idnits 2.17.1 draft-ietf-tsvwg-rlc-fec-scheme-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 580 has weird spacing: '...air_key key...' == Line 1408 has weird spacing: '... value occ...' == Line 1442 has weird spacing: '... value min...' -- The document date (February 1, 2019) is 1904 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '0' on line 692 -- Looks like a reference, but probably isn't: '1' on line 692 Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TSVWG V. Roca 3 Internet-Draft B. Teibi 4 Intended status: Standards Track INRIA 5 Expires: August 5, 2019 February 1, 2019 7 Sliding Window Random Linear Code (RLC) Forward Erasure Correction (FEC) 8 Schemes for FECFRAME 9 draft-ietf-tsvwg-rlc-fec-scheme-11 11 Abstract 13 This document describes two fully-specified Forward Erasure 14 Correction (FEC) Schemes for Sliding Window Random Linear Codes 15 (RLC), one for RLC over the Galois Field (A.K.A. Finite Field) 16 GF(2), a second one for RLC over the Galois Field GF(2^^8), each time 17 with the possibility of controlling the code density. They can 18 protect arbitrary media streams along the lines defined by FECFRAME 19 extended to sliding window FEC codes, as defined in [fecframe-ext]. 20 These sliding window FEC codes rely on an encoding window that slides 21 over the source symbols, generating new repair symbols whenever 22 needed. Compared to block FEC codes, these sliding window FEC codes 23 offer key advantages with real-time flows in terms of reduced FEC- 24 related latency while often providing improved packet erasure 25 recovery capabilities. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at https://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on August 5, 2019. 44 Copyright Notice 46 Copyright (c) 2019 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (https://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 62 1.1. Limits of Block Codes with Real-Time Flows . . . . . . . 4 63 1.2. Lower Latency and Better Protection of Real-Time Flows 64 with the Sliding Window RLC Codes . . . . . . . . . . . . 4 65 1.3. Small Transmission Overheads with the Sliding Window RLC 66 FEC Scheme . . . . . . . . . . . . . . . . . . . . . . . 5 67 1.4. Document Organization . . . . . . . . . . . . . . . . . . 6 68 2. Definitions and Abbreviations . . . . . . . . . . . . . . . . 6 69 3. Common Procedures . . . . . . . . . . . . . . . . . . . . . . 7 70 3.1. Codec Parameters . . . . . . . . . . . . . . . . . . . . 7 71 3.2. ADU, ADUI and Source Symbols Mappings . . . . . . . . . . 9 72 3.3. Encoding Window Management . . . . . . . . . . . . . . . 10 73 3.4. Source Symbol Identification . . . . . . . . . . . . . . 11 74 3.5. Pseudo-Random Number Generator (PRNG) . . . . . . . . . . 11 75 3.6. Coding Coefficients Generation Function . . . . . . . . . 12 76 3.7. Finite Fields Operations . . . . . . . . . . . . . . . . 15 77 3.7.1. Finite Field Definitions . . . . . . . . . . . . . . 15 78 3.7.2. Linear Combination of Source Symbols Computation . . 15 79 4. Sliding Window RLC FEC Scheme over GF(2^^8) for Arbitrary 80 Packet Flows . . . . . . . . . . . . . . . . . . . . . . . . 16 81 4.1. Formats and Codes . . . . . . . . . . . . . . . . . . . . 16 82 4.1.1. FEC Framework Configuration Information . . . . . . . 16 83 4.1.2. Explicit Source FEC Payload ID . . . . . . . . . . . 17 84 4.1.3. Repair FEC Payload ID . . . . . . . . . . . . . . . . 18 85 4.2. Procedures . . . . . . . . . . . . . . . . . . . . . . . 19 86 5. Sliding Window RLC FEC Scheme over GF(2) for Arbitrary Packet 87 Flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 88 5.1. Formats and Codes . . . . . . . . . . . . . . . . . . . . 20 89 5.1.1. FEC Framework Configuration Information . . . . . . . 20 90 5.1.2. Explicit Source FEC Payload ID . . . . . . . . . . . 20 91 5.1.3. Repair FEC Payload ID . . . . . . . . . . . . . . . . 20 92 5.2. Procedures . . . . . . . . . . . . . . . . . . . . . . . 20 93 6. FEC Code Specification . . . . . . . . . . . . . . . . . . . 20 94 6.1. Encoding Side . . . . . . . . . . . . . . . . . . . . . . 20 95 6.2. Decoding Side . . . . . . . . . . . . . . . . . . . . . . 21 96 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 22 97 8. Security Considerations . . . . . . . . . . . . . . . . . . . 22 98 8.1. Attacks Against the Data Flow . . . . . . . . . . . . . . 23 99 8.1.1. Access to Confidential Content . . . . . . . . . . . 23 100 8.1.2. Content Corruption . . . . . . . . . . . . . . . . . 23 101 8.2. Attacks Against the FEC Parameters . . . . . . . . . . . 23 102 8.3. When Several Source Flows are to be Protected Together . 25 103 8.4. Baseline Secure FEC Framework Operation . . . . . . . . . 25 104 8.5. Additional Security Considerations for Numerical 105 Computations . . . . . . . . . . . . . . . . . . . . . . 25 106 9. Operations and Management Considerations . . . . . . . . . . 25 107 9.1. Operational Recommendations: Finite Field GF(2) Versus 108 GF(2^^8) . . . . . . . . . . . . . . . . . . . . . . . . 25 109 9.2. Operational Recommendations: Coding Coefficients Density 110 Threshold . . . . . . . . . . . . . . . . . . . . . . . . 26 111 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26 112 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 113 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 27 114 12.1. Normative References . . . . . . . . . . . . . . . . . . 27 115 12.2. Informative References . . . . . . . . . . . . . . . . . 28 116 Appendix A. TinyMT32 Validation Criteria (Normative) . . . . . . 30 117 Appendix B. Assessing the PRNG Adequacy (Informational) . . . . 31 118 Appendix C. Possible Parameter Derivation (Informational) . . . 33 119 C.1. Case of a CBR Real-Time Flow . . . . . . . . . . . . . . 34 120 C.2. Other Types of Real-Time Flow . . . . . . . . . . . . . . 36 121 C.3. Case of a Non Real-Time Flow . . . . . . . . . . . . . . 37 122 Appendix D. Decoding Beyond Maximum Latency Optimization 123 (Informational) . . . . . . . . . . . . . . . . . . 37 124 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 38 126 1. Introduction 128 Application-Level Forward Erasure Correction (AL-FEC) codes, or 129 simply FEC codes, are a key element of communication systems. They 130 are used to recover from packet losses (or erasures) during content 131 delivery sessions to a potentially large number of receivers 132 (multicast/broadcast transmissions). This is the case with the 133 FLUTE/ALC protocol [RFC6726] when used for reliable file transfers 134 over lossy networks, and the FECFRAME protocol when used for reliable 135 continuous media transfers over lossy networks. 137 The present document only focuses on the FECFRAME protocol, used in 138 multicast/broadcast delivery mode, in particular for contents that 139 feature stringent real-time constraints: each source packet has a 140 maximum validity period after which it will not be considered by the 141 destination application. 143 1.1. Limits of Block Codes with Real-Time Flows 145 With FECFRAME, there is a single FEC encoding point (either a end- 146 host/server (source) or a middlebox) and a single FEC decoding point 147 per receiver (either a end-host (receiver) or middlebox). In this 148 context, currently standardized AL-FEC codes for FECFRAME like Reed- 149 Solomon [RFC6865], LDPC-Staircase [RFC6816], or Raptor/RaptorQ, are 150 all linear block codes: they require the data flow to be segmented 151 into blocks of a predefined maximum size. 153 To define this block size, it is required to find an appropriate 154 balance between robustness and decoding latency: the larger the block 155 size, the higher the robustness (e.g., in case of long packet erasure 156 bursts), but also the higher the maximum decoding latency (i.e., the 157 maximum time required to recover a lost (erased) packet thanks to FEC 158 protection). Therefore, with a multicast/broadcast session where 159 different receivers experience different packet loss rates, the block 160 size should be chosen by considering the worst communication 161 conditions one wants to support, but without exceeding the desired 162 maximum decoding latency. This choice then impacts the FEC-related 163 latency of all receivers, even those experiencing a good 164 communication quality, since no FEC encoding can happen until all the 165 source data of the block is available at the sender, which directly 166 depends on the block size. 168 1.2. Lower Latency and Better Protection of Real-Time Flows with the 169 Sliding Window RLC Codes 171 This document introduces two fully-specified FEC Schemes that do not 172 follow the block code approach: the Sliding Window Random Linear 173 Codes (RLC) over either Galois Fields (A.K.A. Finite Fields) GF(2) 174 (the "binary case") or GF(2^^8), each time with the possibility of 175 controlling the code density. These FEC Schemes are used to protect 176 arbitrary media streams along the lines defined by FECFRAME extended 177 to sliding window FEC codes [fecframe-ext]. These FEC Schemes, and 178 more generally Sliding Window FEC codes, are recommended for 179 instance, with media that feature real-time constraints sent within a 180 multicast/broadcast session [Roca17]. 182 The RLC codes belong to the broad class of sliding-window AL-FEC 183 codes (A.K.A. convolutional codes) [RFC8406]. The encoding process 184 is based on an encoding window that slides over the set of source 185 packets (in fact source symbols as we will see in Section 3.2), this 186 window being either of fixed size or variable size (A.K.A. an elastic 187 window). Repair symbols are generated on-the-fly, by computing a 188 random linear combination of the source symbols present in the 189 current encoding window, and passed to the transport layer. 191 At the receiver, a linear system is managed from the set of received 192 source and repair packets. New variables (representing source 193 symbols) and equations (representing the linear combination carried 194 by each repair symbol received) are added upon receiving new packets. 195 Variables and the equations they are involved in are removed when 196 they are too old with respect to their validity period (real-time 197 constraints) . Lost source symbols are then recovered thanks to this 198 linear system whenever its rank permits to solve it (at least 199 partially). 201 The protection of any multicast/broadcast session needs to be 202 dimensioned by considering the worst communication conditions one 203 wants to support. This is also true with RLC (more generally any 204 sliding window) code. However, the receivers experiencing a good to 205 medium communication quality will observe a reduced FEC-related 206 latency compared to block codes [Roca17] since an isolated lost 207 source packet is quickly recovered with the following repair packet. 208 On the opposite, with a block code, recovering an isolated lost 209 source packet always requires waiting for the first repair packet to 210 arrive after the end of the block. Additionally, under certain 211 situations (e.g., with a limited FEC-related latency budget and with 212 constant bitrate transmissions after FECFRAME encoding), sliding 213 window codes can more efficiently achieve a target transmission 214 quality (e.g., measured by the residual loss after FEC decoding) by 215 sending fewer repair packets (i.e., higher code rate) than block 216 codes. 218 1.3. Small Transmission Overheads with the Sliding Window RLC FEC 219 Scheme 221 The Sliding Window RLC FEC Scheme is designed to limit the packet 222 header overhead. The main requirement is that each repair packet 223 header must enable a receiver to reconstruct the set of source 224 symbols plus the associated coefficients used during the encoding 225 process. In order to minimize packet overhead, the set of source 226 symbols in the encoding window as well as the set of coefficients 227 over GF(2^^m) (where m is 1 or 8, depending on the FEC Scheme) used 228 in the linear combination are not individually listed in the repair 229 packet header. Instead, each FEC Repair Packet header contains: 231 o the Encoding Symbol Identifier (ESI) of the first source symbol in 232 the encoding window as well as the number of symbols (since this 233 number may vary with a variable size, elastic window). These two 234 pieces of information enable each receiver to reconstruct the set 235 of source symbols considered during encoding, the only constraint 236 being that there cannot be any gap; 237 o the seed and density threshold parameters used by a coding 238 coefficients generation function (Section 3.6). These two pieces 239 of information enable each receiver to generate the same set of 240 coding coefficients over GF(2^^m) as the sender; 242 Therefore, no matter the number of source symbols present in the 243 encoding window, each FEC Repair Packet features a fixed 64-bit long 244 header, called Repair FEC Payload ID (Figure 8). Similarly, each FEC 245 Source Packet features a fixed 32-bit long trailer, called Explicit 246 Source FEC Payload ID (Figure 6), that contains the ESI of the first 247 source symbol (Section 3.2). 249 1.4. Document Organization 251 This fully-specified FEC Scheme follows the structure required by 252 [RFC6363], section 5.6. "FEC Scheme Requirements", namely: 254 3. Procedures: This section describes procedures specific to this 255 FEC Scheme, namely: RLC parameters derivation, ADUI and source 256 symbols mapping, pseudo-random number generator, and coding 257 coefficients generation function; 258 4. Formats and Codes: This section defines the Source FEC Payload 259 ID and Repair FEC Payload ID formats, carrying the signalling 260 information associated to each source or repair symbol. It also 261 defines the FEC Framework Configuration Information (FFCI) 262 carrying signalling information for the session; 263 5. FEC Code Specification: Finally this section provides the code 264 specification. 266 2. Definitions and Abbreviations 268 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 269 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 270 "OPTIONAL" in this document are to be interpreted as described in BCP 271 14 [RFC2119] [RFC8174] when, and only when, they appear in all 272 capitals, as shown here. 274 This document uses the following definitions and abbreviations: 276 a^^b a to the power of b 277 GF(q) denotes a finite field (also known as the Galois Field) with q 278 elements. We assume that q = 2^^m in this document 279 m defines the length of the elements in the finite field, in bits. 280 In this document, m is equal to 1 or 8 281 ADU: Application Data Unit 282 ADUI: Application Data Unit Information (includes the F, L and 283 padding fields in addition to the ADU) 284 E: size of an encoding symbol (i.e., source or repair symbol), 285 assumed fixed (in bytes) 287 br_in: transmission bitrate at the input of the FECFRAME sender, 288 assumed fixed (in bits/s) 289 br_out: transmission bitrate at the output of the FECFRAME sender, 290 assumed fixed (in bits/s) 291 max_lat: maximum FEC-related latency within FECFRAME (a decimal 292 number expressed in seconds) 293 cr: RLC coding rate, ratio between the total number of source 294 symbols and the total number of source plus repair symbols 295 ew_size: encoding window current size at a sender (in symbols) 296 ew_max_size: encoding window maximum size at a sender (in symbols) 297 dw_max_size: decoding window maximum size at a receiver (in symbols) 298 ls_max_size: linear system maximum size (or width) at a receiver (in 299 symbols) 300 WSR: window size ratio parameter used to derive ew_max_size 301 (encoder) and ls_max_size (decoder). 302 PRNG: pseudo-random number generator 303 TinyMT32: PRNG used in this specification. 304 DT: coding coefficients density threshold, an integer between 0 and 305 15 (inclusive) the controls the fraction of coefficients that are 306 non zero 308 3. Common Procedures 310 This section introduces the procedures that are used by these FEC 311 Schemes. 313 3.1. Codec Parameters 315 A codec implementing the Sliding Window RLC FEC Scheme relies on 316 several parameters: 318 Maximum FEC-related latency budget, max_lat (a decimal number 319 expressed in seconds) with real-time flows: 320 a source ADU flow can have real-time constraints, and therefore 321 any FECFRAME related operation should take place within the 322 validity period of each ADU (Appendix D describes an exception to 323 this rule). When there are multiple flows with different real- 324 time constraints, we consider the most stringent constraints (see 325 [RFC6363], Section 10.2, item 6, for recommendations when several 326 flows are globally protected). The maximum FEC-related latency 327 budget, max_lat, accounts for all sources of latency added by FEC 328 encoding (at a sender) and FEC decoding (at a receiver). Other 329 sources of latency (e.g., added by network communications) are out 330 of scope and must be considered separately (said differently, they 331 have already been deducted from max_lat). max_lat can be regarded 332 as the latency budget permitted for all FEC-related operations. 333 This is an input parameter that enables a FECFRAME sender to 334 derive other internal parameters (see Appendix C); 336 Encoding window current (resp. maximum) size, ew_size (resp. 337 ew_max_size) (in symbols): 338 at a FECFRAME sender, during FEC encoding, a repair symbol is 339 computed as a linear combination of the ew_size source symbols 340 present in the encoding window. The ew_max_size is the maximum 341 size of this window, while ew_size is the current size. For 342 instance, at session start, upon receiving new source ADUs, the 343 ew_size progressively increases until it reaches its maximum 344 value, ew_max_size. We have: 346 0 < ew_size <= ew_max_size 347 Decoding window maximum size, dw_max_size (in symbols): at a 348 FECFRAME receiver, dw_max_size is the maximum number of received 349 or lost source symbols that are still within their latency budget; 350 Linear system maximum size, ls_max_size (in symbols): at a FECFRAME 351 receiver, the linear system maximum size, ls_max_size, is the 352 maximum number of received or lost source symbols in the linear 353 system (i.e., the variables). It SHOULD NOT be smaller than 354 dw_max_size since it would mean that, even after receiving a 355 sufficient number of FEC Repair Packets, a lost ADU may not be 356 recovered just because the associated source symbols have been 357 prematurely removed from the linear system, which is usually 358 counter-productive. On the opposite, the linear system MAY grow 359 beyond the dw_max_size (Appendix D); 360 Symbol size, E (in bytes): the E parameter determines the source and 361 repair symbol sizes (necessarily equal). This is an input 362 parameter that enables a FECFRAME sender to derive other internal 363 parameters, as explained below. An implementation at a sender 364 MUST fix the E parameter and MUST communicate it as part of the 365 FEC Scheme-Specific Information (Section 4.1.1.2). 366 Code rate, cr: The code rate parameter determines the amount of 367 redundancy added to the flow. More precisely the cr is the ratio 368 between the total number of source symbols and the total number of 369 source plus repair symbols and by definition: 0 < cr <= 1. This 370 is an input parameter that enables a FECFRAME sender to derive 371 other internal parameters, as explained below. However, there is 372 no need to communicate the cr parameter per see (it's not required 373 to process a repair symbol at a receiver). This code rate 374 parameter can be static. However, in specific use-cases (e.g., 375 with unicast transmissions in presence of a feedback mechanism 376 that estimates the communication quality, out of scope of 377 FECFRAME), the code rate may be adjusted dynamically. 379 Appendix C proposes non normative technics to derive those 380 parameters, depending on the use-case specificities. 382 3.2. ADU, ADUI and Source Symbols Mappings 384 At a sender, an ADU coming from the application is not directly 385 mapped to source symbols. When multiple source flows (e.g., media 386 streams) are mapped onto the same FECFRAME instance, each flow is 387 assigned its own Flow ID value (see below). This Flow ID is then 388 prepended to each ADU before FEC encoding. This way, FEC decoding at 389 a receiver also recovers this Flow ID and the recovered ADU can be 390 assigned to the right source flow (note that the 5-tuple used to 391 identify the right source flow of a received ADU is absent with a 392 recovered ADU since it is not FEC protected). 394 Additionally, since ADUs are of variable size, padding is needed so 395 that each ADU (with its flow identifier) contribute to an integral 396 number of source symbols. This requires adding the original ADU 397 length to each ADU before doing FEC encoding. Because of these 398 requirements, an intermediate format, the ADUI, or ADU Information, 399 is considered [RFC6363]. 401 For each incoming ADU, an ADUI MUST created as follows. First of 402 all, 3 bytes are prepended (Figure 1): 404 Flow ID (F) (8-bit field): this unsigned byte contains the integer 405 identifier associated to the source ADU flow to which this ADU 406 belongs. It is assumed that a single byte is sufficient, which 407 implies that no more than 256 flows will be protected by a single 408 FECFRAME session instance. 409 Length (L) (16-bit field): this unsigned integer contains the length 410 of this ADU, in network byte order (i.e., big endian). This 411 length is for the ADU itself and does not include the F, L, or Pad 412 fields. 414 Then, zero padding is added to the ADU if needed: 416 Padding (Pad) (variable size field): this field contains zero 417 padding to align the F, L, ADU and padding up to a size that is 418 multiple of E bytes (i.e., the source and repair symbol length). 420 The data unit resulting from the ADU and the F, L, and Pad fields is 421 called ADUI. Since ADUs can have different sizes, this is also the 422 case for ADUIs. However, an ADUI always contributes to an integral 423 number of source symbols. 425 symbol length, E E E 426 < ------------------ >< ------------------ >< ------------------ > 427 +-+--+---------------------------------------------+-------------+ 428 |F| L| ADU | Pad | 429 +-+--+---------------------------------------------+-------------+ 431 Figure 1: ADUI Creation example (here 3 source symbols are created 432 for this ADUI). 434 Note that neither the initial 3 bytes nor the optional padding are 435 sent over the network. However, they are considered during FEC 436 encoding, and a receiver who lost a certain FEC Source Packet (e.g., 437 the UDP datagram containing this FEC Source Packet when UDP is used 438 as the transport protocol) will be able to recover the ADUI if FEC 439 decoding succeeds. Thanks to the initial 3 bytes, this receiver will 440 get rid of the padding (if any) and identify the corresponding ADU 441 flow. 443 3.3. Encoding Window Management 445 Source symbols and the corresponding ADUs are removed from the 446 encoding window: 448 o when the sliding encoding window has reached its maximum size, 449 ew_max_size. In that case the oldest symbol MUST be removed 450 before adding a new symbol, so that the current encoding window 451 size always remains inferior or equal to the maximum size: ew_size 452 <= ew_max_size; 453 o when an ADU has reached its maximum validity duration in case of a 454 real-time flow. When this happens, all source symbols 455 corresponding to the ADUI that expired SHOULD be removed from the 456 encoding window; 458 Source symbols are added to the sliding encoding window each time a 459 new ADU arrives, once the ADU-to-source symbols mapping has been 460 performed (Section 3.2). The current size of the encoding window, 461 ew_size, is updated after adding new source symbols. This process 462 may require to remove old source symbols so that: ew_size <= 463 ew_max_size. 465 Note that a FEC codec may feature practical limits in the number of 466 source symbols in the encoding window (e.g., for computational 467 complexity reasons). This factor may further limit the ew_max_size 468 value, in addition to the maximum FEC-related latency budget 469 (Section 3.1). 471 3.4. Source Symbol Identification 473 Each source symbol is identified by an Encoding Symbol ID (ESI), an 474 unsigned integer. The ESI of source symbols MUST start with value 0 475 for the first source symbol and MUST be managed sequentially. 476 Wrapping to zero happens after reaching the maximum value made 477 possible by the ESI field size (this maximum value is FEC Scheme 478 dependant, for instance, 2^32-1 with FEC Schemes XXX and YYY). 480 No such consideration applies to repair symbols. 482 3.5. Pseudo-Random Number Generator (PRNG) 484 In order to compute coding coefficients (see Section 3.6), the RLC 485 FEC Schemes rely on the TinyMT32 PRNG defined in [tinymt32] with two 486 additional functions defined in this section. 488 This PRNG MUST first be initialized with a 32-bit unsigned integer, 489 used as a seed, with: 491 void tinymt32_init (tinymt32_t * s, uint32_t seed); 493 With the FEC Schemes defined in this document, the seed is in 494 practice restricted to a value between 0 and 0xFFFF inclusive (note 495 that this PRNG accepts a seed value equal to 0), since this is the 496 Repair_Key 16-bit field value of the Repair FEC Payload ID 497 (Section 4.1.3). In addition to the seed, this function takes as 498 parameter a pointer to an instance of a tinymt32_t structure that is 499 used to keep the internal state of the PRNG. 501 Then, each time a new pseudo-random integer between 0 and 15 502 inclusive (4-bit pseudo-random integer) is needed, the following 503 function is used: 505 uint32_t tinymt32_rand16 (tinymt32_t * s); 507 This function takes as parameter a pointer to the same tinymt32_t 508 structure (that is left unchanged between successive calls to the 509 function). 511 Similarly, each time a new pseudo-random integer between 0 and 255 512 inclusive (8-bit pseudo-random integer) is needed, the following 513 function is used: 515 uint32_t tinymt32_rand256 (tinymt32_t * s); 517 These two functions keep respectively the 4 or 8 less significant 518 bits of the 32-bit pseudo-random number generated by the 519 tinymt32_generate_uint32() function of [tinymt32]. Test results 520 discussed in Appendix B show that this simple technique, applied to 521 this PRNG, is in line with the RLC FEC Schemes needs. 523 524 /** 525 * This function outputs a pseudo-random integer in [0 .. 15] range. 526 * 527 * @param s pointer to tinymt internal state. 528 * @return unsigned integer between 0 and 15 inclusive. 529 */ 530 uint32_t tinymt32_rand16(tinymt32_t *s) 531 { 532 return (tinymt32_generate_uint32(s) & 0xF); 533 } 535 /** 536 * This function outputs a pseudo-random integer in [0 .. 255] range. 537 * 538 * @param s pointer to tinymt internal state. 539 * @return unsigned integer between 0 and 255 inclusive. 540 */ 541 uint32_t tinymt32_rand256(tinymt32_t *s) 542 { 543 return (tinymt32_generate_uint32(s) & 0xFF); 544 } 545 547 Figure 2: 4-bit and 8-bit mapping functions for TinyMT32 549 Any implementation of this PRNG MUST fulfil three validation 550 criteria, the one described in [tinymt32] (for the TinyMT32 32-bit 551 unsigned integer generator) and the two ones detailed in Appendix A 552 (for the mapping to 4-bit and 8-bit intervals). Because of the way 553 the mapping functions work, it is unlikely that an implementation 554 that fulfils the first criteria fails to fulfil the two additional 555 ones. 557 3.6. Coding Coefficients Generation Function 559 The coding coefficients, used during the encoding process, are 560 generated at the RLC encoder by the generate_coding_coefficients() 561 function each time a new repair symbol needs to be produced. The 562 fraction of coefficients that are non zero (i.e., the density) is 563 controlled by the DT (Density Threshold) parameter. DT has values 564 between 0 (the minimum value) and 15 (the maximum value), and the 565 average probability of having a non zero coefficient equals (DT + 1) 566 / 16. In particular, when DT equals 15 the function guaranties that 567 all coefficients are non zero (i.e., maximum density). 569 These considerations apply to both the RLC over GF(2) and RLC over 570 GF(2^^8), the only difference being the value of the m parameter. 571 With the RLC over GF(2) FEC Scheme (Section 5), m is equal to 1. 572 With RLC over GF(2^^8) FEC Scheme (Section 4), m is equal to 8. 574 575 /* 576 * Fills in the table of coding coefficients (of the right size) 577 * provided with the appropriate number of coding coefficients to 578 * use for the repair symbol key provided. 579 * 580 * (in) repair_key key associated to this repair symbol. This 581 * parameter is ignored (useless) if m=1 and dt=15 582 * (in/out) cc_tab[] pointer to a table of the right size to store 583 * coding coefficients. All coefficients are 584 * stored as bytes, regardless of the m parameter, 585 * upon return of this function. 586 * (in) cc_nb number of entries in the table. This value is 587 * equal to the current encoding window size. 588 * (in) dt integer between 0 and 15 (inclusive) that 589 * controls the density. With value 15, all 590 * coefficients are guaranteed to be non zero 591 * (i.e. equal to 1 with GF(2) and equal to a 592 * value in {1,... 255} with GF(2^^8)), otherwise 593 * a fraction of them will be 0. 594 * (in) m Finite Field GF(2^^m) parameter. In this 595 * document only values 1 and 8 are considered. 596 * (out) returns 0 in case of success, an error code 597 * different than 0 otherwise. 598 */ 599 int generate_coding_coefficients (uint16_t repair_key, 600 uint8_t cc_tab[], 601 uint16_t cc_nb, 602 uint8_t dt, 603 uint8_t m) 604 { 605 uint32_t i; 606 tinymt32_t s; /* PRNG internal state */ 608 if (dt > 15) { 609 return -1; /* error, bad dt parameter */ 610 } 611 switch (m) { 612 case 1: 613 if (dt == 15) { 614 /* all coefficients are 1 */ 615 memset(cc_tab, 1, cc_nb); 616 } else { 617 /* here coefficients are either 0 or 1 */ 618 tinymt32_init(&s, repair_key); 619 for (i = 0 ; i < cc_nb ; i++) { 620 cc_tab[i] = (tinymt32_rand16(&s) <= dt) ? 1 : 0; 621 } 622 } 623 break; 625 case 8: 626 tinymt32_init(&s, repair_key); 627 if (dt == 15) { 628 /* coefficient 0 is avoided here in order to include 629 * all the source symbols */ 630 for (i = 0 ; i < cc_nb ; i++) { 631 do { 632 cc_tab[i] = (uint8_t) tinymt32_rand256(&s); 633 } while (cc_tab[i] == 0); 634 } 635 } else { 636 /* here a certain number of coefficients should be 0 */ 637 for (i = 0 ; i < cc_nb ; i++) { 638 if (tinymt32_rand16(&s) <= dt) { 639 do { 640 cc_tab[i] = (uint8_t) tinymt32_rand256(&s); 641 } while (cc_tab[i] == 0); 642 } else { 643 cc_tab[i] = 0; 644 } 645 } 646 } 647 break; 649 default: 650 return -2; /* error, bad parameter m */ 651 } 652 return 0 /* success */ 653 } 654 656 Figure 3: Coding Coefficients Generation Function Reference 657 Implementation 659 3.7. Finite Fields Operations 661 3.7.1. Finite Field Definitions 663 The two RLC FEC Schemes specified in this document reuse the Finite 664 Fields defined in [RFC5510], section 8.1. More specifically, the 665 elements of the field GF(2^^m) are represented by polynomials with 666 binary coefficients (i.e., over GF(2)) and degree lower or equal to 667 m-1. The addition between two elements is defined as the addition of 668 binary polynomials in GF(2), which is equivalent to a bitwise XOR 669 operation on the binary representation of these elements. 671 With GF(2^^8), multiplication between two elements is the 672 multiplication modulo a given irreducible polynomial of degree 8. 673 The following irreducible polynomial MUST be used for GF(2^^8): 675 x^^8 + x^^4 + x^^3 + x^^2 + 1 677 With GF(2), multiplication corresponds to a logical AND operation. 679 3.7.2. Linear Combination of Source Symbols Computation 681 The two RLC FEC Schemes require the computation of a linear 682 combination of source symbols, using the coding coefficients produced 683 by the generate_coding_coefficients() function and stored in the 684 cc_tab[] array. 686 With the RLC over GF(2^^8) FEC Scheme, a linear combination of the 687 ew_size source symbol present in the encoding window, say src_0 to 688 src_ew_size_1, in order to generate a repair symbol, is computed as 689 follows. For each byte of position i in each source and the repair 690 symbol, where i belongs to {0; E-1}, compute: 692 repair[i] = cc_tab[0] * src_0[i] XOR cc_tab[1] * src_1[i] XOR ... 693 XOR cc_tab[ew_size - 1] * src_ew_size_1[i] 695 where * is the multiplication over GF(2^^8). In practice various 696 optimizations need to be used in order to make this computation 697 efficient (see in particular [PGM13]). 699 With the RLC over GF(2) FEC Scheme (binary case), a linear 700 combination is computed as follows. The repair symbol is the XOR sum 701 of all the source symbols corresponding to a coding coefficient 702 cc_tab[j] equal to 1 (i.e., the source symbols corresponding to zero 703 coding coefficients are ignored). The XOR sum of the byte of 704 position i in each source is computed and stored in the corresponding 705 byte of the repair symbol, where i belongs to {0; E-1}. In practice, 706 the XOR sums will be computed several bytes at a time (e.g., on 64 707 bit words, or on arrays of 16 or more bytes when using SIMD CPU 708 extensions). 710 With both FEC Schemes, the details of how to optimize the computation 711 of these linear combinations are of high practical importance but out 712 of scope of this document. 714 4. Sliding Window RLC FEC Scheme over GF(2^^8) for Arbitrary Packet 715 Flows 717 This fully-specified FEC Scheme defines the Sliding Window Random 718 Linear Codes (RLC) over GF(2^^8). 720 4.1. Formats and Codes 722 4.1.1. FEC Framework Configuration Information 724 Following the guidelines of [RFC6363], section 5.6, this section 725 provides the FEC Framework Configuration Information (or FFCI). This 726 FCCI needs to be shared (e.g., using SDP) between the FECFRAME sender 727 and receiver instances in order to synchronize them. It includes a 728 FEC Encoding ID, mandatory for any FEC Scheme specification, plus 729 scheme-specific elements. 731 4.1.1.1. FEC Encoding ID 733 o FEC Encoding ID: the value assigned to this fully specified FEC 734 Scheme MUST be XXXX, as assigned by IANA (Section 10). 736 When SDP is used to communicate the FFCI, this FEC Encoding ID is 737 carried in the 'encoding-id' parameter. 739 4.1.1.2. FEC Scheme-Specific Information 741 The FEC Scheme-Specific Information (FSSI) includes elements that are 742 specific to the present FEC Scheme. More precisely: 744 Encoding symbol size (E): a non-negative integer that indicates the 745 size of each encoding symbol in bytes; 746 Window Size Ratio (WSR) parameter: a non-negative integer between 0 747 and 255 (both inclusive) used to initialize window sizes. A value 748 of 0 indicates this parameter is not considered (e.g., a fixed 749 encoding window size may be chosen). A value between 1 and 255 750 inclusive is required by certain of the parameter derivation 751 techniques described in Appendix C; 753 This element is required both by the sender (RLC encoder) and the 754 receiver(s) (RLC decoder). 756 When SDP is used to communicate the FFCI, this FEC Scheme-specific 757 information is carried in the 'fssi' parameter in textual 758 representation as specified in [RFC6364]. For instance: 760 fssi=E:1400,WSR:191 762 In that case the name values "E" and "WSR" are used to convey the E 763 and WSR parameters respectively. 765 If another mechanism requires the FSSI to be carried as an opaque 766 octet string, the encoding format consists of the following three 767 octets, where the E field is carried in "big-endian" or "network 768 order" format, that is, most significant byte first: 770 Encoding symbol length (E): 16-bit field; 771 Window Size Ratio Parameter (WSR): 8-bit field. 773 These three octets can be communicated as such, or for instance, be 774 subject to an additional Base64 encoding. 776 0 1 2 777 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 778 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 779 | Encoding Symbol Length (E) | WSR | 780 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 782 Figure 4: FSSI Encoding Format 784 4.1.2. Explicit Source FEC Payload ID 786 A FEC Source Packet MUST contain an Explicit Source FEC Payload ID 787 that is appended to the end of the packet as illustrated in Figure 5. 789 +--------------------------------+ 790 | IP Header | 791 +--------------------------------+ 792 | Transport Header | 793 +--------------------------------+ 794 | ADU | 795 +--------------------------------+ 796 | Explicit Source FEC Payload ID | 797 +--------------------------------+ 799 Figure 5: Structure of an FEC Source Packet with the Explicit Source 800 FEC Payload ID 802 More precisely, the Explicit Source FEC Payload ID is composed of the 803 following field, carried in "big-endian" or "network order" format, 804 that is, most significant byte first (Figure 6): 806 Encoding Symbol ID (ESI) (32-bit field): this unsigned integer 807 identifies the first source symbol of the ADUI corresponding to 808 this FEC Source Packet. The ESI is incremented for each new 809 source symbol, and after reaching the maximum value (2^32-1), 810 wrapping to zero occurs. 812 0 1 2 3 813 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 814 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 815 | Encoding Symbol ID (ESI) | 816 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 818 Figure 6: Source FEC Payload ID Encoding Format 820 4.1.3. Repair FEC Payload ID 822 A FEC Repair Packet MAY contain one or more repair symbols. When 823 there are several repair symbols, all of them MUST have been 824 generated from the same encoding window, using Repair_Key values that 825 are managed as explained below. A receiver can easily deduce the 826 number of repair symbols within a FEC Repair Packet by comparing the 827 received FEC Repair Packet size (equal to the UDP payload size when 828 UDP is the underlying transport protocol) and the symbol size, E, 829 communicated in the FFCI. 831 A FEC Repair Packet MUST contain a Repair FEC Payload ID that is 832 prepended to the repair symbol as illustrated in Figure 7. 834 +--------------------------------+ 835 | IP Header | 836 +--------------------------------+ 837 | Transport Header | 838 +--------------------------------+ 839 | Repair FEC Payload ID | 840 +--------------------------------+ 841 | Repair Symbol | 842 +--------------------------------+ 844 Figure 7: Structure of an FEC Repair Packet with the Repair FEC 845 Payload ID 847 More precisely, the Repair FEC Payload ID is composed of the 848 following fields where all integer fields are carried in "big-endian" 849 or "network order" format, that is, most significant byte first 850 (Figure 8): 852 Repair_Key (16-bit field): this unsigned integer is used as a seed 853 by the coefficient generation function (Section 3.6) in order to 854 generate the desired number of coding coefficients. This repair 855 key may be a monotonically increasing integer value that loops 856 back to 0 after reaching 65535 (see Section 6.1). When a FEC 857 Repair Packet contains several repair symbols, this repair key 858 value is that of the first repair symbol. The remaining repair 859 keys can be deduced by incrementing by 1 this value, up to a 860 maximum value of 65535 after which it loops back to 0. 861 Density Threshold for the coding coefficients, DT (4-bit field): 862 this unsigned integer carries the Density Threshold (DT) used by 863 the coding coefficient generation function Section 3.6. More 864 precisely, it controls the probability of having a non zero coding 865 coefficient, which equals (DT+1) / 16. When a FEC Repair Packet 866 contains several repair symbols, the DT value applies to all of 867 them; 868 Number of Source Symbols in the encoding window, NSS (12-bit field): 870 this unsigned integer indicates the number of source symbols in 871 the encoding window when this repair symbol was generated. When a 872 FEC Repair Packet contains several repair symbols, this NSS value 873 applies to all of them; 874 ESI of First Source Symbol in the encoding window, FSS_ESI (32-bit 875 field): 876 this unsigned integer indicates the ESI of the first source symbol 877 in the encoding window when this repair symbol was generated. 878 When a FEC Repair Packet contains several repair symbols, this 879 FSS_ESI value applies to all of them; 881 0 1 2 3 882 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 883 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 884 | Repair_Key | DT |NSS (# src symb in ew) | 885 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 886 | FSS_ESI | 887 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 889 Figure 8: Repair FEC Payload ID Encoding Format 891 4.2. Procedures 893 All the procedures of Section 3 apply to this FEC Scheme. 895 5. Sliding Window RLC FEC Scheme over GF(2) for Arbitrary Packet Flows 897 This fully-specified FEC Scheme defines the Sliding Window Random 898 Linear Codes (RLC) over GF(2) (binary case). 900 5.1. Formats and Codes 902 5.1.1. FEC Framework Configuration Information 904 5.1.1.1. FEC Encoding ID 906 o FEC Encoding ID: the value assigned to this fully specified FEC 907 Scheme MUST be YYYY, as assigned by IANA (Section 10). 909 When SDP is used to communicate the FFCI, this FEC Encoding ID is 910 carried in the 'encoding-id' parameter. 912 5.1.1.2. FEC Scheme-Specific Information 914 All the considerations of Section 4.1.1.2 apply here. 916 5.1.2. Explicit Source FEC Payload ID 918 All the considerations of Section 4.1.2 apply here. 920 5.1.3. Repair FEC Payload ID 922 All the considerations of Section 4.1.3 apply here, with the only 923 exception that the Repair_Key field is useless if DT = 15 (indeed, in 924 that case all the coefficients are necessarily equal to 1 and the 925 coefficient generation function does not use any PRNG). When DT = 15 926 the FECFRAME sender MUST set the Repair_Key field to zero on 927 transmission and a receiver MUST ignore it on receipt. 929 5.2. Procedures 931 All the procedures of Section 3 apply to this FEC Scheme. 933 6. FEC Code Specification 935 6.1. Encoding Side 937 This section provides a high level description of a Sliding Window 938 RLC encoder. 940 Whenever a new FEC Repair Packet is needed, the RLC encoder instance 941 first gathers the ew_size source symbols currently in the sliding 942 encoding window. Then it chooses a repair key, which can be a 943 monotonically increasing integer value, incremented for each repair 944 symbol up to a maximum value of 65535 (as it is carried within a 945 16-bit field) after which it loops back to 0. This repair key is 946 communicated to the coefficient generation function (Section 3.6) in 947 order to generate ew_size coding coefficients. Finally, the FECFRAME 948 sender computes the repair symbol as a linear combination of the 949 ew_size source symbols using the ew_size coding coefficients 950 (Section 3.7). When E is small and when there is an incentive to 951 pack several repair symbols within the same FEC Repair Packet, the 952 appropriate number of repair symbols are computed. In that case the 953 repair key for each of them MUST be incremented by 1, keeping the 954 same ew_size source symbols, since only the first repair key will be 955 carried in the Repair FEC Payload ID. The FEC Repair Packet can then 956 be passed to the transport layer for transmission. The source versus 957 repair FEC packet transmission order is out of scope of this document 958 and several approaches exist that are implementation-specific. 960 Other solutions are possible to select a repair key value when a new 961 FEC Repair Packet is needed, for instance, by choosing a random 962 integer between 0 and 65535. However, selecting the same repair key 963 as before (which may happen in case of a random process) is only 964 meaningful if the encoding window has changed, otherwise the same FEC 965 Repair Packet will be generated. 967 6.2. Decoding Side 969 This section provides a high level description of a Sliding Window 970 RLC decoder. 972 A FECFRAME receiver needs to maintain a linear system whose variables 973 are the received and lost source symbols. Upon receiving a FEC 974 Repair Packet, a receiver first extracts all the repair symbols it 975 contains (in case several repair symbols are packed together). For 976 each repair symbol, when at least one of the corresponding source 977 symbols it protects has been lost, the receiver adds an equation to 978 the linear system (or no equation if this repair packet does not 979 change the linear system rank). This equation of course re-uses the 980 ew_size coding coefficients that are computed by the same coefficient 981 generation function (Section Section 3.6), using the repair key and 982 encoding window descriptions carried in the Repair FEC Payload ID. 983 Whenever possible (i.e., when a sub-system covering one or more lost 984 source symbols is of full rank), decoding is performed in order to 985 recover lost source symbols. Gaussian elimination is one possible 986 algorithm to solve this linear system. Each time an ADUI can be 987 totally recovered, padding is removed (thanks to the Length field, L, 988 of the ADUI) and the ADU is assigned to the corresponding application 989 flow (thanks to the Flow ID field, F, of the ADUI). This ADU is 990 finally passed to the corresponding upper application. Received FEC 991 Source Packets, containing an ADU, MAY be passed to the application 992 either immediately or after some time to guaranty an ordered delivery 993 to the application. This document does not mandate any approach as 994 this is an operational and management decision. 996 With real-time flows, a lost ADU that is decoded after the maximum 997 latency or an ADU received after this delay has no value to the 998 application. This raises the question of deciding whether or not an 999 ADU is late. This decision MAY be taken within the FECFRAME receiver 1000 (e.g., using the decoding window, see Section 3.1) or within the 1001 application (e.g., using RTP timestamps within the ADU). Deciding 1002 which option to follow and whether or not to pass all ADUs, including 1003 those assumed late, to the application are operational decisions that 1004 depend on the application and are therefore out of scope of this 1005 document. Additionally, Appendix D discusses a backward compatible 1006 optimization whereby late source symbols MAY still be used within the 1007 FECFRAME receiver in order to improve transmission robustness. 1009 7. Implementation Status 1011 Editor's notes: RFC Editor, please remove this section motivated by 1012 RFC 6982 before publishing the RFC. Thanks. 1014 An implementation of the Sliding Window RLC FEC Scheme for FECFRAME 1015 exists: 1017 o Organisation: Inria 1018 o Description: This is an implementation of the Sliding Window RLC 1019 FEC Scheme limited to GF(2^^8). It relies on a modified version 1020 of our OpenFEC (http://openfec.org) FEC code library. It is 1021 integrated in our FECFRAME software (see [fecframe-ext]). 1022 o Maturity: prototype. 1023 o Coverage: this software complies with the Sliding Window RLC FEC 1024 Scheme. 1025 o Licensing: proprietary. 1026 o Contact: vincent.roca@inria.fr 1028 8. Security Considerations 1030 The FEC Framework document [RFC6363] provides a fairly comprehensive 1031 analysis of security considerations applicable to FEC Schemes. 1032 Therefore, the present section follows the security considerations 1033 section of [RFC6363] and only discusses specific topics. 1035 8.1. Attacks Against the Data Flow 1037 8.1.1. Access to Confidential Content 1039 The Sliding Window RLC FEC Scheme specified in this document does not 1040 change the recommendations of [RFC6363]. To summarize, if 1041 confidentiality is a concern, it is RECOMMENDED that one of the 1042 solutions mentioned in [RFC6363] is used with special considerations 1043 to the way this solution is applied (e.g., is encryption applied 1044 before or after FEC protection, within the end-system or in a 1045 middlebox), to the operational constraints (e.g., performing FEC 1046 decoding in a protected environment may be complicated or even 1047 impossible) and to the threat model. 1049 8.1.2. Content Corruption 1051 The Sliding Window RLC FEC Scheme specified in this document does not 1052 change the recommendations of [RFC6363]. To summarize, it is 1053 RECOMMENDED that one of the solutions mentioned in [RFC6363] is used 1054 on both the FEC Source and Repair Packets. 1056 8.2. Attacks Against the FEC Parameters 1058 The FEC Scheme specified in this document defines parameters that can 1059 be the basis of attacks. More specifically, the following parameters 1060 of the FFCI may be modified by an attacker who targets receivers 1061 (Section 4.1.1.2): 1063 o FEC Encoding ID: changing this parameter leads a receiver to 1064 consider a different FEC Scheme. The consequences are severe, the 1065 format of the Explicit Source FEC Payload ID and Repair FEC 1066 Payload ID of received packets will probably differ, leading to 1067 various malfunctions. Even if the original and modified FEC 1068 Schemes share the same format, FEC decoding will either fail or 1069 lead to corrupted decoded symbols. This will happen if an 1070 attacker turns value YYYY (i.e., RLC over GF(2)) to value XXXX 1071 (RLC over GF(2^^8)), an additional consequence being a higher 1072 processing overhead at the receiver. In any case, the attack 1073 results in a form of Denial of Service (DoS) or corrupted content. 1074 o Encoding symbol length (E): setting this E parameter to a 1075 different value will confuse a receiver. If the size of a 1076 received FEC Repair Packet is no longer multiple of the modified E 1077 value, a receiver quickly detects a problem and SHOULD reject the 1078 packet. If the new E value is a sub-multiple of the original E 1079 value (e.g., half the original value), then receivers may not 1080 detect the problem immediately. For instance, a receiver may 1081 think that a received FEC Repair Packet contains more repair 1082 symbols (e.g., twice as many if E is reduced by half), leading to 1083 malfunctions whose nature depends on implementation details. Here 1084 also, the attack always results in a form of DoS or corrupted 1085 content. 1087 It is therefore RECOMMENDED that security measures be taken to 1088 guarantee the FFCI integrity, as specified in [RFC6363]. How to 1089 achieve this depends on the way the FFCI is communicated from the 1090 sender to the receiver, which is not specified in this document. 1092 Similarly, attacks are possible against the Explicit Source FEC 1093 Payload ID and Repair FEC Payload ID. More specifically, in case of 1094 a FEC Source Packet, the following value can be modified by an 1095 attacker who targets receivers: 1097 o Encoding Symbol ID (ESI): changing the ESI leads a receiver to 1098 consider a wrong ADU, resulting in severe consequences, including 1099 corrupted content passed to the receiving application; 1101 And in case of a FEC Repair Packet: 1103 o Repair Key: changing this value leads a receiver to generate a 1104 wrong coding coefficient sequence, and therefore any source symbol 1105 decoded using the repair symbols contained in this packet will be 1106 corrupted; 1107 o DT: changing this value also leads a receiver to generate a wrong 1108 coding coefficient sequence, and therefore any source symbol 1109 decoded using the repair symbols contained in this packet will be 1110 corrupted. In addition, if the DT value is significantly 1111 increased, it will generate a higher processing overhead at a 1112 receiver. In case of very large encoding windows, this may impact 1113 the terminal performance; 1114 o NSS: changing this value leads a receiver to consider a different 1115 set of source symbols, and therefore any source symbol decoded 1116 using the repair symbols contained in this packet will be 1117 corrupted. In addition, if the NSS value is significantly 1118 increased, it will generate a higher processing overhead at a 1119 receiver, which may impact the terminal performance; 1120 o FSS_ESI: changing this value also leads a receiver to consider a 1121 different set of source symbols and therefore any source symbol 1122 decoded using the repair symbols contained in this packet will be 1123 corrupted. 1125 It is therefore RECOMMENDED that security measures are taken to 1126 guarantee the FEC Source and Repair Packets as stated in [RFC6363]. 1128 8.3. When Several Source Flows are to be Protected Together 1130 The Sliding Window RLC FEC Scheme specified in this document does not 1131 change the recommendations of [RFC6363]. 1133 8.4. Baseline Secure FEC Framework Operation 1135 The Sliding Window RLC FEC Scheme specified in this document does not 1136 change the recommendations of [RFC6363] concerning the use of the 1137 IPsec/ESP security protocol as a mandatory to implement (but not 1138 mandatory to use) security scheme. This is well suited to situations 1139 where the only insecure domain is the one over which the FEC 1140 Framework operates. 1142 8.5. Additional Security Considerations for Numerical Computations 1144 In addition to the above security considerations, inherited from 1145 [RFC6363], the present document introduces several formulae, in 1146 particular in Appendix C.1. It is RECOMMENDED to check that the 1147 computed values stay within reasonable bounds since numerical 1148 overflows, caused by an erroneous implementation or an erroneous 1149 input value, may lead to hazardous behaviours. However, what 1150 "reasonable bounds" means is use-case and implementation dependent 1151 and is not detailed in this document. 1153 Appendix C.2 also mentions the possibility of "using the timestamp 1154 field of an RTP packet header" when applicable. A malicious attacker 1155 may deliberately corrupt this header field in order to trigger 1156 hazardous behaviours at a FECFRAME receiver. Protection against this 1157 type of content corruption can be addressed with the above 1158 recommendations on a baseline secure operation. In addition, it is 1159 also RECOMMENDED to check that the timestamp value be within 1160 reasonable bounds. 1162 9. Operations and Management Considerations 1164 The FEC Framework document [RFC6363] provides a fairly comprehensive 1165 analysis of operations and management considerations applicable to 1166 FEC Schemes. Therefore, the present section only discusses specific 1167 topics. 1169 9.1. Operational Recommendations: Finite Field GF(2) Versus GF(2^^8) 1171 The present document specifies two FEC Schemes that differ on the 1172 Finite Field used for the coding coefficients. It is expected that 1173 the RLC over GF(2^^8) FEC Scheme will be mostly used since it 1174 warrants a higher packet loss protection. In case of small encoding 1175 windows, the associated processing overhead is not an issue (e.g., we 1176 measured decoding speeds between 745 Mbps and 2.8 Gbps on an ARM 1177 Cortex-A15 embedded board in [Roca17] for an encoding window of size 1178 18 or 23 symbols). Of course the CPU overhead will increase with the 1179 encoding window size, because more operations in the GF(2^^8) finite 1180 field will be needed. 1182 The RLC over GF(2) FEC Scheme offers an alternative. In that case 1183 operations symbols can be directly XOR-ed together which warrants 1184 high bitrate encoding and decoding operations, and can be an 1185 advantage with large encoding windows. However, packet loss 1186 protection is significantly reduced by using this FEC Scheme. 1188 9.2. Operational Recommendations: Coding Coefficients Density Threshold 1190 In addition to the choice of the Finite Field, the two FEC Schemes 1191 define a coding coefficient density threshold (DT) parameter. This 1192 parameter enables a sender to control the code density, i.e., the 1193 proportion of coefficients that are non zero on average. With RLC 1194 over GF(2^^8), it is usually appropriate that small encoding windows 1195 be associated to a density threshold equal to 15, the maximum value, 1196 in order to warrant a high loss protection. 1198 On the opposite, with larger encoding windows, it is usually 1199 appropriate that the density threshold be reduced. With large 1200 encoding windows, an alternative can be to use RLC over GF(2) and a 1201 density threshold equal to 7 (i.e., an average density equal to 1/2) 1202 or smaller. 1204 Note that using a density threshold equal to 15 with RLC over GF(2) 1205 is equivalent to using an XOR code that computes the XOR sum of all 1206 the source symbols in the encoding window. In that case: (1) only a 1207 single repair symbol can be produced for any encoding window, and (2) 1208 the repair_key parameter becomes useless (the coding coefficients 1209 generation function does not rely on the PRNG). 1211 10. IANA Considerations 1213 This document registers two values in the "FEC Framework (FECFRAME) 1214 FEC Encoding IDs" registry [RFC6363] as follows: 1216 o YYYY refers to the Sliding Window Random Linear Codes (RLC) over 1217 GF(2) FEC Scheme for Arbitrary Packet Flows, as defined in 1218 Section 5 of this document. 1219 o XXXX refers to the Sliding Window Random Linear Codes (RLC) over 1220 GF(2^^8) FEC Scheme for Arbitrary Packet Flows, as defined in 1221 Section 4 of this document. 1223 11. Acknowledgments 1225 The authors would like to thank the three TSVWG chairs, Wesley Eddy, 1226 our shepherd, David Black and Gorry Fairhurst, as well as Spencer 1227 Dawkins, our responsible AD, and all those who provided comments, 1228 namely (alphabetical order) Alan DeKok, Jonathan Detchart, Russ 1229 Housley, Emmanuel Lochin, and Marie-Jose Montpetit. Last but not 1230 least, the authors are really grateful to the IESG members, in 1231 particular Benjamin Kaduk, Mirja Kuhlewind, Eric Rescorla, and Adam 1232 Roach for their highly valuable feedbacks that greatly contributed to 1233 improve this specification. 1235 12. References 1237 12.1. Normative References 1239 [fecframe-ext] 1240 Roca, V. and A. Begen, "Forward Error Correction (FEC) 1241 Framework Extension to Sliding Window Codes", Transport 1242 Area Working Group (TSVWG) draft-ietf-tsvwg-fecframe-ext 1243 (Work in Progress), January 2019, 1244 . 1247 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1248 Requirement Levels", BCP 14, RFC 2119, 1249 DOI 10.17487/RFC2119, March 1997, 1250 . 1252 [RFC6363] Watson, M., Begen, A., and V. Roca, "Forward Error 1253 Correction (FEC) Framework", RFC 6363, 1254 DOI 10.17487/RFC6363, October 2011, 1255 . 1257 [RFC6364] Begen, A., "Session Description Protocol Elements for the 1258 Forward Error Correction (FEC) Framework", RFC 6364, 1259 DOI 10.17487/RFC6364, October 2011, 1260 . 1262 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1263 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1264 May 2017, . 1266 [tinymt32] 1267 Saito, M., Matsumoto, M., Roca, V., and E. Baccelli, 1268 "TinyMT32 PRNG">TinyMT32 Pseudo Random Number Generator", 1269 Transport Area Working Group (TSVWG) draft-roca-tsvwg- 1270 tinymt32 (Work in Progress), February 2019, 1271 . 1273 12.2. Informative References 1275 [PGM13] Plank, J., Greenan, K., and E. Miller, "A Complete 1276 Treatment of Software Implementations of Finite Field 1277 Arithmetic for Erasure Coding Applications", University of 1278 Tennessee Technical Report UT-CS-13-717, 1279 http://web.eecs.utk.edu/~plank/plank/papers/ 1280 UT-CS-13-717.html, October 2013, 1281 . 1284 [RFC5170] Roca, V., Neumann, C., and D. Furodet, "Low Density Parity 1285 Check (LDPC) Staircase and Triangle Forward Error 1286 Correction (FEC) Schemes", RFC 5170, DOI 10.17487/RFC5170, 1287 June 2008, . 1289 [RFC5510] Lacan, J., Roca, V., Peltotalo, J., and S. Peltotalo, 1290 "Reed-Solomon Forward Error Correction (FEC) Schemes", 1291 RFC 5510, DOI 10.17487/RFC5510, April 2009, 1292 . 1294 [RFC6726] Paila, T., Walsh, R., Luby, M., Roca, V., and R. Lehtonen, 1295 "FLUTE - File Delivery over Unidirectional Transport", 1296 RFC 6726, DOI 10.17487/RFC6726, November 2012, 1297 . 1299 [RFC6816] Roca, V., Cunche, M., and J. Lacan, "Simple Low-Density 1300 Parity Check (LDPC) Staircase Forward Error Correction 1301 (FEC) Scheme for FECFRAME", RFC 6816, 1302 DOI 10.17487/RFC6816, December 2012, 1303 . 1305 [RFC6865] Roca, V., Cunche, M., Lacan, J., Bouabdallah, A., and K. 1306 Matsuzono, "Simple Reed-Solomon Forward Error Correction 1307 (FEC) Scheme for FECFRAME", RFC 6865, 1308 DOI 10.17487/RFC6865, February 2013, 1309 . 1311 [RFC8406] Adamson, B., Adjih, C., Bilbao, J., Firoiu, V., Fitzek, 1312 F., Ghanem, S., Lochin, E., Masucci, A., Montpetit, M-J., 1313 Pedersen, M., Peralta, G., Roca, V., Ed., Saxena, P., and 1314 S. Sivakumar, "Taxonomy of Coding Techniques for Efficient 1315 Network Communications", RFC 8406, DOI 10.17487/RFC8406, 1316 June 2018, . 1318 [Roca16] Roca, V., Teibi, B., Burdinat, C., Tran, T., and C. 1319 Thienot, "Block or Convolutional AL-FEC Codes? A 1320 Performance Comparison for Robust Low-Latency 1321 Communications", HAL open-archive document,hal-01395937 1322 https://hal.inria.fr/hal-01395937/en/, November 2016, 1323 . 1325 [Roca17] Roca, V., Teibi, B., Burdinat, C., Tran, T., and C. 1326 Thienot, "Less Latency and Better Protection with AL-FEC 1327 Sliding Window Codes: a Robust Multimedia CBR Broadcast 1328 Case Study", 13th IEEE International Conference on 1329 Wireless and Mobile Computing, Networking and 1330 Communications (WiMob17), October 1331 2017 https://hal.inria.fr/hal-01571609v1/en/, October 1332 2017, . 1334 Appendix A. TinyMT32 Validation Criteria (Normative) 1336 PRNG determinism, for a given seed, is a requirement. Consequently, 1337 in order to validate an implementation of the TinyMT32 PRNG, the 1338 following criterias MUST be met. 1340 The first criteria focusses on the tinymt32_rand256(), where the 1341 32-bit integer of the core TinyMT32 PRNG is scaled down to an 8-bit 1342 integer. Using a seed value of 1, the first 50 values returned by: 1343 tinymt32_rand256() as 8-bit unsigned integers MUST be equal to values 1344 provided in Figure 9. 1346 37 225 177 176 21 1347 246 54 139 168 237 1348 211 187 62 190 104 1349 135 210 99 176 11 1350 207 35 40 113 179 1351 214 254 101 212 211 1352 226 41 234 232 203 1353 29 194 211 112 107 1354 217 104 197 135 23 1355 89 210 252 109 166 1357 Figure 9: First 50 decimal values returned by tinymt32_rand256() as 1358 8-bit unsigned integers, with a seed value of 1. 1360 The second criteria focusses on the tinymt32_rand16(), where the 1361 32-bit integer of the core TinyMT32 PRNG is scaled down to a 4-bit 1362 integer. Using a seed value of 1, the first 50 values returned by: 1363 tinymt32_rand16() as 4-bit unsigned integers MUST be equal to values 1364 provided in Figure 10. 1366 5 1 1 0 5 1367 6 6 11 8 13 1368 3 11 14 14 8 1369 7 2 3 0 11 1370 15 3 8 1 3 1371 6 14 5 4 3 1372 2 9 10 8 11 1373 13 2 3 0 11 1374 9 8 5 7 7 1375 9 2 12 13 6 1377 Figure 10: First 50 decimal values returned by tinymt32_rand16() as 1378 4-bit unsigned integers, with a seed value of 1. 1380 Appendix B. Assessing the PRNG Adequacy (Informational) 1382 This annex discusses the adequacy of the TinyMT32 PRNG and the 1383 tinymt32_rand16() and tinymt32_rand256() functions, to the RLC FEC 1384 Schemes. The goal is to assess the adequacy of these two functions 1385 in producing coding coefficients that are sufficiently different from 1386 one another, across various repair symbols with repair key values in 1387 sequence (we can expect this approach to be commonly used by 1388 implementers Section 6.1). This section is purely informational and 1389 does not claim to be a solid evaluation. 1391 The two RLC FEC Schemes use the PRNG to produce pseudo-random coding 1392 coefficients (Section 3.6), each time a new repair symbol is needed. 1393 A different repair key is used for each repair symbol, usually by 1394 incrementing the repair key value (Section 6.1). For each repair 1395 symbol, a limited number of pseudo-random numbers is needed, 1396 depending on the DT and encoding window size (Section 3.6), using 1397 either tinymt32_rand16() or tinymt32_rand256(). Therefore we are 1398 more interested in the randomness of small sequences of random 1399 numbers mapped to 4-bit or 8-bit integers, than in the randomness of 1400 a very large sequence of random numbers which is not representative 1401 of the usage of the PRNG. 1403 Evaluation of tinymt32_rand16(): We first generate a huge number 1404 (1,000,000,000) of small sequences (20 pseudo-random numbers per 1405 sequence), and perform statistics on the number of occurrences of 1406 each of the 16 possible values across all sequences. 1408 value occurrences percentage (%) (total of 20000000000) 1409 0 1250036799 6.2502 1410 1 1249995831 6.2500 1411 2 1250038674 6.2502 1412 3 1250000881 6.2500 1413 4 1250023929 6.2501 1414 5 1249986320 6.2499 1415 6 1249995587 6.2500 1416 7 1250020363 6.2501 1417 8 1249995276 6.2500 1418 9 1249982856 6.2499 1419 10 1249984111 6.2499 1420 11 1250009551 6.2500 1421 12 1249955768 6.2498 1422 13 1249994654 6.2500 1423 14 1250000569 6.2500 1424 15 1249978831 6.2499 1426 Figure 11: tinymt32_rand16(): occurrence statistics across a huge 1427 number (1,000,000,000) of small sequences (20 pseudo-random numbers 1428 per sequence), with 0 as the first PRNG seed. 1430 The results (Figure 11) show that all possible values are almost 1431 equally represented, or said differently, that the tinymt32_rand16() 1432 output converges to a uniform distribution where each of the 16 1433 possible value would appear exactly 1 / 16 * 100 = 6.25% of times. 1435 Other types of biases may exist that may be visible with smaller 1436 tests (e.g., to evaluation the convergence speed to a uniform 1437 distribution). We therefore perform 200 tests, each of them 1438 consisting in producing 200 sequences, keeping only the first value 1439 of each sequence. We use non overlapping repair keys for each 1440 sequence, starting with value 0 and increasing it after each use. 1442 value min occurrences max occurrences average occurrences 1443 0 4 21 6.3675 1444 1 4 22 6.0200 1445 2 4 20 6.3125 1446 3 5 23 6.1775 1447 4 5 24 6.1000 1448 5 4 21 6.5925 1449 6 5 30 6.3075 1450 7 6 22 6.2225 1451 8 5 26 6.1750 1452 9 3 21 5.9425 1453 10 5 24 6.3175 1454 11 4 22 6.4300 1455 12 5 21 6.1600 1456 13 5 22 6.3100 1457 14 4 26 6.3950 1458 15 4 21 6.1700 1460 Figure 12: tinymt32_rand16(): occurrence statistics across 200 tests, 1461 each of them consisting in 200 sequences of 1 pseudo-random number 1462 each, with non overlapping PRNG seeds in sequence starting from 0. 1464 Figure 12 shows across all 200 tests, for each of the 16 possible 1465 pseudo-random number values, the minimum (resp. maximum) number of 1466 times it appeared in a tests, as well as the average number of 1467 occurrences across the 200 tests. Although the distribution is not 1468 perfect, there is no major bias. On the opposite, in the same 1469 conditions, the Park Miller linear congruential PRNG of [RFC5170] 1470 with a result scaled down to 4-bit values, using seeds in sequence 1471 starting from 1, returns systematically 0 as the first value during 1472 some time, then after a certain repair key value threshold, it 1473 systematically returns 1, etc. 1475 Evaluation of tinymt32_rand256(): The same approach is used here. 1476 Results (not shown) are similar: occurrences vary between 7,810,3368 1477 (i.e., 0.3905%) and 7,814,7952 (i.e., 0.3907%). Here also we see a 1478 convergence to the theoretical uniform distribution where each of the 1479 possible value would appear exactly 1 / 256 * 100 = 0.390625% of 1480 times. 1482 Appendix C. Possible Parameter Derivation (Informational) 1484 Section 3.1 defines several parameters to control the encoder or 1485 decoder. This annex proposes techniques to derive these parameters 1486 according to the target use-case. This annex is informational, in 1487 the sense that using a different derivation technique will not 1488 prevent the encoder and decoder to interoperate: a decoder can still 1489 recover an erased source symbol without any error. However, in case 1490 of a real-time flow, an inappropriate parameter derivation may lead 1491 to the decoding of erased source packets after their validity period, 1492 making them useless to the target application. This annex proposes 1493 an approach to reduce this risk, among other things. 1495 The FEC Schemes defined in this document can be used in various 1496 manners, depending on the target use-case: 1498 o the source ADU flow they protect may or may not have real-time 1499 constraints; 1500 o the source ADU flow may be a Constant Bitrate (CBR) or Variable 1501 BitRate (VBR) flow; 1502 o with a VBR source ADU flow, the flow's minimum and maximum 1503 bitrates may or may not be known; 1504 o and the communication path between encoder and decoder may be a 1505 CBR communication path (e.g., as with certain LTE-based broadcast 1506 channels) or not (general case, e.g., with Internet). 1508 The parameter derivation technique should be suited to the use-case, 1509 as described in the following sections. 1511 C.1. Case of a CBR Real-Time Flow 1513 In the following, we consider a real-time flow with max_lat latency 1514 budget. The encoding symbol size, E, is constant. The code rate, 1515 cr, is also constant, its value depending on the expected 1516 communication loss model (this choice is out of scope of this 1517 document). 1519 In a first configuration, the source ADU flow bitrate at the input of 1520 the FECFRAME sender is fixed and equal to br_in (in bits/s), and this 1521 value is known by the FECFRAME sender. It follows that the 1522 transmission bitrate at the output of the FECFRAME sender will be 1523 higher, depending on the added repair flow overhead. In order to 1524 comply with the maximum FEC-related latency budget, we have: 1526 dw_max_size = (max_lat * br_in) / (8 * E) 1528 assuming that the encoding and decoding times are negligible with 1529 respect to the target max_lat. This is a reasonable assumption in 1530 many situations (e.g., see Section 9.1 in case of small window 1531 sizes). Otherwise the max_lat parameter should be adjusted in order 1532 to avoid the problem. In any case, interoperability will never be 1533 compromized by choosing a too large value. 1535 In a second configuration, the FECFRAME sender generates a fixed 1536 bitrate flow, equal to the CBR communication path bitrate equal to 1537 br_out (in bits/s), and this value is known by the FECFRAME sender, 1538 as in [Roca17]. The maximum source flow bitrate needs to be such 1539 that, with the added repair flow overhead, the total transmission 1540 bitrate remains inferior or equal to br_out. We have: 1542 dw_max_size = (max_lat * br_out * cr) / (8 * E) 1544 assuming here also that the encoding and decoding times are 1545 negligible with respect to the target max_lat. 1547 For decoding to be possible within the latency budget, it is required 1548 that the encoding window maximum size be smaller than or at most 1549 equal to the decoding window maximum size. The ew_max_size is the 1550 main parameter at a FECFRAME sender, but its exact value has no 1551 impact on the the FEC-related latency budget. The ew_max_size 1552 parameter is computed as follows: 1554 ew_max_size = dw_max_size * WSR / 255 1556 In line with [Roca17], WSR = 191 is considered as a reasonable value 1557 (the resulting encoding to decoding window size ratio is then close 1558 to 0.75), but other values between 1 and 255 inclusive are possible, 1559 depending on the use-case. 1561 The dw_max_size is computed by a FECFRAME sender but not explicitly 1562 communicated to a FECFRAME receiver. However, a FECFRAME receiver 1563 can easily evaluate the ew_max_size by observing the maximum Number 1564 of Source Symbols (NSS) value contained in the Repair FEC Payload ID 1565 of received FEC Repair Packets (Section 4.1.3). A receiver can then 1566 easily compute dw_max_size: 1568 dw_max_size = max_NSS_observed * 255 / WSR 1570 A receiver can then chose an appropriate linear system maximum size: 1572 ls_max_size >= dw_max_size 1574 It is good practice to use a larger value for ls_max_size as 1575 explained in Appendix D, which does not impact maximum latency nor 1576 interoperability. 1578 In any case, for a given use-case (i.e., for target encoding and 1579 decoding devices and desired protection levels in front of 1580 communication impairments) and for the computed ew_max_size, 1581 dw_max_size and ls_max_size values, it is RECOMMENDED to check that 1582 the maximum encoding time and maximum memory requirements at a 1583 FECFRAME sender, and maximum decoding time and maximum memory 1584 requirements at a FECFRAME receiver, stay within reasonable bounds. 1585 When assuming that the encoding and decoding times are negligible 1586 with respect to the target max_lat, this should be verified as well, 1587 otherwise the max_lat SHOULD be adjusted accordingly. 1589 The particular case of session start needs to be managed 1590 appropriately since the ew_size, starting at zero, increases each 1591 time a new source ADU is received by the FECFRAME sender, until it 1592 reaches the ew_max_size value. Therefore a FECFRAME receiver SHOULD 1593 continuously observe the received FEC Repair Packets, since the NSS 1594 value carried in the Repair FEC Payload ID will increase too, and 1595 adjust its ls_max_size accordingly if need be. With a CBR flow, 1596 session start is expected to be the only moment when the encoding 1597 window size will increase. Similarly, with a CBR real-time flow, the 1598 session end is expected to be the only moment when the encoding 1599 window size will progressively decrease. No adjustment of the 1600 ls_max_size is required at the FECFRAME receiver in that case. 1602 C.2. Other Types of Real-Time Flow 1604 In the following, we consider a real-time source ADU flow with a 1605 max_lat latency budget and a variable bitrate (VBR) measured at the 1606 entry of the FECFRAME sender. A first approach consists in 1607 considering the smallest instantaneous bitrate of the source ADU 1608 flow, when this parameter is known, and to reuse the derivation of 1609 Appendix C.1. Considering the smallest bitrate means that the 1610 encoding and decoding window maximum size estimations are 1611 pessimistic: these windows have the smallest size required to enable 1612 on-time decoding at a FECFRAME receiver. If the instantaneous 1613 bitrate is higher than this smallest bitrate, this approach leads to 1614 an encoding window that is unnecessarily small, which reduces 1615 robustness in front of long erasure bursts. 1617 Another approach consists in using ADU timing information (e.g., 1618 using the timestamp field of an RTP packet header, or registering the 1619 time upon receiving a new ADU). From the global FEC-related latency 1620 budget, the FECFRAME sender can derive a practical maximum latency 1621 budget for encoding operations, max_lat_for_encoding. For the FEC 1622 Schemes specified in this document, this latency budget SHOULD be 1623 computed with: 1625 max_lat_for_encoding = max_lat * WSR / 255 1627 It follows that any source symbols associated to an ADU that has 1628 timed-out with respect to max_lat_for_encoding SHOULD be removed from 1629 the encoding window. With this approach there is no pre-determined 1630 ew_size value: this value fluctuates over the time according to the 1631 instantaneous source ADU flow bitrate. For practical reasons, a 1632 FECFRAME sender may still require that ew_size does not increase 1633 beyond a maximum value (Appendix C.3). 1635 With both approaches, and no matter the choice of the FECFRAME 1636 sender, a FECFRAME receiver can still easily evaluate the ew_max_size 1637 by observing the maximum Number of Source Symbols (NSS) value 1638 contained in the Repair FEC Payload ID of received FEC Repair 1639 Packets. A receiver can then compute dw_max_size and derive an 1640 appropriate ls_max_size as explained in Appendix C.1. 1642 When the observed NSS fluctuates significantly, a FECFRAME receiver 1643 may want to adapt its ls_max_size accordingly. In particular when 1644 the NSS is significantly reduced, a FECFRAME receiver may want to 1645 reduce the ls_max_size too in order to limit computation complexity. 1646 A balance must be found between using an ls_max_size "too large" 1647 (which increases computation complexity and memory requirements) and 1648 the opposite (which reduces recovery performance). 1650 C.3. Case of a Non Real-Time Flow 1652 Finally there are configurations where a source ADU flow has no real- 1653 time constraints. FECFRAME and the FEC Schemes defined in this 1654 document can still be used. The choice of appropriate parameter 1655 values can be directed by practical considerations. For instance, it 1656 can derive from an estimation of the maximum memory amount that could 1657 be dedicated to the linear system at a FECFRAME receiver, or the 1658 maximum computation complexity at a FECFRAME receiver, both of them 1659 depending on the ls_max_size parameter. The same considerations also 1660 apply to the FECFRAME sender, where the maximum memory amount and 1661 computation complexity depend on the ew_max_size parameter. 1663 Here also, the NSS value contained in FEC Repair Packets is used by a 1664 FECFRAME receiver to determine the current coding window size and 1665 ew_max_size by observing its maximum value over the time. 1667 Appendix D. Decoding Beyond Maximum Latency Optimization 1668 (Informational) 1670 This annex introduces non normative considerations. It is provided 1671 as suggestions, without any impact on interoperability. For more 1672 information see [Roca16]. 1674 With a real-time source ADU flow, it is possible to improve the 1675 decoding performance of sliding window codes without impacting 1676 maximum latency, at the cost of extra memory and CPU overhead. The 1677 optimization consists, for a FECFRAME receiver, to extend the linear 1678 system beyond the decoding window maximum size, by keeping a certain 1679 number of old source symbols whereas their associated ADUs timed-out: 1681 ls_max_size > dw_max_size 1683 Usually the following choice is a good trade-off between decoding 1684 performance and extra CPU overhead: 1686 ls_max_size = 2 * dw_max_size 1688 When the dw_max_size is very small, it may be preferable to keep a 1689 minimum ls_max_size value (e.g., LS_MIN_SIZE_DEFAULT = 40 symbols). 1690 Going below this threshold will not save a significant amount of 1691 memory nor CPU cycles. Therefore: 1693 ls_max_size = max(2 * dw_max_size, LS_MIN_SIZE_DEFAULT) 1695 Finally, it is worth noting that a receiver that benefits from an FEC 1696 protection significantly higher than what is required to recover from 1697 packet losses, can choose to reduce the ls_max_size. In that case 1698 lost ADUs will be recovered without relying on this optimization. 1700 ls_max_size 1701 /---------------------------------^-------------------------------\ 1703 late source symbols 1704 (pot. decoded but not delivered) dw_max_size 1705 /--------------^-----------------\ /--------------^---------------\ 1706 src0 src1 src2 src3 src4 src5 src6 src7 src8 src9 src10 src11 src12 1708 Figure 13: Relationship between parameters to decode beyond maximum 1709 latency. 1711 It means that source symbols, and therefore ADUs, may be decoded even 1712 if the added latency exceeds the maximum value permitted by the 1713 application (the "late source symbols" of Figure 13). It follows 1714 that the corresponding ADUs will not be useful to the application. 1715 However, decoding these "late symbols" significantly improves the 1716 global robustness in bad reception conditions and is therefore 1717 recommended for receivers experiencing bad communication conditions 1718 [Roca16]. In any case whether or not to use this optimization and 1719 what exact value to use for the ls_max_size parameter are local 1720 decisions made by each receiver independently, without any impact on 1721 the other receivers nor on the source. 1723 Authors' Addresses 1725 Vincent Roca 1726 INRIA 1727 Univ. Grenoble Alpes 1728 France 1730 EMail: vincent.roca@inria.fr 1731 Belkacem Teibi 1732 INRIA 1733 Univ. Grenoble Alpes 1734 France 1736 EMail: belkacem.teibi@gmail.com