idnits 2.17.1 draft-ietf-mmusic-ice-sip-sdp-38.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There is 1 instance of too long lines in the document, the longest one being 9 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (August 8, 2019) is 1721 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 4566 (Obsoleted by RFC 8866) ** Obsolete normative reference: RFC 6336 (Obsoleted by RFC 8839) -- Obsolete informational reference (is this intentional?): RFC 5245 (Obsoleted by RFC 8445, RFC 8839) Summary: 3 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 MMUSIC M. Petit-Huguenin 3 Internet-Draft Impedance Mismatch 4 Obsoletes: 5245 (if approved) S. Nandakumar 5 Intended status: Standards Track Cisco Systems 6 Expires: February 9, 2020 A. Keranen 7 Ericsson 8 R. Shpount 9 TurboBridge 10 C. Holmberg 11 Ericsson 12 August 8, 2019 14 Session Description Protocol (SDP) Offer/Answer procedures for 15 Interactive Connectivity Establishment (ICE) 16 draft-ietf-mmusic-ice-sip-sdp-38 18 Abstract 20 This document describes Session Description Protocol (SDP) Offer/ 21 Answer procedures for carrying out Interactive Connectivity 22 Establishment (ICE) between the agents. 24 This document obsoletes RFC 5245. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at https://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on February 9, 2020. 43 Copyright Notice 45 Copyright (c) 2019 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (https://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 This document may contain material from IETF Documents or IETF 59 Contributions published or made publicly available before November 60 10, 2008. The person(s) controlling the copyright in some of this 61 material may not have granted the IETF Trust the right to allow 62 modifications of such material outside the IETF Standards Process. 63 Without obtaining an adequate license from the person(s) controlling 64 the copyright in such materials, this document may not be modified 65 outside the IETF Standards Process, and derivative works of it may 66 not be created outside the IETF Standards Process, except to format 67 it for publication as an RFC or to translate it into languages other 68 than English. 70 Table of Contents 72 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 73 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 4 74 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 75 4. SDP Offer/Answer Procedures . . . . . . . . . . . . . . . . . 4 76 4.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 4 77 4.2. Generic Procedures . . . . . . . . . . . . . . . . . . . 5 78 4.2.1. Encoding . . . . . . . . . . . . . . . . . . . . . . 5 79 4.2.2. RTP/RTCP Considerations . . . . . . . . . . . . . . . 6 80 4.2.3. Determining Role . . . . . . . . . . . . . . . . . . 6 81 4.2.4. STUN Considerations . . . . . . . . . . . . . . . . . 6 82 4.2.5. Verifying ICE Support Procedures . . . . . . . . . . 7 83 4.2.6. SDP Example . . . . . . . . . . . . . . . . . . . . . 8 84 4.3. Initial Offer/Answer Exchange . . . . . . . . . . . . . . 8 85 4.3.1. Sending the Initial Offer . . . . . . . . . . . . . . 8 86 4.3.2. Sending the Initial Answer . . . . . . . . . . . . . 9 87 4.3.3. Receiving the Initial Answer . . . . . . . . . . . . 10 88 4.3.4. Concluding ICE . . . . . . . . . . . . . . . . . . . 10 89 4.4. Subsequent Offer/Answer Exchanges . . . . . . . . . . . . 11 90 4.4.1. Sending Subsequent Offer . . . . . . . . . . . . . . 11 91 4.4.2. Sending Subsequent Answer . . . . . . . . . . . . . . 13 92 4.4.3. Receiving Answer for a Subsequent Offer . . . . . . . 16 93 5. Grammar . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 94 5.1. "candidate" Attribute . . . . . . . . . . . . . . . . . . 18 95 5.2. "remote-candidates" Attribute . . . . . . . . . . . . . . 20 96 5.3. "ice-lite" and "ice-mismatch" Attributes . . . . . . . . 20 97 5.4. "ice-ufrag" and "ice-pwd" Attributes . . . . . . . . . . 21 98 5.5. "ice-pacing" Attribute . . . . . . . . . . . . . . . . . 22 99 5.6. "ice-options" Attribute . . . . . . . . . . . . . . . . . 22 100 6. Keepalives . . . . . . . . . . . . . . . . . . . . . . . . . 23 101 7. SIP Considerations . . . . . . . . . . . . . . . . . . . . . 23 102 7.1. Latency Guidelines . . . . . . . . . . . . . . . . . . . 23 103 7.1.1. Offer in INVITE . . . . . . . . . . . . . . . . . . . 23 104 7.1.2. Offer in Response . . . . . . . . . . . . . . . . . . 24 105 7.2. SIP Option Tags and Media Feature Tags . . . . . . . . . 25 106 7.3. Interactions with Forking . . . . . . . . . . . . . . . . 25 107 7.4. Interactions with Preconditions . . . . . . . . . . . . . 25 108 7.5. Interactions with Third Party Call Control . . . . . . . 26 109 8. Interactions with Application Layer Gateways and SIP . . . . 26 110 9. Security Considerations . . . . . . . . . . . . . . . . . . . 27 111 9.1. Attacks on the Offer/Answer Exchanges . . . . . . . . . . 27 112 9.2. Insider Attacks . . . . . . . . . . . . . . . . . . . . . 28 113 9.2.1. The Voice Hammer Attack . . . . . . . . . . . . . . . 28 114 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 115 10.1. SDP Attributes . . . . . . . . . . . . . . . . . . . . . 28 116 10.1.1. candidate Attribute . . . . . . . . . . . . . . . . 29 117 10.1.2. remote-candidates Attribute . . . . . . . . . . . . 29 118 10.1.3. ice-lite Attribute . . . . . . . . . . . . . . . . . 30 119 10.1.4. ice-mismatch Attribute . . . . . . . . . . . . . . . 30 120 10.1.5. ice-pwd Attribute . . . . . . . . . . . . . . . . . 31 121 10.1.6. ice-ufrag Attribute . . . . . . . . . . . . . . . . 31 122 10.1.7. ice-options Attribute . . . . . . . . . . . . . . . 32 123 10.1.8. ice-pacing Attribute . . . . . . . . . . . . . . . . 32 124 10.2. Interactive Connectivity Establishment (ICE) Options 125 Registry . . . . . . . . . . . . . . . . . . . . . . . . 33 126 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33 127 12. Changes from RFC 5245 . . . . . . . . . . . . . . . . . . . . 33 128 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 129 13.1. Normative References . . . . . . . . . . . . . . . . . . 34 130 13.2. Informative References . . . . . . . . . . . . . . . . . 36 131 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 36 132 Appendix B. The remote-candidates Attribute . . . . . . . . . . 38 133 Appendix C. Why Is the Conflict Resolution Mechanism Needed? . . 39 134 Appendix D. Why Send an Updated Offer? . . . . . . . . . . . . . 40 135 Appendix E. Contributors . . . . . . . . . . . . . . . . . . . . 41 136 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 41 138 1. Introduction 140 This document describes how Interactive Connectivity Establishment 141 (ICE) is used with Session Description Protocol (SDP) offer/answer 142 [RFC3264]. The ICE specification [RFC8445] describes procedures that 143 are common to all usages of ICE and this document gives the 144 additional details needed to use ICE with SDP offer/answer. 146 This document obsoletes RFC 5245. 148 NOTE: Previously both the common ICE procedures, and the SDP offer/ 149 answer specific details, were described in[RFC5245]. [RFC8445] 150 obsoleted [RFC5245], and the SDP offer/answer specific details were 151 removed from the document. Section 12 describes the changes to the 152 SDP offer/answer specific details specified in this document. 154 2. Conventions 156 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 157 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 158 "OPTIONAL" in this document are to be interpreted as described in BCP 159 14 [RFC2119] [RFC8174] when, and only when, they appear in all 160 capitals, as shown here. 162 3. Terminology 164 Readers should be familiar with the terminology defined in [RFC3264], 165 in [RFC8445] and the following: 167 Default Destination/Candidate: The default destination for a 168 component of a data stream is the transport address that would be 169 used by an agent that is not ICE aware. A default candidate for a 170 component is one whose transport address matches the default 171 destination for that component. For the RTP component, the 172 default connection address is in the "c=" line of the SDP, and the 173 port and transport protocol are in the "m=" line. For the RTCP 174 component, the address and port are indicated using the "a=rtcp" 175 attribute defined in [RFC3605], if present; otherwise, the RTCP 176 component address is the same as the address of the RTP component, 177 and its port is one greater than the port of the RTP component. 179 4. SDP Offer/Answer Procedures 181 4.1. Introduction 183 [RFC8445] defines ICE candidate exchange as the process for ICE 184 agents (Initiator and Responder) to exchange their candidate 185 information required for ICE processing at the agents. For the 186 purposes of this specification, the candidate exchange process 187 corresponds to the [RFC3264] Offer/Answer protocol and the terms 188 "offerer" and "answerer" correspond to the initiator and responder 189 roles from [RFC8445] respectively. 191 Once the initiating agent has gathered, pruned, and prioritized its 192 set of candidates [RFC8445], the candidate exchange with the peer 193 agent begins. 195 4.2. Generic Procedures 197 4.2.1. Encoding 199 Section 5 provides detailed rules for constructing various SDP 200 attributes defined in this specification. 202 4.2.1.1. Data Streams 204 Each data stream [RFC8445] is represented by an SDP media description 205 ("m=" section). 207 4.2.1.2. Candidates 209 Within an "m=" section, each candidate (including the default 210 candidate) associated with the data stream is represented by an SDP 211 candidate attribute. 213 Prior to nomination, the "c=" line associated with an "m=" section 214 contains the connection address of the default candidate, while the 215 "m=" line contains the port and transport protocol of the default 216 candidate for that "m=" section. 218 After nomination, the "c=" line for a given "m=" section contains the 219 connection address of the nominated candidate (the local candidate of 220 the nominated candidate pair) and the "m=" line contains the port and 221 transport protocol corresponding to the nominated candidate for that 222 "m=" section. 224 4.2.1.3. Username and Password 226 The ICE username is represented by an SDP ice-ufrag attribute and the 227 ICE password is represented by an SDP ice-pwd attribute. 229 4.2.1.4. Lite Implementations 231 An ICE lite implementation [RFC8445] MUST include an SDP ice-lite 232 attribute. A full implementation MUST NOT include that attribute. 234 4.2.1.5. ICE Extensions 236 An agent uses the SDP ice-options attribute to indicate support of 237 ICE extensions. 239 An agent compliant to this specification MUST include an SDP ice- 240 options attribute with an "ice2" attribute value [RFC8445]. If an 241 agent receives an SDP offer or answer that indicates ICE support, but 242 that does not contain an SDP ice-options attribute with an "ice2" 243 attribute value, the agent can assume that the peer is compliant to 244 [RFC5245]. 246 4.2.1.6. Inactive and Disabled Data Streams 248 If an "m=" section is marked as inactive [RFC4566], or has a 249 bandwidth value of zero [RFC4566], the agent MUST still include ICE- 250 related SDP attributes. 252 If the port value associated with an "m=" section is set to zero 253 (implying a disabled stream) as defined in section 8.2 of [RFC3264], 254 the agent SHOULD NOT include ICE-related SDP candidate attributes in 255 that "m=" section, unless an SDP extension specifying otherwise is 256 used. 258 4.2.2. RTP/RTCP Considerations 260 If an agent utilizes both RTP and RTCP, and separate ports are used 261 for RTP and RTCP, the agent MUST include SDP candidate attributes for 262 both the RTP and RTCP components and SDP rtcp attribute SHOULD be 263 included in the "m=" section, as described in [RFC3605] 265 In the cases where the port number for the RTCP is one higher than 266 the RTP port and the RTCP component address is the same as the 267 address of the RTP component, the SDP rtcp attribute MAY be omitted. 269 If the agent does not utilize RTCP, it indicates that by including 270 b=RS:0 and b=RR:0 SDP attributes, as described in [RFC3556]. 272 4.2.3. Determining Role 274 The offerer acts as the Initiating agent. The answerer acts as the 275 Responding agent. The ICE roles (controlling and controlled) are 276 determined using the procedures in [RFC8445]. 278 4.2.4. STUN Considerations 280 Once an agent has provided its local candidates to its peer in an SDP 281 offer or answer, the agent MUST be prepared to receive STUN 282 connectivity check Binding requests on those candidates. 284 4.2.5. Verifying ICE Support Procedures 286 The agents will proceed with the ICE procedures defined in [RFC8445] 287 and this specification if, for each data stream in the SDP it 288 received, the default destination for each component of that data 289 stream appears in a candidate attribute. For example, in the case of 290 RTP, the connection address, port, and transport protocol in the "c=" 291 and "m=" lines, respectively, appear in a candidate attribute and the 292 value in the rtcp attribute appears in a candidate attribute. 294 This specification provides no guidance on how an agent should 295 proceed in the cases where the above condition is not met with the 296 few exceptions noted below: 298 1. The presence of certain application layer gateways might modify 299 the transport address information as described in Section 8. The 300 behavior of the responding agent in such a situation is 301 implementation dependent. Informally, the responding agent might 302 consider the mismatched transport address information as a 303 plausible new candidate learnt from the peer and continue its ICE 304 processing with that transport address included. Alternatively, 305 the responding agent MAY include an "a=ice-mismatch" attribute in 306 its answer for such data streams. If an agent chooses to include 307 an "a=ice-mismatch" attribute in its answer for a data stream, 308 then it MUST also omit "a=candidate" attributes, MUST terminate 309 the usage of ICE procedures and [RFC3264] procedures MUST be used 310 instead for this data stream. 312 2. The transport address from the peer for the default destination 313 is set to IPv4/IPv6 address values "0.0.0.0"/"::" and port value 314 of "9". This MUST NOT be considered as a ICE failure by the peer 315 agent and the ICE processing MUST continue as usual. 317 3. In some cases, the controlling/initiator agent may receive the 318 SDP answer that may omit "a=candidate" attributes for the data 319 stream, and instead include a media level "a=ice-mismatch" 320 attribute. This signals to the offerer that the answerer 321 supports ICE, but that ICE processing was not used for this data 322 stream. In this case, ICE processing MUST be terminated for this 323 data stream and [RFC3264] procedures MUST be followed instead. 325 4. The transport address from the peer for the default destination 326 is an FQDN. Regardless of the procedures used to resolve FQDN or 327 the resolution result, this MUST NOT be considered as a ICE 328 failure by the peer agent and the ICE processing MUST continue as 329 usual. 331 4.2.6. SDP Example 333 The following is an example SDP message that includes ICE attributes 334 (lines folded for readability): 336 v=0 337 o=jdoe 2890844526 2890842807 IN IP4 203.0.113.141 338 s= 339 c=IN IP4 192.0.2.3 340 t=0 0 341 a=ice-options:ice2 342 a=ice-pacing:50 343 a=ice-pwd:asd88fgpdd777uzjYhagZg 344 a=ice-ufrag:8hhY 345 m=audio 45664 RTP/AVP 0 346 b=RS:0 347 b=RR:0 348 a=rtpmap:0 PCMU/8000 349 a=candidate:1 1 UDP 2130706431 203.0.113.141 8998 typ host 350 a=candidate:2 1 UDP 1694498815 192.0.2.3 45664 typ srflx raddr 351 203.0.113.141 rport 8998 353 4.3. Initial Offer/Answer Exchange 355 4.3.1. Sending the Initial Offer 357 When an offerer generates the initial offer, in each "m=" section it 358 MUST include SDP candidate attributes for each available candidate 359 associated with the "m=" section. In addition, the offerer MUST 360 include an SDP ice-ufrag attribute, an SDP ice-pwd attribute and an 361 SDP ice-options attribute with an "ice2" attribute value in the 362 offer. If the offerer is a full ICE implementation, it SHOULD 363 include an ice-pacing attribute in the offer (if not included, the 364 default value will apply). A lite ICE implementation MUST NOT 365 included the ice-pacing attribute in the offer (as it will not 366 perform connectivity checks). 368 It is valid for an offer "m=" line to include no SDP candidate 369 attributes and with default destination set to the IP address values 370 "0.0.0.0"/"::" and port value of "9". This implies that the offering 371 agent is only going to use peer reflexive candidates or that 372 additional candidates would be provided in subsequent signaling 373 messages. 375 Note: Within the scope of this document, "Initial Offer" refers to 376 the first SDP offer that is sent in order to negotiate usage of 377 ICE. It might, or might not, be the initial SDP offer of the SDP 378 session. 380 Note: The procedures in this document only consider "m=" sections 381 associated with data streams where ICE is used. 383 4.3.2. Sending the Initial Answer 385 When an answerer receives an initial offer that indicates that the 386 offerer supports ICE, and if the answerer accepts the offer and the 387 usage of ICE, in each "m=" section within the answer, it MUST include 388 SDP candidate attributes for each available candidate associated with 389 the "m=" section. In addition, the answerer MUST include an SDP ice- 390 ufrag attribute, an SDP ice-pwd attribute and an SDP ice-options 391 attribute with an "ice2" attribute value in the answer. If the 392 answerer is a full ICE implementation, it SHOULD include an ice- 393 pacing attribute in the answerer (if not included, the default value 394 will apply). A lite ICE implementation MUST NOT included the ice- 395 pacing attribute in the answer (as it will not perform connectivity 396 chekcks). 398 In each "m=" line, the answerer MUST use the same transport protocol 399 as was used in the offer "m=" line. If none of the candidates in the 400 "m=" line in the answer use the same transport protocol as indicated 401 in the offer "m=" line, then, in order to avoid ICE mismatch, the 402 default destination MUST be set to IP address values "0.0.0.0"/"::" 403 and port value of "9". 405 It is also valid for an answer "m=" line to include no SDP candidate 406 attributes and with default destination set to the IP address values 407 "0.0.0.0"/"::" and port value of "9". This implies that the 408 answering agent is only going to use peer reflexive candidates or 409 that additional candidates would be provided in subsequent signaling 410 messages. 412 Once the answerer has sent the answer, it can start performing 413 connectivity checks towards the peer candidates that were provided in 414 the offer. 416 If the offer does not indicate support of ICE, the answerer MUST NOT 417 accept the usage of ICE. If the answerer still accepts the offer, 418 the answerer MUST NOT include any ICE-related SDP attributes in the 419 answer. Instead the answerer will generate the answer according to 420 normal offer/answer procedures [RFC3264]. 422 If the answerer detects a possibility of an ICE mismatch, procedures 423 described in Section 4.2.5 are followed. 425 4.3.3. Receiving the Initial Answer 427 When an offerer receives an initial answer that indicates that the 428 answerer supports ICE, it can start performing connectivity checks 429 towards the peer candidates that were provided in the answer. 431 If the answer does not indicate that the answerer supports ICE, or if 432 the answerer included "a=ice-mismatch" attributes for all the active 433 data streams in the answer, the offerer MUST terminate the usage of 434 ICE for the entire session and [RFC3264] procedures MUST be followed 435 instead. 437 On the other hand, if the answer indicates support for ICE but 438 includes "a=ice-mismatch" in certain active data streams, then the 439 offerer MUST terminate the usage of ICE procedures and [RFC3264] 440 procedures MUST be used instead for only these data streams. Also, 441 ICE procedures MUST be used for data streams where an "a=ice- 442 mismatch" attribute was not included. 444 If the offerer detects an ICE mismatch for one or more data streams 445 in the answer, as described in Section 4.2.5, the offerer MUST 446 terminate the usage of ICE for the entire session. The subsequent 447 actions taken by the offerer are implementation dependent and are out 448 of the scope of this specification. 450 4.3.4. Concluding ICE 452 Once the agent has successfully nominated a pair [RFC8445], the state 453 of the checklist associated with the pair is set to Completed. Once 454 the state of each checklist is set to either Completed or Failed, for 455 each Completed checklist the agent checks whether the nominated pair 456 matches the default candidate pair. If there are one or more pairs 457 that do not match, and the peer did not indicate support for the 458 'ice2' ice-option, the controlling agent MUST generate a subsequent 459 offer, in which the connection address, port and transport protocol 460 in the "c=" and "m=" lines associated with each data stream match the 461 corresponding local information of the nominated pair for that data 462 stream (Section 4.4.1.2.2). If the peer did indicate support for the 463 'ice2' ice-option, the controlling agent does not immediately need to 464 generate an updated offer in order to align a connection address, 465 port and protocol with a nominated pair. However, later in the 466 session, whenever the controlling agent does sent a subsequent offer, 467 it MUST do the alignment as described above. 469 If there are one or more checklists with the state set to Failed, the 470 controlling agent MUST generate a subsequent offer in order to remove 471 the associated data streams by setting the port value of the data 472 streams to zero (Section 4.4.1.1.2), even if the peer did indicate 473 support for the 'ice2' ice-option. If needed, such offer is used to 474 align the connection address, port and transport protocol, as 475 described above. 477 As described in [RFC8445], once the controlling agent has nominated a 478 candidate pair for a checklist, the agent MUST NOT nominate another 479 pair for that checklist during the lifetime of the ICE session (i.e. 480 until ICE is restarted). 482 [draft-ietf-ice-pac] provides a mechanism for allowing the ICE 483 process to run long enough in order to find working candidate pairs, 484 by waiting for potential peer-reflexive candidates, even though no 485 candidate pairs were received from the peer or all current candidate 486 pairs associated with a checklist have either failed or been 487 discarded. It is OPTIONAL for an ICE agent to support the mechanism. 489 4.4. Subsequent Offer/Answer Exchanges 491 Either agent MAY generate a subsequent offer at any time allowed by 492 [RFC3264]. This section defines rules for construction of subsequent 493 offers and answers. 495 Should a subsequent offer fail, ICE processing continues as if the 496 subsequent offer had never been made. 498 4.4.1. Sending Subsequent Offer 500 4.4.1.1. Procedures for All Implementations 502 4.4.1.1.1. ICE Restart 504 An agent MAY restart ICE processing for an existing data stream 505 [RFC8445]. 507 The rules governing the ICE restart imply that setting the connection 508 address in the "c=" line to "0.0.0.0" (for IPv4)/ "::" (for IPv6) 509 will cause an ICE restart. Consequently, ICE implementations MUST 510 NOT utilize this mechanism for call hold, and instead MUST use 511 "a=inactive" and "a=sendonly" as described in [RFC3264]. 513 To restart ICE, an agent MUST change both the ice-pwd and the ice- 514 ufrag for the data stream in an offer. However, it is permissible to 515 use a session-level attribute in one offer, but to provide the same 516 ice-pwd or ice-ufrag as a media-level attribute in a subsequent 517 offer. This MUST NOT be considered as ICE restart. 519 An agent sets the rest of the ICE-related fields in the SDP for this 520 data stream as it would in an initial offer of this data stream 521 (Section 4.2.1). Consequently, the set of candidates MAY include 522 some, none, or all of the previous candidates for that data stream 523 and MAY include a totally new set of candidates. The agent MAY 524 modify the attribute values of the SDP ice-options and SDP ice-pacing 525 attributes, and it MAY change its role using the SDP ice-lite 526 attribute. The agent MUST NOT modify the SDP ice-options, ice-pacing 527 and ice-lite attributes in a subsequent offer unless the offer is 528 sent in order to request an ICE restart. 530 4.4.1.1.2. Removing a Data Stream 532 If an agent removes a data stream by setting its port to zero, it 533 MUST NOT include any candidate attributes for that data stream and 534 SHOULD NOT include any other ICE-related attributes defined in 535 Section 5 for that data stream. 537 4.4.1.1.3. Adding a Data Stream 539 If an agent wishes to add a new data stream, it sets the fields in 540 the SDP for this data stream as if this were an initial offer for 541 that data stream (Section 4.2.1). This will cause ICE processing to 542 begin for this data stream. 544 4.4.1.2. Procedures for Full Implementations 546 This section describes additional procedures for full 547 implementations, covering existing data streams. 549 4.4.1.2.1. Before Nomination 551 When an offerer sends a subsequent offer; in each "m=" section for 552 which a candidate pair has not yet been nominated, the offer MUST 553 include the same set of ICE-related information that the offerer 554 included in the previous offer or answer. The agent MAY include 555 additional candidates it did not offer previously, but which it has 556 gathered since the last offer/answer exchange, including peer 557 reflexive candidates. 559 The agent MAY change the default destination for media. As with 560 initial offers, there MUST be a set of candidate attributes in the 561 offer matching this default destination. 563 4.4.1.2.2. After Nomination 565 Once a candidate pair has been nominated for a data stream, the 566 connection address, port and transport protocol in each "c=" and "m=" 567 line associated with that data stream MUST match the data associated 568 with the nominated pair for that data stream. In addition, the 569 offerer only includes SDP candidates (one per component) representing 570 the local candidates of the nominated candidate pair. The offerer 571 MUST NOT include any other SDP candidate attributes in the subsequent 572 offer. 574 In addition, if the agent is controlling, it MUST include the 575 "a=remote-candidates" attribute for each data stream whose checklist 576 is in the Completed state. The attribute contains the remote 577 candidates corresponding to the nominated pair in the valid list for 578 each component of that data stream. It is needed to avoid a race 579 condition whereby the controlling agent chooses its pairs, but the 580 updated offer beats the connectivity checks to the controlled agent, 581 which doesn't even know these pairs are valid, let alone selected. 582 See Appendix B for elaboration on this race condition. 584 4.4.1.3. Procedures for Lite Implementations 586 If the ICE state is Running, a lite implementation MUST include all 587 of its candidates for each component of each data stream in 588 "a=candidate" attributes in any subsequent offer. The candidates are 589 formed identically to the procedures for initial offers. 591 A lite implementation MUST NOT add additional host candidates in a 592 subsequent offer, and MUST NOT modify the username fragments and 593 passwords. If an agent needs to offer additional candidates, or 594 modify the username fragments and passwords, it MUST request an ICE 595 restart (Section 4.4.1.1.1) for that data stream. 597 If ICE has completed for a data stream and if the agent is 598 controlled, the default destination for that data stream MUST be set 599 to the remote candidate of the candidate pair for that component in 600 the valid list. For a lite implementation, there is always just a 601 single candidate pair in the valid list for each component of a data 602 stream. Additionally, the agent MUST include a candidate attribute 603 for each default destination. 605 If the ICE state is Completed and if the agent is controlling (which 606 only happens when both agents are lite), the agent MUST include the 607 "a=remote-candidates" attribute for each data stream. The attribute 608 contains the remote candidates from the candidate pairs in the valid 609 list (one pair for each component of each data stream). 611 4.4.2. Sending Subsequent Answer 613 If ICE is Completed for a data stream, and the offer for that data 614 stream lacked the "a=remote-candidates" attribute, the rules for 615 construction of the answer are identical to those for the offerer, 616 except that the answerer MUST NOT include the "a=remote-candidates" 617 attribute in the answer. 619 A controlled agent will receive an offer with the "a=remote- 620 candidates" attribute for a data stream when its peer has concluded 621 ICE processing for that data stream. This attribute is present in 622 the offer to deal with a race condition between the receipt of the 623 offer, and the receipt of the Binding Response that tells the 624 answerer the candidate that will be selected by ICE. See Appendix B 625 for an explanation of this race condition. Consequently, processing 626 of an offer with this attribute depends on the winner of the race. 628 The agent forms a candidate pair for each component of the data 629 stream by: 631 o Setting the remote candidate equal to the offerer's default 632 destination for that component (i.e. the contents of the "m=" and 633 "c=" lines for RTP, and the "a=rtcp" attribute for RTCP) 635 o Setting the local candidate equal to the transport address for 636 that same component in the "a=remote-candidates" attribute in the 637 offer. 639 The agent then sees if each of these candidate pairs is present in 640 the valid list. If a particular pair is not in the valid list, the 641 check has "lost" the race. Call such a pair a "losing pair". 643 The agent finds all the pairs in the checklist whose remote 644 candidates equal the remote candidate in the losing pair: 646 o If none of the pairs are In-Progress, and at least one is Failed, 647 it is most likely that a network failure, such as a network 648 partition or serious packet loss, has occurred. The agent SHOULD 649 generate an answer for this data stream as if the remote- 650 candidates attribute had not been present, and then restart ICE 651 for this stream. 653 o If at least one of the pairs is In-Progress, the agent SHOULD wait 654 for those checks to complete, and as each completes, redo the 655 processing in this section until there are no losing pairs. 657 Once there are no losing pairs, the agent can generate the answer. 658 It MUST set the default destination for media to the candidates in 659 the remote-candidates attribute from the offer (each of which will 660 now be the local candidate of a candidate pair in the valid list). 661 It MUST include a candidate attribute in the answer for each 662 candidate in the remote-candidates attribute in the offer. 664 4.4.2.1. ICE Restart 666 If the offerer in a subsequent offer requested an ICE restart 667 (Section 4.4.1.1.1) for a data stream, and if the answerer accepts 668 the offer, the answerer follows the procedures for generating an 669 initial answer. 671 For a given data stream, the answerer MAY include the same candidates 672 that were used in the previous ICE session, but it MUST change the 673 SDP ice-pwd and ice-ufrag attribute values. 675 The answerer MAY modify the attribute values of the SDP ice-options 676 and SDP ice-pacing attributes, and it MAY change its role using the 677 SDP ice-lite attribute. The answerer MUST NOT modify the SDP ice- 678 options, ice-pacing and ice-lite attributes in a subsequent answer 679 unless the answer is sent for an offer that was used to request an 680 ICE restart (Section 4.4.1.1.1). If any of the SDP attributes have 681 been modified in a subsequent offer that is not used to request an 682 ICE restart, the answerer MUST reject the offer. 684 4.4.2.2. Lite Implementation specific procedures 686 If the received offer contains the remote-candidates attribute for a 687 data stream, the agent forms a candidate pair for each component of 688 the data stream by: 690 o Setting the remote candidate equal to the offerer's default 691 destination for that component (i.e., the contents of the "m=" and 692 "c=" lines for RTP, and the "a=rtcp" attribute for RTCP). 694 o Setting the local candidate equal to the transport address for 695 that same component in the "a=remote-candidates" attribute in the 696 offer. 698 The state of the checklist associated with that data stream is set to 699 Completed. 701 Furthermore, if the agent believed it was controlling, but the offer 702 contained the "a=remote-candidates" attribute, both agents believe 703 they are controlling. In this case, both would have sent updated 704 offers around the same time. 706 However, the signaling protocol carrying the offer/answer exchanges 707 will have resolved this glare condition, so that one agent is always 708 the 'winner' by having its offer received before its peer has sent an 709 offer. The winner takes the role of controlling, so that the loser 710 (the answerer under consideration in this section) MUST change its 711 role to controlled. 713 Consequently, if the agent was going to send an updated offer since, 714 based on the rules in section 8.2 of [RFC8445], it was controlling, 715 it no longer needs to. 717 Besides the potential role change, change in the Valid list, and 718 state changes, the construction of the answer is performed 719 identically to the construction of an offer. 721 4.4.3. Receiving Answer for a Subsequent Offer 723 4.4.3.1. Procedures for Full Implementations 725 There may be certain situations where the offerer receives an SDP 726 answer that lacks ICE candidates although the initial answer included 727 them. One example of such an "unexpected" answer might be happen 728 when an ICE-unaware Back-to-Back User Agent (B2BUA) introduces a 729 media server during call hold using 3rd party call-control procedures 730 [RFC3725]. Omitting further details how this is done, this could 731 result in an answer being received at the holding UA that was 732 constructed by the B2BUA. With the B2BUA being ICE-unaware, that 733 answer would not include ICE candidates. 735 Receiving an answer without ICE attributes in this situation might be 736 unexpected, but would not necessarily impair the user experience. 738 When the offerer receives an answer indicating support for ICE, the 739 offer performs one of the following actions: 741 o If the offer was a restart, the agent MUST perform ICE restart 742 procedures as specified in Section 4.4.3.1.1 744 o If the offer/answer exchange removed a data stream, or an answer 745 rejected an offered data stream, an agent MUST flush the Valid 746 list for that data stream. It MUST also terminate any STUN 747 transactions in progress for that data stream. 749 o If the offer/answer exchange added a new data stream, the agent 750 MUST create a new checklist for it (and an empty Valid list to 751 start of course) which in turn triggers the candidate processing 752 procedures [RFC8445]. 754 o If the checklist state associated with a data stream is Running, 755 the agent recomputes the checklist. If a pair on the new 756 checklist was also on the previous checklist, its candidate pair 757 state is copied over. Otherwise, its candidate pair state is set 758 to Frozen. If none of the checklists are active (meaning that the 759 candidate pair states in each checklist are Frozen), appropriate 760 procedures in [RFC8445] are performed to move candidate pair(s) to 761 the Waiting state to further continue ICE processing. 763 o If the ICE state is Completed and the SDP answer conforms to 764 Section 4.4.2, the agent MUST remain in the Completed ICE state. 766 However, if the ICE support is no longer indicated in the SDP answer, 767 the agent MUST fall-back to [RFC3264] procedures and SHOULD NOT drop 768 the dialog because of the missing ICE support or unexpected answer. 769 Once the agent sends a new offer later on, it MUST perform an ICE 770 restart. 772 4.4.3.1.1. ICE Restarts 774 The agent MUST remember the nominated pair in the Valid list for each 775 component of the data stream, called the "previous selected pair", 776 prior to the restart. The agent will continue to send media using 777 this pair, as described in section 12 of [RFC8445]. Once these 778 destinations are noted, the agent MUST flush the Valid lists and 779 checklists, and then recompute the checklist and its states, thus 780 triggering the candidate processing procedures [RFC8445] 782 4.4.3.2. Procedures for Lite Implementations 784 If ICE is restarting for a data stream, the agent MUST create a new 785 Valid list for that data stream. It MUST remember the nominated pair 786 in the previous Valid list for each component of the data stream, 787 called the "previous selected pairs", and continue to send media 788 there as described in section 12 of [RFC8445]. The state of each 789 checklist for each data stream MUST change to Running, and the ICE 790 state MUST be set to Running. 792 5. Grammar 794 This specification defines eight new SDP attributes -- the 795 "candidate", "remote-candidates", "ice-lite", "ice-mismatch", "ice- 796 ufrag", "ice-pwd", "ice-pacing", and "ice-options" attributes. 798 This section also provides non-normative examples of the attributes 799 defined. 801 The syntax for the attributes follow Augmented BNF as defined in 802 [RFC5234]. 804 5.1. "candidate" Attribute 806 The candidate attribute is a media-level attribute only. It contains 807 a transport address for a candidate that can be used for connectivity 808 checks. 810 candidate-attribute = "candidate" ":" foundation SP component-id SP 811 transport SP 812 priority SP 813 connection-address SP ;from RFC 4566 814 port ;port from RFC 4566 815 SP cand-type 816 [SP rel-addr] 817 [SP rel-port] 818 *(SP extension-att-name SP 819 extension-att-value) 821 foundation = 1*32ice-char 822 component-id = 1*3DIGIT 823 transport = "UDP" / transport-extension 824 transport-extension = token ; from RFC 3261 825 priority = 1*10DIGIT 826 cand-type = "typ" SP candidate-types 827 candidate-types = "host" / "srflx" / "prflx" / "relay" / token 828 rel-addr = "raddr" SP connection-address 829 rel-port = "rport" SP port 830 extension-att-name = token 831 extension-att-value = *VCHAR 832 ice-char = ALPHA / DIGIT / "+" / "/" 834 This grammar encodes the primary information about a candidate: its 835 IP address, port and transport protocol, and its properties: the 836 foundation, component ID, priority, type, and related transport 837 address: 839 : is taken from RFC 4566 [RFC4566]. It is the 840 IP address of the candidate, allowing for IPv4 addresses, IPv6 841 addresses, and fully qualified domain names (FQDNs). When parsing 842 this field, an agent can differentiate an IPv4 address and an IPv6 843 address by presence of a colon in its value - the presence of a 844 colon indicates IPv6. An agent generating local candidates MUST 845 NOT use FQDN addresses. An agent processing remote candidates 846 MUST ignore candidate lines that include candidates with FQDN or 847 IP address versions that are not supported or recognized. The 848 procedures for generation and handling of FQDN candidates, as well 849 as, how agents indicate support for such procedures, need to be 850 specified in an extension specification. 852 : is also taken from RFC 4566 [RFC4566]. It is the port of 853 the candidate. 855 : indicates the transport protocol for the candidate. 856 This specification only defines UDP. However, extensibility is 857 provided to allow for future transport protocols to be used with 858 ICE by extending the sub-registry "ICE Transport Protocols" under 859 "Interactive Connectivity Establishment (ICE)" registry. 861 : is composed of 1 to 32 s. It is an 862 identifier that is equivalent for two candidates that are of the 863 same type, share the same base, and come from the same STUN 864 server. The foundation is used to optimize ICE performance in the 865 Frozen algorithm as described in [RFC8445] 867 : is a positive integer between 1 and 256 (inclusive) 868 that identifies the specific component of the data stream for 869 which this is a candidate. It MUST start at 1 and MUST increment 870 by 1 for each component of a particular candidate. For data 871 streams based on RTP, candidates for the actual RTP media MUST 872 have a component ID of 1, and candidates for RTCP MUST have a 873 component ID of 2. See section 13 in [RFC8445] for additional 874 discussion on extending ICE to new data streams. 876 : is a positive integer between 1 and (2**31 - 1) 877 inclusive. The procedures for computing candidate's priority is 878 described in section 5.1.2 of [RFC8445]. 880 : encodes the type of candidate. This specification 881 defines the values "host", "srflx", "prflx", and "relay" for host, 882 server reflexive, peer reflexive, and relayed candidates, 883 respectively. Specifications for new candidate types MUST define 884 how, if at all, various steps in the ICE processing differ from 885 the ones defined by this specification. 887 and : convey transport addresses related to the 888 candidate, useful for diagnostics and other purposes. 889 and MUST be present for server reflexive, peer 890 reflexive, and relayed candidates. If a candidate is server or 891 peer reflexive, and are equal to the base 892 for that server or peer reflexive candidate. If the candidate is 893 relayed, and are equal to the mapped address 894 in the Allocate response that provided the client with that 895 relayed candidate (see Appendix B.3 of [RFC8445] for a discussion 896 of its purpose). If the candidate is a host candidate, 897 and MUST be omitted. 899 In some cases, e.g., for privacy reasons, an agent may not want to 900 reveal the related address and port. In this case the address 901 MUST be set to "0.0.0.0" (for IPv4 candidates) or "::" (for IPv6 902 candidates) and the port to zero. 904 The candidate attribute can itself be extended. The grammar allows 905 for new name/value pairs to be added at the end of the attribute. 906 Such extensions MUST be made through IETF Review or IESG Approval 907 [RFC8126] and the assignments MUST contain the specific extension and 908 a reference to the document defining the usage of the extension. 910 An implementation MUST ignore any name/value pairs it doesn't 911 understand. 913 Example: SDP line for UDP server reflexive candidate attribute for 914 the RTP component 916 a=candidate:2 1 UDP 1694498815 192.0.2.3 45664 typ srflx raddr 917 203.0.113.141 rport 8998 919 5.2. "remote-candidates" Attribute 921 The syntax of the "remote-candidates" attribute is defined using 922 Augmented BNF as defined in [RFC5234]. The remote-candidates 923 attribute is a media-level attribute only. 925 remote-candidate-att = "remote-candidates:" remote-candidate 926 0*(SP remote-candidate) 927 remote-candidate = component-ID SP connection-address SP port 929 The attribute contains a connection-address and port for each 930 component. The ordering of components is irrelevant. However, a 931 value MUST be present for each component of a data stream. This 932 attribute MUST be included in an offer by a controlling agent for a 933 data stream that is Completed, and MUST NOT be included in any other 934 case. 936 Example: Remote candidates SDP lines for the RTP and RTCP components: 938 a=remote-candidates:1 192.0.2.3 45664 939 a=remote-candidates:2 192.0.2.3 45665 941 5.3. "ice-lite" and "ice-mismatch" Attributes 943 The syntax of the "ice-lite" and "ice-mismatch" attributes, both of 944 which are flags, is: 946 ice-lite = "ice-lite" 947 ice-mismatch = "ice-mismatch" 949 "ice-lite" is a session-level attribute only, and indicates that an 950 agent is a lite implementation. "ice-mismatch" is a media-level 951 attribute and only reported in the answer. It indicates that the 952 offer arrived with a default destination for a media component that 953 didn't have a corresponding candidate attribute. Inclusion of 954 "a=ice-mismatch" attribute for a given data stream implies that even 955 though both agents support ICE, ICE procedures MUST NOT be used for 956 this data stream and [RFC3264] procedures MUST be used instead. 958 5.4. "ice-ufrag" and "ice-pwd" Attributes 960 The "ice-ufrag" and "ice-pwd" attributes convey the username fragment 961 and password used by ICE for message integrity. Their syntax is: 963 ice-pwd-att = "ice-pwd:" password 964 ice-ufrag-att = "ice-ufrag:" ufrag 965 password = 22*256ice-char 966 ufrag = 4*256ice-char 968 The "ice-pwd" and "ice-ufrag" attributes can appear at either the 969 session-level or media-level. When present in both, the value in the 970 media-level takes precedence. Thus, the value at the session-level 971 is effectively a default that applies to all data streams, unless 972 overridden by a media-level value. Whether present at the session or 973 media-level, there MUST be an ice-pwd and ice-ufrag attribute for 974 each data stream. If two data streams have identical ice-ufrag's, 975 they MUST have identical ice-pwd's. 977 The ice-ufrag and ice-pwd attributes MUST be chosen randomly at the 978 beginning of a session (the same applies when ICE is restarting for 979 an agent). 981 [RFC8445] requires the ice-ufrag attribute to contain at least 24 982 bits of randomness, and the ice-pwd attribute to contain at least 128 983 bits of randomness. This means that the ice-ufrag attribute will be 984 at least 4 characters long, and the ice-pwd at least 22 characters 985 long, since the grammar for these attributes allows for 6 bits of 986 information per character. The attributes MAY be longer than 4 and 987 22 characters, respectively, of course, up to 256 characters. The 988 upper limit allows for buffer sizing in implementations. Its large 989 upper limit allows for increased amounts of randomness to be added 990 over time. For compatibility with the 512 character limitation for 991 the STUN username attribute value and for bandwidth conservation 992 considerations, the ice-ufrag attribute MUST NOT be longer than 32 993 characters when sending, but an implementation MUST accept up to 256 994 characters when receiving. 996 Example shows sample ice-ufrag and ice-pwd SDP lines: 998 a=ice-pwd:asd88fgpdd777uzjYhagZg 999 a=ice-ufrag:8hhY 1001 5.5. "ice-pacing" Attribute 1003 The "ice-pacing" is a session level attribute that indicates the 1004 desired connectivity check pacing (Ta interval), in milliseconds, 1005 that the sender wishes to use. See section 14.2 of [RFC8445] for 1006 more information regarding selecting a pacing value. The syntax is: 1008 ice-pacing-att = "ice-pacing:" pacing-value 1009 pacing-value = 1*10DIGIT 1011 If absent in an offer or answer the default value of the attribute is 1012 50 ms, which is the recommended value specified in [RFC8445]. 1014 Once both agents have indicated the pacing value they with to use, 1015 both agents MUST use the larger of the indicated values. 1017 Example shows an ice-pacing SDP line with value '50': 1018 a=ice-pacing:50 1020 5.6. "ice-options" Attribute 1022 The "ice-options" attribute is a session- and media-level attribute. 1023 It contains a series of tokens that identify the options supported by 1024 the agent. Its grammar is: 1026 ice-options = "ice-options:" ice-option-tag 1027 0*(SP ice-option-tag) 1028 ice-option-tag = 1*ice-char 1030 The existence of an ice-option in an offer indicates that a certain 1031 extension is supported by the agent and it is willing to use it, if 1032 the peer agent also includes the same extension in the answer. There 1033 might be further extension specific negotiation needed between the 1034 agents that determine how the extension gets used in a given session. 1035 The details of the negotiation procedures, if present, MUST be 1036 defined by the specification defining the extension (Section 10.2). 1038 Example shows an ice-options SDP line with 'ice2' and 'rtp+ecn' [RFC6679] values: 1040 a=ice-options:ice2,rtp+ecn 1041 6. Keepalives 1043 All the ICE agents MUST follow the procedures defined in section 11 1044 of [RFC8445] for sending keepalives. The keepalives MUST be sent 1045 regardless of whether the data stream is currently inactive, 1046 sendonly, recvonly, or sendrecv, and regardless of the presence or 1047 value of the bandwidth attribute. An agent can determine that its 1048 peer supports ICE by the presence of "a=candidate" attributes for 1049 each media session. 1051 7. SIP Considerations 1053 Note that ICE is not intended for NAT traversal for SIP signaling, 1054 which is assumed to be provided via another mechanism [RFC5626]. 1056 When ICE is used with SIP, forking may result in a single offer 1057 generating a multiplicity of answers. In that case, ICE proceeds 1058 completely in parallel and independently for each answer, treating 1059 the combination of its offer and each answer as an independent offer/ 1060 answer exchange, with its own set of local candidates, pairs, 1061 checklists, states, and so on. 1063 7.1. Latency Guidelines 1065 ICE requires a series of STUN-based connectivity checks to take place 1066 between endpoints. These checks start from the answerer on 1067 generation of its answer, and start from the offerer when it receives 1068 the answer. These checks can take time to complete, and as such, the 1069 selection of messages to use with offers and answers can affect 1070 perceived user latency. Two latency figures are of particular 1071 interest. These are the post-pickup delay and the post-dial delay. 1072 The post-pickup delay refers to the time between when a user "answers 1073 the phone" and when any speech they utter can be delivered to the 1074 caller. The post-dial delay refers to the time between when a user 1075 enters the destination address for the user and ringback begins as a 1076 consequence of having successfully started alerting the called user 1077 agent. 1079 Two cases can be considered -- one where the offer is present in the 1080 initial INVITE and one where it is in a response. 1082 7.1.1. Offer in INVITE 1084 To reduce post-dial delays, it is RECOMMENDED that the caller begin 1085 gathering candidates prior to actually sending its initial INVITE, so 1086 that the candidates can be provided in the INVITE. This can be 1087 started upon user interface cues that a call is pending, such as 1088 activity on a keypad or the phone going off-hook. 1090 On the receipt of the offer, the answerer SHOULD generate an answer 1091 in a provisional response as soon as it has completed gathering the 1092 candidates. ICE requires that a provisional response with an SDP be 1093 transmitted reliably. This can be done through the existing 1094 Provisional Response Acknowledgment (PRACK) mechanism [RFC3262] or 1095 through an ICE specific optimization, wherein, the agent retransmits 1096 the provisional response with the exponential backoff timers 1097 described in [RFC3262]. Such retransmissions MUST cease on receipt 1098 of a STUN Binding request with the transport address matching the 1099 candidate address for one of the data streams signaled in that SDP or 1100 on transmission of the answer in a 2xx response. If no Binding 1101 request is received prior to the last retransmit, the agent does not 1102 consider the session terminated. For the ICE lite peers, the agent 1103 MUST cease retransmitting the 18x after sending it four times since 1104 there will be no Binding request sent and the number four is 1105 arbitrarily chosen to limit the number of 18x retransmits. 1107 Once the answer has been sent, the agent SHOULD begin its 1108 connectivity checks. Once candidate pairs for each component of a 1109 data stream enter the valid list, the answerer can begin sending 1110 media on that data stream. 1112 However, prior to this point, any media that needs to be sent towards 1113 the caller (such as SIP early media [RFC3960]) MUST NOT be 1114 transmitted. For this reason, implementations SHOULD delay alerting 1115 the called party until candidates for each component of each data 1116 stream have entered the valid list. In the case of a PSTN gateway, 1117 this would mean that the setup message into the PSTN is delayed until 1118 this point. Doing this increases the post-dial delay, but has the 1119 effect of eliminating 'ghost rings'. Ghost rings are cases where the 1120 called party hears the phone ring, picks up, but hears nothing and 1121 cannot be heard. This technique works without requiring support for, 1122 or usage of, preconditions [RFC3312]. It also has the benefit of 1123 guaranteeing that not a single packet of media will get clipped, so 1124 that post-pickup delay is zero. If an agent chooses to delay local 1125 alerting in this way, it SHOULD generate a 180 response once alerting 1126 begins. 1128 7.1.2. Offer in Response 1130 In addition to uses where the offer is in an INVITE, and the answer 1131 is in the provisional and/or 200 OK response, ICE works with cases 1132 where the offer appears in the response. In such cases, which are 1133 common in third party call control [RFC3725], ICE agents SHOULD 1134 generate their offers in a reliable provisional response (which MUST 1135 utilize [RFC3262]), and not alert the user on receipt of the INVITE. 1136 The answer will arrive in a PRACK. This allows for ICE processing to 1137 take place prior to alerting, so that there is no post-pickup delay, 1138 at the expense of increased call setup delays. Once ICE completes, 1139 the callee can alert the user and then generate a 200 OK when they 1140 answer. The 200 OK would contain no SDP, since the offer/answer 1141 exchange has completed. 1143 Alternatively, agents MAY place the offer in a 2xx instead (in which 1144 case the answer comes in the ACK). When this happens, the callee 1145 will alert the user on receipt of the INVITE, and the ICE exchanges 1146 will take place only after the user answers. This has the effect of 1147 reducing call setup delay, but can cause substantial post-pickup 1148 delays and media clipping. 1150 7.2. SIP Option Tags and Media Feature Tags 1152 [RFC5768] specifies a SIP option tag and media feature tag for usage 1153 with ICE. ICE implementations using SIP SHOULD support this 1154 specification, which uses a feature tag in registrations to 1155 facilitate interoperability through signaling intermediaries. 1157 7.3. Interactions with Forking 1159 ICE interacts very well with forking. Indeed, ICE fixes some of the 1160 problems associated with forking. Without ICE, when a call forks and 1161 the caller receives multiple incoming data streams, it cannot 1162 determine which data stream corresponds to which callee. 1164 With ICE, this problem is resolved. The connectivity checks which 1165 occur prior to transmission of media carry username fragments, which 1166 in turn are correlated to a specific callee. Subsequent media 1167 packets that arrive on the same candidate pair as the connectivity 1168 check will be associated with that same callee. Thus, the caller can 1169 perform this correlation as long as it has received an answer. 1171 7.4. Interactions with Preconditions 1173 Quality of Service (QoS) preconditions, which are defined in 1174 [RFC3312] and [RFC4032], apply only to the transport addresses listed 1175 as the default targets for media in an offer/answer. If ICE changes 1176 the transport address where media is received, this change is 1177 reflected in an updated offer that changes the default destination 1178 for media to match ICE's selection. As such, it appears like any 1179 other re-INVITE would, and is fully treated in RFCs 3312 and 4032, 1180 which apply without regard to the fact that the destination for media 1181 is changing due to ICE negotiations occurring "in the background". 1183 Indeed, an agent SHOULD NOT indicate that QoS preconditions have been 1184 met until the checks have completed and selected the candidate pairs 1185 to be used for media. 1187 ICE also has (purposeful) interactions with connectivity 1188 preconditions [RFC5898]. Those interactions are described there. 1189 Note that the procedures described in Section 7.1 describe their own 1190 type of "preconditions", albeit with less functionality than those 1191 provided by the explicit preconditions in [RFC5898]. 1193 7.5. Interactions with Third Party Call Control 1195 ICE works with Flows I, III, and IV as described in [RFC3725]. Flow 1196 I works without the controller supporting or being aware of ICE. 1197 Flow IV will work as long as the controller passes along the ICE 1198 attributes without alteration. Flow II is fundamentally incompatible 1199 with ICE; each agent will believe itself to be the answerer and thus 1200 never generate a re-INVITE. 1202 The flows for continued operation, as described in Section 7 of 1203 [RFC3725], require additional behavior of ICE implementations to 1204 support. In particular, if an agent receives a mid-dialog re-INVITE 1205 that contains no offer, it MUST restart ICE for each data stream and 1206 go through the process of gathering new candidates. Furthermore, 1207 that list of candidates SHOULD include the ones currently being used 1208 for media. 1210 8. Interactions with Application Layer Gateways and SIP 1212 Application Layer Gateways (ALGs) are functions present in a Network 1213 Address Translation (NAT) device that inspect the contents of packets 1214 and modify them, in order to facilitate NAT traversal for application 1215 protocols. Session Border Controllers (SBCs) are close cousins of 1216 ALGs, but are less transparent since they actually exist as 1217 application-layer SIP intermediaries. ICE has interactions with SBCs 1218 and ALGs. 1220 If an ALG is SIP aware but not ICE aware, ICE will work through it as 1221 long as the ALG correctly modifies the SDP. A correct ALG 1222 implementation behaves as follows: 1224 o The ALG does not modify the "m=" and "c=" lines or the rtcp 1225 attribute if they contain external addresses. 1227 o If the "m=" and "c=" lines contain internal addresses, the 1228 modification depends on the state of the ALG: 1230 * If the ALG already has a binding established that maps an 1231 external port to an internal connection address and port 1232 matching the values in the "m=" and "c=" lines or rtcp 1233 attribute, the ALG uses that binding instead of creating a new 1234 one. 1236 * If the ALG does not already have a binding, it creates a new 1237 one and modifies the SDP, rewriting the "m=" and "c=" lines and 1238 rtcp attribute. 1240 Unfortunately, many ALGs are known to work poorly in these corner 1241 cases. ICE does not try to work around broken ALGs, as this is 1242 outside the scope of its functionality. ICE can help diagnose these 1243 conditions, which often show up as a mismatch between the set of 1244 candidates and the "m=" and "c=" lines and rtcp attributes. The ice- 1245 mismatch attribute is used for this purpose. 1247 ICE works best through ALGs when the signaling is run over TLS. This 1248 prevents the ALG from manipulating the SDP messages and interfering 1249 with ICE operation. Implementations that are expected to be deployed 1250 behind ALGs SHOULD provide for TLS transport of the SDP. 1252 If an SBC is SIP aware but not ICE aware, the result depends on the 1253 behavior of the SBC. If it is acting as a proper Back-to-Back User 1254 Agent (B2BUA), the SBC will remove any SDP attributes it doesn't 1255 understand, including the ICE attributes. Consequently, the call 1256 will appear to both endpoints as if the other side doesn't support 1257 ICE. This will result in ICE being disabled, and media flowing 1258 through the SBC, if the SBC has requested it. If, however, the SBC 1259 passes the ICE attributes without modification, yet modifies the 1260 default destination for media (contained in the "m=" and "c=" lines 1261 and rtcp attribute), this will be detected as an ICE mismatch, and 1262 ICE processing is aborted for the call. It is outside of the scope 1263 of ICE for it to act as a tool for "working around" SBCs. If one is 1264 present, ICE will not be used and the SBC techniques take precedence. 1266 9. Security Considerations 1268 9.1. Attacks on the Offer/Answer Exchanges 1270 An attacker that can modify or disrupt the offer/answer exchanges 1271 themselves can readily launch a variety of attacks with ICE. They 1272 could direct media to a target of a DoS attack, they could insert 1273 themselves into the data stream, and so on. These are similar to the 1274 general security considerations for offer/answer exchanges, and the 1275 security considerations in [RFC3264] apply. These require techniques 1276 for message integrity and encryption for offers and answers, which 1277 are satisfied by the TLS mechanism [RFC3261] when SIP is used. As 1278 such, the usage of TLS with ICE is RECOMMENDED. 1280 9.2. Insider Attacks 1282 In addition to attacks where the attacker is a third party trying to 1283 insert fake offers, answers, or STUN messages, there are several 1284 attacks possible with ICE when the attacker is an authenticated and 1285 valid participant in the ICE exchange. 1287 9.2.1. The Voice Hammer Attack 1289 The voice hammer attack is an amplification attack. In this attack, 1290 the attacker initiates sessions to other agents, and maliciously 1291 includes the connection address and port of a DoS target as the 1292 destination for media traffic signaled in the SDP. This causes 1293 substantial amplification; a single offer/answer exchange can create 1294 a continuing flood of media packets, possibly at high rates (consider 1295 video sources). This attack is not specific to ICE, but ICE can help 1296 provide remediation. 1298 Specifically, if ICE is used, the agent receiving the malicious SDP 1299 will first perform connectivity checks to the target of media before 1300 sending media there. If this target is a third-party host, the 1301 checks will not succeed, and media is never sent. 1303 Unfortunately, ICE doesn't help if it's not used, in which case an 1304 attacker could simply send the offer without the ICE parameters. 1305 However, in environments where the set of clients is known, and is 1306 limited to ones that support ICE, the server can reject any offers or 1307 answers that don't indicate ICE support. 1309 SIP User Agents (UA) [RFC3261] that are not willing to receive non- 1310 ICE answers MUST include an "ice" Option Tag [RFC5768] in the SIP 1311 Require Header Field in their offer. UAs that reject non-ICE offers 1312 will generally use a 421 response code, together with an Option Tag 1313 "ice" in the Require Header Field in the response. 1315 10. IANA Considerations 1317 10.1. SDP Attributes 1319 The original ICE specification defined seven new SDP attributes per 1320 the procedures of Section 8.2.4 of [RFC4566]. The registration 1321 information from the original specification is included here with 1322 modifications to include Mux Category and also defines a new SDP 1323 attribute 'ice-pacing'. 1325 10.1.1. candidate Attribute 1327 Attribute Name: candidate 1329 Type of Attribute: media-level 1331 Subject to charset: No 1333 Purpose: This attribute is used with Interactive Connectivity 1334 Establishment (ICE), and provides one of many possible candidate 1335 addresses for communication. These addresses are validated with 1336 an end-to-end connectivity check using Session Traversal Utilities 1337 for NAT (STUN). 1339 Appropriate Values: See Section 5 of RFC XXXX. 1341 Contact Name: IESG 1343 Contact Email: iesg@ietf.org 1345 Reference: RFCXXXX 1347 Mux Category: TRANSPORT 1349 10.1.2. remote-candidates Attribute 1351 Attribute Name: remote-candidates 1353 Type of Attribute: media-level 1355 Subject to charset: No 1357 Purpose: This attribute is used with Interactive Connectivity 1358 Establishment (ICE), and provides the identity of the remote 1359 candidates that the offerer wishes the answerer to use in its 1360 answer. 1362 Appropriate Values: See Section 5 of RFC XXXX. 1364 Contact Name: IESG 1366 Contact Email: iesg@ietf.org 1368 Reference: RFCXXXX 1370 Mux Category: TRANSPORT 1372 10.1.3. ice-lite Attribute 1374 Attribute Name: ice-lite 1376 Type of Attribute: session-level 1378 Subject to charset: No 1380 Purpose: This attribute is used with Interactive Connectivity 1381 Establishment (ICE), and indicates that an agent has the minimum 1382 functionality required to support ICE inter-operation with a peer 1383 that has a full implementation. 1385 Appropriate Values: See Section 5 of RFC XXXX. 1387 Contact Name: IESG 1389 Contact Email: iesg@ietf.org 1391 Reference: RFCXXXX 1393 Mux Category: NORMAL 1395 10.1.4. ice-mismatch Attribute 1397 Attribute Name: ice-mismatch 1399 Type of Attribute: media-level 1401 Subject to charset: No 1403 Purpose: This attribute is used with Interactive Connectivity 1404 Establishment (ICE), and indicates that an agent is ICE capable, 1405 but did not proceed with ICE due to a mismatch of candidates with 1406 the default destination for media signaled in the SDP. 1408 Appropriate Values: See Section 5 of RFC XXXX. 1410 Contact Name: IESG 1412 Contact e-mail: iesg@ietf.org 1414 Reference: RFCXXXX 1416 Mux Category: NORMAL 1418 10.1.5. ice-pwd Attribute 1420 Attribute Name: ice-pwd 1422 Type of Attribute: session- or media-level 1424 Subject to charset: No 1426 Purpose: This attribute is used with Interactive Connectivity 1427 Establishment (ICE), and provides the password used to protect 1428 STUN connectivity checks. 1430 Appropriate Values: See Section 5 of RFC XXXX. 1432 Contact Name: IESG 1434 Contact e-mail: iesg@ietf.org 1436 Reference: RFCXXXX 1438 Mux Category: TRANSPORT 1440 10.1.6. ice-ufrag Attribute 1442 Attribute Name: ice-ufrag 1444 Type of Attribute: session- or media-level 1446 Subject to charset: No 1448 Purpose: This attribute is used with Interactive Connectivity 1449 Establishment (ICE), and provides the fragments used to construct 1450 the username in STUN connectivity checks. 1452 Appropriate Values: See Section 5 of RFC XXXX. 1454 Contact Name: IESG 1456 Contact e-mail: iesg@ietf.org 1458 Reference: RFCXXXX 1460 Mux Category: TRANSPORT 1462 10.1.7. ice-options Attribute 1464 Attribute Name: ice-options 1466 Long Form: ice-options 1468 Type of Attribute: session-level 1470 Subject to charset: No 1472 Purpose: This attribute is used with Interactive Connectivity 1473 Establishment (ICE), and indicates the ICE options or extensions 1474 used by the agent. 1476 Appropriate Values: See Section 5 of RFC XXXX. 1478 Contact Name: IESG 1480 Contact e-mail: iesg@ietf.org 1482 Reference: RFCXXXX 1484 Mux Category: NORMAL 1486 10.1.8. ice-pacing Attribute 1488 This specification also defines a new SDP attribute, "ice-pacing" 1489 according to the following data: 1491 Attribute Name: ice-pacing 1493 Type of Attribute: session-level 1495 Subject to charset: No 1497 Purpose: This attribute is used with Interactive Connectivity 1498 Establishment (ICE) to indicate desired connectivity check pacing 1499 values. 1501 Appropriate Values: See Section 5 of RFC XXXX. 1503 Contact Name: IESG 1505 Contact e-mail: iesg@ietf.org 1507 Reference: RFCXXXX 1509 Mux Category: NORMAL 1511 10.2. Interactive Connectivity Establishment (ICE) Options Registry 1513 IANA maintains a registry for ice-options identifiers under the 1514 Specification Required policy as defined in "Guidelines for Writing 1515 an IANA Considerations Section in RFCs" [RFC8126]. 1517 ICE options are of unlimited length according to the syntax in 1518 Section 5.6; however, they are RECOMMENDED to be no longer than 20 1519 characters. This is to reduce message sizes and allow for efficient 1520 parsing. ICE options are defined at the session level. 1522 A registration request MUST include the following information: 1524 o The ICE option identifier to be registered 1526 o Short description of the ICE extension to which the option relates 1528 o Reference(s) to the specification defining the ICE option and the 1529 related extensions 1531 11. Acknowledgments 1533 A large part of the text in this document was taken from [RFC5245], 1534 authored by Jonathan Rosenberg. 1536 Some of the text in this document was taken from [RFC6336], authored 1537 by Magnus Westerlund and Colin Perkins. 1539 Many thanks to Flemming Andreasen for shepherd review feedback. 1541 Thanks to following experts for their reviews and constructive 1542 feedback: Thomas Stach, Adam Roach, Peter Saint-Andre, Roman Danyliw, 1543 Alissa Cooper, Benjamin Kaduk, Mirja Kuhlewind, Alexey Melnikov, Eric 1544 Vyncke for their detailed reviews. 1546 12. Changes from RFC 5245 1548 [RFC8445] describes the changes that were done to the common SIP 1549 procedures, including removal of aggressive nomination, modifying the 1550 procedures for calculating candidate pair states and scheduling 1551 connectivity checks and the calculation of timer values. 1553 This document defines the following SDP offer/answer specific 1554 changes: 1556 o SDP offer/answer realization and usage of of 'ice2' option. 1558 o Definition and usage of SDP 'ice-pacing' attribute. 1560 o Explicit text that an ICE agent must not generate candidates with 1561 FQDNs, and must discard such candidates if received from the peer 1562 agent. 1564 o Relax requirement to include SDP 'rtcp' attribute. 1566 o Generic clarifications of SDP offer/answer procedures. 1568 13. References 1570 13.1. Normative References 1572 [draft-ietf-ice-pac] 1573 Holmberg, C. and J. Uberti, "Interactive Connectivity 1574 Establishment Patiently Awaiting Connectivity (ICE PAC)", 1575 draft-ietf-ice-pac-02 (work in progress), July 2019, 1576 . 1579 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1580 Requirement Levels", BCP 14, RFC 2119, 1581 DOI 10.17487/RFC2119, March 1997, 1582 . 1584 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 1585 A., Peterson, J., Sparks, R., Handley, M., and E. 1586 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 1587 DOI 10.17487/RFC3261, June 2002, 1588 . 1590 [RFC3262] Rosenberg, J. and H. Schulzrinne, "Reliability of 1591 Provisional Responses in Session Initiation Protocol 1592 (SIP)", RFC 3262, DOI 10.17487/RFC3262, June 2002, 1593 . 1595 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 1596 with Session Description Protocol (SDP)", RFC 3264, 1597 DOI 10.17487/RFC3264, June 2002, 1598 . 1600 [RFC3312] Camarillo, G., Ed., Marshall, W., Ed., and J. Rosenberg, 1601 "Integration of Resource Management and Session Initiation 1602 Protocol (SIP)", RFC 3312, DOI 10.17487/RFC3312, October 1603 2002, . 1605 [RFC3556] Casner, S., "Session Description Protocol (SDP) Bandwidth 1606 Modifiers for RTP Control Protocol (RTCP) Bandwidth", 1607 RFC 3556, DOI 10.17487/RFC3556, July 2003, 1608 . 1610 [RFC3605] Huitema, C., "Real Time Control Protocol (RTCP) attribute 1611 in Session Description Protocol (SDP)", RFC 3605, 1612 DOI 10.17487/RFC3605, October 2003, 1613 . 1615 [RFC4032] Camarillo, G. and P. Kyzivat, "Update to the Session 1616 Initiation Protocol (SIP) Preconditions Framework", 1617 RFC 4032, DOI 10.17487/RFC4032, March 2005, 1618 . 1620 [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session 1621 Description Protocol", RFC 4566, DOI 10.17487/RFC4566, 1622 July 2006, . 1624 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 1625 Specifications: ABNF", STD 68, RFC 5234, 1626 DOI 10.17487/RFC5234, January 2008, 1627 . 1629 [RFC5768] Rosenberg, J., "Indicating Support for Interactive 1630 Connectivity Establishment (ICE) in the Session Initiation 1631 Protocol (SIP)", RFC 5768, DOI 10.17487/RFC5768, April 1632 2010, . 1634 [RFC6336] Westerlund, M. and C. Perkins, "IANA Registry for 1635 Interactive Connectivity Establishment (ICE) Options", 1636 RFC 6336, April 2010, 1637 . 1639 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 1640 Writing an IANA Considerations Section in RFCs", BCP 26, 1641 RFC 8126, DOI 10.17487/RFC8126, June 2017, 1642 . 1644 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1645 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1646 May 2017, . 1648 [RFC8445] Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive 1649 Connectivity Establishment (ICE): A Protocol for Network 1650 Address Translator (NAT) Traversal", RFC 8445, 1651 DOI 10.17487/RFC8445, July 2018, 1652 . 1654 13.2. Informative References 1656 [RFC3725] Rosenberg, J., Peterson, J., Schulzrinne, H., and G. 1657 Camarillo, "Best Current Practices for Third Party Call 1658 Control (3pcc) in the Session Initiation Protocol (SIP)", 1659 BCP 85, RFC 3725, DOI 10.17487/RFC3725, April 2004, 1660 . 1662 [RFC3960] Camarillo, G. and H. Schulzrinne, "Early Media and Ringing 1663 Tone Generation in the Session Initiation Protocol (SIP)", 1664 RFC 3960, DOI 10.17487/RFC3960, December 2004, 1665 . 1667 [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment 1668 (ICE): A Protocol for Network Address Translator (NAT) 1669 Traversal for Offer/Answer Protocols", RFC 5245, 1670 DOI 10.17487/RFC5245, April 2010, 1671 . 1673 [RFC5626] Jennings, C., Ed., Mahy, R., Ed., and F. Audet, Ed., 1674 "Managing Client-Initiated Connections in the Session 1675 Initiation Protocol (SIP)", RFC 5626, 1676 DOI 10.17487/RFC5626, October 2009, 1677 . 1679 [RFC5898] Andreasen, F., Camarillo, G., Oran, D., and D. Wing, 1680 "Connectivity Preconditions for Session Description 1681 Protocol (SDP) Media Streams", RFC 5898, 1682 DOI 10.17487/RFC5898, July 2010, 1683 . 1685 [RFC6679] Westerlund, M., Johansson, I., Perkins, C., O'Hanlon, P., 1686 and K. Carlberg, "Explicit Congestion Notification (ECN) 1687 for RTP over UDP", RFC 6679, August 2012, 1688 . 1690 Appendix A. Examples 1692 For the example shown in section 15 of [RFC8445] the resulting offer 1693 (message 5) encoded in SDP looks like: 1695 v=0 1696 o=jdoe 2890844526 2890842807 IN IP6 $L-PRIV-1.IP 1697 s= 1698 c=IN IP6 $NAT-PUB-1.IP 1699 t=0 0 1700 a=ice-options:ice2 1701 a=ice-pacing:50 1702 a=ice-pwd:asd88fgpdd777uzjYhagZg 1703 a=ice-ufrag:8hhY 1704 m=audio $NAT-PUB-1.PORT RTP/AVP 0 1705 b=RS:0 1706 b=RR:0 1707 a=rtpmap:0 PCMU/8000 1708 a=candidate:1 1 UDP 2130706431 $L-PRIV-1.IP $L-PRIV-1.PORT typ host 1709 a=candidate:2 1 UDP 1694498815 $NAT-PUB-1.IP $NAT-PUB-1.PORT typ 1710 srflx raddr $L-PRIV-1.IP rport $L-PRIV-1.PORT 1712 The offer, with the variables replaced with their values, will look 1713 like (lines folded for clarity): 1715 v=0 1716 o=jdoe 2890844526 2890842807 IN IP6 fe80::6676:baff:fe9c:ee4a 1717 s= 1718 c=IN IP6 2001:db8:8101:3a55:4858:a2a9:22ff:99b9 1719 t=0 0 1720 a=ice-options:ice2 1721 a=ice-pacing:50 1722 a=ice-pwd:asd88fgpdd777uzjYhagZg 1723 a=ice-ufrag:8hhY 1724 m=audio 45664 RTP/AVP 0 1725 b=RS:0 1726 b=RR:0 1727 a=rtpmap:0 PCMU/8000 1728 a=candidate:1 1 UDP 2130706431 fe80::6676:baff:fe9c:ee4a 8998 typ host 1729 a=candidate:2 1 UDP 1694498815 2001:db8:8101:3a55:4858:a2a9:22ff:99b9 1730 45664 typ srflx raddr fe80::6676:baff:fe9c:ee4a rport 8998 1732 The resulting answer looks like: 1734 v=0 1735 o=bob 2808844564 2808844564 IN IP4 $R-PUB-1.IP 1736 s= 1737 c=IN IP4 $R-PUB-1.IP 1738 t=0 0 1739 a=ice-options:ice2 1740 a=ice-pacing:50 1741 a=ice-pwd:YH75Fviy6338Vbrhrlp8Yh 1742 a=ice-ufrag:9uB6 1743 m=audio $R-PUB-1.PORT RTP/AVP 0 1744 b=RS:0 1745 b=RR:0 1746 a=rtpmap:0 PCMU/8000 1747 a=candidate:1 1 UDP 2130706431 $R-PUB-1.IP $R-PUB-1.PORT typ host 1749 With the variables filled in: 1751 v=0 1752 o=bob 2808844564 2808844564 IN IP4 192.0.2.1 1753 s= 1754 c=IN IP4 192.0.2.1 1755 t=0 0 1756 a=ice-options:ice2 1757 a=ice-pacing:50 1758 a=ice-pwd:YH75Fviy6338Vbrhrlp8Yh 1759 a=ice-ufrag:9uB6 1760 m=audio 3478 RTP/AVP 0 1761 b=RS:0 1762 b=RR:0 1763 a=rtpmap:0 PCMU/8000 1764 a=candidate:1 1 UDP 2130706431 192.0.2.1 3478 typ host 1766 Appendix B. The remote-candidates Attribute 1768 The "a=remote-candidates" attribute exists to eliminate a race 1769 condition between the updated offer and the response to the STUN 1770 Binding request that moved a candidate into the Valid list. This 1771 race condition is shown in Figure 1. On receipt of message 4, agent 1772 L adds a candidate pair to the valid list. If there was only a 1773 single data stream with a single component, agent L could now send an 1774 updated offer. However, the check from agent R has not yet generated 1775 a response, and agent R receives the updated offer (message 7) before 1776 getting the response (message 9). Thus, it does not yet know that 1777 this particular pair is valid. To eliminate this condition, the 1778 actual candidates at R that were selected by the offerer (the remote 1779 candidates) are included in the offer itself, and the answerer delays 1780 its answer until those pairs validate. 1782 Agent L Network Agent R 1783 |(1) Offer | | 1784 |------------------------------------------>| 1785 |(2) Answer | | 1786 |<------------------------------------------| 1787 |(3) STUN Req. | | 1788 |------------------------------------------>| 1789 |(4) STUN Res. | | 1790 |<------------------------------------------| 1791 |(5) STUN Req. | | 1792 |<------------------------------------------| 1793 |(6) STUN Res. | | 1794 |-------------------->| | 1795 | |Lost | 1796 |(7) Offer | | 1797 |------------------------------------------>| 1798 |(8) STUN Req. | | 1799 |<------------------------------------------| 1800 |(9) STUN Res. | | 1801 |------------------------------------------>| 1802 |(10) Answer | | 1803 |<------------------------------------------| 1805 Figure 1: Race Condition Flow 1807 Appendix C. Why Is the Conflict Resolution Mechanism Needed? 1809 When ICE runs between two peers, one agent acts as controlled, and 1810 the other as controlling. Rules are defined as a function of 1811 implementation type and offerer/answerer to determine who is 1812 controlling and who is controlled. However, the specification 1813 mentions that, in some cases, both sides might believe they are 1814 controlling, or both sides might believe they are controlled. How 1815 can this happen? 1817 The condition when both agents believe they are controlled shows up 1818 in third party call control cases. Consider the following flow: 1820 A Controller B 1821 |(1) INV() | | 1822 |<-------------| | 1823 |(2) 200(SDP1) | | 1824 |------------->| | 1825 | |(3) INV() | 1826 | |------------->| 1827 | |(4) 200(SDP2) | 1828 | |<-------------| 1829 |(5) ACK(SDP2) | | 1830 |<-------------| | 1831 | |(6) ACK(SDP1) | 1832 | |------------->| 1834 Figure 2: Role Conflict Flow 1836 This flow is a variation on flow III of RFC 3725 [RFC3725]. In fact, 1837 it works better than flow III since it produces fewer messages. In 1838 this flow, the controller sends an offerless INVITE to agent A, which 1839 responds with its offer, SDP1. The agent then sends an offerless 1840 INVITE to agent B, which it responds to with its offer, SDP2. The 1841 controller then uses the offer from each agent to generate the 1842 answers. When this flow is used, ICE will run between agents A and 1843 B, but both will believe they are in the controlling role. With the 1844 role conflict resolution procedures, this flow will function properly 1845 when ICE is used. 1847 At this time, there are no documented flows that can result in the 1848 case where both agents believe they are controlled. However, the 1849 conflict resolution procedures allow for this case, should a flow 1850 arise that would fit into this category. 1852 Appendix D. Why Send an Updated Offer? 1854 Section 11.1 describes rules for sending media. Both agents can send 1855 media once ICE checks complete, without waiting for an updated offer. 1856 Indeed, the only purpose of the updated offer is to "correct" the SDP 1857 so that the default destination for media matches where media is 1858 being sent based on ICE procedures (which will be the highest- 1859 priority nominated candidate pair). 1861 This raises the question -- why is the updated offer/answer exchange 1862 needed at all? Indeed, in a pure offer/answer environment, it would 1863 not be. The offerer and answerer will agree on the candidates to use 1864 through ICE, and then can begin using them. As far as the agents 1865 themselves are concerned, the updated offer/answer provides no new 1866 information. However, in practice, numerous components along the 1867 signaling path look at the SDP information. These include entities 1868 performing off-path QoS reservations, NAT traversal components such 1869 as ALGs and Session Border Controllers (SBCs), and diagnostic tools 1870 that passively monitor the network. For these tools to continue to 1871 function without change, the core property of SDP -- that the 1872 existing, pre-ICE definitions of the addresses used for media -- the 1873 "m=" and "c=" lines and the rtcp attribute -- must be retained. For 1874 this reason, an updated offer must be sent. 1876 Appendix E. Contributors 1878 Following experts have contributed textual and structural 1879 improvements for this work 1881 1. Thomas Stach 1883 * thomass.stach@gmail.com 1885 Authors' Addresses 1887 Marc Petit-Huguenin 1888 Impedance Mismatch 1890 Email: marc@petit-huguenin.org 1892 Suhas Nandakumar 1893 Cisco Systems 1894 707 Tasman Dr 1895 Milpitas, CA 95035 1896 USA 1898 Email: snandaku@cisco.com 1900 Ari Keranen 1901 Ericsson 1902 Jorvas 02420 1903 Finland 1905 Email: ari.keranen@ericsson.com 1906 Roman Shpount 1907 TurboBridge 1908 4905 Del Ray Avenue, Suite 300 1909 Bethesda, MD 20814 1910 USA 1912 Phone: +1 (240) 292-6632 1913 Email: rshpount@turbobridge.com 1915 Christer Holmberg 1916 Ericsson 1917 Hirsalantie 11 1918 Jorvas 02420 1919 Finland 1921 Email: christer.holmberg@ericsson.com