idnits 2.17.1 draft-ietf-tsvwg-rlc-fec-scheme-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 584 has weird spacing: '...air_key key...' == Line 1412 has weird spacing: '... value occ...' == Line 1446 has weird spacing: '... value min...' -- The document date (May 27, 2019) is 1786 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '0' on line 696 -- Looks like a reference, but probably isn't: '1' on line 696 Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TSVWG V. Roca 3 Internet-Draft B. Teibi 4 Intended status: Standards Track INRIA 5 Expires: November 28, 2019 May 27, 2019 7 Sliding Window Random Linear Code (RLC) Forward Erasure Correction (FEC) 8 Schemes for FECFRAME 9 draft-ietf-tsvwg-rlc-fec-scheme-14 11 Abstract 13 This document describes two fully-specified Forward Erasure 14 Correction (FEC) Schemes for Sliding Window Random Linear Codes 15 (RLC), one for RLC over the Galois Field (A.K.A. Finite Field) 16 GF(2), a second one for RLC over the Galois Field GF(2^^8), each time 17 with the possibility of controlling the code density. They can 18 protect arbitrary media streams along the lines defined by FECFRAME 19 extended to sliding window FEC codes, as defined in [fecframe-ext]. 20 These sliding window FEC codes rely on an encoding window that slides 21 over the source symbols, generating new repair symbols whenever 22 needed. Compared to block FEC codes, these sliding window FEC codes 23 offer key advantages with real-time flows in terms of reduced FEC- 24 related latency while often providing improved packet erasure 25 recovery capabilities. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at https://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on November 28, 2019. 44 Copyright Notice 46 Copyright (c) 2019 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (https://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 62 1.1. Limits of Block Codes with Real-Time Flows . . . . . . . 4 63 1.2. Lower Latency and Better Protection of Real-Time Flows 64 with the Sliding Window RLC Codes . . . . . . . . . . . . 4 65 1.3. Small Transmission Overheads with the Sliding Window RLC 66 FEC Scheme . . . . . . . . . . . . . . . . . . . . . . . 5 67 1.4. Document Organization . . . . . . . . . . . . . . . . . . 6 68 2. Definitions and Abbreviations . . . . . . . . . . . . . . . . 6 69 3. Common Procedures . . . . . . . . . . . . . . . . . . . . . . 7 70 3.1. Codec Parameters . . . . . . . . . . . . . . . . . . . . 7 71 3.2. ADU, ADUI and Source Symbols Mappings . . . . . . . . . . 9 72 3.3. Encoding Window Management . . . . . . . . . . . . . . . 10 73 3.4. Source Symbol Identification . . . . . . . . . . . . . . 11 74 3.5. Pseudo-Random Number Generator (PRNG) . . . . . . . . . . 11 75 3.6. Coding Coefficients Generation Function . . . . . . . . . 12 76 3.7. Finite Fields Operations . . . . . . . . . . . . . . . . 15 77 3.7.1. Finite Field Definitions . . . . . . . . . . . . . . 15 78 3.7.2. Linear Combination of Source Symbols Computation . . 15 79 4. Sliding Window RLC FEC Scheme over GF(2^^8) for Arbitrary 80 Packet Flows . . . . . . . . . . . . . . . . . . . . . . . . 16 81 4.1. Formats and Codes . . . . . . . . . . . . . . . . . . . . 16 82 4.1.1. FEC Framework Configuration Information . . . . . . . 16 83 4.1.2. Explicit Source FEC Payload ID . . . . . . . . . . . 17 84 4.1.3. Repair FEC Payload ID . . . . . . . . . . . . . . . . 18 85 4.2. Procedures . . . . . . . . . . . . . . . . . . . . . . . 19 86 5. Sliding Window RLC FEC Scheme over GF(2) for Arbitrary Packet 87 Flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 88 5.1. Formats and Codes . . . . . . . . . . . . . . . . . . . . 20 89 5.1.1. FEC Framework Configuration Information . . . . . . . 20 90 5.1.2. Explicit Source FEC Payload ID . . . . . . . . . . . 20 91 5.1.3. Repair FEC Payload ID . . . . . . . . . . . . . . . . 20 92 5.2. Procedures . . . . . . . . . . . . . . . . . . . . . . . 20 93 6. FEC Code Specification . . . . . . . . . . . . . . . . . . . 20 94 6.1. Encoding Side . . . . . . . . . . . . . . . . . . . . . . 20 95 6.2. Decoding Side . . . . . . . . . . . . . . . . . . . . . . 21 96 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 22 97 8. Security Considerations . . . . . . . . . . . . . . . . . . . 22 98 8.1. Attacks Against the Data Flow . . . . . . . . . . . . . . 23 99 8.1.1. Access to Confidential Content . . . . . . . . . . . 23 100 8.1.2. Content Corruption . . . . . . . . . . . . . . . . . 23 101 8.2. Attacks Against the FEC Parameters . . . . . . . . . . . 23 102 8.3. When Several Source Flows are to be Protected Together . 25 103 8.4. Baseline Secure FEC Framework Operation . . . . . . . . . 25 104 8.5. Additional Security Considerations for Numerical 105 Computations . . . . . . . . . . . . . . . . . . . . . . 25 106 9. Operations and Management Considerations . . . . . . . . . . 25 107 9.1. Operational Recommendations: Finite Field GF(2) Versus 108 GF(2^^8) . . . . . . . . . . . . . . . . . . . . . . . . 25 109 9.2. Operational Recommendations: Coding Coefficients Density 110 Threshold . . . . . . . . . . . . . . . . . . . . . . . . 26 111 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26 112 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 113 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 27 114 12.1. Normative References . . . . . . . . . . . . . . . . . . 27 115 12.2. Informative References . . . . . . . . . . . . . . . . . 28 116 Appendix A. TinyMT32 Validation Criteria (Normative) . . . . . . 30 117 Appendix B. Assessing the PRNG Adequacy (Informational) . . . . 31 118 Appendix C. Possible Parameter Derivation (Informational) . . . 33 119 C.1. Case of a CBR Real-Time Flow . . . . . . . . . . . . . . 34 120 C.2. Other Types of Real-Time Flow . . . . . . . . . . . . . . 36 121 C.3. Case of a Non Real-Time Flow . . . . . . . . . . . . . . 37 122 Appendix D. Decoding Beyond Maximum Latency Optimization 123 (Informational) . . . . . . . . . . . . . . . . . . 37 124 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 38 126 1. Introduction 128 Application-Level Forward Erasure Correction (AL-FEC) codes, or 129 simply FEC codes, are a key element of communication systems. They 130 are used to recover from packet losses (or erasures) during content 131 delivery sessions to a potentially large number of receivers 132 (multicast/broadcast transmissions). This is the case with the 133 FLUTE/ALC protocol [RFC6726] when used for reliable file transfers 134 over lossy networks, and the FECFRAME protocol when used for reliable 135 continuous media transfers over lossy networks. 137 The present document only focuses on the FECFRAME protocol, used in 138 multicast/broadcast delivery mode, in particular for contents that 139 feature stringent real-time constraints: each source packet has a 140 maximum validity period after which it will not be considered by the 141 destination application. 143 1.1. Limits of Block Codes with Real-Time Flows 145 With FECFRAME, there is a single FEC encoding point (either a end- 146 host/server (source) or a middlebox) and a single FEC decoding point 147 per receiver (either a end-host (receiver) or middlebox). In this 148 context, currently standardized AL-FEC codes for FECFRAME like Reed- 149 Solomon [RFC6865], LDPC-Staircase [RFC6816], or Raptor/RaptorQ, are 150 all linear block codes: they require the data flow to be segmented 151 into blocks of a predefined maximum size. 153 To define this block size, it is required to find an appropriate 154 balance between robustness and decoding latency: the larger the block 155 size, the higher the robustness (e.g., in case of long packet erasure 156 bursts), but also the higher the maximum decoding latency (i.e., the 157 maximum time required to recover a lost (erased) packet thanks to FEC 158 protection). Therefore, with a multicast/broadcast session where 159 different receivers experience different packet loss rates, the block 160 size should be chosen by considering the worst communication 161 conditions one wants to support, but without exceeding the desired 162 maximum decoding latency. This choice then impacts the FEC-related 163 latency of all receivers, even those experiencing a good 164 communication quality, since no FEC encoding can happen until all the 165 source data of the block is available at the sender, which directly 166 depends on the block size. 168 1.2. Lower Latency and Better Protection of Real-Time Flows with the 169 Sliding Window RLC Codes 171 This document introduces two fully-specified FEC Schemes that do not 172 follow the block code approach: the Sliding Window Random Linear 173 Codes (RLC) over either Galois Fields (A.K.A. Finite Fields) GF(2) 174 (the "binary case") or GF(2^^8), each time with the possibility of 175 controlling the code density. These FEC Schemes are used to protect 176 arbitrary media streams along the lines defined by FECFRAME extended 177 to sliding window FEC codes [fecframe-ext]. These FEC Schemes, and 178 more generally Sliding Window FEC codes, are recommended for 179 instance, with media that feature real-time constraints sent within a 180 multicast/broadcast session [Roca17]. 182 The RLC codes belong to the broad class of sliding-window AL-FEC 183 codes (A.K.A. convolutional codes) [RFC8406]. The encoding process 184 is based on an encoding window that slides over the set of source 185 packets (in fact source symbols as we will see in Section 3.2), this 186 window being either of fixed size or variable size (A.K.A. an elastic 187 window). Repair symbols are generated on-the-fly, by computing a 188 random linear combination of the source symbols present in the 189 current encoding window, and passed to the transport layer. 191 At the receiver, a linear system is managed from the set of received 192 source and repair packets. New variables (representing source 193 symbols) and equations (representing the linear combination carried 194 by each repair symbol received) are added upon receiving new packets. 195 Variables and the equations they are involved in are removed when 196 they are too old with respect to their validity period (real-time 197 constraints) . Lost source symbols are then recovered thanks to this 198 linear system whenever its rank permits to solve it (at least 199 partially). 201 The protection of any multicast/broadcast session needs to be 202 dimensioned by considering the worst communication conditions one 203 wants to support. This is also true with RLC (more generally any 204 sliding window) code. However, the receivers experiencing a good to 205 medium communication quality will observe a reduced FEC-related 206 latency compared to block codes [Roca17] since an isolated lost 207 source packet is quickly recovered with the following repair packet. 208 On the opposite, with a block code, recovering an isolated lost 209 source packet always requires waiting for the first repair packet to 210 arrive after the end of the block. Additionally, under certain 211 situations (e.g., with a limited FEC-related latency budget and with 212 constant bitrate transmissions after FECFRAME encoding), sliding 213 window codes can more efficiently achieve a target transmission 214 quality (e.g., measured by the residual loss after FEC decoding) by 215 sending fewer repair packets (i.e., higher code rate) than block 216 codes. 218 1.3. Small Transmission Overheads with the Sliding Window RLC FEC 219 Scheme 221 The Sliding Window RLC FEC Scheme is designed to limit the packet 222 header overhead. The main requirement is that each repair packet 223 header must enable a receiver to reconstruct the set of source 224 symbols plus the associated coefficients used during the encoding 225 process. In order to minimize packet overhead, the set of source 226 symbols in the encoding window as well as the set of coefficients 227 over GF(2^^m) (where m is 1 or 8, depending on the FEC Scheme) used 228 in the linear combination are not individually listed in the repair 229 packet header. Instead, each FEC Repair Packet header contains: 231 o the Encoding Symbol Identifier (ESI) of the first source symbol in 232 the encoding window as well as the number of symbols (since this 233 number may vary with a variable size, elastic window). These two 234 pieces of information enable each receiver to reconstruct the set 235 of source symbols considered during encoding, the only constraint 236 being that there cannot be any gap; 237 o the seed and density threshold parameters used by a coding 238 coefficients generation function (Section 3.6). These two pieces 239 of information enable each receiver to generate the same set of 240 coding coefficients over GF(2^^m) as the sender; 242 Therefore, no matter the number of source symbols present in the 243 encoding window, each FEC Repair Packet features a fixed 64-bit long 244 header, called Repair FEC Payload ID (Figure 8). Similarly, each FEC 245 Source Packet features a fixed 32-bit long trailer, called Explicit 246 Source FEC Payload ID (Figure 6), that contains the ESI of the first 247 source symbol (Section 3.2). 249 1.4. Document Organization 251 This fully-specified FEC Scheme follows the structure required by 252 [RFC6363], section 5.6. "FEC Scheme Requirements", namely: 254 3. Procedures: This section describes procedures specific to this 255 FEC Scheme, namely: RLC parameters derivation, ADUI and source 256 symbols mapping, pseudo-random number generator, and coding 257 coefficients generation function; 258 4. Formats and Codes: This section defines the Source FEC Payload 259 ID and Repair FEC Payload ID formats, carrying the signalling 260 information associated to each source or repair symbol. It also 261 defines the FEC Framework Configuration Information (FFCI) 262 carrying signalling information for the session; 263 5. FEC Code Specification: Finally this section provides the code 264 specification. 266 2. Definitions and Abbreviations 268 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 269 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 270 "OPTIONAL" in this document are to be interpreted as described in BCP 271 14 [RFC2119] [RFC8174] when, and only when, they appear in all 272 capitals, as shown here. 274 This document uses the following definitions and abbreviations: 276 a^^b a to the power of b 277 GF(q) denotes a finite field (also known as the Galois Field) with q 278 elements. We assume that q = 2^^m in this document 279 m defines the length of the elements in the finite field, in bits. 280 In this document, m is equal to 1 or 8 281 ADU: Application Data Unit 282 ADUI: Application Data Unit Information (includes the F, L and 283 padding fields in addition to the ADU) 284 E: size of an encoding symbol (i.e., source or repair symbol), 285 assumed fixed (in bytes) 287 br_in: transmission bitrate at the input of the FECFRAME sender, 288 assumed fixed (in bits/s) 289 br_out: transmission bitrate at the output of the FECFRAME sender, 290 assumed fixed (in bits/s) 291 max_lat: maximum FEC-related latency within FECFRAME (a decimal 292 number expressed in seconds) 293 cr: RLC coding rate, ratio between the total number of source 294 symbols and the total number of source plus repair symbols 295 ew_size: encoding window current size at a sender (in symbols) 296 ew_max_size: encoding window maximum size at a sender (in symbols) 297 dw_max_size: decoding window maximum size at a receiver (in symbols) 298 ls_max_size: linear system maximum size (or width) at a receiver (in 299 symbols) 300 WSR: window size ratio parameter used to derive ew_max_size 301 (encoder) and ls_max_size (decoder). 302 PRNG: pseudo-random number generator 303 TinyMT32: PRNG used in this specification. 304 DT: coding coefficients density threshold, an integer between 0 and 305 15 (inclusive) the controls the fraction of coefficients that are 306 non zero 308 3. Common Procedures 310 This section introduces the procedures that are used by these FEC 311 Schemes. 313 3.1. Codec Parameters 315 A codec implementing the Sliding Window RLC FEC Scheme relies on 316 several parameters: 318 Maximum FEC-related latency budget, max_lat (a decimal number 319 expressed in seconds) with real-time flows: 320 a source ADU flow can have real-time constraints, and therefore 321 any FECFRAME related operation should take place within the 322 validity period of each ADU (Appendix D describes an exception to 323 this rule). When there are multiple flows with different real- 324 time constraints, we consider the most stringent constraints (see 325 [RFC6363], Section 10.2, item 6, for recommendations when several 326 flows are globally protected). The maximum FEC-related latency 327 budget, max_lat, accounts for all sources of latency added by FEC 328 encoding (at a sender) and FEC decoding (at a receiver). Other 329 sources of latency (e.g., added by network communications) are out 330 of scope and must be considered separately (said differently, they 331 have already been deducted from max_lat). max_lat can be regarded 332 as the latency budget permitted for all FEC-related operations. 333 This is an input parameter that enables a FECFRAME sender to 334 derive other internal parameters (see Appendix C); 336 Encoding window current (resp. maximum) size, ew_size (resp. 337 ew_max_size) (in symbols): 338 at a FECFRAME sender, during FEC encoding, a repair symbol is 339 computed as a linear combination of the ew_size source symbols 340 present in the encoding window. The ew_max_size is the maximum 341 size of this window, while ew_size is the current size. For 342 example, in the common case at session start, upon receiving new 343 source ADUs, the ew_size progressively increases until it reaches 344 its maximum value, ew_max_size. We have: 346 0 < ew_size <= ew_max_size 347 Decoding window maximum size, dw_max_size (in symbols): at a 348 FECFRAME receiver, dw_max_size is the maximum number of received 349 or lost source symbols that are still within their latency budget; 350 Linear system maximum size, ls_max_size (in symbols): at a FECFRAME 351 receiver, the linear system maximum size, ls_max_size, is the 352 maximum number of received or lost source symbols in the linear 353 system (i.e., the variables). It SHOULD NOT be smaller than 354 dw_max_size since it would mean that, even after receiving a 355 sufficient number of FEC Repair Packets, a lost ADU may not be 356 recovered just because the associated source symbols have been 357 prematurely removed from the linear system, which is usually 358 counter-productive. On the opposite, the linear system MAY grow 359 beyond the dw_max_size (Appendix D); 360 Symbol size, E (in bytes): the E parameter determines the source and 361 repair symbol sizes (necessarily equal). This is an input 362 parameter that enables a FECFRAME sender to derive other internal 363 parameters, as explained below. An implementation at a sender 364 MUST fix the E parameter and MUST communicate it as part of the 365 FEC Scheme-Specific Information (Section 4.1.1.2). 366 Code rate, cr: The code rate parameter determines the amount of 367 redundancy added to the flow. More precisely the cr is the ratio 368 between the total number of source symbols and the total number of 369 source plus repair symbols and by definition: 0 < cr <= 1. This 370 is an input parameter that enables a FECFRAME sender to derive 371 other internal parameters, as explained below. However, there is 372 no need to communicate the cr parameter per see (it's not required 373 to process a repair symbol at a receiver). This code rate 374 parameter can be static. However, in specific use-cases (e.g., 375 with unicast transmissions in presence of a feedback mechanism 376 that estimates the communication quality, out of scope of 377 FECFRAME), the code rate may be adjusted dynamically. 379 Appendix C proposes non normative technics to derive those 380 parameters, depending on the use-case specificities. 382 3.2. ADU, ADUI and Source Symbols Mappings 384 At a sender, an ADU coming from the application is not directly 385 mapped to source symbols. When multiple source flows (e.g., media 386 streams) are mapped onto the same FECFRAME instance, each flow is 387 assigned its own Flow ID value (see below). This Flow ID is then 388 prepended to each ADU before FEC encoding. This way, FEC decoding at 389 a receiver also recovers this Flow ID and the recovered ADU can be 390 assigned to the right source flow (note that the 5-tuple used to 391 identify the right source flow of a received ADU is absent with a 392 recovered ADU since it is not FEC protected). 394 Additionally, since ADUs are of variable size, padding is needed so 395 that each ADU (with its flow identifier) contribute to an integral 396 number of source symbols. This requires adding the original ADU 397 length to each ADU before doing FEC encoding. Because of these 398 requirements, an intermediate format, the ADUI, or ADU Information, 399 is considered [RFC6363]. 401 For each incoming ADU, an ADUI MUST created as follows. First of 402 all, 3 bytes are prepended (Figure 1): 404 Flow ID (F) (8-bit field): this unsigned byte contains the integer 405 identifier associated to the source ADU flow to which this ADU 406 belongs. It is assumed that a single byte is sufficient, which 407 implies that no more than 256 flows will be protected by a single 408 FECFRAME session instance. 409 Length (L) (16-bit field): this unsigned integer contains the length 410 of this ADU, in network byte order (i.e., big endian). This 411 length is for the ADU itself and does not include the F, L, or Pad 412 fields. 414 Then, zero padding is added to the ADU if needed: 416 Padding (Pad) (variable size field): this field contains zero 417 padding to align the F, L, ADU and padding up to a size that is 418 multiple of E bytes (i.e., the source and repair symbol length). 420 The data unit resulting from the ADU and the F, L, and Pad fields is 421 called ADUI. Since ADUs can have different sizes, this is also the 422 case for ADUIs. However, an ADUI always contributes to an integral 423 number of source symbols. 425 symbol length, E E E 426 < ------------------ >< ------------------ >< ------------------ > 427 +-+--+---------------------------------------------+-------------+ 428 |F| L| ADU | Pad | 429 +-+--+---------------------------------------------+-------------+ 431 Figure 1: ADUI Creation example (here 3 source symbols are created 432 for this ADUI). 434 Note that neither the initial 3 bytes nor the optional padding are 435 sent over the network. However, they are considered during FEC 436 encoding, and a receiver who lost a certain FEC Source Packet (e.g., 437 the UDP datagram containing this FEC Source Packet when UDP is used 438 as the transport protocol) will be able to recover the ADUI if FEC 439 decoding succeeds. Thanks to the initial 3 bytes, this receiver will 440 get rid of the padding (if any) and identify the corresponding ADU 441 flow. 443 3.3. Encoding Window Management 445 Source symbols and the corresponding ADUs are removed from the 446 encoding window: 448 o when the sliding encoding window has reached its maximum size, 449 ew_max_size. In that case the oldest symbol MUST be removed 450 before adding a new symbol, so that the current encoding window 451 size always remains inferior or equal to the maximum size: ew_size 452 <= ew_max_size; 453 o when an ADU has reached its maximum validity duration in case of a 454 real-time flow. When this happens, all source symbols 455 corresponding to the ADUI that expired SHOULD be removed from the 456 encoding window; 458 Source symbols are added to the sliding encoding window each time a 459 new ADU arrives, once the ADU-to-source symbols mapping has been 460 performed (Section 3.2). The current size of the encoding window, 461 ew_size, is updated after adding new source symbols. This process 462 may require to remove old source symbols so that: ew_size <= 463 ew_max_size. 465 Note that a FEC codec may feature practical limits in the number of 466 source symbols in the encoding window (e.g., for computational 467 complexity reasons). This factor may further limit the ew_max_size 468 value, in addition to the maximum FEC-related latency budget 469 (Section 3.1). 471 3.4. Source Symbol Identification 473 Each source symbol is identified by an Encoding Symbol ID (ESI), an 474 unsigned integer. The ESI of source symbols MUST start with value 0 475 for the first source symbol and MUST be managed sequentially. 476 Wrapping to zero happens after reaching the maximum value made 477 possible by the ESI field size (this maximum value is FEC Scheme 478 dependant, for instance, 2^32-1 with FEC Schemes XXX and YYY). 480 No such consideration applies to repair symbols. 482 3.5. Pseudo-Random Number Generator (PRNG) 484 In order to compute coding coefficients (see Section 3.6), the RLC 485 FEC Schemes rely on the TinyMT32 PRNG defined in [tinymt32] with two 486 additional functions defined in this section. 488 This PRNG MUST first be initialized with a 32-bit unsigned integer, 489 used as a seed, with: 491 void tinymt32_init (tinymt32_t * s, uint32_t seed); 493 With the FEC Schemes defined in this document, the seed is in 494 practice restricted to a value between 0 and 0xFFFF inclusive (note 495 that this PRNG accepts a seed value equal to 0), since this is the 496 Repair_Key 16-bit field value of the Repair FEC Payload ID 497 (Section 4.1.3). In addition to the seed, this function takes as 498 parameter a pointer to an instance of a tinymt32_t structure that is 499 used to keep the internal state of the PRNG. 501 Then, each time a new pseudo-random integer between 0 and 15 502 inclusive (4-bit pseudo-random integer) is needed, the following 503 function is used: 505 uint32_t tinymt32_rand16 (tinymt32_t * s); 507 This function takes as parameter a pointer to the same tinymt32_t 508 structure (that is left unchanged between successive calls to the 509 function). 511 Similarly, each time a new pseudo-random integer between 0 and 255 512 inclusive (8-bit pseudo-random integer) is needed, the following 513 function is used: 515 uint32_t tinymt32_rand256 (tinymt32_t * s); 517 These two functions keep respectively the 4 or 8 less significant 518 bits of the 32-bit pseudo-random number generated by the 519 tinymt32_generate_uint32() function of [tinymt32]. This is done by 520 computing the result of a binary AND between the 521 tinymt32_generate_uint32() output and respectively the 0xF or 0xFF 522 constants, using 32-bit unsigned integer operations. Figure 2 shows 523 a possible implementation. Test results discussed in Appendix B show 524 that this simple technique, applied to this PRNG, is in line with the 525 RLC FEC Schemes needs. 527 528 /** 529 * This function outputs a pseudo-random integer in [0 .. 15] range. 530 * 531 * @param s pointer to tinymt internal state. 532 * @return unsigned integer between 0 and 15 inclusive. 533 */ 534 uint32_t tinymt32_rand16(tinymt32_t *s) 535 { 536 return (tinymt32_generate_uint32(s) & 0xF); 537 } 539 /** 540 * This function outputs a pseudo-random integer in [0 .. 255] range. 541 * 542 * @param s pointer to tinymt internal state. 543 * @return unsigned integer between 0 and 255 inclusive. 544 */ 545 uint32_t tinymt32_rand256(tinymt32_t *s) 546 { 547 return (tinymt32_generate_uint32(s) & 0xFF); 548 } 549 551 Figure 2: 4-bit and 8-bit mapping functions for TinyMT32 553 Any implementation of this PRNG MUST fulfill three validation 554 criteria: the one described in [tinymt32] (for the TinyMT32 32-bit 555 unsigned integer generator), and the two others detailed in 556 Appendix A (for the mapping to 4-bit and 8-bit intervals). Because 557 of the way the mapping functions work, it is unlikely that an 558 implementation that fulfills the first criterion fails to fulfill the 559 two others. 561 3.6. Coding Coefficients Generation Function 563 The coding coefficients, used during the encoding process, are 564 generated at the RLC encoder by the generate_coding_coefficients() 565 function each time a new repair symbol needs to be produced. The 566 fraction of coefficients that are non zero (i.e., the density) is 567 controlled by the DT (Density Threshold) parameter. DT has values 568 between 0 (the minimum value) and 15 (the maximum value), and the 569 average probability of having a non zero coefficient equals (DT + 1) 570 / 16. In particular, when DT equals 15 the function guaranties that 571 all coefficients are non zero (i.e., maximum density). 573 These considerations apply to both the RLC over GF(2) and RLC over 574 GF(2^^8), the only difference being the value of the m parameter. 575 With the RLC over GF(2) FEC Scheme (Section 5), m is equal to 1. 576 With RLC over GF(2^^8) FEC Scheme (Section 4), m is equal to 8. 578 579 /* 580 * Fills in the table of coding coefficients (of the right size) 581 * provided with the appropriate number of coding coefficients to 582 * use for the repair symbol key provided. 583 * 584 * (in) repair_key key associated to this repair symbol. This 585 * parameter is ignored (useless) if m=1 and dt=15 586 * (in/out) cc_tab[] pointer to a table of the right size to store 587 * coding coefficients. All coefficients are 588 * stored as bytes, regardless of the m parameter, 589 * upon return of this function. 590 * (in) cc_nb number of entries in the table. This value is 591 * equal to the current encoding window size. 592 * (in) dt integer between 0 and 15 (inclusive) that 593 * controls the density. With value 15, all 594 * coefficients are guaranteed to be non zero 595 * (i.e. equal to 1 with GF(2) and equal to a 596 * value in {1,... 255} with GF(2^^8)), otherwise 597 * a fraction of them will be 0. 598 * (in) m Finite Field GF(2^^m) parameter. In this 599 * document only values 1 and 8 are considered. 600 * (out) returns 0 in case of success, an error code 601 * different than 0 otherwise. 602 */ 603 int generate_coding_coefficients (uint16_t repair_key, 604 uint8_t cc_tab[], 605 uint16_t cc_nb, 606 uint8_t dt, 607 uint8_t m) 608 { 609 uint32_t i; 610 tinymt32_t s; /* PRNG internal state */ 612 if (dt > 15) { 613 return -1; /* error, bad dt parameter */ 614 } 615 switch (m) { 616 case 1: 617 if (dt == 15) { 618 /* all coefficients are 1 */ 619 memset(cc_tab, 1, cc_nb); 620 } else { 621 /* here coefficients are either 0 or 1 */ 622 tinymt32_init(&s, repair_key); 623 for (i = 0 ; i < cc_nb ; i++) { 624 cc_tab[i] = (tinymt32_rand16(&s) <= dt) ? 1 : 0; 625 } 626 } 627 break; 629 case 8: 630 tinymt32_init(&s, repair_key); 631 if (dt == 15) { 632 /* coefficient 0 is avoided here in order to include 633 * all the source symbols */ 634 for (i = 0 ; i < cc_nb ; i++) { 635 do { 636 cc_tab[i] = (uint8_t) tinymt32_rand256(&s); 637 } while (cc_tab[i] == 0); 638 } 639 } else { 640 /* here a certain number of coefficients should be 0 */ 641 for (i = 0 ; i < cc_nb ; i++) { 642 if (tinymt32_rand16(&s) <= dt) { 643 do { 644 cc_tab[i] = (uint8_t) tinymt32_rand256(&s); 645 } while (cc_tab[i] == 0); 646 } else { 647 cc_tab[i] = 0; 648 } 649 } 650 } 651 break; 653 default: 654 return -2; /* error, bad parameter m */ 655 } 656 return 0 /* success */ 657 } 658 660 Figure 3: Coding Coefficients Generation Function Reference 661 Implementation 663 3.7. Finite Fields Operations 665 3.7.1. Finite Field Definitions 667 The two RLC FEC Schemes specified in this document reuse the Finite 668 Fields defined in [RFC5510], section 8.1. More specifically, the 669 elements of the field GF(2^^m) are represented by polynomials with 670 binary coefficients (i.e., over GF(2)) and degree lower or equal to 671 m-1. The addition between two elements is defined as the addition of 672 binary polynomials in GF(2), which is equivalent to a bitwise XOR 673 operation on the binary representation of these elements. 675 With GF(2^^8), multiplication between two elements is the 676 multiplication modulo a given irreducible polynomial of degree 8. 677 The following irreducible polynomial MUST be used for GF(2^^8): 679 x^^8 + x^^4 + x^^3 + x^^2 + 1 681 With GF(2), multiplication corresponds to a logical AND operation. 683 3.7.2. Linear Combination of Source Symbols Computation 685 The two RLC FEC Schemes require the computation of a linear 686 combination of source symbols, using the coding coefficients produced 687 by the generate_coding_coefficients() function and stored in the 688 cc_tab[] array. 690 With the RLC over GF(2^^8) FEC Scheme, a linear combination of the 691 ew_size source symbol present in the encoding window, say src_0 to 692 src_ew_size_1, in order to generate a repair symbol, is computed as 693 follows. For each byte of position i in each source and the repair 694 symbol, where i belongs to {0; E-1}, compute: 696 repair[i] = cc_tab[0] * src_0[i] XOR cc_tab[1] * src_1[i] XOR ... 697 XOR cc_tab[ew_size - 1] * src_ew_size_1[i] 699 where * is the multiplication over GF(2^^8). In practice various 700 optimizations need to be used in order to make this computation 701 efficient (see in particular [PGM13]). 703 With the RLC over GF(2) FEC Scheme (binary case), a linear 704 combination is computed as follows. The repair symbol is the XOR sum 705 of all the source symbols corresponding to a coding coefficient 706 cc_tab[j] equal to 1 (i.e., the source symbols corresponding to zero 707 coding coefficients are ignored). The XOR sum of the byte of 708 position i in each source is computed and stored in the corresponding 709 byte of the repair symbol, where i belongs to {0; E-1}. In practice, 710 the XOR sums will be computed several bytes at a time (e.g., on 64 711 bit words, or on arrays of 16 or more bytes when using SIMD CPU 712 extensions). 714 With both FEC Schemes, the details of how to optimize the computation 715 of these linear combinations are of high practical importance but out 716 of scope of this document. 718 4. Sliding Window RLC FEC Scheme over GF(2^^8) for Arbitrary Packet 719 Flows 721 This fully-specified FEC Scheme defines the Sliding Window Random 722 Linear Codes (RLC) over GF(2^^8). 724 4.1. Formats and Codes 726 4.1.1. FEC Framework Configuration Information 728 Following the guidelines of [RFC6363], section 5.6, this section 729 provides the FEC Framework Configuration Information (or FFCI). This 730 FCCI needs to be shared (e.g., using SDP) between the FECFRAME sender 731 and receiver instances in order to synchronize them. It includes a 732 FEC Encoding ID, mandatory for any FEC Scheme specification, plus 733 scheme-specific elements. 735 4.1.1.1. FEC Encoding ID 737 o FEC Encoding ID: the value assigned to this fully specified FEC 738 Scheme MUST be XXXX, as assigned by IANA (Section 10). 740 When SDP is used to communicate the FFCI, this FEC Encoding ID is 741 carried in the 'encoding-id' parameter. 743 4.1.1.2. FEC Scheme-Specific Information 745 The FEC Scheme-Specific Information (FSSI) includes elements that are 746 specific to the present FEC Scheme. More precisely: 748 Encoding symbol size (E): a non-negative integer that indicates the 749 size of each encoding symbol in bytes; 750 Window Size Ratio (WSR) parameter: a non-negative integer between 0 751 and 255 (both inclusive) used to initialize window sizes. A value 752 of 0 indicates this parameter is not considered (e.g., a fixed 753 encoding window size may be chosen). A value between 1 and 255 754 inclusive is required by certain of the parameter derivation 755 techniques described in Appendix C; 757 This element is required both by the sender (RLC encoder) and the 758 receiver(s) (RLC decoder). 760 When SDP is used to communicate the FFCI, this FEC Scheme-specific 761 information is carried in the 'fssi' parameter in textual 762 representation as specified in [RFC6364]. For instance: 764 fssi=E:1400,WSR:191 766 In that case the name values "E" and "WSR" are used to convey the E 767 and WSR parameters respectively. 769 If another mechanism requires the FSSI to be carried as an opaque 770 octet string, the encoding format consists of the following three 771 octets, where the E field is carried in "big-endian" or "network 772 order" format, that is, most significant byte first: 774 Encoding symbol length (E): 16-bit field; 775 Window Size Ratio Parameter (WSR): 8-bit field. 777 These three octets can be communicated as such, or for instance, be 778 subject to an additional Base64 encoding. 780 0 1 2 781 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 782 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 783 | Encoding Symbol Length (E) | WSR | 784 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 786 Figure 4: FSSI Encoding Format 788 4.1.2. Explicit Source FEC Payload ID 790 A FEC Source Packet MUST contain an Explicit Source FEC Payload ID 791 that is appended to the end of the packet as illustrated in Figure 5. 793 +--------------------------------+ 794 | IP Header | 795 +--------------------------------+ 796 | Transport Header | 797 +--------------------------------+ 798 | ADU | 799 +--------------------------------+ 800 | Explicit Source FEC Payload ID | 801 +--------------------------------+ 803 Figure 5: Structure of an FEC Source Packet with the Explicit Source 804 FEC Payload ID 806 More precisely, the Explicit Source FEC Payload ID is composed of the 807 following field, carried in "big-endian" or "network order" format, 808 that is, most significant byte first (Figure 6): 810 Encoding Symbol ID (ESI) (32-bit field): this unsigned integer 811 identifies the first source symbol of the ADUI corresponding to 812 this FEC Source Packet. The ESI is incremented for each new 813 source symbol, and after reaching the maximum value (2^32-1), 814 wrapping to zero occurs. 816 0 1 2 3 817 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 818 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 819 | Encoding Symbol ID (ESI) | 820 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 822 Figure 6: Source FEC Payload ID Encoding Format 824 4.1.3. Repair FEC Payload ID 826 A FEC Repair Packet MAY contain one or more repair symbols. When 827 there are several repair symbols, all of them MUST have been 828 generated from the same encoding window, using Repair_Key values that 829 are managed as explained below. A receiver can easily deduce the 830 number of repair symbols within a FEC Repair Packet by comparing the 831 received FEC Repair Packet size (equal to the UDP payload size when 832 UDP is the underlying transport protocol) and the symbol size, E, 833 communicated in the FFCI. 835 A FEC Repair Packet MUST contain a Repair FEC Payload ID that is 836 prepended to the repair symbol as illustrated in Figure 7. 838 +--------------------------------+ 839 | IP Header | 840 +--------------------------------+ 841 | Transport Header | 842 +--------------------------------+ 843 | Repair FEC Payload ID | 844 +--------------------------------+ 845 | Repair Symbol | 846 +--------------------------------+ 848 Figure 7: Structure of an FEC Repair Packet with the Repair FEC 849 Payload ID 851 More precisely, the Repair FEC Payload ID is composed of the 852 following fields where all integer fields are carried in "big-endian" 853 or "network order" format, that is, most significant byte first 854 (Figure 8): 856 Repair_Key (16-bit field): this unsigned integer is used as a seed 857 by the coefficient generation function (Section 3.6) in order to 858 generate the desired number of coding coefficients. This repair 859 key may be a monotonically increasing integer value that loops 860 back to 0 after reaching 65535 (see Section 6.1). When a FEC 861 Repair Packet contains several repair symbols, this repair key 862 value is that of the first repair symbol. The remaining repair 863 keys can be deduced by incrementing by 1 this value, up to a 864 maximum value of 65535 after which it loops back to 0. 865 Density Threshold for the coding coefficients, DT (4-bit field): 866 this unsigned integer carries the Density Threshold (DT) used by 867 the coding coefficient generation function Section 3.6. More 868 precisely, it controls the probability of having a non zero coding 869 coefficient, which equals (DT+1) / 16. When a FEC Repair Packet 870 contains several repair symbols, the DT value applies to all of 871 them; 872 Number of Source Symbols in the encoding window, NSS (12-bit field): 874 this unsigned integer indicates the number of source symbols in 875 the encoding window when this repair symbol was generated. When a 876 FEC Repair Packet contains several repair symbols, this NSS value 877 applies to all of them; 878 ESI of First Source Symbol in the encoding window, FSS_ESI (32-bit 879 field): 880 this unsigned integer indicates the ESI of the first source symbol 881 in the encoding window when this repair symbol was generated. 882 When a FEC Repair Packet contains several repair symbols, this 883 FSS_ESI value applies to all of them; 885 0 1 2 3 886 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 887 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 888 | Repair_Key | DT |NSS (# src symb in ew) | 889 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 890 | FSS_ESI | 891 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 893 Figure 8: Repair FEC Payload ID Encoding Format 895 4.2. Procedures 897 All the procedures of Section 3 apply to this FEC Scheme. 899 5. Sliding Window RLC FEC Scheme over GF(2) for Arbitrary Packet Flows 901 This fully-specified FEC Scheme defines the Sliding Window Random 902 Linear Codes (RLC) over GF(2) (binary case). 904 5.1. Formats and Codes 906 5.1.1. FEC Framework Configuration Information 908 5.1.1.1. FEC Encoding ID 910 o FEC Encoding ID: the value assigned to this fully specified FEC 911 Scheme MUST be YYYY, as assigned by IANA (Section 10). 913 When SDP is used to communicate the FFCI, this FEC Encoding ID is 914 carried in the 'encoding-id' parameter. 916 5.1.1.2. FEC Scheme-Specific Information 918 All the considerations of Section 4.1.1.2 apply here. 920 5.1.2. Explicit Source FEC Payload ID 922 All the considerations of Section 4.1.2 apply here. 924 5.1.3. Repair FEC Payload ID 926 All the considerations of Section 4.1.3 apply here, with the only 927 exception that the Repair_Key field is useless if DT = 15 (indeed, in 928 that case all the coefficients are necessarily equal to 1 and the 929 coefficient generation function does not use any PRNG). When DT = 15 930 the FECFRAME sender MUST set the Repair_Key field to zero on 931 transmission and a receiver MUST ignore it on receipt. 933 5.2. Procedures 935 All the procedures of Section 3 apply to this FEC Scheme. 937 6. FEC Code Specification 939 6.1. Encoding Side 941 This section provides a high level description of a Sliding Window 942 RLC encoder. 944 Whenever a new FEC Repair Packet is needed, the RLC encoder instance 945 first gathers the ew_size source symbols currently in the sliding 946 encoding window. Then it chooses a repair key, which can be a 947 monotonically increasing integer value, incremented for each repair 948 symbol up to a maximum value of 65535 (as it is carried within a 949 16-bit field) after which it loops back to 0. This repair key is 950 communicated to the coefficient generation function (Section 3.6) in 951 order to generate ew_size coding coefficients. Finally, the FECFRAME 952 sender computes the repair symbol as a linear combination of the 953 ew_size source symbols using the ew_size coding coefficients 954 (Section 3.7). When E is small and when there is an incentive to 955 pack several repair symbols within the same FEC Repair Packet, the 956 appropriate number of repair symbols are computed. In that case the 957 repair key for each of them MUST be incremented by 1, keeping the 958 same ew_size source symbols, since only the first repair key will be 959 carried in the Repair FEC Payload ID. The FEC Repair Packet can then 960 be passed to the transport layer for transmission. The source versus 961 repair FEC packet transmission order is out of scope of this document 962 and several approaches exist that are implementation-specific. 964 Other solutions are possible to select a repair key value when a new 965 FEC Repair Packet is needed, for instance, by choosing a random 966 integer between 0 and 65535. However, selecting the same repair key 967 as before (which may happen in case of a random process) is only 968 meaningful if the encoding window has changed, otherwise the same FEC 969 Repair Packet will be generated. 971 6.2. Decoding Side 973 This section provides a high level description of a Sliding Window 974 RLC decoder. 976 A FECFRAME receiver needs to maintain a linear system whose variables 977 are the received and lost source symbols. Upon receiving a FEC 978 Repair Packet, a receiver first extracts all the repair symbols it 979 contains (in case several repair symbols are packed together). For 980 each repair symbol, when at least one of the corresponding source 981 symbols it protects has been lost, the receiver adds an equation to 982 the linear system (or no equation if this repair packet does not 983 change the linear system rank). This equation of course re-uses the 984 ew_size coding coefficients that are computed by the same coefficient 985 generation function (Section Section 3.6), using the repair key and 986 encoding window descriptions carried in the Repair FEC Payload ID. 987 Whenever possible (i.e., when a sub-system covering one or more lost 988 source symbols is of full rank), decoding is performed in order to 989 recover lost source symbols. Gaussian elimination is one possible 990 algorithm to solve this linear system. Each time an ADUI can be 991 totally recovered, padding is removed (thanks to the Length field, L, 992 of the ADUI) and the ADU is assigned to the corresponding application 993 flow (thanks to the Flow ID field, F, of the ADUI). This ADU is 994 finally passed to the corresponding upper application. Received FEC 995 Source Packets, containing an ADU, MAY be passed to the application 996 either immediately or after some time to guaranty an ordered delivery 997 to the application. This document does not mandate any approach as 998 this is an operational and management decision. 1000 With real-time flows, a lost ADU that is decoded after the maximum 1001 latency or an ADU received after this delay has no value to the 1002 application. This raises the question of deciding whether or not an 1003 ADU is late. This decision MAY be taken within the FECFRAME receiver 1004 (e.g., using the decoding window, see Section 3.1) or within the 1005 application (e.g., using RTP timestamps within the ADU). Deciding 1006 which option to follow and whether or not to pass all ADUs, including 1007 those assumed late, to the application are operational decisions that 1008 depend on the application and are therefore out of scope of this 1009 document. Additionally, Appendix D discusses a backward compatible 1010 optimization whereby late source symbols MAY still be used within the 1011 FECFRAME receiver in order to improve transmission robustness. 1013 7. Implementation Status 1015 Editor's notes: RFC Editor, please remove this section motivated by 1016 RFC 6982 before publishing the RFC. Thanks. 1018 An implementation of the Sliding Window RLC FEC Scheme for FECFRAME 1019 exists: 1021 o Organisation: Inria 1022 o Description: This is an implementation of the Sliding Window RLC 1023 FEC Scheme limited to GF(2^^8). It relies on a modified version 1024 of our OpenFEC (http://openfec.org) FEC code library. It is 1025 integrated in our FECFRAME software (see [fecframe-ext]). 1026 o Maturity: prototype. 1027 o Coverage: this software complies with the Sliding Window RLC FEC 1028 Scheme. 1029 o Licensing: proprietary. 1030 o Contact: vincent.roca@inria.fr 1032 8. Security Considerations 1034 The FEC Framework document [RFC6363] provides a fairly comprehensive 1035 analysis of security considerations applicable to FEC Schemes. 1036 Therefore, the present section follows the security considerations 1037 section of [RFC6363] and only discusses specific topics. 1039 8.1. Attacks Against the Data Flow 1041 8.1.1. Access to Confidential Content 1043 The Sliding Window RLC FEC Scheme specified in this document does not 1044 change the recommendations of [RFC6363]. To summarize, if 1045 confidentiality is a concern, it is RECOMMENDED that one of the 1046 solutions mentioned in [RFC6363] is used with special considerations 1047 to the way this solution is applied (e.g., is encryption applied 1048 before or after FEC protection, within the end-system or in a 1049 middlebox), to the operational constraints (e.g., performing FEC 1050 decoding in a protected environment may be complicated or even 1051 impossible) and to the threat model. 1053 8.1.2. Content Corruption 1055 The Sliding Window RLC FEC Scheme specified in this document does not 1056 change the recommendations of [RFC6363]. To summarize, it is 1057 RECOMMENDED that one of the solutions mentioned in [RFC6363] is used 1058 on both the FEC Source and Repair Packets. 1060 8.2. Attacks Against the FEC Parameters 1062 The FEC Scheme specified in this document defines parameters that can 1063 be the basis of attacks. More specifically, the following parameters 1064 of the FFCI may be modified by an attacker who targets receivers 1065 (Section 4.1.1.2): 1067 o FEC Encoding ID: changing this parameter leads a receiver to 1068 consider a different FEC Scheme. The consequences are severe, the 1069 format of the Explicit Source FEC Payload ID and Repair FEC 1070 Payload ID of received packets will probably differ, leading to 1071 various malfunctions. Even if the original and modified FEC 1072 Schemes share the same format, FEC decoding will either fail or 1073 lead to corrupted decoded symbols. This will happen if an 1074 attacker turns value YYYY (i.e., RLC over GF(2)) to value XXXX 1075 (RLC over GF(2^^8)), an additional consequence being a higher 1076 processing overhead at the receiver. In any case, the attack 1077 results in a form of Denial of Service (DoS) or corrupted content. 1078 o Encoding symbol length (E): setting this E parameter to a 1079 different value will confuse a receiver. If the size of a 1080 received FEC Repair Packet is no longer multiple of the modified E 1081 value, a receiver quickly detects a problem and SHOULD reject the 1082 packet. If the new E value is a sub-multiple of the original E 1083 value (e.g., half the original value), then receivers may not 1084 detect the problem immediately. For instance, a receiver may 1085 think that a received FEC Repair Packet contains more repair 1086 symbols (e.g., twice as many if E is reduced by half), leading to 1087 malfunctions whose nature depends on implementation details. Here 1088 also, the attack always results in a form of DoS or corrupted 1089 content. 1091 It is therefore RECOMMENDED that security measures be taken to 1092 guarantee the FFCI integrity, as specified in [RFC6363]. How to 1093 achieve this depends on the way the FFCI is communicated from the 1094 sender to the receiver, which is not specified in this document. 1096 Similarly, attacks are possible against the Explicit Source FEC 1097 Payload ID and Repair FEC Payload ID. More specifically, in case of 1098 a FEC Source Packet, the following value can be modified by an 1099 attacker who targets receivers: 1101 o Encoding Symbol ID (ESI): changing the ESI leads a receiver to 1102 consider a wrong ADU, resulting in severe consequences, including 1103 corrupted content passed to the receiving application; 1105 And in case of a FEC Repair Packet: 1107 o Repair Key: changing this value leads a receiver to generate a 1108 wrong coding coefficient sequence, and therefore any source symbol 1109 decoded using the repair symbols contained in this packet will be 1110 corrupted; 1111 o DT: changing this value also leads a receiver to generate a wrong 1112 coding coefficient sequence, and therefore any source symbol 1113 decoded using the repair symbols contained in this packet will be 1114 corrupted. In addition, if the DT value is significantly 1115 increased, it will generate a higher processing overhead at a 1116 receiver. In case of very large encoding windows, this may impact 1117 the terminal performance; 1118 o NSS: changing this value leads a receiver to consider a different 1119 set of source symbols, and therefore any source symbol decoded 1120 using the repair symbols contained in this packet will be 1121 corrupted. In addition, if the NSS value is significantly 1122 increased, it will generate a higher processing overhead at a 1123 receiver, which may impact the terminal performance; 1124 o FSS_ESI: changing this value also leads a receiver to consider a 1125 different set of source symbols and therefore any source symbol 1126 decoded using the repair symbols contained in this packet will be 1127 corrupted. 1129 It is therefore RECOMMENDED that security measures are taken to 1130 guarantee the FEC Source and Repair Packets as stated in [RFC6363]. 1132 8.3. When Several Source Flows are to be Protected Together 1134 The Sliding Window RLC FEC Scheme specified in this document does not 1135 change the recommendations of [RFC6363]. 1137 8.4. Baseline Secure FEC Framework Operation 1139 The Sliding Window RLC FEC Scheme specified in this document does not 1140 change the recommendations of [RFC6363] concerning the use of the 1141 IPsec/ESP security protocol as a mandatory to implement (but not 1142 mandatory to use) security scheme. This is well suited to situations 1143 where the only insecure domain is the one over which the FEC 1144 Framework operates. 1146 8.5. Additional Security Considerations for Numerical Computations 1148 In addition to the above security considerations, inherited from 1149 [RFC6363], the present document introduces several formulae, in 1150 particular in Appendix C.1. It is RECOMMENDED to check that the 1151 computed values stay within reasonable bounds since numerical 1152 overflows, caused by an erroneous implementation or an erroneous 1153 input value, may lead to hazardous behaviours. However, what 1154 "reasonable bounds" means is use-case and implementation dependent 1155 and is not detailed in this document. 1157 Appendix C.2 also mentions the possibility of "using the timestamp 1158 field of an RTP packet header" when applicable. A malicious attacker 1159 may deliberately corrupt this header field in order to trigger 1160 hazardous behaviours at a FECFRAME receiver. Protection against this 1161 type of content corruption can be addressed with the above 1162 recommendations on a baseline secure operation. In addition, it is 1163 also RECOMMENDED to check that the timestamp value be within 1164 reasonable bounds. 1166 9. Operations and Management Considerations 1168 The FEC Framework document [RFC6363] provides a fairly comprehensive 1169 analysis of operations and management considerations applicable to 1170 FEC Schemes. Therefore, the present section only discusses specific 1171 topics. 1173 9.1. Operational Recommendations: Finite Field GF(2) Versus GF(2^^8) 1175 The present document specifies two FEC Schemes that differ on the 1176 Finite Field used for the coding coefficients. It is expected that 1177 the RLC over GF(2^^8) FEC Scheme will be mostly used since it 1178 warrants a higher packet loss protection. In case of small encoding 1179 windows, the associated processing overhead is not an issue (e.g., we 1180 measured decoding speeds between 745 Mbps and 2.8 Gbps on an ARM 1181 Cortex-A15 embedded board in [Roca17] for an encoding window of size 1182 18 or 23 symbols). Of course the CPU overhead will increase with the 1183 encoding window size, because more operations in the GF(2^^8) finite 1184 field will be needed. 1186 The RLC over GF(2) FEC Scheme offers an alternative. In that case 1187 operations symbols can be directly XOR-ed together which warrants 1188 high bitrate encoding and decoding operations, and can be an 1189 advantage with large encoding windows. However, packet loss 1190 protection is significantly reduced by using this FEC Scheme. 1192 9.2. Operational Recommendations: Coding Coefficients Density Threshold 1194 In addition to the choice of the Finite Field, the two FEC Schemes 1195 define a coding coefficient density threshold (DT) parameter. This 1196 parameter enables a sender to control the code density, i.e., the 1197 proportion of coefficients that are non zero on average. With RLC 1198 over GF(2^^8), it is usually appropriate that small encoding windows 1199 be associated to a density threshold equal to 15, the maximum value, 1200 in order to warrant a high loss protection. 1202 On the opposite, with larger encoding windows, it is usually 1203 appropriate that the density threshold be reduced. With large 1204 encoding windows, an alternative can be to use RLC over GF(2) and a 1205 density threshold equal to 7 (i.e., an average density equal to 1/2) 1206 or smaller. 1208 Note that using a density threshold equal to 15 with RLC over GF(2) 1209 is equivalent to using an XOR code that computes the XOR sum of all 1210 the source symbols in the encoding window. In that case: (1) only a 1211 single repair symbol can be produced for any encoding window, and (2) 1212 the repair_key parameter becomes useless (the coding coefficients 1213 generation function does not rely on the PRNG). 1215 10. IANA Considerations 1217 This document registers two values in the "FEC Framework (FECFRAME) 1218 FEC Encoding IDs" registry [RFC6363] as follows: 1220 o YYYY refers to the Sliding Window Random Linear Codes (RLC) over 1221 GF(2) FEC Scheme for Arbitrary Packet Flows, as defined in 1222 Section 5 of this document. 1223 o XXXX refers to the Sliding Window Random Linear Codes (RLC) over 1224 GF(2^^8) FEC Scheme for Arbitrary Packet Flows, as defined in 1225 Section 4 of this document. 1227 11. Acknowledgments 1229 The authors would like to thank the three TSVWG chairs, Wesley Eddy, 1230 our shepherd, David Black and Gorry Fairhurst, as well as Spencer 1231 Dawkins, our responsible AD, and all those who provided comments, 1232 namely (alphabetical order) Alan DeKok, Jonathan Detchart, Russ 1233 Housley, Emmanuel Lochin, Marie-Jose Montpetit, and Greg Skinner. 1234 Last but not least, the authors are really grateful to the IESG 1235 members, in particular Benjamin Kaduk, Mirja Kuhlewind, Eric 1236 Rescorla, and Adam Roach for their highly valuable feedbacks that 1237 greatly contributed to improve this specification. 1239 12. References 1241 12.1. Normative References 1243 [fecframe-ext] 1244 Roca, V. and A. Begen, "Forward Error Correction (FEC) 1245 Framework Extension to Sliding Window Codes", Transport 1246 Area Working Group (TSVWG) draft-ietf-tsvwg-fecframe-ext 1247 (Work in Progress), January 2019, 1248 . 1251 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1252 Requirement Levels", BCP 14, RFC 2119, 1253 DOI 10.17487/RFC2119, March 1997, 1254 . 1256 [RFC6363] Watson, M., Begen, A., and V. Roca, "Forward Error 1257 Correction (FEC) Framework", RFC 6363, 1258 DOI 10.17487/RFC6363, October 2011, 1259 . 1261 [RFC6364] Begen, A., "Session Description Protocol Elements for the 1262 Forward Error Correction (FEC) Framework", RFC 6364, 1263 DOI 10.17487/RFC6364, October 2011, 1264 . 1266 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1267 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1268 May 2017, . 1270 [tinymt32] 1271 Saito, M., Matsumoto, M., Roca, V., and E. Baccelli, 1272 "TinyMT32 Pseudo Random Number Generator (PRNG)", 1273 Transport Area Working Group (TSVWG) draft-roca-tsvwg- 1274 tinymt32 (Work in Progress), February 2019, 1275 . 1277 12.2. Informative References 1279 [PGM13] Plank, J., Greenan, K., and E. Miller, "A Complete 1280 Treatment of Software Implementations of Finite Field 1281 Arithmetic for Erasure Coding Applications", University of 1282 Tennessee Technical Report UT-CS-13-717, 1283 http://web.eecs.utk.edu/~plank/plank/papers/ 1284 UT-CS-13-717.html, October 2013, 1285 . 1288 [RFC5170] Roca, V., Neumann, C., and D. Furodet, "Low Density Parity 1289 Check (LDPC) Staircase and Triangle Forward Error 1290 Correction (FEC) Schemes", RFC 5170, DOI 10.17487/RFC5170, 1291 June 2008, . 1293 [RFC5510] Lacan, J., Roca, V., Peltotalo, J., and S. Peltotalo, 1294 "Reed-Solomon Forward Error Correction (FEC) Schemes", 1295 RFC 5510, DOI 10.17487/RFC5510, April 2009, 1296 . 1298 [RFC6726] Paila, T., Walsh, R., Luby, M., Roca, V., and R. Lehtonen, 1299 "FLUTE - File Delivery over Unidirectional Transport", 1300 RFC 6726, DOI 10.17487/RFC6726, November 2012, 1301 . 1303 [RFC6816] Roca, V., Cunche, M., and J. Lacan, "Simple Low-Density 1304 Parity Check (LDPC) Staircase Forward Error Correction 1305 (FEC) Scheme for FECFRAME", RFC 6816, 1306 DOI 10.17487/RFC6816, December 2012, 1307 . 1309 [RFC6865] Roca, V., Cunche, M., Lacan, J., Bouabdallah, A., and K. 1310 Matsuzono, "Simple Reed-Solomon Forward Error Correction 1311 (FEC) Scheme for FECFRAME", RFC 6865, 1312 DOI 10.17487/RFC6865, February 2013, 1313 . 1315 [RFC8406] Adamson, B., Adjih, C., Bilbao, J., Firoiu, V., Fitzek, 1316 F., Ghanem, S., Lochin, E., Masucci, A., Montpetit, M-J., 1317 Pedersen, M., Peralta, G., Roca, V., Ed., Saxena, P., and 1318 S. Sivakumar, "Taxonomy of Coding Techniques for Efficient 1319 Network Communications", RFC 8406, DOI 10.17487/RFC8406, 1320 June 2018, . 1322 [Roca16] Roca, V., Teibi, B., Burdinat, C., Tran, T., and C. 1323 Thienot, "Block or Convolutional AL-FEC Codes? A 1324 Performance Comparison for Robust Low-Latency 1325 Communications", HAL open-archive document,hal-01395937 1326 https://hal.inria.fr/hal-01395937/en/, November 2016, 1327 . 1329 [Roca17] Roca, V., Teibi, B., Burdinat, C., Tran, T., and C. 1330 Thienot, "Less Latency and Better Protection with AL-FEC 1331 Sliding Window Codes: a Robust Multimedia CBR Broadcast 1332 Case Study", 13th IEEE International Conference on 1333 Wireless and Mobile Computing, Networking and 1334 Communications (WiMob17), October 1335 2017 https://hal.inria.fr/hal-01571609v1/en/, October 1336 2017, . 1338 Appendix A. TinyMT32 Validation Criteria (Normative) 1340 PRNG determinism, for a given seed, is a requirement. Consequently, 1341 in order to validate an implementation of the TinyMT32 PRNG, the 1342 following criteria MUST be met. 1344 The first criterion focusses on the tinymt32_rand256(), where the 1345 32-bit integer of the core TinyMT32 PRNG is scaled down to an 8-bit 1346 integer. Using a seed value of 1, the first 50 values returned by: 1347 tinymt32_rand256() as 8-bit unsigned integers MUST be equal to values 1348 provided in Figure 9. 1350 37 225 177 176 21 1351 246 54 139 168 237 1352 211 187 62 190 104 1353 135 210 99 176 11 1354 207 35 40 113 179 1355 214 254 101 212 211 1356 226 41 234 232 203 1357 29 194 211 112 107 1358 217 104 197 135 23 1359 89 210 252 109 166 1361 Figure 9: First 50 decimal values returned by tinymt32_rand256() as 1362 8-bit unsigned integers, with a seed value of 1. 1364 The second criterion focusses on the tinymt32_rand16(), where the 1365 32-bit integer of the core TinyMT32 PRNG is scaled down to a 4-bit 1366 integer. Using a seed value of 1, the first 50 values returned by: 1367 tinymt32_rand16() as 4-bit unsigned integers MUST be equal to values 1368 provided in Figure 10. 1370 5 1 1 0 5 1371 6 6 11 8 13 1372 3 11 14 14 8 1373 7 2 3 0 11 1374 15 3 8 1 3 1375 6 14 5 4 3 1376 2 9 10 8 11 1377 13 2 3 0 11 1378 9 8 5 7 7 1379 9 2 12 13 6 1381 Figure 10: First 50 decimal values returned by tinymt32_rand16() as 1382 4-bit unsigned integers, with a seed value of 1. 1384 Appendix B. Assessing the PRNG Adequacy (Informational) 1386 This annex discusses the adequacy of the TinyMT32 PRNG and the 1387 tinymt32_rand16() and tinymt32_rand256() functions, to the RLC FEC 1388 Schemes. The goal is to assess the adequacy of these two functions 1389 in producing coding coefficients that are sufficiently different from 1390 one another, across various repair symbols with repair key values in 1391 sequence (we can expect this approach to be commonly used by 1392 implementers, see Section 6.1). This section is purely informational 1393 and does not claim to be a solid evaluation. 1395 The two RLC FEC Schemes use the PRNG to produce pseudo-random coding 1396 coefficients (Section 3.6), each time a new repair symbol is needed. 1397 A different repair key is used for each repair symbol, usually by 1398 incrementing the repair key value (Section 6.1). For each repair 1399 symbol, a limited number of pseudo-random numbers is needed, 1400 depending on the DT and encoding window size (Section 3.6), using 1401 either tinymt32_rand16() or tinymt32_rand256(). Therefore we are 1402 more interested in the randomness of small sequences of random 1403 numbers mapped to 4-bit or 8-bit integers, than in the randomness of 1404 a very large sequence of random numbers which is not representative 1405 of the usage of the PRNG. 1407 Evaluation of tinymt32_rand16(): We first generate a huge number 1408 (1,000,000,000) of small sequences (20 pseudo-random numbers per 1409 sequence), and perform statistics on the number of occurrences of 1410 each of the 16 possible values across all sequences. 1412 value occurrences percentage (%) (total of 20000000000) 1413 0 1250036799 6.2502 1414 1 1249995831 6.2500 1415 2 1250038674 6.2502 1416 3 1250000881 6.2500 1417 4 1250023929 6.2501 1418 5 1249986320 6.2499 1419 6 1249995587 6.2500 1420 7 1250020363 6.2501 1421 8 1249995276 6.2500 1422 9 1249982856 6.2499 1423 10 1249984111 6.2499 1424 11 1250009551 6.2500 1425 12 1249955768 6.2498 1426 13 1249994654 6.2500 1427 14 1250000569 6.2500 1428 15 1249978831 6.2499 1430 Figure 11: tinymt32_rand16(): occurrence statistics across a huge 1431 number (1,000,000,000) of small sequences (20 pseudo-random numbers 1432 per sequence), with 0 as the first PRNG seed. 1434 The results (Figure 11) show that all possible values are almost 1435 equally represented, or said differently, that the tinymt32_rand16() 1436 output converges to a uniform distribution where each of the 16 1437 possible values would appear exactly 1 / 16 * 100 = 6.25% of times. 1439 Other types of biases may exist that may be visible with smaller 1440 tests, for instance to evaluate the convergence speed to a uniform 1441 distribution. We therefore perform 200 tests, each of them 1442 consisting in producing 200 sequences, keeping only the first value 1443 of each sequence. We use non overlapping repair keys for each 1444 sequence, starting with value 0 and increasing it after each use. 1446 value min occurrences max occurrences average occurrences 1447 0 4 21 6.3675 1448 1 4 22 6.0200 1449 2 4 20 6.3125 1450 3 5 23 6.1775 1451 4 5 24 6.1000 1452 5 4 21 6.5925 1453 6 5 30 6.3075 1454 7 6 22 6.2225 1455 8 5 26 6.1750 1456 9 3 21 5.9425 1457 10 5 24 6.3175 1458 11 4 22 6.4300 1459 12 5 21 6.1600 1460 13 5 22 6.3100 1461 14 4 26 6.3950 1462 15 4 21 6.1700 1464 Figure 12: tinymt32_rand16(): occurrence statistics across 200 tests, 1465 each of them consisting in 200 sequences of 1 pseudo-random number 1466 each, with non overlapping PRNG seeds in sequence starting from 0. 1468 Figure 12 shows across all 200 tests, for each of the 16 possible 1469 pseudo-random number values, the minimum (resp. maximum) number of 1470 times it appeared in a test, as well as the average number of 1471 occurrences across the 200 tests. Although the distribution is not 1472 perfect, there is no major bias. On the opposite, in the same 1473 conditions, the Park-Miller linear congruential PRNG of [RFC5170] 1474 with a result scaled down to 4-bit values, using seeds in sequence 1475 starting from 1, returns systematically 0 as the first value during 1476 some time, then after a certain repair key value threshold, it 1477 systematically returns 1, etc. 1479 Evaluation of tinymt32_rand256(): The same approach is used here. 1480 Results (not shown) are similar: occurrences vary between 7,810,3368 1481 (i.e., 0.3905%) and 7,814,7952 (i.e., 0.3907%). Here also we see a 1482 convergence to the theoretical uniform distribution where each of the 1483 256 possible values would appear exactly 1 / 256 * 100 = 0.390625% of 1484 times. 1486 Appendix C. Possible Parameter Derivation (Informational) 1488 Section 3.1 defines several parameters to control the encoder or 1489 decoder. This annex proposes techniques to derive these parameters 1490 according to the target use-case. This annex is informational, in 1491 the sense that using a different derivation technique will not 1492 prevent the encoder and decoder to interoperate: a decoder can still 1493 recover an erased source symbol without any error. However, in case 1494 of a real-time flow, an inappropriate parameter derivation may lead 1495 to the decoding of erased source packets after their validity period, 1496 making them useless to the target application. This annex proposes 1497 an approach to reduce this risk, among other things. 1499 The FEC Schemes defined in this document can be used in various 1500 manners, depending on the target use-case: 1502 o the source ADU flow they protect may or may not have real-time 1503 constraints; 1504 o the source ADU flow may be a Constant Bitrate (CBR) or Variable 1505 BitRate (VBR) flow; 1506 o with a VBR source ADU flow, the flow's minimum and maximum 1507 bitrates may or may not be known; 1508 o and the communication path between encoder and decoder may be a 1509 CBR communication path (e.g., as with certain LTE-based broadcast 1510 channels) or not (general case, e.g., with Internet). 1512 The parameter derivation technique should be suited to the use-case, 1513 as described in the following sections. 1515 C.1. Case of a CBR Real-Time Flow 1517 In the following, we consider a real-time flow with max_lat latency 1518 budget. The encoding symbol size, E, is constant. The code rate, 1519 cr, is also constant, its value depending on the expected 1520 communication loss model (this choice is out of scope of this 1521 document). 1523 In a first configuration, the source ADU flow bitrate at the input of 1524 the FECFRAME sender is fixed and equal to br_in (in bits/s), and this 1525 value is known by the FECFRAME sender. It follows that the 1526 transmission bitrate at the output of the FECFRAME sender will be 1527 higher, depending on the added repair flow overhead. In order to 1528 comply with the maximum FEC-related latency budget, we have: 1530 dw_max_size = (max_lat * br_in) / (8 * E) 1532 assuming that the encoding and decoding times are negligible with 1533 respect to the target max_lat. This is a reasonable assumption in 1534 many situations (e.g., see Section 9.1 in case of small window 1535 sizes). Otherwise the max_lat parameter should be adjusted in order 1536 to avoid the problem. In any case, interoperability will never be 1537 compromized by choosing a too large value. 1539 In a second configuration, the FECFRAME sender generates a fixed 1540 bitrate flow, equal to the CBR communication path bitrate equal to 1541 br_out (in bits/s), and this value is known by the FECFRAME sender, 1542 as in [Roca17]. The maximum source flow bitrate needs to be such 1543 that, with the added repair flow overhead, the total transmission 1544 bitrate remains inferior or equal to br_out. We have: 1546 dw_max_size = (max_lat * br_out * cr) / (8 * E) 1548 assuming here also that the encoding and decoding times are 1549 negligible with respect to the target max_lat. 1551 For decoding to be possible within the latency budget, it is required 1552 that the encoding window maximum size be smaller than or at most 1553 equal to the decoding window maximum size. The ew_max_size is the 1554 main parameter at a FECFRAME sender, but its exact value has no 1555 impact on the the FEC-related latency budget. The ew_max_size 1556 parameter is computed as follows: 1558 ew_max_size = dw_max_size * WSR / 255 1560 In line with [Roca17], WSR = 191 is considered as a reasonable value 1561 (the resulting encoding to decoding window size ratio is then close 1562 to 0.75), but other values between 1 and 255 inclusive are possible, 1563 depending on the use-case. 1565 The dw_max_size is computed by a FECFRAME sender but not explicitly 1566 communicated to a FECFRAME receiver. However, a FECFRAME receiver 1567 can easily evaluate the ew_max_size by observing the maximum Number 1568 of Source Symbols (NSS) value contained in the Repair FEC Payload ID 1569 of received FEC Repair Packets (Section 4.1.3). A receiver can then 1570 easily compute dw_max_size: 1572 dw_max_size = max_NSS_observed * 255 / WSR 1574 A receiver can then chose an appropriate linear system maximum size: 1576 ls_max_size >= dw_max_size 1578 It is good practice to use a larger value for ls_max_size as 1579 explained in Appendix D, which does not impact maximum latency nor 1580 interoperability. 1582 In any case, for a given use-case (i.e., for target encoding and 1583 decoding devices and desired protection levels in front of 1584 communication impairments) and for the computed ew_max_size, 1585 dw_max_size and ls_max_size values, it is RECOMMENDED to check that 1586 the maximum encoding time and maximum memory requirements at a 1587 FECFRAME sender, and maximum decoding time and maximum memory 1588 requirements at a FECFRAME receiver, stay within reasonable bounds. 1589 When assuming that the encoding and decoding times are negligible 1590 with respect to the target max_lat, this should be verified as well, 1591 otherwise the max_lat SHOULD be adjusted accordingly. 1593 The particular case of session start needs to be managed 1594 appropriately since the ew_size, starting at zero, increases each 1595 time a new source ADU is received by the FECFRAME sender, until it 1596 reaches the ew_max_size value. Therefore a FECFRAME receiver SHOULD 1597 continuously observe the received FEC Repair Packets, since the NSS 1598 value carried in the Repair FEC Payload ID will increase too, and 1599 adjust its ls_max_size accordingly if need be. With a CBR flow, 1600 session start is expected to be the only moment when the encoding 1601 window size will increase. Similarly, with a CBR real-time flow, the 1602 session end is expected to be the only moment when the encoding 1603 window size will progressively decrease. No adjustment of the 1604 ls_max_size is required at the FECFRAME receiver in that case. 1606 C.2. Other Types of Real-Time Flow 1608 In the following, we consider a real-time source ADU flow with a 1609 max_lat latency budget and a variable bitrate (VBR) measured at the 1610 entry of the FECFRAME sender. A first approach consists in 1611 considering the smallest instantaneous bitrate of the source ADU 1612 flow, when this parameter is known, and to reuse the derivation of 1613 Appendix C.1. Considering the smallest bitrate means that the 1614 encoding and decoding window maximum size estimations are 1615 pessimistic: these windows have the smallest size required to enable 1616 on-time decoding at a FECFRAME receiver. If the instantaneous 1617 bitrate is higher than this smallest bitrate, this approach leads to 1618 an encoding window that is unnecessarily small, which reduces 1619 robustness in front of long erasure bursts. 1621 Another approach consists in using ADU timing information (e.g., 1622 using the timestamp field of an RTP packet header, or registering the 1623 time upon receiving a new ADU). From the global FEC-related latency 1624 budget, the FECFRAME sender can derive a practical maximum latency 1625 budget for encoding operations, max_lat_for_encoding. For the FEC 1626 Schemes specified in this document, this latency budget SHOULD be 1627 computed with: 1629 max_lat_for_encoding = max_lat * WSR / 255 1631 It follows that any source symbols associated to an ADU that has 1632 timed-out with respect to max_lat_for_encoding SHOULD be removed from 1633 the encoding window. With this approach there is no pre-determined 1634 ew_size value: this value fluctuates over the time according to the 1635 instantaneous source ADU flow bitrate. For practical reasons, a 1636 FECFRAME sender may still require that ew_size does not increase 1637 beyond a maximum value (Appendix C.3). 1639 With both approaches, and no matter the choice of the FECFRAME 1640 sender, a FECFRAME receiver can still easily evaluate the ew_max_size 1641 by observing the maximum Number of Source Symbols (NSS) value 1642 contained in the Repair FEC Payload ID of received FEC Repair 1643 Packets. A receiver can then compute dw_max_size and derive an 1644 appropriate ls_max_size as explained in Appendix C.1. 1646 When the observed NSS fluctuates significantly, a FECFRAME receiver 1647 may want to adapt its ls_max_size accordingly. In particular when 1648 the NSS is significantly reduced, a FECFRAME receiver may want to 1649 reduce the ls_max_size too in order to limit computation complexity. 1650 A balance must be found between using an ls_max_size "too large" 1651 (which increases computation complexity and memory requirements) and 1652 the opposite (which reduces recovery performance). 1654 C.3. Case of a Non Real-Time Flow 1656 Finally there are configurations where a source ADU flow has no real- 1657 time constraints. FECFRAME and the FEC Schemes defined in this 1658 document can still be used. The choice of appropriate parameter 1659 values can be directed by practical considerations. For instance, it 1660 can derive from an estimation of the maximum memory amount that could 1661 be dedicated to the linear system at a FECFRAME receiver, or the 1662 maximum computation complexity at a FECFRAME receiver, both of them 1663 depending on the ls_max_size parameter. The same considerations also 1664 apply to the FECFRAME sender, where the maximum memory amount and 1665 computation complexity depend on the ew_max_size parameter. 1667 Here also, the NSS value contained in FEC Repair Packets is used by a 1668 FECFRAME receiver to determine the current coding window size and 1669 ew_max_size by observing its maximum value over the time. 1671 Appendix D. Decoding Beyond Maximum Latency Optimization 1672 (Informational) 1674 This annex introduces non normative considerations. It is provided 1675 as suggestions, without any impact on interoperability. For more 1676 information see [Roca16]. 1678 With a real-time source ADU flow, it is possible to improve the 1679 decoding performance of sliding window codes without impacting 1680 maximum latency, at the cost of extra memory and CPU overhead. The 1681 optimization consists, for a FECFRAME receiver, to extend the linear 1682 system beyond the decoding window maximum size, by keeping a certain 1683 number of old source symbols whereas their associated ADUs timed-out: 1685 ls_max_size > dw_max_size 1687 Usually the following choice is a good trade-off between decoding 1688 performance and extra CPU overhead: 1690 ls_max_size = 2 * dw_max_size 1692 When the dw_max_size is very small, it may be preferable to keep a 1693 minimum ls_max_size value (e.g., LS_MIN_SIZE_DEFAULT = 40 symbols). 1694 Going below this threshold will not save a significant amount of 1695 memory nor CPU cycles. Therefore: 1697 ls_max_size = max(2 * dw_max_size, LS_MIN_SIZE_DEFAULT) 1699 Finally, it is worth noting that a receiver that benefits from an FEC 1700 protection significantly higher than what is required to recover from 1701 packet losses, can choose to reduce the ls_max_size. In that case 1702 lost ADUs will be recovered without relying on this optimization. 1704 ls_max_size 1705 /---------------------------------^-------------------------------\ 1707 late source symbols 1708 (pot. decoded but not delivered) dw_max_size 1709 /--------------^-----------------\ /--------------^---------------\ 1710 src0 src1 src2 src3 src4 src5 src6 src7 src8 src9 src10 src11 src12 1712 Figure 13: Relationship between parameters to decode beyond maximum 1713 latency. 1715 It means that source symbols, and therefore ADUs, may be decoded even 1716 if the added latency exceeds the maximum value permitted by the 1717 application (the "late source symbols" of Figure 13). It follows 1718 that the corresponding ADUs will not be useful to the application. 1719 However, decoding these "late symbols" significantly improves the 1720 global robustness in bad reception conditions and is therefore 1721 recommended for receivers experiencing bad communication conditions 1722 [Roca16]. In any case whether or not to use this optimization and 1723 what exact value to use for the ls_max_size parameter are local 1724 decisions made by each receiver independently, without any impact on 1725 the other receivers nor on the source. 1727 Authors' Addresses 1729 Vincent Roca 1730 INRIA 1731 Univ. Grenoble Alpes 1732 France 1734 EMail: vincent.roca@inria.fr 1735 Belkacem Teibi 1736 INRIA 1737 Univ. Grenoble Alpes 1738 France 1740 EMail: belkacem.teibi@gmail.com