idnits 2.17.1 draft-ietf-mmusic-sdp-comedia-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document is more than 15 pages and seems to lack a Table of Contents. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 15 longer pages, the longest (page 2) being 59 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. == There are 5 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 51 instances of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 84: '... specifies "TCP" MUST further qualify ...' RFC 2119 keyword, line 95: '...at specifies TLS MUST further qualify ...' RFC 2119 keyword, line 123: '...ptional value that SHOULD be specified...' RFC 2119 keyword, line 124: '...ection:both, and MUST NOT be specified...' RFC 2119 keyword, line 126: '... port number is RECOMMENDED but may b...' (53 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 2002) is 7949 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '7' on line 72 == Unused Reference: 'T38' is defined on line 753, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2234 (ref. 'ABNF') (Obsoleted by RFC 4234) ** Obsolete normative reference: RFC 2327 (ref. 'SDP') (Obsoleted by RFC 4566) -- Possible downref: Non-RFC (?) normative reference: ref. 'T38' ** Obsolete normative reference: RFC 2246 (ref. 'TLS') (Obsoleted by RFC 4346) ** Obsolete normative reference: RFC 2044 (ref. 'UTF-8') (Obsoleted by RFC 2279) Summary: 8 errors (**), 0 flaws (~~), 7 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT D. Yon 2 Document: draft-ietf-mmusic-sdp-comedia-04.txt Dialout.Net 3 Expires January 2003 July 2002 5 Connection-Oriented Media Transport in SDP 6 8 Status of this Memo 10 This document is an Internet-Draft and is in full conformance with 11 all provisions of Section 10 of RFC2026. 13 Internet-Drafts are working documents of the Internet Engineering 14 Task Force (IETF), its areas, and its working groups. Note that 15 other groups may also distribute working documents as Internet- 16 Drafts. 18 Internet-Drafts are draft documents valid for a maximum of six 19 months and may be updated, replaced, or obsoleted by other documents 20 at any time. It is inappropriate to use Internet-Drafts as reference 21 material or to cite them other than as "work in progress." 23 The list of current Internet-Drafts can be accessed at: 24 http://www.ietf.org/ietf/1id-abstracts.txt 26 The list of Internet-Draft Shadow Directories can be accessed at: 27 http://www.ietf.org/shadow.html. 29 Copyright (C) The Internet Society (2002). All Rights Reserved. 31 Abstract 33 This document describes how to express media transport over 34 connection-oriented protocols using the Session Description Protocol 35 (SDP). It defines two new protocol identifiers: TCP and TLS. It 36 also defines the syntax and semantics for an SDP "direction" 37 attribute that describes the connection setup procedure. 39 Yon 1 40 1 Introduction 42 The Session Description Protocol [SDP] provides a general-purpose 43 format for describing multimedia sessions in announcements or 44 invitations. SDP uses an entirely textual data format (the US-ASCII 45 subset of [UTF-8]) to maximize portability among transports. SDP 46 does not define a protocol, but only the syntax to describe a 47 multimedia session with sufficient information to discover and 48 participate in that session. Session descriptions may be sent using 49 arbitrary existing application protocols for transport (e.g., SAP, 50 SIP, RTSP, email, HTTP, etc.). 52 [SDP] describes two protocol identifiers: RTP/AVP and UDP, both of 53 which are unreliable, connectionless protocols, an appropriate 54 choice for multimedia streams. There are, however, applications for 55 which the connection-oriented transports such as TCP are more 56 appropriate, but [SDP] provides no way to describe a session that 57 uses protocols other than RTP or UDP. 59 Connection-oriented protocols introduce a new factor when describing 60 a session: not only must it be possible to express that a protocol 61 will be based on this protocol, but it must also describe the 62 connection setup procedure. This memo defines two new protocol 63 identifiers, TCP and TLS, along with the syntax and semantics of the 64 a=direction and a=reconnect attributes. 66 2 Terminology 68 In this document, the key words "MUST", "MUST NOT", "REQUIRED", 69 "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", 70 and "OPTIONAL" are to be interpreted as described in RFC 2119 [7] 71 and indicate requirement levels for compliant implementations. 73 3 Protocol Identifiers 75 The m= line in [SDP] is where an endpoint specifies the protocol 76 used for the media in the session. See the "Media Announcements" 77 section of [SDP] for a discussion on protocol identifiers. 79 3.1 TCP 81 The TCP protocol identifier is similar to the UDP protocol 82 identifier in that it only describes the transport protocol without 83 any connotation as to the upper-layer protocol. An m= line that 84 specifies "TCP" MUST further qualify the protocol using a fmt 85 identifier (see [SDP] Appendix B). 87 3.2 TLS 89 The TLS protocol identifier specifies that the session will use the 90 Transport Layer Security protocol [TLS] with an implied transport 91 protocol of TCP. To describe a media session that uses TLS over 92 TCP, the protocol identifier "TLS" must be specified in the m= line. 94 Yon INTERNET-DRAFT - Expires January 2003 2 95 An m= line that specifies TLS MUST further qualify the protocol 96 using a fmt identifier. 98 4 Direction Attribute 100 An important attribute of connection-oriented protocols is the setup 101 procedure. One endpoint needs to initiate the connection and the 102 other endpoint needs to accept the connection. The direction 103 attribute is used to describe these roles, and the syntax is as 104 follows: 106 a=direction: [] 108 The is one of the following: 110 passive: The endpoint will accept an incoming connection. 112 active: The endpoint will initiate an outgoing connection. 114 both: The endpoint will both accept an incoming connection 115 and will initiate an outgoing connection. 117 The is a sequence of values that describe the 118 address and port number from where the connection will originate, 119 and consists of the following values: 121 nettype addrtype unicast-address [port] 123 The is an optional value that SHOULD be specified 124 with direction:active or direction:both, and MUST NOT be specified 125 with direction:passive. Within the , the source 126 port number is RECOMMENDED but may be omitted. 128 4.1 Semantics of direction:passive 130 By specifying direction:passive, the endpoint indicates that the 131 port number specified in the m= line is available to accept a 132 connection from the other endpoint. The endpoint MUST NOT specify a 133 after direction:passive. 135 4.2 Semantics of direction:active 137 By specifying direction:active, the endpoint indicates that it will 138 initiate a connection to the port number on the m= line of the other 139 endpoint. The port number on its own m= line is irrelevant, and the 140 opposite endpoint MUST NOT attempt to initiate a connection to the 141 port number specified there. Nevertheless, since the m= line must 142 contain a valid port number, the endpoint specifying 143 direction:active SHOULD specify a port number of 9 (the discard 144 port) on its m= line. The endpoint MUST NOT specify a port number 145 of zero, as that carries other semantics in [SDP]. 147 Yon INTERNET-DRAFT - Expires January 2003 3 148 The endpoint SHOULD specify the address and port number from which 149 it will initiate the connection in the position on 150 the a=direction line. The following SDP fragment shows an example 151 of direction:active: 153 c=IN IP4 10.1.1.1 154 m=image 9 TCP t38 155 a=direction:active IN IP4 10.1.1.1 1892 157 4.3 Semantics of direction:both 159 By specifying direction:both, the endpoint indicates that it will 160 both accept a TCP connection on the port number of its own m= line, 161 and that it will also initiate a connection to the port number on 162 the m= line of the other endpoint. 164 As with direction:active, the endpoint SHOULD specify the address 165 and port number from which it will initiate the connection in the 166 position on the a=direction line. 168 Since this attribute describes behavior that is similar to 169 connectionless media descriptions in [SDP], it is the default value 170 for the direction attribute and is therefore optional. 172 Endpoints may choose to specify direction:both for one or more of 173 the following reasons: 175 1) The endpoint has no preference as to whether it accepts or 176 initiates the connection, and therefore is offering the remote 177 endpoint a choice of connection setup procedures. 179 2) The endpoints intend to use a single connection to transport 180 the media, but it is not known whether firewall issues will 181 prevent either endpoint from initiating or accepting the 182 connection. Therefore both endpoints will attempt to initiate 183 a connection in hopes that at least one will succeed. 185 If one endpoint specifies either direction:active or 186 direction:passive and the other specifies direction:both, both 187 endpoints MUST behave as if the latter had specified the inverse 188 direction of the former. For example, specifying direction:both 189 when the other endpoint specifies direction:active SHALL cause both 190 endpoints to behave as if the former had specified 191 direction:passive. Conversely, specifying direction:both when the 192 other endpoint specifies direction:passive SHALL cause both 193 endpoints to behave as if the former had specified direction:active. 195 If both endpoints specify direction:both then each endpoint MUST 196 initiate a connection to the port number specified on the m= line of 197 the opposite endpoint. There is one exception to this requirement: 198 if an endpoint receives the incoming connection from the opposite 199 endpoint prior to initiating its own outbound connection, then that 201 Yon INTERNET-DRAFT - Expires January 2003 4 202 endpoint MAY use that connection rather than attempt to make an 203 outbound connection to the opposite endpoint. 205 If only one connection succeeds, then that connection will be used 206 to carry the media. Once it has transmitted data on this 207 connection, the initiating endpoint MUST NOT perform another 208 connection attempt to the accepting endpoint. This allows the 209 accepting endpoint to release or recycle the listening port for 210 another session once it has received data from the initiating 211 endpoint. 213 If both connections succeed, the following rules SHALL apply: 215 a) Each endpoint MUST accept data from either connection. 217 b) Once an endpoint has transmitted data to one of the connections, 218 it MUST use that connection exclusively for transmission. 220 c) Once an endpoint has transmitted AND received data, if one of the 221 connections is determined to be idle, the endpoint SHOULD close 222 the idle connection. 224 4.4 Optimizing direction:both 226 As discussed in the previous section, there is the possibility that 227 two connections will be created when only one is needed. While 228 rules in the previous section accommodate the closing of an idle 229 connection, they do not prevent a race condition where the endpoints 230 simultaneously start sending data on opposite connections thereby 231 causing two connections to be used where one would have sufficed. 232 While it is not possible to entirely eliminate this race condition, 233 it is in the endpoints' interest to minimize its occurrence. 234 Therefore, when a session is negotiated through interactive exchange 235 of SDP between endpoints (as in the case of SIP) AND the result of 236 the negotiation is that each endpoint specifies direction:both, it 237 is RECOMMENDED that the endpoints use the following guidelines: 239 a) There comes a point during the exchange of SDP where one endpoint 240 is prepared to send the final message that will complete the 241 negotiation and allow the session to begin. For the purposes of 242 this discussion, the endpoint that will send this final message 243 will be called the Initiator, and the endpoint that will receive 244 this message will be called the Acceptor. 246 b) The Initiator, upon receiving sufficient information to initiate a 247 connection, MUST attempt to connect to the Acceptor as soon as 248 possible. 250 c) In order to lower the likelihood that the Acceptor will also 251 attempt to initiate a connection, the Initiator SHOULD incorporate 252 a short delay between initiating the connection and sending the 253 final SDP to the Acceptor. 255 Yon INTERNET-DRAFT - Expires January 2003 5 256 d) The delay time chosen by the Initiator MUST NOT introduce an 257 unacceptable session setup delay should the connection to the 258 Acceptor not succeed. 260 4.5 Bidirectional versus Unidirectional Media 262 In traditional SDP transport types the flow is unidirectional. If 263 the intent is for media to flow in both directions, both endpoints 264 must specify SDP that describes where to deliver the media and what 265 media type(s) to use. For example, if only Endpoint A presents SDP 266 then media can only flow towards Endpoint A, as Endpoint B has not 267 specified where and how to send media to it. 269 Because most connection-oriented media is inherently bi-directional, 270 endpoints may encounter a situation where only one side presented 271 SDP yet there is now a network path that can carry media in either 272 direction. In keeping with traditional SDP semantics, an endpoint 273 MUST NOT send data to the other endpoint unless it has specified SDP 274 information describing the type of media it can accept. 276 It is, however, perfectly acceptable for an endpoint to transmit 277 data on the same connection it is using to receive data, so long as 278 the other endpoint has advertised its willingness to accept data. 279 Likewise, it is perfectly acceptable for an endpoint to receive data 280 on the same connection it is using to transmit data to the 281 corresponding remote endpoint. In other words, for a bi-directional 282 application-level session, a connection may be used to send data in 283 both directions (contingent to rules outlined in Section 2.3) as 284 long as one side of the connection is attached to either of the 285 advertised SDP transport addresses. 287 4.6 Treating UDP and RTP/AVP like Connection Oriented Media 289 Endpoints MAY specify a direction attribute for UDP or RTP/AVP 290 media. This indicates that the endpoint would like to treat this 291 media as a type of connection-oriented media. (The endpoint may do 292 this to facilitate NAT traversal for example.) Note that for 293 backwards compatibility, an endpoint which can specify 294 direction:active MUST include valid addresses and ports in the SDP 295 as always. If the peer's SDP does not include a direction 296 attribute, it knows that the peer does not support connection- 297 oriented media, and media exchange will proceed normally, as if 298 connection-oriented media were not offered. 300 Endpoints that specify direction:passive MUST NOT send any media, 301 any packets whatsoever (including control packets such as RTCP), 302 from their passive ports until they receive a packet on these ports 303 and record the source address and port of the sender. The passive 304 endpoint then assumes that the first packet received corresponds to 305 its active peer. From this point onward, passive endpoints MUST 306 send UDP or RTP media from the same port as the port indicated in 307 the m= line. Passive endpoints MUST send RTCP media (if any) from 309 Yon INTERNET-DRAFT - Expires January 2003 6 310 the port on which they expect to receive it (typically the RTP port 311 number plus 1). 313 Endpoints that specify direction:active MUST be prepared to receive 314 on the ports from which they send. Once they learn the IP address 315 and port of their peer from the peer's SDP, they SHOULD immediately 316 send some kind of media (even if just comfort noise) to each of 317 these ports. This is so the peer can learn their IP address and 318 port, in order to send media back without additional delay. 319 Effectively, the exchange of the first media packet completes a bi- 320 directional handshake between the active and passive peer. 322 5 Reconnect Attribute 324 The preceding description of the a=direction attribute has been in 325 the context of using SDP to initiate a session. However, SDP may be 326 exchanged between endpoints at various stages of a session to 327 accomplish tasks such as terminating a session, redirecting media to 328 a new endpoint, renegotiating the media parameters for a session, 329 etc. After the initial session has been established, it may be 330 ambiguous as to whether subsequent SDP exchange represents a 331 confirmation that the endpoint is to continue using the current 332 media connection unchanged, or is a request to make a new media 333 connection. The reconnect attribute is used to disambiguate these 334 two scenarios, and the syntax is as follows: 336 a=reconnect 338 SDP containing a=reconnect signals that the specified session does 339 NOT refer to an existing connection between the two endpoints. If 340 the endpoints agree to continue the session, the endpoints MUST 341 close the existing connection for the currently negotiated session, 342 and MUST create a new connection according to the a=direction 343 attribute in the SDP. If an endpoint receives SDP that contains 344 a=reconnect, the endpoint's response MUST also contain a=reconnect. 345 Endpoints MUST NOT include a=reconnect in SDP that negotiates the 346 start of a session. 348 See section 6, "Connection and Listener Lifetime Considerations" for 349 more information on scenarios that are relevant to the a=reconnect 350 attribute. 352 6 Source-Address Considerations 354 In the cases where the endpoint is initiating the connection, the 355 endpoint SHOULD specify a source address on the a=direction line. 356 In addition, the endpoint SHOULD include the source port in the 357 source address. In most environments, the source port number can be 358 determined by binding the socket before initiating the connect, as 359 shown in the sample C code below: 361 { 362 SOCKET s_id 363 SOCKADDR_IN cli_sin; 365 Yon INTERNET-DRAFT - Expires January 2003 7 366 int namelen; 368 // Create the socket 369 s_id = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); 371 // Bind the socket to any IP address and port 372 bzero((char *)&cli_sin,sizeof(cli_sin)); 373 cli_sin.sin_family = AF_INET; 374 cli_sin.sin_addr.s_addr = htonl(INADDR_ANY); 375 cli_sin.sin_port = 0; 376 bind(s_id,(SOCKADDR *)&cli_sin,sizeof(cli_sin)); 378 // Find the port number that was bound 379 namelen = sizeof(cli_sin); 380 getsockname(s_id,(SOCKADDR *)&cli_sin,&namelen); 382 // Print the port number 383 printf("Source Port = %d\n",ntohs(cli_sin.sin_port)); 384 } 386 If the source address is omitted, the receiver of the SDP packet 387 MUST NOT make any assumptions in regards to the address or port from 388 where the connection will originate. In particular, the receiver 389 MUST NOT assume that the address information listed on the c= line 390 has any implication as to where the media connection originates. 392 NOTE: 393 The motivation for specifying the source address is 394 twofold. First, it aids Application-Level Proxies 395 (ALP) by explicitly announcing the source of the 396 outbound connection. This allows, for example, a 397 dynamic firewall pinhole to be created that will allow 398 the connection to pass. Or as another example, an ALP 399 integrated with a Network Address Translation (NAT) 400 gateway could create a dynamic address/port binding 401 and rewrite the SDP accordingly. 403 Second, it allows the passive endpoint to correlate 404 the incoming connection with the session being 405 negotiated. Note that great care must be taken when 406 using the source address as a means to identify 407 incoming connections, as NAT can render the source 408 address unreliable. In addition if the originating 409 endpoint omits the source port, the source address can 410 be ambiguous if multiple, logical endpoints share the 411 same network address. Therefore it is NOT RECOMMENDED 412 that the source address be used for this purpose 413 unless the SDP occurs in the context of a controlled 414 network topology that guarantees that the source 415 address is both correct (i.e., no NAT, or a NAT with 416 an Application-Level Proxy that rewrites the SDP) and 417 unambiguous (i.e., the source port is specified). 419 Yon INTERNET-DRAFT - Expires January 2003 8 420 6.1 Source Address Timing Considerations 422 When used in conjunction with a session signaling protocol such as 423 SIP, there may be cases where an endpoint initiates a connection 424 prior to the opposite endpoint receiving the SDP that describe the 425 source address of the initiating endpoint. Therefore, an endpoint 426 that has advertised an address and port number with direction:both 427 or direction:passive MUST be ready to accept a connection on that 428 address and port immediately. If the accepting endpoint requires 429 the source address to identify the initiating endpoint, it MUST keep 430 the connection active and allow sufficient time for the source 431 address to arrive before discarding the connection. 433 7 Connection and Listener Lifetime Considerations 435 7.1 Listener Lifetime 437 An endpoint that has specified direction:both or direction:passive 438 MUST be ready to accept a connection on the appropriate address and 439 port during the time slot(s) advertised for that session. The 440 endpoint MUST keep the address and port available for incoming 441 connections until either: 443 a) The time window for the session has expired, or 445 b) The endpoint has received the expected number of incoming 446 connections on that address and port, or 448 c) Subsequent exchanges have superceded the SDP that originally 449 advertised the availability of the address and port. 451 Once the endpoint has determined that a listener is no longer needed 452 on a specific address and port, it SHOULD terminate the listener. 453 The endpoint is then free to re-use the address and port for 454 subsequent session advertisements. 456 7.2 Connection Lifetime 458 An endpoint that intends to initiate the connection MUST initiate 459 the connection immediately after it has sufficient information to do 460 so, even if it does not intend to immediately begin sending media to 461 the remote endpoint. This allows media to flow from the remote 462 endpoint. 464 An endpoint MUST NOT close the connection until the session has 465 expired, been explicitly terminated, or the media stream is 466 redirected to a different address or port. 468 If the endpoint determines that the connection has been closed, it 469 MAY attempt to re-establish the connection. The decision to do so 470 is application and/or context dependant. If the endpoint opts to 471 re-establish the connection, it MUST NOT assume that the original 472 address and port advertised by the remote endpoint is still valid. 474 Yon INTERNET-DRAFT - Expires January 2003 9 475 Instead, the endpoint MUST renegotiate the session parameters by 476 exchanging new SDP. 478 7.3 Session Renegotiation and Connection Lifetime 480 There are scenarios where SDP is sent by an endpoint in order to 481 renegotiate an existing session. These include muting/unmuting a 482 session, renegotiating the attributes of the media used by the 483 session, or extending the length of a session about to expire. 484 Connection-oriented media introduces some ambiguities into session 485 renegotiation as to when the direction attribute must be obeyed and 486 when it is ignored. 488 The scenario of extending the duration of an existing session is a 489 good example: in order to extend an existing session, endpoints will 490 typically resend the original SDP with updated time information. In 491 connectionless media the result is no change to the existing media 492 streams. The problem with connection oriented media is that the 493 original SDP will contain a direction attribute which can be 494 construed as a request to create a new connection, as opposed to a 495 request to maintain steady state. To avoid this ambiguity, the 496 following rule SHALL apply to subsequent exchanges of SDP: 498 If the transport section (the c= and m= lines) 499 combined with the direction attribute of an SDP 500 message describes an existing connection between two 501 endpoints, AND the SDP does not contain a=reconnect, 502 then the endpoints MUST use that connection to carry 503 the media described in the remainder of the message. 504 The endpoints MUST NOT attempt to set up a new 505 connection, regardless of what is specified in the 506 direction attribute. 508 This disambiguates most session renegotiation scenarios, with the 509 exception of muting. Muting a media stream is accomplished by 510 sending the original session SDP but with an "a=inactive" or 511 "a=sendonly/recvonly" attribute. This is still valid for connection 512 oriented media, with the additional caveat that the endpoints MUST 513 NOT close the connection described by that SDP. 515 8 Examples 517 What follows are a number of examples that show the most common 518 usage of the direction attribute combined with TCP-based media 519 descriptions. For the purpose of brevity, the main portion of the 520 session description is omitted in the examples and is assumed to be 521 the following: 523 v=0 524 o=me 2890844526 2890842807 IN IP4 10.1.1.2 525 s=Call me using TCP 526 t=3034423619 3042462419 528 Yon INTERNET-DRAFT - Expires January 2003 10 529 8.1 Example: simple passive/active 531 An endpoint at 10.1.1.2 signals the availability of a T.38 fax 532 session at port 54111: 534 c=IN IP4 10.1.1.2 535 m=image 54111 TCP t38 536 a=direction:passive 538 An endpoint at 10.1.1.1 receiving this description responds with the 539 following: 541 c=IN IP4 10.1.1.1 542 m=image 9 TCP t38 543 a=direction:active 545 The endpoint at 10.1.1.1 then initiates the TCP connection to port 546 54111 at 10.1.1.2. Note that the TCP connection may originate from 547 any address or port. The endpoint at 10.1.1.1 could have optionally 548 committed to a source address with a simple modification: 550 c=IN IP4 10.1.1.1 551 m=image 9 TCP t38 552 a=direction:active IN IP4 10.1.1.1 1892 554 By adding the source address to the a=direction line, the endpoint 555 at 10.1.1.1 must now use a source port of 1892 when initiating the 556 TCP connection to port 54111 at 10.1.1.2. 558 8.2 Example: simple passive/active with reconnect 560 Continuing the preceding example, consider the scenario where the 561 TCP connection fails and the endpoints wish to reestablish the 562 connection for the session. The endpoint at 10.1.1.2 signals this 563 intent with the following SDP: 565 c=IN IP4 10.1.1.2 566 m=image 54111 TCP t38 567 a=direction:passive 568 a=reconnect 570 The a=reconnect attribute informs the endpoint at 10.1.1.1 that this 571 SDP represents the intent to establish a new connection for media 572 transport, rather than continuing with the original connection. 573 Because the endpoint at 10.1.1.1 may not yet be aware that the TCP 574 connection has failed, this eliminates any ambiguity. If 10.1.1.1 575 agrees to continue the session using a new connection, it responds 576 with: 578 c=IN IP4 10.1.1.1 579 m=image 9 TCP t38 580 a=direction:active IN IP4 10.1.1.1 1893 581 a=reconnect 583 Yon INTERNET-DRAFT - Expires January 2003 11 584 Note that the source port is different in this message, since the OS 585 will have likely chosen a new ephemeral port number for the new 586 connection. 588 8.3 Example: agnostic both 590 An endpoint at 10.1.1.2 signals the availability of a T.38 fax 591 session at TCP port 54111, but is also willing to set up the media 592 stream by initiating the TCP connection: 594 c=IN IP4 10.1.1.2 595 m=image 54111 TCP t38 596 a=direction:both 598 The endpoint at 10.1.1.1 has three choices: 600 1) It can respond with either of the two direction:active 601 descriptions listed in the previous example. In this case the 602 endpoint at 10.1.1.1 must initiate a connection to port 54111 603 at 10.1.1.2. 605 2) It can respond with a description similar to the following: 607 c=IN IP4 10.1.1.1 608 m=image 54321 TCP t38 609 a=direction:passive 611 In this case the endpoint at 10.1.1.2 must initiate a 612 connection to port 54321 at 10.1.1.1. 614 3) It can respond with a description that specifies 615 direction:both, which is covered in the next example. 617 8.4 Example: redundant both 619 An endpoint at 10.1.1.2 uses the same description as the previous 620 example: 622 c=IN IP4 10.1.1.2 623 m=image 54111 TCP t38 624 a=direction:both 626 Unlike the previous example, the endpoint at 10.1.1.1 responds with 627 the following description: 629 c=IN IP4 10.1.1.1 630 m=image 54321 TCP t38 631 a=direction:both 633 This will cause the endpoint at 10.1.1.2 to initiate a connection to 634 port 54321 at 10.1.1.1, and the endpoint at 10.1.1.1 to initiate a 635 connection to port 54111 at 10.1.1.2. Whichever TCP connection 636 succeeds will be used. If both succeed, one of the connections may 637 be closed as an optimization, using the rules in section 3.3. 639 Yon INTERNET-DRAFT - Expires January 2003 12 640 In order to minimize the chance that two connections are created, 641 the endpoint at 10.1.1.1 may opt to use the recommendation in 642 section 3.4, which would result in events occurring in the following 643 sequence: 645 1) The endpoint at 10.1.1.2 sends SDP as listed above. The 646 endpoint MUST enable a listener on port 54111 at this time, 647 but is not able to initiate a TCP connection due to the fact 648 that it does not have sufficient information from the endpoint 649 at 10.1.1.1. 651 2) The endpoint at 10.1.1.1, upon receiving the SDP, immediately 652 initiates a TCP connection to 10.1.1.2:54111. 654 3) In order to minimize the chance of a duplicate connection, the 655 endpoint at 10.1.1.1 pauses for a short time to allow the 656 endpoint at 10.1.1.2 to receive the TCP connection initiation. 658 4) After the short pause, the endpoint at 10.1.1.1 sends the SDP 659 response as listed above. 661 The pause in #3 gives the first TCP connection attempt a chance to 662 succeed, since withholding the SDP response deprives the endpoint at 663 10.1.1.2 of the information it needs to attempt its own TCP 664 connection. 666 8.5 Example: "Bidirectional" RTP and RTCP 668 An endpoint at 10.1.1.2 is behind a NAT and does not know its own 669 public address. 671 c=IN IP4 10.1.1.2 672 m=audio 9 RTP/AVP 0 673 a=direction:active 675 A peer with a public IP address responds as follows and waits to 676 receive RTP and RTCP packets from its active peer. 678 c=IN IP4 1.2.3.4 679 m=audio 18240 RTP/AVP 0 680 a=direction:passive 682 The endpoint at 10.1.1.2 immediately sends RTP from port 9012 to 683 1.2.3.4 port 18240. A NAT translates the source address to 5.6.7.8 684 port 1542. The passive endpoint receives this RTP packet and stores 685 this source address. When the passive endpoint wants to send RTP 686 media it sends it back to 5.6.7.8 port 1542. The NAT translates this 687 destination address back to 10.1.1.2 port 9012 and delivers it to 688 the active endpoint. 690 Likewise the endpoint at 10.1.1.2 immediately sends RTCP from port 691 9013 to 1.2.3.4:18241. The NAT translates this to 5.6.7.8:1984. The 692 passive endpoint receives the RTCP packet and stores the source 694 Yon INTERNET-DRAFT - Expires January 2003 13 695 address. The passive endpoint sends its RTCP to 5.6.7.8:1984 which 696 is translated back to 10.1.1.2:9013 and delivered to the active 697 endpoint. 699 9 Security Considerations 701 See [SDP] for security and other considerations specific to the 702 Session Description Protocol in general. 704 A possible security concern arises if a firewall were to monitor and 705 act on the source address as described in the note in Section 4. 706 Firewall implementers must take care to ensure that the SDP came 707 from a trusted source before deciding whether to change the network 708 traffic restrictions currently imposed by the firewall. 710 10 IANA Considerations 712 As recommended by [SDP] Appendix B, the direction and reconnect 713 attributes described in this document should be registered with 714 IANA, as should the "TCP" and "TLS" protocol identifiers. 716 Acknowledgements 718 The author would like to thank Jonathan Rosenberg, Rohan Mahy, 719 Anders Kristensen, Jeorg Ott, Paul Kyzivat, and Robert Fairlie- 720 Cuninghame for their valuable insights and contributions. 722 Yon INTERNET-DRAFT - Expires January 2003 14 723 Appendix A: Direction Attribute Syntax 725 This appendix provides an Augmented BNF [ABNF] grammar for 726 expressing the direction attribute for connection setup. It is 727 intended as an extension to the grammar for the Session Description 728 Protocol, as defined in [SDP]. Specifically, it describes the 729 syntax for the new "connection-setup" attribute field, which MAY be 730 either a session-level or media-level attribute. 732 connection-setup = "direction" ":" direction-spec 734 direction-spec = "passive" / qualified-direction 736 qualified-direction = direction-ident / direction-ident source 738 direction-ident = "both" / "active" / "passive" 740 source = nettype addrtype unicast-address / 741 nettype addrtype unicast-address port 743 reconnect-attribute = "reconnect" 745 References 747 [ABNF] D. Crocker, P. Overell, "Augmented BNF for Syntax 748 Specifications: ABNF," RFC 2234, November 1997 750 [SDP] M. Handley, V. Jacobson, "SDP: Session Description 751 Protocol," RFC 2327, April 1998 753 [T38] International Telecommunication Union, "Procedures for 754 Real-Time Group 3 Facsimile Communications over IP 755 Networks," Recommendation T.38, June 1998 757 [TLS] T. Dierks, C. Allen, "The TLS Protocol," RFC 2246, 758 January 1999 760 [UTF-8] F. Yergeau, "UTF-8, a transformation format of Unicode 761 and ISO 10646," RFC 2044, October 1996 763 Author's Address 765 David Yon 766 Dialout.Net, Inc. 767 One Indian Head Plaza 768 Nashua, NH 03060 770 Phone: (603) 324-4100 771 EMail: yon@dialout.net 773 Full Copyright Statement 775 Copyright (C) The Internet Society (2001). All Rights Reserved. 777 Yon INTERNET-DRAFT - Expires January 2003 15 778 This document and translations of it may be copied and furnished to 779 others, and derivative works that comment on or otherwise explain it 780 or assist in its implementation may be prepared, copied, published 781 and distributed, in whole or in part, without restriction of any 782 kind, provided that the above copyright notice and this paragraph 783 are included on all such copies and derivative works. However, this 784 document itself may not be modified in any way, such as by removing 785 the copyright notice or references to the Internet Society or other 786 Internet organizations, except as needed for the purpose of 787 developing Internet standards in which case the procedures for 788 copyrights defined in the Internet Standards process must be 789 followed, or as required to translate it into languages other than 790 English. 792 The limited permissions granted above are perpetual and will not be 793 revoked by the Internet Society or its successors or assigns. 795 This document and the information contained herein is provided on an 796 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 797 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 798 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 799 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 800 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." 802 Yon INTERNET-DRAFT - Expires January 2003 16