0 PCMU/8000 1751 a=candidate:1 1 UDP 2130706431 192.0.2.1 3478 typ host 1753 Appendix B. The remote-candidates Attribute 1755 The "a=remote-candidates" attribute exists to eliminate a race 1756 condition between the updated offer and the response to the STUN 1757 Binding request that moved a candidate into the Valid list. This 1758 race condition is shown in Figure 1. On receipt of message 4, agent 1759 L adds a candidate pair to the valid list. If there was only a 1760 single data stream with a single component, agent L could now send an 1761 updated offer. However, the check from agent R has not yet generated 1762 a response, and agent R receives the updated offer (message 7) before 1763 getting the response (message 9). Thus, it does not yet know that 1764 this particular pair is valid. To eliminate this condition, the 1765 actual candidates at R that were selected by the offerer (the remote 1766 candidates) are included in the offer itself, and the answerer delays 1767 its answer until those pairs validate. 1769 Agent L Network Agent R 1770 |(1) Offer | | 1771 |------------------------------------------>| 1772 |(2) Answer | | 1773 |<------------------------------------------| 1774 |(3) STUN Req. | | 1775 |------------------------------------------>| 1776 |(4) STUN Res. | | 1777 |<------------------------------------------| 1778 |(5) STUN Req. | | 1779 |<------------------------------------------| 1780 |(6) STUN Res. | | 1781 |-------------------->| | 1782 | |Lost | 1783 |(7) Offer | | 1784 |------------------------------------------>| 1785 |(8) STUN Req. | | 1786 |<------------------------------------------| 1787 |(9) STUN Res. | | 1788 |------------------------------------------>| 1789 |(10) Answer | | 1790 |<------------------------------------------| 1792 Figure 1: Race Condition Flow 1794 Appendix C. Why Is the Conflict Resolution Mechanism Needed? 1796 When ICE runs between two peers, one agent acts as controlled, and 1797 the other as controlling. Rules are defined as a function of 1798 implementation type and offerer/answerer to determine who is 1799 controlling and who is controlled. However, the specification 1800 mentions that, in some cases, both sides might believe they are 1801 controlling, or both sides might believe they are controlled. How 1802 can this happen? 1804 The condition when both agents believe they are controlled shows up 1805 in third party call control cases. Consider the following flow: 1807 A Controller B 1808 |(1) INV() | | 1809 |<-------------| | 1810 |(2) 200(SDP1) | | 1811 |------------->| | 1812 | |(3) INV() | 1813 | |------------->| 1814 | |(4) 200(SDP2) | 1815 | |<-------------| 1816 |(5) ACK(SDP2) | | 1817 |<-------------| | 1818 | |(6) ACK(SDP1) | 1819 | |------------->| 1821 Figure 2: Role Conflict Flow 1823 This flow is a variation on flow III of RFC 3725 [RFC3725]. In fact, 1824 it works better than flow III since it produces fewer messages. In 1825 this flow, the controller sends an offerless INVITE to agent A, which 1826 responds with its offer, SDP1. The agent then sends an offerless 1827 INVITE to agent B, which it responds to with its offer, SDP2. The 1828 controller then uses the offer from each agent to generate the 1829 answers. When this flow is used, ICE will run between agents A and 1830 B, but both will believe they are in the controlling role. With the 1831 role conflict resolution procedures, this flow will function properly 1832 when ICE is used. 1834 At this time, there are no documented flows that can result in the 1835 case where both agents believe they are controlled. However, the 1836 conflict resolution procedures allow for this case, should a flow 1837 arise that would fit into this category. 1839 Appendix D. Why Send an Updated Offer? 1841 Section 11.1 describes rules for sending media. Both agents can send 1842 media once ICE checks complete, without waiting for an updated offer. 1843 Indeed, the only purpose of the updated offer is to "correct" the SDP 1844 so that the default destination for media matches where media is 1845 being sent based on ICE procedures (which will be the highest- 1846 priority nominated candidate pair). 1848 This begs the question -- why is the updated offer/answer exchange 1849 needed at all? Indeed, in a pure offer/answer environment, it would 1850 not be. The offerer and answerer will agree on the candidates to use 1851 through ICE, and then can begin using them. As far as the agents 1852 themselves are concerned, the updated offer/answer provides no new 1853 information. However, in practice, numerous components along the 1854 signaling path look at the SDP information. These include entities 1855 performing off-path QoS reservations, NAT traversal components such 1856 as ALGs and Session Border Controllers (SBCs), and diagnostic tools 1857 that passively monitor the network. For these tools to continue to 1858 function without change, the core property of SDP -- that the 1859 existing, pre-ICE definitions of the addresses used for media -- the 1860 "m=" and "c=" lines and the rtcp attribute -- must be retained. For 1861 this reason, an updated offer must be sent. 1863 Appendix E. Contributors 1865 Following experts have contributed textual and structural 1866 improvements for this work 1868 1. Christer Holmberg 1870 * Ericsson 1872 * Email: christer.holmberg@ericsson.com [9] 1874 2. Roman Shpount 1876 * TurboBridge 1878 * rshpount@turbobridge.com [10] 1880 3. Thomas Stach 1882 * thomass.stach@gmail.com [11] 1884 Authors' Addresses 1886 Marc Petit-Huguenin 1887 Impedance Mismatch 1889 Email: marc@petit-huguenin.org 1891 Suhas Nandakumar 1892 Cisco Systems 1893 707 Tasman Dr 1894 Milpitas, CA 95035 1895 USA 1897 Email: snandaku@cisco.com 1898 Ari Keranen 1899 Ericsson 1900 Jorvas 02420 1901 Finland 1903 Email: ari.keranen@ericsson.com