idnits 2.17.1 draft-ietf-tsvwg-rlc-fec-scheme-16.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 594 has weird spacing: '...air_key key...' == Line 596 has weird spacing: '... cc_tab poi...' == Line 1444 has weird spacing: '... value occ...' == Line 1486 has weird spacing: '... value min...' -- The document date (June 18, 2019) is 1773 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '0' on line 709 -- Looks like a reference, but probably isn't: '1' on line 709 -- Possible downref: Non-RFC (?) normative reference: ref. 'C99' Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TSVWG V. Roca 3 Internet-Draft B. Teibi 4 Intended status: Standards Track INRIA 5 Expires: December 20, 2019 June 18, 2019 7 Sliding Window Random Linear Code (RLC) Forward Erasure Correction (FEC) 8 Schemes for FECFRAME 9 draft-ietf-tsvwg-rlc-fec-scheme-16 11 Abstract 13 This document describes two fully-specified Forward Erasure 14 Correction (FEC) Schemes for Sliding Window Random Linear Codes 15 (RLC), one for RLC over the Galois Field (A.K.A. Finite Field) 16 GF(2), a second one for RLC over the Galois Field GF(2^^8), each time 17 with the possibility of controlling the code density. They can 18 protect arbitrary media streams along the lines defined by FECFRAME 19 extended to sliding window FEC codes. These sliding window FEC codes 20 rely on an encoding window that slides over the source symbols, 21 generating new repair symbols whenever needed. Compared to block FEC 22 codes, these sliding window FEC codes offer key advantages with real- 23 time flows in terms of reduced FEC-related latency while often 24 providing improved packet erasure recovery capabilities. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at https://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on December 20, 2019. 43 Copyright Notice 45 Copyright (c) 2019 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (https://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 61 1.1. Limits of Block Codes with Real-Time Flows . . . . . . . 4 62 1.2. Lower Latency and Better Protection of Real-Time Flows 63 with the Sliding Window RLC Codes . . . . . . . . . . . . 4 64 1.3. Small Transmission Overheads with the Sliding Window RLC 65 FEC Scheme . . . . . . . . . . . . . . . . . . . . . . . 5 66 1.4. Document Organization . . . . . . . . . . . . . . . . . . 6 67 2. Definitions and Abbreviations . . . . . . . . . . . . . . . . 6 68 3. Common Procedures . . . . . . . . . . . . . . . . . . . . . . 7 69 3.1. Codec Parameters . . . . . . . . . . . . . . . . . . . . 7 70 3.2. ADU, ADUI and Source Symbols Mappings . . . . . . . . . . 9 71 3.3. Encoding Window Management . . . . . . . . . . . . . . . 10 72 3.4. Source Symbol Identification . . . . . . . . . . . . . . 11 73 3.5. Pseudo-Random Number Generator (PRNG) . . . . . . . . . . 11 74 3.6. Coding Coefficients Generation Function . . . . . . . . . 13 75 3.7. Finite Fields Operations . . . . . . . . . . . . . . . . 15 76 3.7.1. Finite Field Definitions . . . . . . . . . . . . . . 15 77 3.7.2. Linear Combination of Source Symbols Computation . . 15 78 4. Sliding Window RLC FEC Scheme over GF(2^^8) for Arbitrary 79 Packet Flows . . . . . . . . . . . . . . . . . . . . . . . . 16 80 4.1. Formats and Codes . . . . . . . . . . . . . . . . . . . . 16 81 4.1.1. FEC Framework Configuration Information . . . . . . . 16 82 4.1.2. Explicit Source FEC Payload ID . . . . . . . . . . . 18 83 4.1.3. Repair FEC Payload ID . . . . . . . . . . . . . . . . 18 84 4.2. Procedures . . . . . . . . . . . . . . . . . . . . . . . 20 85 5. Sliding Window RLC FEC Scheme over GF(2) for Arbitrary Packet 86 Flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 87 5.1. Formats and Codes . . . . . . . . . . . . . . . . . . . . 20 88 5.1.1. FEC Framework Configuration Information . . . . . . . 20 89 5.1.2. Explicit Source FEC Payload ID . . . . . . . . . . . 20 90 5.1.3. Repair FEC Payload ID . . . . . . . . . . . . . . . . 20 91 5.2. Procedures . . . . . . . . . . . . . . . . . . . . . . . 21 92 6. FEC Code Specification . . . . . . . . . . . . . . . . . . . 21 93 6.1. Encoding Side . . . . . . . . . . . . . . . . . . . . . . 21 94 6.2. Decoding Side . . . . . . . . . . . . . . . . . . . . . . 22 95 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 22 96 8. Security Considerations . . . . . . . . . . . . . . . . . . . 23 97 8.1. Attacks Against the Data Flow . . . . . . . . . . . . . . 23 98 8.1.1. Access to Confidential Content . . . . . . . . . . . 23 99 8.1.2. Content Corruption . . . . . . . . . . . . . . . . . 23 100 8.2. Attacks Against the FEC Parameters . . . . . . . . . . . 23 101 8.3. When Several Source Flows are to be Protected Together . 25 102 8.4. Baseline Secure FEC Framework Operation . . . . . . . . . 25 103 8.5. Additional Security Considerations for Numerical 104 Computations . . . . . . . . . . . . . . . . . . . . . . 25 105 9. Operations and Management Considerations . . . . . . . . . . 26 106 9.1. Operational Recommendations: Finite Field GF(2) Versus 107 GF(2^^8) . . . . . . . . . . . . . . . . . . . . . . . . 26 108 9.2. Operational Recommendations: Coding Coefficients Density 109 Threshold . . . . . . . . . . . . . . . . . . . . . . . . 26 110 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 111 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 112 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 27 113 12.1. Normative References . . . . . . . . . . . . . . . . . . 27 114 12.2. Informative References . . . . . . . . . . . . . . . . . 28 115 Appendix A. TinyMT32 Validation Criteria (Normative) . . . . . . 30 116 Appendix B. Assessing the PRNG Adequacy (Informational) . . . . 31 117 Appendix C. Possible Parameter Derivation (Informational) . . . 33 118 C.1. Case of a CBR Real-Time Flow . . . . . . . . . . . . . . 34 119 C.2. Other Types of Real-Time Flow . . . . . . . . . . . . . . 36 120 C.3. Case of a Non Real-Time Flow . . . . . . . . . . . . . . 37 121 Appendix D. Decoding Beyond Maximum Latency Optimization 122 (Informational) . . . . . . . . . . . . . . . . . . 37 123 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 38 125 1. Introduction 127 Application-Level Forward Erasure Correction (AL-FEC) codes, or 128 simply FEC codes, are a key element of communication systems. They 129 are used to recover from packet losses (or erasures) during content 130 delivery sessions to a potentially large number of receivers 131 (multicast/broadcast transmissions). This is the case with the 132 FLUTE/ALC protocol [RFC6726] when used for reliable file transfers 133 over lossy networks, and the FECFRAME protocol [RFC6363] when used 134 for reliable continuous media transfers over lossy networks. 136 The present document only focuses on the FECFRAME protocol, used in 137 multicast/broadcast delivery mode, in particular for contents that 138 feature stringent real-time constraints: each source packet has a 139 maximum validity period after which it will not be considered by the 140 destination application. 142 1.1. Limits of Block Codes with Real-Time Flows 144 With FECFRAME, there is a single FEC encoding point (either an end- 145 host/server (source) or a middlebox) and a single FEC decoding point 146 per receiver (either an end-host (receiver) or middlebox). In this 147 context, currently standardized AL-FEC codes for FECFRAME like Reed- 148 Solomon [RFC6865], LDPC-Staircase [RFC6816], or Raptor/RaptorQ 149 [RFC6681], are all linear block codes: they require the data flow to 150 be segmented into blocks of a predefined maximum size. 152 To define this block size, it is required to find an appropriate 153 balance between robustness and decoding latency: the larger the block 154 size, the higher the robustness (e.g., in case of long packet erasure 155 bursts), but also the higher the maximum decoding latency (i.e., the 156 maximum time required to recover a lost (erased) packet thanks to FEC 157 protection). Therefore, with a multicast/broadcast session where 158 different receivers experience different packet loss rates, the block 159 size should be chosen by considering the worst communication 160 conditions one wants to support, but without exceeding the desired 161 maximum decoding latency. This choice then impacts the FEC-related 162 latency of all receivers, even those experiencing a good 163 communication quality, since no FEC encoding can happen until all the 164 source data of the block is available at the sender, which directly 165 depends on the block size. 167 1.2. Lower Latency and Better Protection of Real-Time Flows with the 168 Sliding Window RLC Codes 170 This document introduces two fully-specified FEC Schemes that do not 171 follow the block code approach: the Sliding Window Random Linear 172 Codes (RLC) over either Galois Fields (A.K.A. Finite Fields) GF(2) 173 (the "binary case") or GF(2^^8), each time with the possibility of 174 controlling the code density. These FEC Schemes are used to protect 175 arbitrary media streams along the lines defined by FECFRAME extended 176 to sliding window FEC codes [fecframe-ext]. These FEC Schemes, and 177 more generally Sliding Window FEC codes, are recommended for 178 instance, with media that feature real-time constraints sent within a 179 multicast/broadcast session [Roca17]. 181 The RLC codes belong to the broad class of sliding-window AL-FEC 182 codes (A.K.A. convolutional codes) [RFC8406]. The encoding process 183 is based on an encoding window that slides over the set of source 184 packets (in fact source symbols as we will see in Section 3.2), this 185 window being either of fixed size or variable size (A.K.A. an elastic 186 window). Repair symbols are generated on-the-fly, by computing a 187 random linear combination of the source symbols present in the 188 current encoding window, and passed to the transport layer. 190 At the receiver, a linear system is managed from the set of received 191 source and repair packets. New variables (representing source 192 symbols) and equations (representing the linear combination carried 193 by each repair symbol received) are added upon receiving new packets. 194 Variables and the equations they are involved in are removed when 195 they are too old with respect to their validity period (real-time 196 constraints). Lost source symbols are then recovered thanks to this 197 linear system whenever its rank permits to solve it (at least 198 partially). 200 The protection of any multicast/broadcast session needs to be 201 dimensioned by considering the worst communication conditions one 202 wants to support. This is also true with RLC (more generally any 203 sliding window) code. However, the receivers experiencing a good to 204 medium communication quality will observe a reduced FEC-related 205 latency compared to block codes [Roca17] since an isolated lost 206 source packet is quickly recovered with the following repair packet. 207 On the opposite, with a block code, recovering an isolated lost 208 source packet always requires waiting for the first repair packet to 209 arrive after the end of the block. Additionally, under certain 210 situations (e.g., with a limited FEC-related latency budget and with 211 constant bitrate transmissions after FECFRAME encoding), sliding 212 window codes can more efficiently achieve a target transmission 213 quality (e.g., measured by the residual loss after FEC decoding) by 214 sending fewer repair packets (i.e., higher code rate) than block 215 codes. 217 1.3. Small Transmission Overheads with the Sliding Window RLC FEC 218 Scheme 220 The Sliding Window RLC FEC Scheme is designed to limit the packet 221 header overhead. The main requirement is that each repair packet 222 header must enable a receiver to reconstruct the set of source 223 symbols plus the associated coefficients used during the encoding 224 process. In order to minimize packet overhead, the set of source 225 symbols in the encoding window as well as the set of coefficients 226 over GF(2^^m) (where m is 1 or 8, depending on the FEC Scheme) used 227 in the linear combination are not individually listed in the repair 228 packet header. Instead, each FEC Repair Packet header contains: 230 o the Encoding Symbol Identifier (ESI) of the first source symbol in 231 the encoding window as well as the number of symbols (since this 232 number may vary with a variable size, elastic window). These two 233 pieces of information enable each receiver to reconstruct the set 234 of source symbols considered during encoding, the only constraint 235 being that there cannot be any gap; 236 o the seed and density threshold parameters used by a coding 237 coefficients generation function (Section 3.6). These two pieces 238 of information enable each receiver to generate the same set of 239 coding coefficients over GF(2^^m) as the sender; 241 Therefore, no matter the number of source symbols present in the 242 encoding window, each FEC Repair Packet features a fixed 64-bit long 243 header, called Repair FEC Payload ID (Figure 8). Similarly, each FEC 244 Source Packet features a fixed 32-bit long trailer, called Explicit 245 Source FEC Payload ID (Figure 6), that contains the ESI of the first 246 source symbol (Section 3.2). 248 1.4. Document Organization 250 This fully-specified FEC Scheme follows the structure required by 251 [RFC6363], section 5.6. "FEC Scheme Requirements", namely: 253 3. Procedures: This section describes procedures specific to this 254 FEC Scheme, namely: RLC parameters derivation, ADUI and source 255 symbols mapping, pseudo-random number generator, and coding 256 coefficients generation function; 257 4. Formats and Codes: This section defines the Source FEC Payload 258 ID and Repair FEC Payload ID formats, carrying the signaling 259 information associated to each source or repair symbol. It also 260 defines the FEC Framework Configuration Information (FFCI) 261 carrying signaling information for the session; 262 5. FEC Code Specification: Finally this section provides the code 263 specification. 265 2. Definitions and Abbreviations 267 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 268 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 269 "OPTIONAL" in this document are to be interpreted as described in BCP 270 14 [RFC2119] [RFC8174] when, and only when, they appear in all 271 capitals, as shown here. 273 This document uses the following definitions and abbreviations: 275 a^^b a to the power of b 276 GF(q) denotes a finite field (also known as the Galois Field) with q 277 elements. We assume that q = 2^^m in this document 278 m defines the length of the elements in the finite field, in bits. 279 In this document, m is equal to 1 or 8 280 ADU: Application Data Unit 281 ADUI: Application Data Unit Information (includes the F, L and 282 padding fields in addition to the ADU) 283 E: size of an encoding symbol (i.e., source or repair symbol), 284 assumed fixed (in bytes) 286 br_in: transmission bitrate at the input of the FECFRAME sender, 287 assumed fixed (in bits/s) 288 br_out: transmission bitrate at the output of the FECFRAME sender, 289 assumed fixed (in bits/s) 290 max_lat: maximum FEC-related latency within FECFRAME (a decimal 291 number expressed in seconds) 292 cr: RLC coding rate, ratio between the total number of source 293 symbols and the total number of source plus repair symbols 294 ew_size: encoding window current size at a sender (in symbols) 295 ew_max_size: encoding window maximum size at a sender (in symbols) 296 dw_max_size: decoding window maximum size at a receiver (in symbols) 297 ls_max_size: linear system maximum size (or width) at a receiver (in 298 symbols) 299 WSR: window size ratio parameter used to derive ew_max_size 300 (encoder) and ls_max_size (decoder). 301 PRNG: pseudo-random number generator 302 TinyMT32: PRNG used in this specification. 303 DT: coding coefficients density threshold, an integer between 0 and 304 15 (inclusive) the controls the fraction of coefficients that are 305 non zero 307 3. Common Procedures 309 This section introduces the procedures that are used by these FEC 310 Schemes. 312 3.1. Codec Parameters 314 A codec implementing the Sliding Window RLC FEC Scheme relies on 315 several parameters: 317 Maximum FEC-related latency budget, max_lat (a decimal number 318 expressed in seconds) with real-time flows: 319 a source ADU flow can have real-time constraints, and therefore 320 any FECFRAME related operation should take place within the 321 validity period of each ADU (Appendix D describes an exception to 322 this rule). When there are multiple flows with different real- 323 time constraints, we consider the most stringent constraints (see 324 [RFC6363], Section 10.2, item 6, for recommendations when several 325 flows are globally protected). The maximum FEC-related latency 326 budget, max_lat, accounts for all sources of latency added by FEC 327 encoding (at a sender) and FEC decoding (at a receiver). Other 328 sources of latency (e.g., added by network communications) are out 329 of scope and must be considered separately (said differently, they 330 have already been deducted from max_lat). max_lat can be regarded 331 as the latency budget permitted for all FEC-related operations. 332 This is an input parameter that enables a FECFRAME sender to 333 derive other internal parameters (see Appendix C); 335 Encoding window current (resp. maximum) size, ew_size (resp. 336 ew_max_size) (in symbols): 337 at a FECFRAME sender, during FEC encoding, a repair symbol is 338 computed as a linear combination of the ew_size source symbols 339 present in the encoding window. The ew_max_size is the maximum 340 size of this window, while ew_size is the current size. For 341 example, in the common case at session start, upon receiving new 342 source ADUs, the ew_size progressively increases until it reaches 343 its maximum value, ew_max_size. We have: 345 0 < ew_size <= ew_max_size 346 Decoding window maximum size, dw_max_size (in symbols): at a 347 FECFRAME receiver, dw_max_size is the maximum number of received 348 or lost source symbols that are still within their latency budget; 349 Linear system maximum size, ls_max_size (in symbols): at a FECFRAME 350 receiver, the linear system maximum size, ls_max_size, is the 351 maximum number of received or lost source symbols in the linear 352 system (i.e., the variables). It SHOULD NOT be smaller than 353 dw_max_size since it would mean that, even after receiving a 354 sufficient number of FEC Repair Packets, a lost ADU may not be 355 recovered just because the associated source symbols have been 356 prematurely removed from the linear system, which is usually 357 counter-productive. On the opposite, the linear system MAY grow 358 beyond the dw_max_size (Appendix D); 359 Symbol size, E (in bytes): the E parameter determines the source and 360 repair symbol sizes (necessarily equal). This is an input 361 parameter that enables a FECFRAME sender to derive other internal 362 parameters, as explained below. An implementation at a sender 363 MUST fix the E parameter and MUST communicate it as part of the 364 FEC Scheme-Specific Information (Section 4.1.1.2). 365 Code rate, cr: The code rate parameter determines the amount of 366 redundancy added to the flow. More precisely the cr is the ratio 367 between the total number of source symbols and the total number of 368 source plus repair symbols and by definition: 0 < cr <= 1. This 369 is an input parameter that enables a FECFRAME sender to derive 370 other internal parameters, as explained below. However, there is 371 no need to communicate the cr parameter per see (it's not required 372 to process a repair symbol at a receiver). This code rate 373 parameter can be static. However, in specific use-cases (e.g., 374 with unicast transmissions in presence of a feedback mechanism 375 that estimates the communication quality, out of scope of 376 FECFRAME), the code rate may be adjusted dynamically. 378 Appendix C proposes non normative techniques to derive those 379 parameters, depending on the use-case specificities. 381 3.2. ADU, ADUI and Source Symbols Mappings 383 At a sender, an ADU coming from the application is not directly 384 mapped to source symbols. When multiple source flows (e.g., media 385 streams) are mapped onto the same FECFRAME instance, each flow is 386 assigned its own Flow ID value (see below). This Flow ID is then 387 prepended to each ADU before FEC encoding. This way, FEC decoding at 388 a receiver also recovers this Flow ID and the recovered ADU can be 389 assigned to the right source flow (note that the 5-tuple used to 390 identify the right source flow of a received ADU is absent with a 391 recovered ADU since it is not FEC protected). 393 Additionally, since ADUs are of variable size, padding is needed so 394 that each ADU (with its flow identifier) contribute to an integral 395 number of source symbols. This requires adding the original ADU 396 length to each ADU before doing FEC encoding. Because of these 397 requirements, an intermediate format, the ADUI, or ADU Information, 398 is considered [RFC6363]. 400 For each incoming ADU, an ADUI MUST created as follows. First of 401 all, 3 bytes are prepended (Figure 1): 403 Flow ID (F) (8-bit field): this unsigned byte contains the integer 404 identifier associated to the source ADU flow to which this ADU 405 belongs. It is assumed that a single byte is sufficient, which 406 implies that no more than 256 flows will be protected by a single 407 FECFRAME session instance. 408 Length (L) (16-bit field): this unsigned integer contains the length 409 of this ADU, in network byte order (i.e., big endian). This 410 length is for the ADU itself and does not include the F, L, or Pad 411 fields. 413 Then, zero padding is added to the ADU if needed: 415 Padding (Pad) (variable size field): this field contains zero 416 padding to align the F, L, ADU and padding up to a size that is 417 multiple of E bytes (i.e., the source and repair symbol length). 419 The data unit resulting from the ADU and the F, L, and Pad fields is 420 called ADUI. Since ADUs can have different sizes, this is also the 421 case for ADUIs. However, an ADUI always contributes to an integral 422 number of source symbols. 424 symbol length, E E E 425 < ------------------ >< ------------------ >< ------------------ > 426 +-+--+---------------------------------------------+-------------+ 427 |F| L| ADU | Pad | 428 +-+--+---------------------------------------------+-------------+ 430 Figure 1: ADUI Creation example (here 3 source symbols are created 431 for this ADUI). 433 Note that neither the initial 3 bytes nor the optional padding are 434 sent over the network. However, they are considered during FEC 435 encoding, and a receiver who lost a certain FEC Source Packet (e.g., 436 the UDP datagram containing this FEC Source Packet when UDP is used 437 as the transport protocol) will be able to recover the ADUI if FEC 438 decoding succeeds. Thanks to the initial 3 bytes, this receiver will 439 get rid of the padding (if any) and identify the corresponding ADU 440 flow. 442 3.3. Encoding Window Management 444 Source symbols and the corresponding ADUs are removed from the 445 encoding window: 447 o when the sliding encoding window has reached its maximum size, 448 ew_max_size. In that case the oldest symbol MUST be removed 449 before adding a new symbol, so that the current encoding window 450 size always remains inferior or equal to the maximum size: ew_size 451 <= ew_max_size; 452 o when an ADU has reached its maximum validity duration in case of a 453 real-time flow. When this happens, all source symbols 454 corresponding to the ADUI that expired SHOULD be removed from the 455 encoding window; 457 Source symbols are added to the sliding encoding window each time a 458 new ADU arrives, once the ADU-to-source symbols mapping has been 459 performed (Section 3.2). The current size of the encoding window, 460 ew_size, is updated after adding new source symbols. This process 461 may require to remove old source symbols so that: ew_size <= 462 ew_max_size. 464 Note that a FEC codec may feature practical limits in the number of 465 source symbols in the encoding window (e.g., for computational 466 complexity reasons). This factor may further limit the ew_max_size 467 value, in addition to the maximum FEC-related latency budget 468 (Section 3.1). 470 3.4. Source Symbol Identification 472 Each source symbol is identified by an Encoding Symbol ID (ESI), an 473 unsigned integer. The ESI of source symbols MUST start with value 0 474 for the first source symbol and MUST be managed sequentially. 475 Wrapping to zero happens after reaching the maximum value made 476 possible by the ESI field size (this maximum value is FEC Scheme 477 dependant, for instance, 2^32-1 with FEC Schemes XXX and YYY). 479 No such consideration applies to repair symbols. 481 3.5. Pseudo-Random Number Generator (PRNG) 483 In order to compute coding coefficients (see Section 3.6), the RLC 484 FEC Schemes rely on the TinyMT32 PRNG defined in [tinymt32] with two 485 additional functions defined in this section. 487 This PRNG MUST first be initialized with a 32-bit unsigned integer, 488 used as a seed, with: 490 void tinymt32_init (tinymt32_t * s, uint32_t seed); 492 With the FEC Schemes defined in this document, the seed is in 493 practice restricted to a value between 0 and 0xFFFF inclusive (note 494 that this PRNG accepts a seed value equal to 0), since this is the 495 Repair_Key 16-bit field value of the Repair FEC Payload ID 496 (Section 4.1.3). In practice, how to manage the seed and Repair_Key 497 values (both are equal) is left to the implementer, using a 498 monotonically increasing counter being one possibility (Section 6.1). 499 In addition to the seed, this function takes as parameter a pointer 500 to an instance of a tinymt32_t structure that is used to keep the 501 internal state of the PRNG. 503 Then, each time a new pseudo-random integer between 0 and 15 504 inclusive (4-bit pseudo-random integer) is needed, the following 505 function is used: 507 uint32_t tinymt32_rand16 (tinymt32_t * s); 509 This function takes as parameter a pointer to the same tinymt32_t 510 structure (that is left unchanged between successive calls to the 511 function). 513 Similarly, each time a new pseudo-random integer between 0 and 255 514 inclusive (8-bit pseudo-random integer) is needed, the following 515 function is used: 517 uint32_t tinymt32_rand256 (tinymt32_t * s); 519 These two functions keep respectively the 4 or 8 less significant 520 bits of the 32-bit pseudo-random number generated by the 521 tinymt32_generate_uint32() function of [tinymt32]. This is done by 522 computing the result of a binary AND between the 523 tinymt32_generate_uint32() output and respectively the 0xF or 0xFF 524 constants, using 32-bit unsigned integer operations. Figure 2 shows 525 a possible implementation. This is a C language implementation, 526 written for C99 [C99]. Test results discussed in Appendix B show 527 that this simple technique, applied to this PRNG, is in line with the 528 RLC FEC Schemes needs. 530 531 /** 532 * This function outputs a pseudo-random integer in [0 .. 15] range. 533 * 534 * @param s pointer to tinymt internal state. 535 * @return unsigned integer between 0 and 15 inclusive. 536 */ 537 uint32_t tinymt32_rand16(tinymt32_t *s) 538 { 539 return (tinymt32_generate_uint32(s) & 0xF); 540 } 542 /** 543 * This function outputs a pseudo-random integer in [0 .. 255] range. 544 * 545 * @param s pointer to tinymt internal state. 546 * @return unsigned integer between 0 and 255 inclusive. 547 */ 548 uint32_t tinymt32_rand256(tinymt32_t *s) 549 { 550 return (tinymt32_generate_uint32(s) & 0xFF); 551 } 552 554 Figure 2: 4-bit and 8-bit mapping functions for TinyMT32 556 Any implementation of this PRNG MUST have the same output as that 557 provided by the reference implementation of [tinymt32]. In order to 558 increase the compliancy confidence, three criteria are proposed: the 559 one described in [tinymt32] (for the TinyMT32 32-bit unsigned integer 560 generator), and the two others detailed in Appendix A (for the 561 mapping to 4-bit and 8-bit intervals). Because of the way the 562 mapping functions work, it is unlikely that an implementation that 563 fulfills the first criterion fails to fulfill the two others. 565 3.6. Coding Coefficients Generation Function 567 The coding coefficients, used during the encoding process, are 568 generated at the RLC encoder by the generate_coding_coefficients() 569 function each time a new repair symbol needs to be produced. The 570 fraction of coefficients that are non zero (i.e., the density) is 571 controlled by the DT (Density Threshold) parameter. DT has values 572 between 0 (the minimum value) and 15 (the maximum value), and the 573 average probability of having a non zero coefficient equals (DT + 1) 574 / 16. In particular, when DT equals 15 the function guaranties that 575 all coefficients are non zero (i.e., maximum density). 577 These considerations apply to both the RLC over GF(2) and RLC over 578 GF(2^^8), the only difference being the value of the m parameter. 579 With the RLC over GF(2) FEC Scheme (Section 5), m is equal to 1. 580 With RLC over GF(2^^8) FEC Scheme (Section 4), m is equal to 8. 582 Figure 3 shows the reference generate_coding_coefficients() 583 implementation. This is a C language implementation, written for C99 584 [C99]. 586 587 #include 589 /* 590 * Fills in the table of coding coefficients (of the right size) 591 * provided with the appropriate number of coding coefficients to 592 * use for the repair symbol key provided. 593 * 594 * (in) repair_key key associated to this repair symbol. This 595 * parameter is ignored (useless) if m=1 and dt=15 596 * (in/out) cc_tab pointer to a table of the right size to store 597 * coding coefficients. All coefficients are 598 * stored as bytes, regardless of the m parameter, 599 * upon return of this function. 600 * (in) cc_nb number of entries in the cc_tab table. This 601 * value is equal to the current encoding window 602 * size. 603 * (in) dt integer between 0 and 15 (inclusive) that 604 * controls the density. With value 15, all 605 * coefficients are guaranteed to be non zero 606 * (i.e. equal to 1 with GF(2) and equal to a 607 * value in {1,... 255} with GF(2^^8)), otherwise 608 * a fraction of them will be 0. 609 * (in) m Finite Field GF(2^^m) parameter. In this 610 * document only values 1 and 8 are considered. 611 * (out) returns 0 in case of success, an error code 612 * different than 0 otherwise. 614 */ 615 int generate_coding_coefficients (uint16_t repair_key, 616 uint8_t* cc_tab, 617 uint16_t cc_nb, 618 uint8_t dt, 619 uint8_t m) 620 { 621 uint32_t i; 622 tinymt32_t s; /* PRNG internal state */ 624 if (dt > 15) { 625 return -1; /* error, bad dt parameter */ 626 } 627 switch (m) { 628 case 1: 629 if (dt == 15) { 630 /* all coefficients are 1 */ 631 memset(cc_tab, 1, cc_nb); 632 } else { 633 /* here coefficients are either 0 or 1 */ 634 tinymt32_init(&s, repair_key); 635 for (i = 0 ; i < cc_nb ; i++) { 636 cc_tab[i] = (tinymt32_rand16(&s) <= dt) ? 1 : 0; 637 } 638 } 639 break; 641 case 8: 642 tinymt32_init(&s, repair_key); 643 if (dt == 15) { 644 /* coefficient 0 is avoided here in order to include 645 * all the source symbols */ 646 for (i = 0 ; i < cc_nb ; i++) { 647 do { 648 cc_tab[i] = (uint8_t) tinymt32_rand256(&s); 649 } while (cc_tab[i] == 0); 650 } 651 } else { 652 /* here a certain number of coefficients should be 0 */ 653 for (i = 0 ; i < cc_nb ; i++) { 654 if (tinymt32_rand16(&s) <= dt) { 655 do { 656 cc_tab[i] = (uint8_t) tinymt32_rand256(&s); 657 } while (cc_tab[i] == 0); 658 } else { 659 cc_tab[i] = 0; 660 } 661 } 663 } 664 break; 666 default: 667 return -2; /* error, bad parameter m */ 668 } 669 return 0; /* success */ 670 } 671 673 Figure 3: Coding Coefficients Generation Function Reference 674 Implementation 676 3.7. Finite Fields Operations 678 3.7.1. Finite Field Definitions 680 The two RLC FEC Schemes specified in this document reuse the Finite 681 Fields defined in [RFC5510], section 8.1. More specifically, the 682 elements of the field GF(2^^m) are represented by polynomials with 683 binary coefficients (i.e., over GF(2)) and degree lower or equal to 684 m-1. The addition between two elements is defined as the addition of 685 binary polynomials in GF(2), which is equivalent to a bitwise XOR 686 operation on the binary representation of these elements. 688 With GF(2^^8), multiplication between two elements is the 689 multiplication modulo a given irreducible polynomial of degree 8. 690 The following irreducible polynomial is used for GF(2^^8): 692 x^^8 + x^^4 + x^^3 + x^^2 + 1 694 With GF(2), multiplication corresponds to a logical AND operation. 696 3.7.2. Linear Combination of Source Symbols Computation 698 The two RLC FEC Schemes require the computation of a linear 699 combination of source symbols, using the coding coefficients produced 700 by the generate_coding_coefficients() function and stored in the 701 cc_tab[] array. 703 With the RLC over GF(2^^8) FEC Scheme, a linear combination of the 704 ew_size source symbol present in the encoding window, say src_0 to 705 src_ew_size_1, in order to generate a repair symbol, is computed as 706 follows. For each byte of position i in each source and the repair 707 symbol, where i belongs to [0; E-1], compute: 709 repair[i] = cc_tab[0] * src_0[i] XOR cc_tab[1] * src_1[i] XOR ... 710 XOR cc_tab[ew_size - 1] * src_ew_size_1[i] 712 where * is the multiplication over GF(2^^8). In practice various 713 optimizations need to be used in order to make this computation 714 efficient (see in particular [PGM13]). 716 With the RLC over GF(2) FEC Scheme (binary case), a linear 717 combination is computed as follows. The repair symbol is the XOR sum 718 of all the source symbols corresponding to a coding coefficient 719 cc_tab[j] equal to 1 (i.e., the source symbols corresponding to zero 720 coding coefficients are ignored). The XOR sum of the byte of 721 position i in each source is computed and stored in the corresponding 722 byte of the repair symbol, where i belongs to [0; E-1]. In practice, 723 the XOR sums will be computed several bytes at a time (e.g., on 64 724 bit words, or on arrays of 16 or more bytes when using SIMD CPU 725 extensions). 727 With both FEC Schemes, the details of how to optimize the computation 728 of these linear combinations are of high practical importance but out 729 of scope of this document. 731 4. Sliding Window RLC FEC Scheme over GF(2^^8) for Arbitrary Packet 732 Flows 734 This fully-specified FEC Scheme defines the Sliding Window Random 735 Linear Codes (RLC) over GF(2^^8). 737 4.1. Formats and Codes 739 4.1.1. FEC Framework Configuration Information 741 Following the guidelines of [RFC6363], section 5.6, this section 742 provides the FEC Framework Configuration Information (or FFCI). This 743 FCCI needs to be shared (e.g., using SDP) between the FECFRAME sender 744 and receiver instances in order to synchronize them. It includes a 745 FEC Encoding ID, mandatory for any FEC Scheme specification, plus 746 scheme-specific elements. 748 4.1.1.1. FEC Encoding ID 750 o FEC Encoding ID: the value assigned to this fully specified FEC 751 Scheme MUST be XXXX, as assigned by IANA (Section 10). 753 When SDP is used to communicate the FFCI, this FEC Encoding ID is 754 carried in the 'encoding-id' parameter. 756 4.1.1.2. FEC Scheme-Specific Information 758 The FEC Scheme-Specific Information (FSSI) includes elements that are 759 specific to the present FEC Scheme. More precisely: 761 Encoding symbol size (E): a non-negative integer that indicates the 762 size of each encoding symbol in bytes; 763 Window Size Ratio (WSR) parameter: a non-negative integer between 0 764 and 255 (both inclusive) used to initialize window sizes. A value 765 of 0 indicates this parameter is not considered (e.g., a fixed 766 encoding window size may be chosen). A value between 1 and 255 767 inclusive is required by certain of the parameter derivation 768 techniques described in Appendix C; 770 This element is required both by the sender (RLC encoder) and the 771 receiver(s) (RLC decoder). 773 When SDP is used to communicate the FFCI, this FEC Scheme-specific 774 information is carried in the 'fssi' parameter in textual 775 representation as specified in [RFC6364]. For instance: 777 fssi=E:1400,WSR:191 779 In that case the name values "E" and "WSR" are used to convey the E 780 and WSR parameters respectively. 782 If another mechanism requires the FSSI to be carried as an opaque 783 octet string, the encoding format consists of the following three 784 octets, where the E field is carried in "big-endian" or "network 785 order" format, that is, most significant byte first: 787 Encoding symbol length (E): 16-bit field; 788 Window Size Ratio Parameter (WSR): 8-bit field. 790 These three octets can be communicated as such, or for instance, be 791 subject to an additional Base64 encoding. 793 0 1 2 794 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 795 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 796 | Encoding Symbol Length (E) | WSR | 797 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 799 Figure 4: FSSI Encoding Format 801 4.1.2. Explicit Source FEC Payload ID 803 A FEC Source Packet MUST contain an Explicit Source FEC Payload ID 804 that is appended to the end of the packet as illustrated in Figure 5. 806 +--------------------------------+ 807 | IP Header | 808 +--------------------------------+ 809 | Transport Header | 810 +--------------------------------+ 811 | ADU | 812 +--------------------------------+ 813 | Explicit Source FEC Payload ID | 814 +--------------------------------+ 816 Figure 5: Structure of an FEC Source Packet with the Explicit Source 817 FEC Payload ID 819 More precisely, the Explicit Source FEC Payload ID is composed of the 820 following field, carried in "big-endian" or "network order" format, 821 that is, most significant byte first (Figure 6): 823 Encoding Symbol ID (ESI) (32-bit field): this unsigned integer 824 identifies the first source symbol of the ADUI corresponding to 825 this FEC Source Packet. The ESI is incremented for each new 826 source symbol, and after reaching the maximum value (2^32-1), 827 wrapping to zero occurs. 829 0 1 2 3 830 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 831 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 832 | Encoding Symbol ID (ESI) | 833 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 835 Figure 6: Source FEC Payload ID Encoding Format 837 4.1.3. Repair FEC Payload ID 839 A FEC Repair Packet MAY contain one or more repair symbols. When 840 there are several repair symbols, all of them MUST have been 841 generated from the same encoding window, using Repair_Key values that 842 are managed as explained below. A receiver can easily deduce the 843 number of repair symbols within a FEC Repair Packet by comparing the 844 received FEC Repair Packet size (equal to the UDP payload size when 845 UDP is the underlying transport protocol) and the symbol size, E, 846 communicated in the FFCI. 848 A FEC Repair Packet MUST contain a Repair FEC Payload ID that is 849 prepended to the repair symbol as illustrated in Figure 7. 851 +--------------------------------+ 852 | IP Header | 853 +--------------------------------+ 854 | Transport Header | 855 +--------------------------------+ 856 | Repair FEC Payload ID | 857 +--------------------------------+ 858 | Repair Symbol | 859 +--------------------------------+ 861 Figure 7: Structure of an FEC Repair Packet with the Repair FEC 862 Payload ID 864 More precisely, the Repair FEC Payload ID is composed of the 865 following fields where all integer fields are carried in "big-endian" 866 or "network order" format, that is, most significant byte first 867 (Figure 8): 869 Repair_Key (16-bit field): this unsigned integer is used as a seed 870 by the coefficient generation function (Section 3.6) in order to 871 generate the desired number of coding coefficients. This repair 872 key may be a monotonically increasing integer value that loops 873 back to 0 after reaching 65535 (see Section 6.1). When a FEC 874 Repair Packet contains several repair symbols, this repair key 875 value is that of the first repair symbol. The remaining repair 876 keys can be deduced by incrementing by 1 this value, up to a 877 maximum value of 65535 after which it loops back to 0. 878 Density Threshold for the coding coefficients, DT (4-bit field): 879 this unsigned integer carries the Density Threshold (DT) used by 880 the coding coefficient generation function Section 3.6. More 881 precisely, it controls the probability of having a non zero coding 882 coefficient, which equals (DT+1) / 16. When a FEC Repair Packet 883 contains several repair symbols, the DT value applies to all of 884 them; 885 Number of Source Symbols in the encoding window, NSS (12-bit field): 887 this unsigned integer indicates the number of source symbols in 888 the encoding window when this repair symbol was generated. When a 889 FEC Repair Packet contains several repair symbols, this NSS value 890 applies to all of them; 891 ESI of First Source Symbol in the encoding window, FSS_ESI (32-bit 892 field): 893 this unsigned integer indicates the ESI of the first source symbol 894 in the encoding window when this repair symbol was generated. 896 When a FEC Repair Packet contains several repair symbols, this 897 FSS_ESI value applies to all of them; 899 0 1 2 3 900 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 901 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 902 | Repair_Key | DT |NSS (# src symb in ew) | 903 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 904 | FSS_ESI | 905 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 907 Figure 8: Repair FEC Payload ID Encoding Format 909 4.2. Procedures 911 All the procedures of Section 3 apply to this FEC Scheme. 913 5. Sliding Window RLC FEC Scheme over GF(2) for Arbitrary Packet Flows 915 This fully-specified FEC Scheme defines the Sliding Window Random 916 Linear Codes (RLC) over GF(2) (binary case). 918 5.1. Formats and Codes 920 5.1.1. FEC Framework Configuration Information 922 5.1.1.1. FEC Encoding ID 924 o FEC Encoding ID: the value assigned to this fully specified FEC 925 Scheme MUST be YYYY, as assigned by IANA (Section 10). 927 When SDP is used to communicate the FFCI, this FEC Encoding ID is 928 carried in the 'encoding-id' parameter. 930 5.1.1.2. FEC Scheme-Specific Information 932 All the considerations of Section 4.1.1.2 apply here. 934 5.1.2. Explicit Source FEC Payload ID 936 All the considerations of Section 4.1.2 apply here. 938 5.1.3. Repair FEC Payload ID 940 All the considerations of Section 4.1.3 apply here, with the only 941 exception that the Repair_Key field is useless if DT = 15 (indeed, in 942 that case all the coefficients are necessarily equal to 1 and the 943 coefficient generation function does not use any PRNG). When DT = 15 944 the FECFRAME sender MUST set the Repair_Key field to zero on 945 transmission and a receiver MUST ignore it on receipt. 947 5.2. Procedures 949 All the procedures of Section 3 apply to this FEC Scheme. 951 6. FEC Code Specification 953 6.1. Encoding Side 955 This section provides a high level description of a Sliding Window 956 RLC encoder. 958 Whenever a new FEC Repair Packet is needed, the RLC encoder instance 959 first gathers the ew_size source symbols currently in the sliding 960 encoding window. Then it chooses a repair key, which can be a 961 monotonically increasing integer value, incremented for each repair 962 symbol up to a maximum value of 65535 (as it is carried within a 963 16-bit field) after which it loops back to 0. This repair key is 964 communicated to the coefficient generation function (Section 3.6) in 965 order to generate ew_size coding coefficients. Finally, the FECFRAME 966 sender computes the repair symbol as a linear combination of the 967 ew_size source symbols using the ew_size coding coefficients 968 (Section 3.7). When E is small and when there is an incentive to 969 pack several repair symbols within the same FEC Repair Packet, the 970 appropriate number of repair symbols are computed. In that case the 971 repair key for each of them MUST be incremented by 1, keeping the 972 same ew_size source symbols, since only the first repair key will be 973 carried in the Repair FEC Payload ID. The FEC Repair Packet can then 974 be passed to the transport layer for transmission. The source versus 975 repair FEC packet transmission order is out of scope of this document 976 and several approaches exist that are implementation-specific. 978 Other solutions are possible to select a repair key value when a new 979 FEC Repair Packet is needed, for instance, by choosing a random 980 integer between 0 and 65535. However, selecting the same repair key 981 as before (which may happen in case of a random process) is only 982 meaningful if the encoding window has changed, otherwise the same FEC 983 Repair Packet will be generated. In any case, choosing the repair 984 key is entirely at the discretion of the sender, since it is 985 communicated to the receiver(s) in each Repair FEC Payload ID. A 986 receiver should not make any assumption on the way the repair key is 987 managed. 989 6.2. Decoding Side 991 This section provides a high level description of a Sliding Window 992 RLC decoder. 994 A FECFRAME receiver needs to maintain a linear system whose variables 995 are the received and lost source symbols. Upon receiving a FEC 996 Repair Packet, a receiver first extracts all the repair symbols it 997 contains (in case several repair symbols are packed together). For 998 each repair symbol, when at least one of the corresponding source 999 symbols it protects has been lost, the receiver adds an equation to 1000 the linear system (or no equation if this repair packet does not 1001 change the linear system rank). This equation of course re-uses the 1002 ew_size coding coefficients that are computed by the same coefficient 1003 generation function (Section 3.6), using the repair key and encoding 1004 window descriptions carried in the Repair FEC Payload ID. Whenever 1005 possible (i.e., when a sub-system covering one or more lost source 1006 symbols is of full rank), decoding is performed in order to recover 1007 lost source symbols. Gaussian elimination is one possible algorithm 1008 to solve this linear system. Each time an ADUI can be totally 1009 recovered, padding is removed (thanks to the Length field, L, of the 1010 ADUI) and the ADU is assigned to the corresponding application flow 1011 (thanks to the Flow ID field, F, of the ADUI). This ADU is finally 1012 passed to the corresponding upper application. Received FEC Source 1013 Packets, containing an ADU, MAY be passed to the application either 1014 immediately or after some time to guaranty an ordered delivery to the 1015 application. This document does not mandate any approach as this is 1016 an operational and management decision. 1018 With real-time flows, a lost ADU that is decoded after the maximum 1019 latency or an ADU received after this delay has no value to the 1020 application. This raises the question of deciding whether or not an 1021 ADU is late. This decision MAY be taken within the FECFRAME receiver 1022 (e.g., using the decoding window, see Section 3.1) or within the 1023 application (e.g., using RTP timestamps within the ADU). Deciding 1024 which option to follow and whether or not to pass all ADUs, including 1025 those assumed late, to the application are operational decisions that 1026 depend on the application and are therefore out of scope of this 1027 document. Additionally, Appendix D discusses a backward compatible 1028 optimization whereby late source symbols MAY still be used within the 1029 FECFRAME receiver in order to improve transmission robustness. 1031 7. Implementation Status 1033 Editor's notes: RFC Editor, please remove this section motivated by 1034 RFC 6982 before publishing the RFC. Thanks. 1036 An implementation of the Sliding Window RLC FEC Scheme for FECFRAME 1037 exists: 1039 o Organisation: Inria 1040 o Description: This is an implementation of the Sliding Window RLC 1041 FEC Scheme limited to GF(2^^8). It relies on a modified version 1042 of our OpenFEC (http://openfec.org) FEC code library. It is 1043 integrated in our FECFRAME software (see [fecframe-ext]). 1044 o Maturity: prototype. 1045 o Coverage: this software complies with the Sliding Window RLC FEC 1046 Scheme. 1047 o Licensing: proprietary. 1048 o Contact: vincent.roca@inria.fr 1050 8. Security Considerations 1052 The FEC Framework document [RFC6363] provides a fairly comprehensive 1053 analysis of security considerations applicable to FEC Schemes. 1054 Therefore, the present section follows the security considerations 1055 section of [RFC6363] and only discusses specific topics. 1057 8.1. Attacks Against the Data Flow 1059 8.1.1. Access to Confidential Content 1061 The Sliding Window RLC FEC Scheme specified in this document does not 1062 change the recommendations of [RFC6363]. To summarize, if 1063 confidentiality is a concern, it is RECOMMENDED that one of the 1064 solutions mentioned in [RFC6363] is used with special considerations 1065 to the way this solution is applied (e.g., is encryption applied 1066 before or after FEC protection, within the end-system or in a 1067 middlebox), to the operational constraints (e.g., performing FEC 1068 decoding in a protected environment may be complicated or even 1069 impossible) and to the threat model. 1071 8.1.2. Content Corruption 1073 The Sliding Window RLC FEC Scheme specified in this document does not 1074 change the recommendations of [RFC6363]. To summarize, it is 1075 RECOMMENDED that one of the solutions mentioned in [RFC6363] is used 1076 on both the FEC Source and Repair Packets. 1078 8.2. Attacks Against the FEC Parameters 1080 The FEC Scheme specified in this document defines parameters that can 1081 be the basis of attacks. More specifically, the following parameters 1082 of the FFCI may be modified by an attacker who targets receivers 1083 (Section 4.1.1.2): 1085 o FEC Encoding ID: changing this parameter leads a receiver to 1086 consider a different FEC Scheme. The consequences are severe, the 1087 format of the Explicit Source FEC Payload ID and Repair FEC 1088 Payload ID of received packets will probably differ, leading to 1089 various malfunctions. Even if the original and modified FEC 1090 Schemes share the same format, FEC decoding will either fail or 1091 lead to corrupted decoded symbols. This will happen if an 1092 attacker turns value YYYY (i.e., RLC over GF(2)) to value XXXX 1093 (RLC over GF(2^^8)), an additional consequence being a higher 1094 processing overhead at the receiver. In any case, the attack 1095 results in a form of Denial of Service (DoS) or corrupted content. 1096 o Encoding symbol length (E): setting this E parameter to a 1097 different value will confuse a receiver. If the size of a 1098 received FEC Repair Packet is no longer multiple of the modified E 1099 value, a receiver quickly detects a problem and SHOULD reject the 1100 packet. If the new E value is a sub-multiple of the original E 1101 value (e.g., half the original value), then receivers may not 1102 detect the problem immediately. For instance, a receiver may 1103 think that a received FEC Repair Packet contains more repair 1104 symbols (e.g., twice as many if E is reduced by half), leading to 1105 malfunctions whose nature depends on implementation details. Here 1106 also, the attack always results in a form of DoS or corrupted 1107 content. 1109 It is therefore RECOMMENDED that security measures be taken to 1110 guarantee the FFCI integrity, as specified in [RFC6363]. How to 1111 achieve this depends on the way the FFCI is communicated from the 1112 sender to the receiver, which is not specified in this document. 1114 Similarly, attacks are possible against the Explicit Source FEC 1115 Payload ID and Repair FEC Payload ID. More specifically, in case of 1116 a FEC Source Packet, the following value can be modified by an 1117 attacker who targets receivers: 1119 o Encoding Symbol ID (ESI): changing the ESI leads a receiver to 1120 consider a wrong ADU, resulting in severe consequences, including 1121 corrupted content passed to the receiving application; 1123 And in case of a FEC Repair Packet: 1125 o Repair Key: changing this value leads a receiver to generate a 1126 wrong coding coefficient sequence, and therefore any source symbol 1127 decoded using the repair symbols contained in this packet will be 1128 corrupted; 1129 o DT: changing this value also leads a receiver to generate a wrong 1130 coding coefficient sequence, and therefore any source symbol 1131 decoded using the repair symbols contained in this packet will be 1132 corrupted. In addition, if the DT value is significantly 1133 increased, it will generate a higher processing overhead at a 1134 receiver. In case of very large encoding windows, this may impact 1135 the terminal performance; 1136 o NSS: changing this value leads a receiver to consider a different 1137 set of source symbols, and therefore any source symbol decoded 1138 using the repair symbols contained in this packet will be 1139 corrupted. In addition, if the NSS value is significantly 1140 increased, it will generate a higher processing overhead at a 1141 receiver, which may impact the terminal performance; 1142 o FSS_ESI: changing this value also leads a receiver to consider a 1143 different set of source symbols and therefore any source symbol 1144 decoded using the repair symbols contained in this packet will be 1145 corrupted. 1147 It is therefore RECOMMENDED that security measures are taken to 1148 guarantee the FEC Source and Repair Packets as stated in [RFC6363]. 1150 8.3. When Several Source Flows are to be Protected Together 1152 The Sliding Window RLC FEC Scheme specified in this document does not 1153 change the recommendations of [RFC6363]. 1155 8.4. Baseline Secure FEC Framework Operation 1157 The Sliding Window RLC FEC Scheme specified in this document does not 1158 change the recommendations of [RFC6363] concerning the use of the 1159 IPsec/ESP security protocol as a mandatory to implement (but not 1160 mandatory to use) security scheme. This is well suited to situations 1161 where the only insecure domain is the one over which the FEC 1162 Framework operates. 1164 8.5. Additional Security Considerations for Numerical Computations 1166 In addition to the above security considerations, inherited from 1167 [RFC6363], the present document introduces several formulae, in 1168 particular in Appendix C.1. It is RECOMMENDED to check that the 1169 computed values stay within reasonable bounds since numerical 1170 overflows, caused by an erroneous implementation or an erroneous 1171 input value, may lead to hazardous behaviours. However, what 1172 "reasonable bounds" means is use-case and implementation dependent 1173 and is not detailed in this document. 1175 Appendix C.2 also mentions the possibility of "using the timestamp 1176 field of an RTP packet header" when applicable. A malicious attacker 1177 may deliberately corrupt this header field in order to trigger 1178 hazardous behaviours at a FECFRAME receiver. Protection against this 1179 type of content corruption can be addressed with the above 1180 recommendations on a baseline secure operation. In addition, it is 1181 also RECOMMENDED to check that the timestamp value be within 1182 reasonable bounds. 1184 9. Operations and Management Considerations 1186 The FEC Framework document [RFC6363] provides a fairly comprehensive 1187 analysis of operations and management considerations applicable to 1188 FEC Schemes. Therefore, the present section only discusses specific 1189 topics. 1191 9.1. Operational Recommendations: Finite Field GF(2) Versus GF(2^^8) 1193 The present document specifies two FEC Schemes that differ on the 1194 Finite Field used for the coding coefficients. It is expected that 1195 the RLC over GF(2^^8) FEC Scheme will be mostly used since it 1196 warrants a higher packet loss protection. In case of small encoding 1197 windows, the associated processing overhead is not an issue (e.g., we 1198 measured decoding speeds between 745 Mbps and 2.8 Gbps on an ARM 1199 Cortex-A15 embedded board in [Roca17] depending on the code rate and 1200 the channel conditions, using an encoding window of size 18 or 23 1201 symbols; see the above article for the details). Of course the CPU 1202 overhead will increase with the encoding window size, because more 1203 operations in the GF(2^^8) finite field will be needed. 1205 The RLC over GF(2) FEC Scheme offers an alternative. In that case 1206 operations symbols can be directly XOR-ed together which warrants 1207 high bitrate encoding and decoding operations, and can be an 1208 advantage with large encoding windows. However, packet loss 1209 protection is significantly reduced by using this FEC Scheme. 1211 9.2. Operational Recommendations: Coding Coefficients Density Threshold 1213 In addition to the choice of the Finite Field, the two FEC Schemes 1214 define a coding coefficient density threshold (DT) parameter. This 1215 parameter enables a sender to control the code density, i.e., the 1216 proportion of coefficients that are non zero on average. With RLC 1217 over GF(2^^8), it is usually appropriate that small encoding windows 1218 be associated to a density threshold equal to 15, the maximum value, 1219 in order to warrant a high loss protection. 1221 On the opposite, with larger encoding windows, it is usually 1222 appropriate that the density threshold be reduced. With large 1223 encoding windows, an alternative can be to use RLC over GF(2) and a 1224 density threshold equal to 7 (i.e., an average density equal to 1/2) 1225 or smaller. 1227 Note that using a density threshold equal to 15 with RLC over GF(2) 1228 is equivalent to using an XOR code that computes the XOR sum of all 1229 the source symbols in the encoding window. In that case: (1) only a 1230 single repair symbol can be produced for any encoding window, and (2) 1231 the repair_key parameter becomes useless (the coding coefficients 1232 generation function does not rely on the PRNG). 1234 10. IANA Considerations 1236 This document registers two values in the "FEC Framework (FECFRAME) 1237 FEC Encoding IDs" registry [RFC6363] as follows: 1239 o YYYY refers to the Sliding Window Random Linear Codes (RLC) over 1240 GF(2) FEC Scheme for Arbitrary Packet Flows, as defined in 1241 Section 5 of this document. 1242 o XXXX refers to the Sliding Window Random Linear Codes (RLC) over 1243 GF(2^^8) FEC Scheme for Arbitrary Packet Flows, as defined in 1244 Section 4 of this document. 1246 11. Acknowledgments 1248 The authors would like to thank the three TSVWG chairs, Wesley Eddy, 1249 our shepherd, David Black and Gorry Fairhurst, as well as Spencer 1250 Dawkins, our responsible AD, and all those who provided comments, 1251 namely (alphabetical order) Alan DeKok, Jonathan Detchart, Russ 1252 Housley, Emmanuel Lochin, Marie-Jose Montpetit, and Greg Skinner. 1253 Last but not least, the authors are really grateful to the IESG 1254 members, in particular Benjamin Kaduk, Mirja Kuhlewind, Eric 1255 Rescorla, Adam Roach, and Roman Danyliw for their highly valuable 1256 feedbacks that greatly contributed to improve this specification. 1258 12. References 1260 12.1. Normative References 1262 [C99] "Programming languages - C: C99, correction 3:2007", 1263 International Organization for Standardization, ISO/IEC 1264 9899:1999/Cor 3:2007, November 2007. 1266 [fecframe-ext] 1267 Roca, V. and A. Begen, "Forward Error Correction (FEC) 1268 Framework Extension to Sliding Window Codes", Transport 1269 Area Working Group (TSVWG) draft-ietf-tsvwg-fecframe-ext 1270 (Work in Progress), January 2019, 1271 . 1274 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1275 Requirement Levels", BCP 14, RFC 2119, 1276 DOI 10.17487/RFC2119, March 1997, 1277 . 1279 [RFC6363] Watson, M., Begen, A., and V. Roca, "Forward Error 1280 Correction (FEC) Framework", RFC 6363, 1281 DOI 10.17487/RFC6363, October 2011, 1282 . 1284 [RFC6364] Begen, A., "Session Description Protocol Elements for the 1285 Forward Error Correction (FEC) Framework", RFC 6364, 1286 DOI 10.17487/RFC6364, October 2011, 1287 . 1289 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1290 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1291 May 2017, . 1293 [tinymt32] 1294 Saito, M., Matsumoto, M., Roca, V., and E. Baccelli, 1295 "TinyMT32 Pseudo Random Number Generator (PRNG)", 1296 Transport Area Working Group (TSVWG) draft-roca-tsvwg- 1297 tinymt32 (Work in Progress), February 2019, 1298 . 1300 12.2. Informative References 1302 [PGM13] Plank, J., Greenan, K., and E. Miller, "A Complete 1303 Treatment of Software Implementations of Finite Field 1304 Arithmetic for Erasure Coding Applications", University of 1305 Tennessee Technical Report UT-CS-13-717, 1306 http://web.eecs.utk.edu/~plank/plank/papers/ 1307 UT-CS-13-717.html, October 2013, 1308 . 1311 [RFC5170] Roca, V., Neumann, C., and D. Furodet, "Low Density Parity 1312 Check (LDPC) Staircase and Triangle Forward Error 1313 Correction (FEC) Schemes", RFC 5170, DOI 10.17487/RFC5170, 1314 June 2008, . 1316 [RFC5510] Lacan, J., Roca, V., Peltotalo, J., and S. Peltotalo, 1317 "Reed-Solomon Forward Error Correction (FEC) Schemes", 1318 RFC 5510, DOI 10.17487/RFC5510, April 2009, 1319 . 1321 [RFC6681] Watson, M., Stockhammer, T., and M. Luby, "Raptor Forward 1322 Error Correction (FEC) Schemes for FECFRAME", RFC 6681, 1323 DOI 10.17487/RFC6681, August 2012, 1324 . 1326 [RFC6726] Paila, T., Walsh, R., Luby, M., Roca, V., and R. Lehtonen, 1327 "FLUTE - File Delivery over Unidirectional Transport", 1328 RFC 6726, DOI 10.17487/RFC6726, November 2012, 1329 . 1331 [RFC6816] Roca, V., Cunche, M., and J. Lacan, "Simple Low-Density 1332 Parity Check (LDPC) Staircase Forward Error Correction 1333 (FEC) Scheme for FECFRAME", RFC 6816, 1334 DOI 10.17487/RFC6816, December 2012, 1335 . 1337 [RFC6865] Roca, V., Cunche, M., Lacan, J., Bouabdallah, A., and K. 1338 Matsuzono, "Simple Reed-Solomon Forward Error Correction 1339 (FEC) Scheme for FECFRAME", RFC 6865, 1340 DOI 10.17487/RFC6865, February 2013, 1341 . 1343 [RFC8406] Adamson, B., Adjih, C., Bilbao, J., Firoiu, V., Fitzek, 1344 F., Ghanem, S., Lochin, E., Masucci, A., Montpetit, M-J., 1345 Pedersen, M., Peralta, G., Roca, V., Ed., Saxena, P., and 1346 S. Sivakumar, "Taxonomy of Coding Techniques for Efficient 1347 Network Communications", RFC 8406, DOI 10.17487/RFC8406, 1348 June 2018, . 1350 [Roca16] Roca, V., Teibi, B., Burdinat, C., Tran, T., and C. 1351 Thienot, "Block or Convolutional AL-FEC Codes? A 1352 Performance Comparison for Robust Low-Latency 1353 Communications", HAL open-archive document,hal-01395937 1354 https://hal.inria.fr/hal-01395937/en/, November 2016, 1355 . 1357 [Roca17] Roca, V., Teibi, B., Burdinat, C., Tran, T., and C. 1358 Thienot, "Less Latency and Better Protection with AL-FEC 1359 Sliding Window Codes: a Robust Multimedia CBR Broadcast 1360 Case Study", 13th IEEE International Conference on 1361 Wireless and Mobile Computing, Networking and 1362 Communications (WiMob17), October 1363 2017 https://hal.inria.fr/hal-01571609v1/en/, October 1364 2017, . 1366 Appendix A. TinyMT32 Validation Criteria (Normative) 1368 PRNG determinism, for a given seed, is a requirement. Consequently, 1369 in order to validate an implementation of the TinyMT32 PRNG, the 1370 following criteria MUST be met. 1372 The first criterion focusses on the tinymt32_rand256(), where the 1373 32-bit integer of the core TinyMT32 PRNG is scaled down to an 8-bit 1374 integer. Using a seed value of 1, the first 50 values returned by: 1375 tinymt32_rand256() as 8-bit unsigned integers MUST be equal to values 1376 provided in Figure 9, to be read line by line. 1378 37 225 177 176 21 1379 246 54 139 168 237 1380 211 187 62 190 104 1381 135 210 99 176 11 1382 207 35 40 113 179 1383 214 254 101 212 211 1384 226 41 234 232 203 1385 29 194 211 112 107 1386 217 104 197 135 23 1387 89 210 252 109 166 1389 Figure 9: First 50 decimal values (to be read per line) returned by 1390 tinymt32_rand256() as 8-bit unsigned integers, with a seed value of 1391 1. 1393 The second criterion focusses on the tinymt32_rand16(), where the 1394 32-bit integer of the core TinyMT32 PRNG is scaled down to a 4-bit 1395 integer. Using a seed value of 1, the first 50 values returned by: 1396 tinymt32_rand16() as 4-bit unsigned integers MUST be equal to values 1397 provided in Figure 10, to be read line by line. 1399 5 1 1 0 5 1400 6 6 11 8 13 1401 3 11 14 14 8 1402 7 2 3 0 11 1403 15 3 8 1 3 1404 6 14 5 4 3 1405 2 9 10 8 11 1406 13 2 3 0 11 1407 9 8 5 7 7 1408 9 2 12 13 6 1410 Figure 10: First 50 decimal values (to be read per line) returned by 1411 tinymt32_rand16() as 4-bit unsigned integers, with a seed value of 1. 1413 Appendix B. Assessing the PRNG Adequacy (Informational) 1415 This annex discusses the adequacy of the TinyMT32 PRNG and the 1416 tinymt32_rand16() and tinymt32_rand256() functions, to the RLC FEC 1417 Schemes. The goal is to assess the adequacy of these two functions 1418 in producing coding coefficients that are sufficiently different from 1419 one another, across various repair symbols with repair key values in 1420 sequence (we can expect this approach to be commonly used by 1421 implementers, see Section 6.1). This section is purely informational 1422 and does not claim to be a solid evaluation. 1424 The two RLC FEC Schemes use the PRNG to produce pseudo-random coding 1425 coefficients (Section 3.6), each time a new repair symbol is needed. 1426 A different repair key is used for each repair symbol, usually by 1427 incrementing the repair key value (Section 6.1). For each repair 1428 symbol, a limited number of pseudo-random numbers is needed, 1429 depending on the DT and encoding window size (Section 3.6), using 1430 either tinymt32_rand16() or tinymt32_rand256(). Therefore we are 1431 more interested in the randomness of small sequences of random 1432 numbers mapped to 4-bit or 8-bit integers, than in the randomness of 1433 a very large sequence of random numbers which is not representative 1434 of the usage of the PRNG. 1436 Evaluation of tinymt32_rand16(): We first generate a huge number 1437 (1,000,000,000) of small sequences (20 pseudo-random numbers per 1438 sequence), increasing the seed value for each sequence, and perform 1439 statistics on the number of occurrences of each of the 16 possible 1440 values across all sequences. In this first test we consider 32-bit 1441 seed values in order to assess the PRNG quality after output 1442 truncation to 4 bits. 1444 value occurrences percentage (%) (total of 20000000000) 1445 0 1250036799 6.2502 1446 1 1249995831 6.2500 1447 2 1250038674 6.2502 1448 3 1250000881 6.2500 1449 4 1250023929 6.2501 1450 5 1249986320 6.2499 1451 6 1249995587 6.2500 1452 7 1250020363 6.2501 1453 8 1249995276 6.2500 1454 9 1249982856 6.2499 1455 10 1249984111 6.2499 1456 11 1250009551 6.2500 1457 12 1249955768 6.2498 1458 13 1249994654 6.2500 1459 14 1250000569 6.2500 1460 15 1249978831 6.2499 1462 Figure 11: tinymt32_rand16(): occurrence statistics across a huge 1463 number (1,000,000,000) of small sequences (20 pseudo-random numbers 1464 per sequence), with 0 as the first PRNG seed. 1466 The results (Figure 11) show that all possible values are almost 1467 equally represented, or said differently, that the tinymt32_rand16() 1468 output converges to a uniform distribution where each of the 16 1469 possible values would appear exactly 1 / 16 * 100 = 6.25% of times. 1471 Since the RLC FEC Schemes use of this PRNG will be limited to 16-bit 1472 seed values, we carried out the same test for the first 2^^16 seed 1473 values only. The distribution (not shown) is of course less uniform, 1474 with value occurences ranging between 6.2121% (i.e., 81,423 1475 occurences out of a total of 65536*20=1,310,720) and 6.2948% (i.e., 1476 82,507 occurences). However, we do not believe it significantly 1477 impacts the RLC FEC Scheme behavior. 1479 Other types of biases may exist that may be visible with smaller 1480 tests, for instance to evaluate the convergence speed to a uniform 1481 distribution. We therefore perform 200 tests, each of them 1482 consisting in producing 200 sequences, keeping only the first value 1483 of each sequence. We use non overlapping repair keys for each 1484 sequence, starting with value 0 and increasing it after each use. 1486 value min occurrences max occurrences average occurrences 1487 0 4 21 6.3675 1488 1 4 22 6.0200 1489 2 4 20 6.3125 1490 3 5 23 6.1775 1491 4 5 24 6.1000 1492 5 4 21 6.5925 1493 6 5 30 6.3075 1494 7 6 22 6.2225 1495 8 5 26 6.1750 1496 9 3 21 5.9425 1497 10 5 24 6.3175 1498 11 4 22 6.4300 1499 12 5 21 6.1600 1500 13 5 22 6.3100 1501 14 4 26 6.3950 1502 15 4 21 6.1700 1504 Figure 12: tinymt32_rand16(): occurrence statistics across 200 tests, 1505 each of them consisting in 200 sequences of 1 pseudo-random number 1506 each, with non overlapping PRNG seeds in sequence starting from 0. 1508 Figure 12 shows across all 200 tests, for each of the 16 possible 1509 pseudo-random number values, the minimum (resp. maximum) number of 1510 times it appeared in a test, as well as the average number of 1511 occurrences across the 200 tests. Although the distribution is not 1512 perfect, there is no major bias. On the opposite, in the same 1513 conditions, the Park-Miller linear congruential PRNG of [RFC5170] 1514 with a result scaled down to 4-bit values, using seeds in sequence 1515 starting from 1, returns systematically 0 as the first value during 1516 some time, then after a certain repair key value threshold, it 1517 systematically returns 1, etc. 1519 Evaluation of tinymt32_rand256(): The same approach is used here. 1520 Results (not shown) are similar: occurrences vary between 7,810,3368 1521 (i.e., 0.3905%) and 7,814,7952 (i.e., 0.3907%). Here also we see a 1522 convergence to the theoretical uniform distribution where each of the 1523 256 possible values would appear exactly 1 / 256 * 100 = 0.390625% of 1524 times. 1526 Appendix C. Possible Parameter Derivation (Informational) 1528 Section 3.1 defines several parameters to control the encoder or 1529 decoder. This annex proposes techniques to derive these parameters 1530 according to the target use-case. This annex is informational, in 1531 the sense that using a different derivation technique will not 1532 prevent the encoder and decoder to interoperate: a decoder can still 1533 recover an erased source symbol without any error. However, in case 1534 of a real-time flow, an inappropriate parameter derivation may lead 1535 to the decoding of erased source packets after their validity period, 1536 making them useless to the target application. This annex proposes 1537 an approach to reduce this risk, among other things. 1539 The FEC Schemes defined in this document can be used in various 1540 manners, depending on the target use-case: 1542 o the source ADU flow they protect may or may not have real-time 1543 constraints; 1544 o the source ADU flow may be a Constant Bitrate (CBR) or Variable 1545 BitRate (VBR) flow; 1546 o with a VBR source ADU flow, the flow's minimum and maximum 1547 bitrates may or may not be known; 1548 o and the communication path between encoder and decoder may be a 1549 CBR communication path (e.g., as with certain LTE-based broadcast 1550 channels) or not (general case, e.g., with Internet). 1552 The parameter derivation technique should be suited to the use-case, 1553 as described in the following sections. 1555 C.1. Case of a CBR Real-Time Flow 1557 In the following, we consider a real-time flow with max_lat latency 1558 budget. The encoding symbol size, E, is constant. The code rate, 1559 cr, is also constant, its value depending on the expected 1560 communication loss model (this choice is out of scope of this 1561 document). 1563 In a first configuration, the source ADU flow bitrate at the input of 1564 the FECFRAME sender is fixed and equal to br_in (in bits/s), and this 1565 value is known by the FECFRAME sender. It follows that the 1566 transmission bitrate at the output of the FECFRAME sender will be 1567 higher, depending on the added repair flow overhead. In order to 1568 comply with the maximum FEC-related latency budget, we have: 1570 dw_max_size = (max_lat * br_in) / (8 * E) 1572 assuming that the encoding and decoding times are negligible with 1573 respect to the target max_lat. This is a reasonable assumption in 1574 many situations (e.g., see Section 9.1 in case of small window 1575 sizes). Otherwise the max_lat parameter should be adjusted in order 1576 to avoid the problem. In any case, interoperability will never be 1577 compromized by choosing a too large value. 1579 In a second configuration, the FECFRAME sender generates a fixed 1580 bitrate flow, equal to the CBR communication path bitrate equal to 1581 br_out (in bits/s), and this value is known by the FECFRAME sender, 1582 as in [Roca17]. The maximum source flow bitrate needs to be such 1583 that, with the added repair flow overhead, the total transmission 1584 bitrate remains inferior or equal to br_out. We have: 1586 dw_max_size = (max_lat * br_out * cr) / (8 * E) 1588 assuming here also that the encoding and decoding times are 1589 negligible with respect to the target max_lat. 1591 For decoding to be possible within the latency budget, it is required 1592 that the encoding window maximum size be smaller than or at most 1593 equal to the decoding window maximum size. The ew_max_size is the 1594 main parameter at a FECFRAME sender, but its exact value has no 1595 impact on the the FEC-related latency budget. The ew_max_size 1596 parameter is computed as follows: 1598 ew_max_size = dw_max_size * WSR / 255 1600 In line with [Roca17], WSR = 191 is considered as a reasonable value 1601 (the resulting encoding to decoding window size ratio is then close 1602 to 0.75), but other values between 1 and 255 inclusive are possible, 1603 depending on the use-case. 1605 The dw_max_size is computed by a FECFRAME sender but not explicitly 1606 communicated to a FECFRAME receiver. However, a FECFRAME receiver 1607 can easily evaluate the ew_max_size by observing the maximum Number 1608 of Source Symbols (NSS) value contained in the Repair FEC Payload ID 1609 of received FEC Repair Packets (Section 4.1.3). A receiver can then 1610 easily compute dw_max_size: 1612 dw_max_size = max_NSS_observed * 255 / WSR 1614 A receiver can then chose an appropriate linear system maximum size: 1616 ls_max_size >= dw_max_size 1618 It is good practice to use a larger value for ls_max_size as 1619 explained in Appendix D, which does not impact maximum latency nor 1620 interoperability. 1622 In any case, for a given use-case (i.e., for target encoding and 1623 decoding devices and desired protection levels in front of 1624 communication impairments) and for the computed ew_max_size, 1625 dw_max_size and ls_max_size values, it is RECOMMENDED to check that 1626 the maximum encoding time and maximum memory requirements at a 1627 FECFRAME sender, and maximum decoding time and maximum memory 1628 requirements at a FECFRAME receiver, stay within reasonable bounds. 1629 When assuming that the encoding and decoding times are negligible 1630 with respect to the target max_lat, this should be verified as well, 1631 otherwise the max_lat SHOULD be adjusted accordingly. 1633 The particular case of session start needs to be managed 1634 appropriately since the ew_size, starting at zero, increases each 1635 time a new source ADU is received by the FECFRAME sender, until it 1636 reaches the ew_max_size value. Therefore a FECFRAME receiver SHOULD 1637 continuously observe the received FEC Repair Packets, since the NSS 1638 value carried in the Repair FEC Payload ID will increase too, and 1639 adjust its ls_max_size accordingly if need be. With a CBR flow, 1640 session start is expected to be the only moment when the encoding 1641 window size will increase. Similarly, with a CBR real-time flow, the 1642 session end is expected to be the only moment when the encoding 1643 window size will progressively decrease. No adjustment of the 1644 ls_max_size is required at the FECFRAME receiver in that case. 1646 C.2. Other Types of Real-Time Flow 1648 In the following, we consider a real-time source ADU flow with a 1649 max_lat latency budget and a variable bitrate (VBR) measured at the 1650 entry of the FECFRAME sender. A first approach consists in 1651 considering the smallest instantaneous bitrate of the source ADU 1652 flow, when this parameter is known, and to reuse the derivation of 1653 Appendix C.1. Considering the smallest bitrate means that the 1654 encoding and decoding window maximum size estimations are 1655 pessimistic: these windows have the smallest size required to enable 1656 on-time decoding at a FECFRAME receiver. If the instantaneous 1657 bitrate is higher than this smallest bitrate, this approach leads to 1658 an encoding window that is unnecessarily small, which reduces 1659 robustness in front of long erasure bursts. 1661 Another approach consists in using ADU timing information (e.g., 1662 using the timestamp field of an RTP packet header, or registering the 1663 time upon receiving a new ADU). From the global FEC-related latency 1664 budget, the FECFRAME sender can derive a practical maximum latency 1665 budget for encoding operations, max_lat_for_encoding. For the FEC 1666 Schemes specified in this document, this latency budget SHOULD be 1667 computed with: 1669 max_lat_for_encoding = max_lat * WSR / 255 1671 It follows that any source symbols associated to an ADU that has 1672 timed-out with respect to max_lat_for_encoding SHOULD be removed from 1673 the encoding window. With this approach there is no pre-determined 1674 ew_size value: this value fluctuates over the time according to the 1675 instantaneous source ADU flow bitrate. For practical reasons, a 1676 FECFRAME sender may still require that ew_size does not increase 1677 beyond a maximum value (Appendix C.3). 1679 With both approaches, and no matter the choice of the FECFRAME 1680 sender, a FECFRAME receiver can still easily evaluate the ew_max_size 1681 by observing the maximum Number of Source Symbols (NSS) value 1682 contained in the Repair FEC Payload ID of received FEC Repair 1683 Packets. A receiver can then compute dw_max_size and derive an 1684 appropriate ls_max_size as explained in Appendix C.1. 1686 When the observed NSS fluctuates significantly, a FECFRAME receiver 1687 may want to adapt its ls_max_size accordingly. In particular when 1688 the NSS is significantly reduced, a FECFRAME receiver may want to 1689 reduce the ls_max_size too in order to limit computation complexity. 1690 A balance must be found between using an ls_max_size "too large" 1691 (which increases computation complexity and memory requirements) and 1692 the opposite (which reduces recovery performance). 1694 C.3. Case of a Non Real-Time Flow 1696 Finally there are configurations where a source ADU flow has no real- 1697 time constraints. FECFRAME and the FEC Schemes defined in this 1698 document can still be used. The choice of appropriate parameter 1699 values can be directed by practical considerations. For instance, it 1700 can derive from an estimation of the maximum memory amount that could 1701 be dedicated to the linear system at a FECFRAME receiver, or the 1702 maximum computation complexity at a FECFRAME receiver, both of them 1703 depending on the ls_max_size parameter. The same considerations also 1704 apply to the FECFRAME sender, where the maximum memory amount and 1705 computation complexity depend on the ew_max_size parameter. 1707 Here also, the NSS value contained in FEC Repair Packets is used by a 1708 FECFRAME receiver to determine the current coding window size and 1709 ew_max_size by observing its maximum value over the time. 1711 Appendix D. Decoding Beyond Maximum Latency Optimization 1712 (Informational) 1714 This annex introduces non normative considerations. It is provided 1715 as suggestions, without any impact on interoperability. For more 1716 information see [Roca16]. 1718 With a real-time source ADU flow, it is possible to improve the 1719 decoding performance of sliding window codes without impacting 1720 maximum latency, at the cost of extra memory and CPU overhead. The 1721 optimization consists, for a FECFRAME receiver, to extend the linear 1722 system beyond the decoding window maximum size, by keeping a certain 1723 number of old source symbols whereas their associated ADUs timed-out: 1725 ls_max_size > dw_max_size 1727 Usually the following choice is a good trade-off between decoding 1728 performance and extra CPU overhead: 1730 ls_max_size = 2 * dw_max_size 1732 When the dw_max_size is very small, it may be preferable to keep a 1733 minimum ls_max_size value (e.g., LS_MIN_SIZE_DEFAULT = 40 symbols). 1734 Going below this threshold will not save a significant amount of 1735 memory nor CPU cycles. Therefore: 1737 ls_max_size = max(2 * dw_max_size, LS_MIN_SIZE_DEFAULT) 1739 Finally, it is worth noting that a receiver that benefits from an FEC 1740 protection significantly higher than what is required to recover from 1741 packet losses, can choose to reduce the ls_max_size. In that case 1742 lost ADUs will be recovered without relying on this optimization. 1744 ls_max_size 1745 /---------------------------------^-------------------------------\ 1747 late source symbols 1748 (pot. decoded but not delivered) dw_max_size 1749 /--------------^-----------------\ /--------------^---------------\ 1750 src0 src1 src2 src3 src4 src5 src6 src7 src8 src9 src10 src11 src12 1752 Figure 13: Relationship between parameters to decode beyond maximum 1753 latency. 1755 It means that source symbols, and therefore ADUs, may be decoded even 1756 if the added latency exceeds the maximum value permitted by the 1757 application (the "late source symbols" of Figure 13). It follows 1758 that the corresponding ADUs will not be useful to the application. 1759 However, decoding these "late symbols" significantly improves the 1760 global robustness in bad reception conditions and is therefore 1761 recommended for receivers experiencing bad communication conditions 1762 [Roca16]. In any case whether or not to use this optimization and 1763 what exact value to use for the ls_max_size parameter are local 1764 decisions made by each receiver independently, without any impact on 1765 the other receivers nor on the source. 1767 Authors' Addresses 1769 Vincent Roca 1770 INRIA 1771 Univ. Grenoble Alpes 1772 France 1774 EMail: vincent.roca@inria.fr 1775 Belkacem Teibi 1776 INRIA 1777 Univ. Grenoble Alpes 1778 France 1780 EMail: belkacem.teibi@gmail.com