idnits 2.17.1 draft-ietf-tsvwg-rlc-fec-scheme-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 485 has weird spacing: '...air_key key...' -- The document date (July 17, 2017) is 2474 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TSVWG V. Roca 3 Internet-Draft INRIA 4 Intended status: Standards Track July 17, 2017 5 Expires: January 18, 2018 7 Sliding Window Random Linear Code (RLC) Forward Erasure Correction (FEC) 8 Scheme for FECFRAME 9 draft-ietf-tsvwg-rlc-fec-scheme-00 11 Abstract 13 This document describes a fully-specified FEC scheme for the Sliding 14 Window Random Linear Codes (RLC) over GF(2^^m), where m equals 1 15 (binary case), 4 or 8, that can be used to protect arbitrary media 16 streams along the lines defined by FECFRAME extended to sliding 17 window codes. These sliding window FEC codes rely on an encoding 18 window that slides over the source symbols, generating new repair 19 symbols whenever needed. Compared to block FEC codes, these sliding 20 window FEC codes offer key advantages with real-time flows in terms 21 of reduced FEC-related latency while often providing improved erasure 22 recovery capabilities. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at http://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on January 18, 2018. 41 Copyright Notice 43 Copyright (c) 2017 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (http://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 59 1.1. Limits of Block Codes with Real-Time Flows . . . . . . . 3 60 1.2. Lower Latency and Better Protection of Real-Time Flows 61 with the Sliding Window RLC Codes . . . . . . . . . . . . 3 62 1.3. Small Transmission Overheads with the Sliding Window RLC 63 FEC Scheme . . . . . . . . . . . . . . . . . . . . . . . 4 64 1.4. Document Organization . . . . . . . . . . . . . . . . . . 5 65 2. Definitions and Abbreviations . . . . . . . . . . . . . . . . 5 66 3. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . 6 67 3.1. Parameters Derivation . . . . . . . . . . . . . . . . . . 6 68 3.2. ADU, ADUI and Source Symbols Mappings . . . . . . . . . . 7 69 3.3. Encoding Window Management . . . . . . . . . . . . . . . 9 70 3.4. Pseudo-Random Number Generator . . . . . . . . . . . . . 9 71 3.5. Coding Coefficients Generation Function . . . . . . . . . 10 72 4. Sliding Window RLC FEC Scheme for Arbitrary ADU Flows . . . . 12 73 4.1. Formats and Codes . . . . . . . . . . . . . . . . . . . . 12 74 4.1.1. FEC Framework Configuration Information . . . . . . . 12 75 4.1.2. Explicit Source FEC Payload ID . . . . . . . . . . . 13 76 4.1.3. Repair FEC Payload ID . . . . . . . . . . . . . . . . 13 77 4.1.4. Additional Procedures . . . . . . . . . . . . . . . . 15 78 5. FEC Code Specification . . . . . . . . . . . . . . . . . . . 15 79 5.1. Encoding Side . . . . . . . . . . . . . . . . . . . . . . 15 80 5.2. Decoding Side . . . . . . . . . . . . . . . . . . . . . . 16 81 6. Implementation Status . . . . . . . . . . . . . . . . . . . . 16 82 7. Security Considerations . . . . . . . . . . . . . . . . . . . 17 83 7.1. Attacks Against the Data Flow . . . . . . . . . . . . . . 17 84 7.1.1. Access to Confidential Content . . . . . . . . . . . 17 85 7.1.2. Content Corruption . . . . . . . . . . . . . . . . . 17 86 7.2. Attacks Against the FEC Parameters . . . . . . . . . . . 17 87 7.3. When Several Source Flows are to be Protected Together . 18 88 7.4. Baseline Secure FEC Framework Operation . . . . . . . . . 18 89 8. Operations and Management Considerations . . . . . . . . . . 18 90 8.1. Operational Recommendations: Finite Field Element Size (m 91 Parameter) . . . . . . . . . . . . . . . . . . . . . . . 19 92 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 93 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 19 94 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 95 11.1. Normative References . . . . . . . . . . . . . . . . . . 19 96 11.2. Informative References . . . . . . . . . . . . . . . . . 20 98 Appendix A. Decoding Beyond Maximum Latency Optimization . . . . 22 99 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 22 101 1. Introduction 103 Application-Level Forward Erasure Correction (AL-FEC) codes are a key 104 element of communication systems. They are used to recover from 105 packet losses (or erasures) during content delivery sessions to a 106 large number of receivers (multicast/broadcast transmissions). This 107 is the case with the FLUTE/ALC protocol [RFC6726] in case of reliable 108 file transfers over lossy networks, and the FECFRAME protocol for 109 reliable continuous media transfers over lossy networks. 111 The present document only focusses on the FECFRAME protocol, used in 112 multicast/broadcast delivery mode, with contents that feature 113 stringent real-time constraints: each source packet has a maximum 114 validity period after which it will not be considered by the 115 destination application. 117 1.1. Limits of Block Codes with Real-Time Flows 119 With FECFRAME, there is a single FEC encoding point (either a end- 120 host/server (source) or a middlebox) and a single FEC decoding point 121 (either a end-host (receiver) or middlebox). In this context, 122 currently standardized AL-FEC codes for FECFRAME like Reed-Solomon 123 [RFC6865], LDPC-Staircase [RFC6816], or Raptor/RaptorQ, are all 124 linear block codes: they require the data flow to be segmented into 125 blocks of a predefined maximum size. The block size is a balance 126 between robustness (in particular in front of long erasure bursts for 127 which there is an incentive to increase the block size) and maximum 128 decoding latency (for which there is an incentive to decrease the 129 block size). Therefore, with a multicast/broadcast session, the 130 block code is dimensioned by considering the worst communication 131 channel one wants to support, and this choice impacts all receivers, 132 no matter their individual channel quality. 134 1.2. Lower Latency and Better Protection of Real-Time Flows with the 135 Sliding Window RLC Codes 137 This document introduces a fully-specified FEC scheme that follows a 138 totally different approach: the Sliding Window Random Linear Codes 139 (RLC) over GF(2^^m), where m equals 1, 4 or 8. This FEC scheme is 140 used to protect arbitrary media streams along the lines defined by 141 FECFRAME extended to sliding window codes [fecframe-ext]. This FEC 142 scheme is extremely efficient for instance with media that feature 143 real-time constraints sent within a multicast/broadcast session. 145 The RLC codes belong to the broad class of sliding window AL-FEC 146 codes (A.K.A. convolutional codes). The encoding process is based on 147 an encoding window that slides over the set of source packets (in 148 fact source symbols as we will see in Section 3.2), and which is 149 either of fixed or variable size (elastic window). Repair packets 150 (symbols) are generated and sent on-the-fly, after computing a random 151 linear combination of the source symbols present in the current 152 encoding window. 154 At the receiver, a linear system is managed from the set of received 155 source and repair packets. New variables (representing source 156 symbols) and equations (representing the linear combination of each 157 repair symbol received) are added upon receiving new packets. 158 Variables are removed when they are too old with respect to their 159 validity period (real-time constraints), as well as the associated 160 equations they are involved in (Appendix A introduces an optimisation 161 that extends the time a variable is considered in the system). 162 Erased source symbols are then recovered thanks this linear system 163 whenever its rank permits it. 165 With RLC codes (more generally with sliding window codes), the 166 protection of a multicast/broadcast session also needs to be 167 dimensioned by considering the worst communication channel one wants 168 to support. However the receivers experiencing a good to medium 169 channel quality observe a FEC-related latency close to zero [Roca16] 170 since an isolated erased source packet is quickly recovered by the 171 following repair packet. On the opposite, with a block code, 172 recovering an isolated erased source packet always requires waiting 173 the end of the block for the first repair packet to arrive. 174 Additionally, under certain situations (e.g., with a limited FEC- 175 related latency budget and with constant bit rate transmissions after 176 FECFRAME encoding), sliding window codes achieve more easily a target 177 transmission quality (e.g., measured by the residual loss after FEC 178 decoding) by sending fewer repair packets (i.e., higher code rate) 179 than block codes. 181 1.3. Small Transmission Overheads with the Sliding Window RLC FEC 182 Scheme 184 The Sliding Window RLC FEC scheme is designed so as to reduce the 185 transmission overhead. The main requirement is that each repair 186 packet header must enable a receiver to reconstruct the list of 187 source symbols and the associated random coefficients used during the 188 encoding process. In order to minimize packet overhead, the set of 189 symbols in the encoding window as well as the set of coefficients 190 over GF(2^^m) used in the linear combination are not individually 191 listed in the repair packet header. Instead, each FEC repair packet 192 header contains: 194 o the Encoding Symbol Identifier (ESI) of the first source symbol in 195 the encoding window as well as the number of symbols (since this 196 number may vary with a variable size, elastic window). These two 197 pieces of information enable each receiver to easily reconstruct 198 the set of source symbols considered during encoding, the only 199 constraint being that there cannot be any gap; 200 o the seed used by a coding coefficients generation function 201 (Section 3.5). This information enables each receiver to generate 202 the same set of coding coefficients over GF(2^^m) as the sender; 204 Therefore, no matter the number of source symbols present in the 205 encoding window, each FEC repair packet features a fixed 64-bit long 206 header, called Repair FEC Payload ID (Figure 7). Similarly, each FEC 207 source packet features a fixed 32-bit long trailer, called Explicit 208 Source FEC Payload ID (Figure 5), that contains the ESI of the first 209 source symbol (see the ADUI and source symbol mapping, Section 3.2). 211 1.4. Document Organization 213 This fully-specified FEC scheme follows the structure required by 214 [RFC6363], section 5.6. "FEC Scheme Requirements", namely: 216 3. Procedures: This section describes procedures specific to this 217 FEC scheme, namely: RLC parameters derivation, ADUI and source 218 symbols mapping, pseudo-random number generator, and coding 219 coefficients generation function; 220 4. Formats and Codes: This section defines the Source FEC Payload 221 ID and Repair FEC Payload ID formats, carrying the signalling 222 information associated to each source or repair symbol. It also 223 defines the FEC Framework Configuration Information (FFCI) 224 carrying signalling information for the session; 225 5. FEC Code Specification: Finally this section provides the code 226 specification. 228 2. Definitions and Abbreviations 230 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 231 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 232 document are to be interpreted as described in [RFC2119]. 234 This document uses the following definitions and abbreviations: 236 GF(q) denotes a finite field (also known as the Galois Field) with q 237 elements. We assume that q = 2^^m in this document 238 m defines the length of the elements in the finite field, in bits. 239 In this document, m is equal to 1, 4 or 8 240 ADU: Application Data Unit 241 ADUI: Application Data Unit Information (includes the F, L and 242 padding fields in addition to the ADU) 243 E: encoding symbol size (i.e., source or repair symbol), assumed 244 fixed (in bytes) 245 br_out: transmission bitrate at the output of the FECFRAME sender, 246 assumed fixed (in bits/s) 247 max_lat: maximum FEC-related latency within FECFRAME (in seconds) 248 cr: AL-FEC coding rate 249 plr: packet loss rate on the erasure channel 250 ew_size: encoding window current size at a sender (in symbols) 251 ew_max_size: encoding window maximum size at a sender (in symbols) 252 dw_size: decoding window current size at a receiver (in symbols) 253 dw_max_size: decoding window maximum size at a receiver (in symbols) 254 ls_max_size: linear system maximum size (or width) at a receiver (in 255 symbols) 256 ls_size: linear system current size (or width) at a receiver (in 257 symbols) 258 PRNG: pseudo-random number generator 259 pmms_rand(maxv): PRNG defined in Section 3.4 and used in this 260 specification, that returns a new random integer in [0; maxv-1] 262 3. Procedures 264 This section introduces the procedures that are used by this FEC 265 scheme. 267 3.1. Parameters Derivation 269 The Sliding Window RLC FEC Scheme relies on several key internal 270 parameters: 272 Maximum FEC-related latency budget, max_lat (in seconds) A source 273 ADU flow can have real-time constraints, and therefore any 274 FECFRAME related operation must take place within the validity 275 period of each ADU. When there are multiple flows with different 276 real-time constraints, we consider the most stringent constraints 277 (see [RFC6363], Section 10.2, item 6, for recommendations when 278 several flows are globally protected). This maximum FEC-related 279 latency accounts for all sources of latency added by FEC encoding 280 (sender) and FEC decoding (receiver). Other sources of latency 281 (e.g., added by network communications) are out of scope and must 282 be considered separately (e.g., they have already been deducted). 283 It can be regarded as the latency budget permitted for all FEC- 284 related operations. This is also an input parameter that enables 285 to derive other internal parameters; 286 Encoding window current (resp. maximum) size, ew_size (resp. 287 ew_max_size) (in symbols): 289 these parameters are used by a sender during FEC encoding. More 290 precisely, each repair symbol is a linear combination of the 291 ew_size source symbols present in the encoding window when RLC 292 encoding took place. In all situations, we MUST have ew_size <= 293 ew_max_size; 294 Decoding window current (resp. maximum) size, dw_size (resp. 295 dw_max_size) (in symbols): 296 these parameters are used by a receiver when managing the linear 297 system used for decoding. dw_size is the current size of the 298 decoding window, i.e., the set of received or erased source 299 symbols that are currently part of the linear system. In all 300 situations, we MUST have dw_size <= dw_max_size; 302 In order to comply with the maximum FEC-related latency budget, 303 assuming a constant transmission bitrate at the output of the 304 FECFRAME sender (br_out), encoding symbol size (E), and code rate 305 (cr), we have: 307 dw_max_size = (max_lat * br_out * cr) / (8 * E) 309 This dw_max_size defines the maximum delay after which an old source 310 symbol may be recovered: after this delay, this old source symbol 311 symbol will be removed from the decoding window. 313 It is often good practice to choose: 315 ew_max_size = dw_max_size / 2 317 However any value ew_max_size < dw_max_size can be used without 318 impact on the FEC-related latency budget. Finding the optimal value 319 can depend on the erasure channel one wants to support and should be 320 determined after simulations or field trials. 322 Note that the decoding beyond maximum latency optimisation 323 (Appendix A) enables an old source symbol to be kept in the linear 324 system beyond the FEC-related latency budget, but not delivered to 325 the receiving application. Here we have: ls_size >= dw_max_size 327 3.2. ADU, ADUI and Source Symbols Mappings 329 An ADU, coming from the application, cannot be mapped to source 330 symbols directly. Indeed, an erased ADU recovered at a receiver must 331 contain enough information to be assigned to the right application 332 flow (UDP port numbers and IP addresses cannot be used to that 333 purpose as they are not protected by FEC encoding). This requires 334 adding the flow identifier to each ADU before doing FEC encoding. 336 Additionally, since ADUs are of variable size, padding is needed so 337 that each ADU (with its flow identifier) contribute to an integral 338 number of source symbols. This requires adding the original ADU 339 length to each ADU before doing FEC encoding. Because of these 340 requirements, an intermediate format, the ADUI, or ADU Information, 341 is considered [RFC6363]. 343 For each incoming ADU, an ADUI is created as follows. First of all, 344 3 bytes are prepended: (Figure 1): 346 Flow ID (F) (8-bit field): this unsigned byte contains the integer 347 identifier associated to the source ADU flow to which this ADU 348 belongs. It is assumed that a single byte is sufficient, which 349 implies that no more than 256 flows will be protected by a single 350 FECFRAME instance. 351 Length (L) (16-bit field): this unsigned integer contains the length 352 of this ADU, in network byte order (i.e., big endian). This 353 length is for the ADU itself and does not include the F, L, or Pad 354 fields. 356 Then, zero padding is added to the ADU if needed: 358 Padding (Pad) (variable size field): this field contains zero 359 padding to align the F, L, ADU and padding up to a size that is 360 multiple of E bytes (i.e., the source and repair symbol length). 362 Each ADUI contributes to an integral number of source symbols. The 363 data unit resulting from the ADU and the F, L, and Pad fields is 364 called ADU Information (or ADUI). Since ADUs can be of different 365 size, this is also the case for ADUIs. 367 symbol length, E E E 368 < ------------------ >< ------------------ >< ------------------ > 369 +-+--+---------------------------------------------+-------------+ 370 |F| L| ADU | Pad | 371 +-+--+---------------------------------------------+-------------+ 373 Figure 1: ADUI Creation example (here 3 source symbols are created 374 for this ADUI). 376 Note that neither the initial 3 bytes nor the optional padding are 377 sent over the network. However, they are considered during FEC 378 encoding. It means that a receiver who lost a certain FEC source 379 packet (e.g., the UDP datagram containing this FEC source packet) 380 will be able to recover the ADUI if FEC decoding succeeds. Thanks to 381 the initial 3 bytes, this receiver will get rid of the padding (if 382 any) and identify the corresponding ADU flow. 384 3.3. Encoding Window Management 386 Source symbols and the corresponding ADUs are removed from the 387 encoding window: 389 o when the sliding encoding window has reached its maximum size, 390 ew_max_size. In that case the oldest symbol MUST be removed 391 before adding a new symbol, so that the current encoding window 392 size always remains inferior or equal to the maximum size: ew_size 393 <= ew_max_size; 394 o when an ADU has reached its maximum validity duration in case of a 395 real-time flow. When this happens, all source symbols 396 corresponding to the ADUI that expired SHOULD be removed from the 397 encoding window; 399 Source symbols are added to the sliding encoding window each time a 400 new ADU arrives, once the ADU to ADUI and then to source symbols 401 mapping has been performed (Section 3.2). The current size of the 402 encoding window, ew_size, is updated after adding new source symbols. 403 This process may require to remove old source symbols so that: 404 ew_size <= ew_max_size. 406 Note that a FEC codec may feature practical limits in the number of 407 source symbols in the encoding window (e.g., for computational 408 complexity reasons). This factor may further limit the ew_max_lat 409 value, in addition to the maximum FEC-related latency budget 410 (Section 3.1). 412 3.4. Pseudo-Random Number Generator 414 The RLC codes rely on the following Pseudo-Random Number Generator 415 (PRNG), identical to the PRNG used with LDPC-Staircase codes 416 ([RFC5170], section 5.7). 418 The Park-Miler "minimal standard" PRNG [PM88] MUST be used. It 419 defines a simple multiplicative congruential algorithm: Ij+1 = A * Ij 420 (modulo M), with the following choices: A = 7^^5 = 16807 and M = 421 2^^31 - 1 = 2147483647. A validation criteria of such a PRNG is the 422 following: if seed = 1, then the 10,000th value returned MUST be 423 equal to 1043618065. 425 Several implementations of this PRNG are known and discussed in the 426 literature. An optimized implementation of this algorithm, using 427 only 32-bit mathematics, and which does not require any division, can 428 be found in [rand31pmc]. It uses the Park and Miller algorithm 429 [PM88] with the optimization suggested by D. Carta in [CA90]. The 430 history behind this algorithm is detailed in [WI08]. Yet, any other 431 implementation of the PRNG algorithm that matches the above 432 validation criteria, like the ones detailed in [PM88], is 433 appropriate. 435 This PRNG produces, natively, a 31-bit value between 1 and 0x7FFFFFFE 436 (2^^31-2) inclusive. Since it is desired to scale the pseudo-random 437 number between 0 and maxv-1 inclusive, one must keep the most 438 significant bits of the value returned by the PRNG (the least 439 significant bits are known to be less random, and modulo-based 440 solutions should be avoided [PTVF92]). The following algorithm MUST 441 be used: 443 Input: 445 raw_value: random integer generated by the inner PRNG algorithm, 446 between 1 and 0x7FFFFFFE (2^^31-2) inclusive. 447 maxv: upper bound used during the scaling operation. 449 Output: 451 scaled_value: random integer between 0 and maxv-1 inclusive. 453 Algorithm: 455 scaled_value = (unsigned long) ((double)maxv * (double)raw_value / 456 (double)0x7FFFFFFF); 457 (NB: the above C type casting to unsigned long is equivalent to 458 using floor() with positive floating point values.) 460 In this document, pmms_rand(maxv) denotes the PRNG function that 461 implements the Park-Miller "minimal standard" algorithm, defined 462 above, and that scales the raw value between 0 and maxv-1 inclusive, 463 using the above scaling algorithm. 465 Additionally, the pmms_srand(seed) function must be provided to 466 enable the initialization of the PRNG with a seed before calling 467 pmms_rand(maxv) the first time. The seed is a 31-bit integer between 468 1 and 0x7FFFFFFE inclusive. In this specification, the seed is 469 restricted to a value between 1 and 0xFFFF inclusive, as this is the 470 Repair_Key 16-bit field value of the Repair FEC Payload ID 471 (Section 4.1.3). 473 3.5. Coding Coefficients Generation Function 475 The coding coefficients, used during the encoding process, are 476 generated at the RLC encoder by the following function each time a 477 new repair symbol needs to be produced: 479 480 /* 481 * Fills in the table of coding coefficients (of the right size) 482 * provided with the appropriate number of coding coefficients to 483 * use for the repair symbol key provided. 484 * 485 * (in) repair_key key associated to this repair symbol 486 * (in) cc_tab[] pointer to a table of the right size to store 487 * coding coefficients. All coefficients are 488 * stored as bytes, regardless of the m parameter, 489 * upon return of this function. 490 * (in) cc_nb[] number of entries in the table. This value is 491 * equal to the current encoding window size. 492 * (in) m Finite Field GF(2^^m) parameter. 493 * (out) returns an error code 494 */ 495 int generate_coding_coefficients (UINT16 repair_key, 496 UINT8 cc_tab[], 497 UINT16 cc_nb, 498 UINT8 m) 499 { 500 UINT32 i; 502 if (repair_key == 0) { 503 return SOMETHING_WENT_WRONG; 504 } 505 pmms_srand(repair_key); 506 if (m == 1) { 507 /* 0 is a valid coefficient value in binary GF */ 508 for (i = 0 ; i < cc_nb ; i ++) { 509 cc_tab[i] = (UINT8) pmms_rand(2); 510 } 511 } else { 512 /* coefficient 0 is avoided in non-binary GF to consider each 513 * source symbol */ 514 UINT32 maxv; 515 maxv = get_gf_size(); /* i.e., 16 if m=4 or 256 if m=8 */ 516 for (i = 0 ; i < cc_nb ; i ++) { 517 do { 518 cc_tab[i] = (UINT8) pmms_rand(maxv); 519 } while (cc_tab[i] == 0) 520 } 521 } 522 return EVERYTHING_IS_OKAY; 523 } 524 526 Figure 2: Coding Coefficients Generation Function pseudo-code 528 4. Sliding Window RLC FEC Scheme for Arbitrary ADU Flows 530 4.1. Formats and Codes 532 4.1.1. FEC Framework Configuration Information 534 The FEC Framework Configuration Information (or FFCI) includes 535 information that MUST be communicated between the sender and 536 receiver(s). More specifically, it enables the synchronization of 537 the FECFRAME sender and receiver instances. It includes both 538 mandatory elements and scheme-specific elements, as detailed below. 540 4.1.1.1. Mandatory Information 542 o FEC Encoding ID: the value assigned to this fully specified FEC 543 scheme MUST be XXXX, as assigned by IANA (Section 9). 545 When SDP is used to communicate the FFCI, this FEC Encoding ID is 546 carried in the 'encoding-id' parameter. 548 4.1.1.2. FEC Scheme-Specific Information 550 The FEC Scheme-Specific Information (FSSI) includes elements that are 551 specific to the present FEC scheme. More precisely: 553 Encoding symbol size (E): a non-negative integer that indicates the 554 size of each encoding symbol in bytes; 555 m parameter (m): the length of the elements in the finite field, in 556 bits, where m is equal to 1, 4 or 8; 558 These elements are required both by the sender (RLC encoder) and the 559 receiver(s) (RLC decoder). 561 When SDP is used to communicate the FFCI, this FEC scheme-specific 562 information is carried in the 'fssi' parameter in textual 563 representation as specified in [RFC6364]. For instance: 565 fssi=E:1400,m:8 567 If another mechanism requires the FSSI to be carried as an opaque 568 octet string (for instance, after a Base64 encoding), the encoding 569 format consists of the following 2 octets: 571 Encoding symbol length (E): 16-bit field. 572 m parameter (m): 8-bit field. 574 0 1 2 575 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 576 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 577 | Encoding Symbol Length (E) | m | 578 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 580 Figure 3: FSSI Encoding Format 582 4.1.2. Explicit Source FEC Payload ID 584 A FEC source packet MUST contain an Explicit Source FEC Payload ID 585 that is appended to the end of the packet as illustrated in Figure 4. 587 +--------------------------------+ 588 | IP Header | 589 +--------------------------------+ 590 | Transport Header | 591 +--------------------------------+ 592 | ADU | 593 +--------------------------------+ 594 | Explicit Source FEC Payload ID | 595 +--------------------------------+ 597 Figure 4: Structure of an FEC Source Packet with the Explicit Source 598 FEC Payload ID 600 More precisely, the Explicit Source FEC Payload ID is composed of the 601 following field (Figure 5): 603 Encoding Symbol ID (ESI) (32-bit field): this unsigned integer 604 identifies the first source symbol of the ADUI corresponding to 605 this FEC source packet. The ESI is incremented for each new 606 source symbol, and after reaching the maximum value (2^32-1), 607 wrapping to zero occurs. 609 0 1 2 3 610 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 611 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 612 | Encoding Symbol ID (ESI) | 613 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 615 Figure 5: Source FEC Payload ID Encoding Format 617 4.1.3. Repair FEC Payload ID 619 A FEC repair packet MUST contain a Repair FEC Payload ID that is 620 prepended to the repair symbol as illustrated in Figure 6. There can 621 be one or more repair symbols per FEC repair packet. When this is 622 the case, the number of repair symbols within this FEC repair packet 623 is easily deduced by comparing the known received FEC repair packet 624 size (equal to the UDP payload size when UDP is the underlying 625 transport protocol) and the symbol size, E, communicated in the FFCI. 626 When this is the case, all the repair symbols MUST have been 627 generated from the same encoding window. 629 +--------------------------------+ 630 | IP Header | 631 +--------------------------------+ 632 | Transport Header | 633 +--------------------------------+ 634 | Repair FEC Payload ID | 635 +--------------------------------+ 636 | Repair Symbol | 637 +--------------------------------+ 639 Figure 6: Structure of an FEC Repair Packet with the Repair FEC 640 Payload ID 642 More precisely, the Repair FEC Payload ID is composed of the 643 following fields (Figure 7): 645 Repair_Key (16-bit field): this unsigned integer is used as a seed 646 by the coefficient generation function (Section 3.5) in order to 647 generate the desired number of coding coefficients. Value 0 MUST 648 NOT be used. When a FEC repair packet contains several repair 649 symbols, this repair key value is that of the first repair symbol. 650 The remaining repair keys can be deduced by incrementing by 1 this 651 value, up to a maximum value of 65535 after which it loops back to 652 1 (note that 0 is not a valid value). 653 Number of Source Symbols in the Encoding Window, NSS (16-bit field): 655 this unsigned integer indicates the number of source symbols in 656 the encoding window when this repair symbol was generated. When a 657 FEC repair packet contains several repair symbols, this NSS value 658 applies to all of them; 659 ESI of first source symbol in encoding window, FSS_ESI (32-bit 660 field): 661 this unsigned integer indicates the ESI of the first source symbol 662 in the encoding window when this repair symbol was generated. 663 When a FEC repair packet contains several repair symbols, this 664 FSS_ESI value applies to all of them; 666 0 1 2 3 667 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 668 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 669 | Repair_Key | NSS (# source symbols in ew) | 670 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 671 | FSS_ESI | 672 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 674 Figure 7: Repair FEC Payload ID Encoding Format 676 4.1.4. Additional Procedures 678 The following procedure applies: 680 o The ESI of source symbols MUST start with value 0 for the first 681 source symbol and MUST be managed sequentially. Wrapping to zero 682 will happen after reaching the maximum 32-bit value. 684 5. FEC Code Specification 686 5.1. Encoding Side 688 This section provides a high level description of a Sliding Window 689 RLC encoder. 691 Whenever a new FEC repair packet is needed, the RLC encoder instance 692 first gathers the ew_size source symbols currently in the sliding 693 encoding window. Then it chooses a repair key, which can be a non 694 zero monotonically increasing integer value, incremented for each 695 repair symbol up to a maximum value of 65535 (as it is carried within 696 a 16-bit field) after which it loops back to 1 (indeed, being used as 697 a PRNG seed, value 0 is prohibited). This repair key is communicated 698 to the coefficient generation function (Section Section 3.5) in order 699 to generate ew_size coding coefficients. Finally, the FECFRAME 700 sender computes the repair symbol as a linear combination of the 701 ew_size source symbols using the ew_size coding coefficients. When E 702 is small and when there is an incentive to pack several repair 703 symbols within the same FEC Repair Packet, the appropriate number of 704 repair symbols are computed. The only constraint is to increment by 705 1 the repair key for each of them, keeping the same ew_size source 706 symbols, since only the first repair key will be carried in the 707 Repair FEC Payload ID. The FEC repair packet can then be sent. The 708 source versus repair FEC packet transmission order is out of scope of 709 this document and several approaches exist that are implementation 710 specific. 712 5.2. Decoding Side 714 This section provides a high level description of a Sliding Window 715 RLC decoder. 717 A FECFRAME receiver needs to maintain a linear system whose variables 718 are the received and lost source symbols. Upon receiving a FEC 719 repair packet, a receiver first extracts all the repair symbols it 720 contains (in case several repair symbols are packed together). For 721 each repair symbol, when at least one of the corresponding source 722 symbols it protects has been lost, the receiver adds an equation to 723 the linear system (or no equation if this repair packet does not 724 change the linear system rank). This equation of course re-uses the 725 ew_size coding coefficients that are computed by the same coefficient 726 generation function (Section Section 3.5), using the repair key and 727 encoding window descriptions carried in the Repair FEC Payload ID. 728 Whenever possible (i.e., when a sub-system covering one or more lost 729 source symbols is of full rank), decoding is performed in order to 730 recover lost source symbols. Each time an ADUI can be totally 731 recovered, it is assigned to the corresponding application flow 732 (thanks to the Flow ID (F) field of the ADUI) and padding (if any) 733 removed (thanks to the Length (L) field of the ADUI). This ADU is 734 finally passed to the corresponding upper application. Received FEC 735 source packets, containing an ADU, can be passed to the application 736 either immediately or after some time to guaranty an ordered delivery 737 to the application(s). This document does not mandate any approach 738 as this is an operational and management decision. 740 With real-time flows, a lost ADU that is decoded after the maximum 741 latency (or an ADU received far too late) should not be considered by 742 the application. Instead the associated source symbols should be 743 removed from the linear system maintained by the receiver(s). 744 Appendix A discusses a backward compatible optimization whereby those 745 late source symbols may still be useful to improve the global loss 746 recovery performance. 748 6. Implementation Status 750 Editor's notes: RFC Editor, please remove this section motivated by 751 RFC 6982 before publishing the RFC. Thanks. 753 An implementation of the Sliding Window RLC FEC Scheme for FECFRAME 754 exists: 756 o Organisation: Inria 757 o Description: This is an implementation of the Sliding Window RLC 758 FEC Scheme. It relies on a modified version of our OpenFEC 759 (http://openfec.org) FEC code library. It is integrated in our 760 FECFRAME software (see [fecframe-ext]). 761 o Maturity: prototype. 762 o Coverage: this software complies with the Sliding Window RLC FEC 763 Scheme (limited to m=8 as of June, 2017). 764 o Lincensing: proprietary. 765 o Contact: vincent.roca@inria.fr 767 7. Security Considerations 769 The FEC Framework document [RFC6363] provides a comprehensive 770 analysis of security considerations applicable to FEC schemes. 771 Therefore, the present section follows the security considerations 772 section of [RFC6363] and only discusses specific topics. 774 7.1. Attacks Against the Data Flow 776 7.1.1. Access to Confidential Content 778 The Sliding Window RLC FEC Scheme specified in this document does not 779 change the recommendations of [RFC6363]. To summarize, if 780 confidentiality is a concern, it is RECOMMENDED that one of the 781 solutions mentioned in [RFC6363] is used with special considerations 782 to the way this solution is applied (e.g., is encryption applied 783 before or after FEC protection, within the end-system or in a 784 middlebox) to the operational constraints (e.g., performing FEC 785 decoding in a protected environment may be complicated or even 786 impossible) and to the threat model. 788 7.1.2. Content Corruption 790 The Sliding Window RLC FEC Scheme specified in this document does not 791 change the recommendations of [RFC6363]. To summarize, it is 792 RECOMMENDED that one of the solutions mentioned in [RFC6363] is used 793 on both the FEC Source and Repair Packets. 795 7.2. Attacks Against the FEC Parameters 797 The FEC Scheme specified in this document defines parameters that can 798 be the basis of attacks. More specifically, the following parameters 799 of the FFCI may be modified by an attacker who only targets receivers 800 (Section 4.1.1.2): 802 o FEC Encoding ID: changing this parameter leads the receivers to 803 consider a different FEC Scheme, which enables an attacker to 804 create a Denial of Service (DoS); 805 o Encoding symbol length (E): setting this E parameter to a 806 different value will confuse the receivers and create a DoS. More 807 precisely, the FEC Repair Packets received will probably no longer 808 be multiple of E, leading receivers to reject them; 809 o m parameter: changing this parameter triggers a DoS since the 810 receivers will generate a different set of coding coefficients. 811 The recovered source symbols (and thereafter ADUs) will be 812 corrupted. 814 An attacker who only targets a sender will achieve the same results. 815 However if the attacker targets both sender and receivers at the same 816 time (the same wrong piece of information is communicated to 817 everybody), the results will be suboptimal but less severe. 819 It is therefore RECOMMENDED that security measures are taken to 820 guarantee the FFCI integrity, as specified in [RFC6363]. How to 821 achieve this depends on the way the FFCI is communicated from the 822 sender to the receiver, which is not specified in this document. 824 Similarly, attacks are possible against the Explicit Source FEC 825 Payload ID and Repair FEC Payload ID: by modifying the Encoding 826 Symbol ID (ESI), or the repair key, NSS or FSS_ESI. It is therefore 827 RECOMMENDED that security measures are taken to guarantee the FEC 828 Source and Repair Packets as stated in [RFC6363]. 830 7.3. When Several Source Flows are to be Protected Together 832 The Sliding Window RLC FEC Scheme specified in this document does not 833 change the recommendations of [RFC6363]. 835 7.4. Baseline Secure FEC Framework Operation 837 The Sliding Window RLC FEC Scheme specified in this document does not 838 change the recommendations of [RFC6363] concerning the use of the 839 IPsec/ESP security protocol as a mandatory to implement (but not 840 mandatory to use) security scheme. This is well suited to situations 841 where the only insecure domain is the one over which the FEC 842 Framework operates. 844 8. Operations and Management Considerations 846 The FEC Framework document [RFC6363] provides a comprehensive 847 analysis of operations and management considerations applicable to 848 FEC schemes. Therefore, the present section only discusses specific 849 topics. 851 8.1. Operational Recommendations: Finite Field Element Size (m 852 Parameter) 854 The present document requires that m equals 1 (binary case), 4 or 8. 855 It is expected that m = 8 will be mostly used since it warrants a 856 high loss protection. Additionally, elements in the finite field are 857 8 bits long, which makes read/write memory operations aligned on 858 bytes during encoding and decoding. 860 An alternative when one can accommodate a lower loss protection is 861 m = 4. Elements in the finite field are 4 bits long, so if 2 862 elements are accessed at a time, read/write memory operations are 863 aligned on bytes during encoding and decoding. 865 Finally, in particular when dealing with large encoding windows, an 866 alternative is m = 1. In that case operations symbols can be 867 directly XORed together which warrants high bitrate encoding and 868 decoding operations. 870 Since several values for the m parameter are possible, the use case 871 SHOULD define which value or values need to be supported. In any 872 case, any compliant implementation MUST support at least the default 873 m = 8 value. 875 9. IANA Considerations 877 This document registers one value in the "FEC Framework (FECFRAME) 878 FEC Encoding IDs" registry [RFC6363] as follows: 880 o XXX refers to the Sliding Window Random Linear Codes (RLC) FEC 881 Scheme for Arbitrary Packet Flows, as defined in Section XXX of 882 this document. 884 10. Acknowledgments 886 The authors would like to thank Belkacem Teibi (Inria) who in 887 particular implemented the RLC codec. The author would also like to 888 thank Marie-Jose Montpetit for her valuable feedbacks on this 889 document. 891 11. References 893 11.1. Normative References 895 [fecframe-ext] 896 Roca, V. and A. Begen, "Forward Error Correction (FEC) 897 Framework Extension to Sliding Window Codes", Transport 898 Area Working Group (TSVWG) draft-roca-tsvwg-fecframev2 899 (Work in Progress), June 2017, 900 . 902 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 903 Requirement Levels", BCP 14, RFC 2119, 904 DOI 10.17487/RFC2119, March 1997, 905 . 907 [RFC6363] Watson, M., Begen, A., and V. Roca, "Forward Error 908 Correction (FEC) Framework", RFC 6363, 909 DOI 10.17487/RFC6363, October 2011, 910 . 912 [RFC6364] Begen, A., "Session Description Protocol Elements for the 913 Forward Error Correction (FEC) Framework", RFC 6364, 914 DOI 10.17487/RFC6364, October 2011, 915 . 917 11.2. Informative References 919 [CA90] Carta, D., "Two Fast Implementations of the Minimal 920 Standard Random Number Generator", Communications of the 921 ACM, Vol. 33, No. 1, pp.87-88, January 1990. 923 [PM88] Park, S. and K. Miller, "Random Number Generators: Good 924 Ones are Hard to Find", Communications of the ACM, Vol. 925 31, No. 10, pp.1192-1201, 1988. 927 [PTVF92] Press, W., Teukolsky, S., Vetterling, W., and B. Flannery, 928 "Numerical Recipies in C; Second Edition", Cambridge 929 University Press, ISBN: 0-521-43108-5, 1992. 931 [rand31pmc] 932 Whittle, R., "31 bit pseudo-random number generator", 933 September 2005, . 936 [RFC5170] Roca, V., Neumann, C., and D. Furodet, "Low Density Parity 937 Check (LDPC) Staircase and Triangle Forward Error 938 Correction (FEC) Schemes", RFC 5170, DOI 10.17487/RFC5170, 939 June 2008, . 941 [RFC6726] Paila, T., Walsh, R., Luby, M., Roca, V., and R. Lehtonen, 942 "FLUTE - File Delivery over Unidirectional Transport", 943 RFC 6726, DOI 10.17487/RFC6726, November 2012, 944 . 946 [RFC6816] Roca, V., Cunche, M., and J. Lacan, "Simple Low-Density 947 Parity Check (LDPC) Staircase Forward Error Correction 948 (FEC) Scheme for FECFRAME", RFC 6816, 949 DOI 10.17487/RFC6816, December 2012, 950 . 952 [RFC6865] Roca, V., Cunche, M., Lacan, J., Bouabdallah, A., and K. 953 Matsuzono, "Simple Reed-Solomon Forward Error Correction 954 (FEC) Scheme for FECFRAME", RFC 6865, 955 DOI 10.17487/RFC6865, February 2013, 956 . 958 [Roca16] Roca, V., Teibi, B., Burdinat, C., Tran, T., and C. 959 Thienot, "Block or Convolutional AL-FEC Codes? A 960 Performance Comparison for Robust Low-Latency 961 Communications", Submitted for publication 962 https://hal.inria.fr/hal-01395937/en/, November 2016, < 963 https://hal.inria.fr/hal-01395937/en/>. 965 [WI08] Whittle, R., "Park-Miller-Carta Pseudo-Random Number 966 Generator", http://www.firstpr.com.au/dsp/rand31/, 967 January 2008, . 969 Appendix A. Decoding Beyond Maximum Latency Optimization 971 This annex introduces non normative considerations. They are 972 provided as suggestions, without any impact on interoperability. For 973 more information see [Roca16]. 975 It is possible to improve the decoding performance of sliding window 976 codes without impacting maximum latency, at the cost of extra CPU 977 overhead. The optimization consists, for a receiver, to extend the 978 linear system beyond the decoding window: 980 ls_max_size > dw_max_size 982 Usually the following choice is a good trade-off between decoding 983 performance and extra CPU overhead: 985 ls_max_size = 2 * dw_max_size 987 ls_max_size 988 /---------------------------------^-------------------------------\ 990 late source symbols 991 (pot. decoded but not delivered) dw_max_size 992 /--------------^-----------------\ /--------------^---------------\ 993 src0 src1 src2 src3 src4 src5 src6 src7 src8 src9 src10 src11 src12 995 Figure 8: Relationship between parameters to decode beyond maximum 996 latency. 998 It means that source symbols (and therefore ADUs) may be decoded even 999 if their transport protocol added latency exceeds the maximum value 1000 permitted by the application. It follows that these source symbols 1001 SHOULD NOT be delivered to the application and SHOULD be dropped once 1002 they are no longer needed. However, decoding these late symbols 1003 significantly improves the global robustness in bad reception 1004 conditions and is therefore recommended for receivers experiencing 1005 bad channels[Roca16]. In any case whether or not to use this 1006 facility and what exact value to use for the ls_max_size parameter 1007 are decisions made by each receiver independently, without any impact 1008 on others, neither the other receivers nor the source. 1010 Author's Address 1011 Vincent Roca 1012 INRIA 1013 Grenoble 1014 France 1016 EMail: vincent.roca@inria.fr