Session Description Protocol (SDP) Offer/Answer Procedures for Interactive Connectivity Establishment (ICE)
RFC 8839
Document | Type | RFC - Proposed Standard (January 2021) IPR | |
---|---|---|---|
Authors | Marc Petit-Huguenin , Suhas Nandakumar , Christer Holmberg , Ari Keränen , Roman Shpount | ||
Last updated | 2021-01-18 | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
IESG | Responsible AD | Adam Roach | |
Send notices to | (None) |
RFC 8839
" SDP line with value '50': a=ice-pacing:50 5.6. "ice-options" Attribute The "ice-options" attribute is a session-level and media-level attribute. It contains a series of tokens that identify the options supported by the agent. Its grammar is: ice-options = "ice-options:" ice-option-tag *(SP ice-option-tag) ice-option-tag = 1*ice-char The existence of an "ice-options" in an offer indicates that a certain extension is supported by the agent, and it is willing to use it if the peer agent also includes the same extension in the answer. There might be further extension-specific negotiation needed between the agents that determine how the extension gets used in a given session. The details of the negotiation procedures, if present, MUST be defined by the specification defining the extension (Section 10.2). The following example shows an "ice-options" SDP line with 'ice2' and 'rtp+ecn' [RFC6679] values. a=ice-options:ice2 rtp+ecn 6. Keepalives All the ICE agents MUST follow the procedures defined in Section 11 of [RFC8445] for sending keepalives. As defined in [RFC8445], the keepalives will be sent regardless of whether the data stream is currently inactive, sendonly, recvonly, or sendrecv, and regardless of the presence or value of the bandwidth attribute. An agent can determine that its peer supports ICE by the presence of "candidate" attributes for each media session. 7. SIP Considerations Note that ICE is not intended for NAT traversal for SIP signaling, which is assumed to be provided via another mechanism [RFC5626]. When ICE is used with SIP, forking may result in a single offer generating a multiplicity of answers. In that case, ICE proceeds completely in parallel and independently for each answer, treating the combination of its offer and each answer as an independent offer/ answer exchange, with its own set of local candidates, pairs, checklists, states, and so on. 7.1. Latency Guidelines ICE requires a series of STUN-based connectivity checks to take place between endpoints. These checks start from the answerer on generation of its answer, and start from the offerer when it receives the answer. These checks can take time to complete, and as such, the selection of messages to use with offers and answers can affect perceived user latency. Two latency figures are of particular interest. These are the post-pickup delay and the post-dial delay. The post-pickup delay refers to the time between when a user "answers the phone" and when any speech they utter can be delivered to the caller. The post-dial delay refers to the time between when a user enters the destination address for the user and ringback begins as a consequence of having successfully started alerting the called user agent. Two cases can be considered -- one where the offer is present in the initial INVITE and one where it is in a response. 7.1.1. Offer in INVITE To reduce post-dial delays, it is RECOMMENDED that the caller begin gathering candidates prior to actually sending its initial INVITE, so that the candidates can be provided in the INVITE. This can be started upon user interface cues that a call is pending, such as activity on a keypad or the phone going off-hook. On the receipt of the offer, the answerer SHOULD generate an answer in a provisional response as soon as it has completed gathering the candidates. ICE requires that a provisional response with an SDP be transmitted reliably. This can be done through the existing Provisional Response Acknowledgment (PRACK) mechanism [RFC3262] or through an ICE-specific optimization, wherein, the agent retransmits the provisional response with the exponential backoff timers described in [RFC3262]. Such retransmissions MUST cease on receipt of a STUN Binding request with the transport address matching the candidate address for one of the data streams signaled in that SDP or on transmission of the answer in a 2xx response. If no Binding request is received prior to the last retransmit, the agent does not consider the session terminated. For the ICE-lite peers, the agent MUST cease retransmitting the 18x response after sending it four times since there will be no Binding request sent, and the number four is arbitrarily chosen to limit the number of 18x retransmits. Once the answer has been sent, the agent SHOULD begin its connectivity checks. Once candidate pairs for each component of a data stream enter the valid list, the answerer can begin sending media on that data stream. However, prior to this point, any media that needs to be sent towards the caller (such as SIP early media [RFC3960]) MUST NOT be transmitted. For this reason, implementations SHOULD delay alerting the called party until candidates for each component of each data stream have entered the valid list. In the case of a PSTN gateway, this would mean that the setup message into the PSTN is delayed until this point. Doing this increases the post-dial delay, but has the effect of eliminating 'ghost rings'. Ghost rings are cases where the called party hears the phone ring, picks up, but hears nothing and cannot be heard. This technique works without requiring support for, or usage of, preconditions [RFC3312]. It also has the benefit of guaranteeing that not a single packet of media will get clipped, so that post-pickup delay is zero. If an agent chooses to delay local alerting in this way, it SHOULD generate a 180 response once alerting begins. 7.1.2. Offer in Response In addition to uses where the offer is in an INVITE, and the answer is in the provisional and/or 200 OK response, ICE works with cases where the offer appears in the response. In such cases, which are common in third party call control [RFC3725], ICE agents SHOULD generate their offers in a reliable provisional response (which MUST utilize [RFC3262]), and not alert the user on receipt of the INVITE. The answer will arrive in a PRACK. This allows for ICE processing to take place prior to alerting, so that there is no post-pickup delay, at the expense of increased call setup delays. Once ICE completes, the callee can alert the user and then generate a 200 OK when they answer. The 200 OK would contain no SDP, since the offer/answer exchange has completed. Alternatively, agents MAY place the offer in a 2xx instead (in which case the answer comes in the ACK). When this happens, the callee will alert the user on receipt of the INVITE, and the ICE exchanges will take place only after the user answers. This has the effect of reducing call-setup delay, but can cause substantial post-pickup delays and media clipping. 7.2. SIP Option Tags and Media Feature Tags [RFC5768] specifies a SIP option tag and media feature tag for usage with ICE. ICE implementations using SIP SHOULD support this specification, which uses a feature tag in registrations to facilitate interoperability through signaling intermediaries. 7.3. Interactions with Forking ICE interacts very well with forking. Indeed, ICE fixes some of the problems associated with forking. Without ICE, when a call forks and the caller receives multiple incoming data streams, it cannot determine which data stream corresponds to which callee. With ICE, this problem is resolved. The connectivity checks which occur prior to transmission of media carry username fragments which in turn are correlated to a specific callee. Subsequent media packets that arrive on the same candidate pair as the connectivity check will be associated with that same callee. Thus, the caller can perform this correlation as long as it has received an answer. 7.4. Interactions with Preconditions Quality of Service (QoS) preconditions, which are defined in [RFC3312] and [RFC4032], apply only to the transport addresses listed as the default targets for media in an offer/answer. If ICE changes the transport address where media is received, this change is reflected in an updated offer that changes the default destination for media to match ICE's selection. As such, it appears like any other re-INVITE would, and is fully treated in RFCs 3312 and 4032, which apply without regard to the fact that the destination for media is changing due to ICE negotiations occurring "in the background". Indeed, an agent SHOULD NOT indicate that QoS preconditions have been met until the checks have completed and selected the candidate pairs to be used for media. ICE also has interactions with connectivity preconditions [RFC5898]. Those interactions are described there. Note that the procedures described in Section 7.1 describe their own type of "preconditions", albeit with less functionality than those provided by the explicit preconditions in [RFC5898]. 7.5. Interactions with Third Party Call Control ICE works with Flows I, III, and IV as described in [RFC3725]. Flow I works without the controller supporting or being aware of ICE. Flow IV will work as long as the controller passes along the ICE attributes without alteration. Flow II is fundamentally incompatible with ICE; each agent will believe itself to be the answerer and thus never generate a re-INVITE. The flows for continued operation, as described in Section 7 of [RFC3725], require additional behavior of ICE implementations to support. In particular, if an agent receives a mid-dialog re-INVITE that contains no offer, it MUST restart ICE for each data stream and go through the process of gathering new candidates. Furthermore, that list of candidates SHOULD include the ones currently being used for media. 8. Interactions with Application Layer Gateways and SIP Application Layer Gateways (ALGs) are functions present in a Network Address Translation (NAT) device that inspect the contents of packets and modify them, in order to facilitate NAT traversal for application protocols. Session Border Controllers (SBCs) are close cousins of ALGs, but are less transparent since they actually exist as application-layer SIP intermediaries. ICE has interactions with SBCs and ALGs. If an ALG is SIP aware but not ICE aware, ICE will work through it as long as the ALG correctly modifies the SDP. A correct ALG implementation behaves as follows: * The ALG does not modify the "m=" and "c=" lines or the "rtcp" attribute if they contain external addresses. * If the "m=" and "c=" lines contain internal addresses, the modification depends on the state of the ALG: - If the ALG already has a binding established that maps an external port to an internal connection address and port matching the values in the "m=" and "c=" lines or "rtcp" attribute, the ALG uses that binding instead of creating a new one. - If the ALG does not already have a binding, it creates a new one and modifies the SDP, rewriting the "m=" and "c=" lines and "rtcp" attribute. Unfortunately, many ALGs are known to work poorly in these corner cases. ICE does not try to work around broken ALGs, as this is outside the scope of its functionality. ICE can help diagnose these conditions, which often show up as a mismatch between the set of candidates and the "m=" and "c=" lines and "rtcp" attributes. The "ice-mismatch" attribute is used for this purpose. ICE works best through ALGs when the signaling is run over TLS. This prevents the ALG from manipulating the SDP messages and interfering with ICE operation. Implementations that are expected to be deployed behind ALGs SHOULD provide for TLS transport of the SDP. If an SBC is SIP aware but not ICE aware, the result depends on the behavior of the SBC. If it is acting as a proper Back-to-Back User Agent (B2BUA), the SBC will remove any SDP attributes it doesn't understand, including the ICE attributes. Consequently, the call will appear to both endpoints as if the other side doesn't support ICE. This will result in ICE being disabled, and media flowing through the SBC, if the SBC has requested it. If, however, the SBC passes the ICE attributes without modification, yet modifies the default destination for media (contained in the "m=" and "c=" lines and "rtcp" attribute), this will be detected as an ICE mismatch, and ICE processing is aborted for the call. It is outside of the scope of ICE for it to act as a tool for "working around" SBCs. If one is present, ICE will not be used and the SBC techniques take precedence. 9. Security Considerations The generic ICE security considerations are defined in [RFC8445], and the generic SDP offer/answer security considerations are defined in [RFC3264]. These security considerations also apply to implementations of this document. 9.1. IP Address Privacy In some cases, e.g., for privacy reasons, an agent may not want to reveal the related address and port. In this case the address MUST be set to "0.0.0.0" (for IPv4 candidates) or "::" (for IPv6 candidates) and the port to '9'. 9.2. Attacks on the Offer/Answer Exchanges An attacker that can modify or disrupt the offer/answer exchanges themselves can readily launch a variety of attacks with ICE. They could direct media to a target of a DoS attack, they could insert themselves into the data stream, and so on. These are similar to the general security considerations for offer/answer exchanges, and the security considerations in [RFC3264] apply. These require techniques for message integrity and encryption for offers and answers, which are satisfied by the TLS mechanism [RFC3261] when SIP is used. As such, the usage of TLS with ICE is RECOMMENDED. 9.3. The Voice Hammer Attack The voice hammer attack is an amplification attack, and can be triggered even if the attacker is an authenticated and valid participant in a session. In this attack, the attacker initiates sessions to other agents, and maliciously includes the connection address and port of a DoS target as the destination for media traffic signaled in the SDP. This causes substantial amplification; a single offer/answer exchange can create a continuing flood of media packets, possibly at high rates (consider video sources). The use of ICE can help to prevent against this attack. Specifically, if ICE is used, the agent receiving the malicious SDP will first perform connectivity checks to the target of media before sending media there. If this target is a third-party host, the checks will not succeed, and media is never sent. The ICE extension defined in [RFC7675] can be used to further protect against voice hammer attacks. Unfortunately, ICE doesn't help if it's not used, in which case an attacker could simply send the offer without the ICE parameters. However, in environments where the set of clients is known, and is limited to ones that support ICE, the server can reject any offers or answers that don't indicate ICE support. SIP user agents (UA) [RFC3261] that are not willing to receive non- ICE answers MUST include an "ice" option tag [RFC5768] in the SIP Require header field in their offer. UAs that reject non-ICE offers will generally use a 421 response code, together with an option tag "ice" in the Require header field in the response. 10. IANA Considerations 10.1. SDP Attributes The original ICE specification defined seven new SDP attributes per the procedures of Section 8.2.4 of [RFC4566]. The registration information from the original specification is included here with modifications to include Mux Category [RFC8859] and also defines a new SDP attribute "ice-pacing". 10.1.1. "candidate" Attribute Attribute Name: candidate Type of Attribute: media-level Subject to charset: No Purpose: This attribute is used with Interactive Connectivity Establishment (ICE), and provides one of many possible candidate addresses for communication. These addresses are validated with an end-to-end connectivity check using Session Traversal Utilities for NAT (STUN). Appropriate Values: See Section 5 of RFC 8839. Contact Name: IESG Contact Email: iesg@ietf.org Reference: RFC 8839 Mux Category: TRANSPORT 10.1.2. "remote-candidates" Attribute Attribute Name: remote-candidates Type of Attribute: media-level Subject to charset: No Purpose: This attribute is used with Interactive Connectivity Establishment (ICE), and provides the identity of the remote candidates that the offerer wishes the answerer to use in its answer. Appropriate Values: See Section 5 of RFC 8839. Contact Name: IESG Contact Email: iesg@ietf.org Reference: RFC 8839 Mux Category: TRANSPORT 10.1.3. "ice-lite" Attribute Attribute Name: ice-lite Type of Attribute: session-level Subject to charset: No Purpose: This attribute is used with Interactive Connectivity Establishment (ICE), and indicates that an agent has the minimum functionality required to support ICE inter-operation with a peer that has a full implementation. Appropriate Values: See Section 5 of RFC 8839. Contact Name: IESG Contact Email: iesg@ietf.org Reference: RFC 8839 Mux Category: NORMAL 10.1.4. "ice-mismatch" Attribute Attribute Name: ice-mismatch Type of Attribute: media-level Subject to charset: No Purpose: This attribute is used with Interactive Connectivity Establishment (ICE), and indicates that an agent is ICE capable, but did not proceed with ICE due to a mismatch of candidates with the default destination for media signaled in the SDP. Appropriate Values: See Section 5 of RFC 8839. Contact Name: IESG Contact e-mail: iesg@ietf.org Reference: RFC 8839 Mux Category: NORMAL 10.1.5. "ice-pwd" Attribute Attribute Name: ice-pwd Type of Attribute: session- or media-level Subject to charset: No Purpose: This attribute is used with Interactive Connectivity Establishment (ICE), and provides the password used to protect STUN connectivity checks. Appropriate Values: See Section 5 of RFC 8839. Contact Name: IESG Contact e-mail: iesg@ietf.org Reference: RFC 8839 Mux Category: TRANSPORT 10.1.6. "ice-ufrag" Attribute Attribute Name: ice-ufrag Type of Attribute: session- or media-level Subject to charset: No Purpose: This attribute is used with Interactive Connectivity Establishment (ICE), and provides the fragments used to construct the username in STUN connectivity checks. Appropriate Values: See Section 5 of RFC 8839. Contact Name: IESG Contact e-mail: iesg@ietf.org Reference: RFC 8839 Mux Category: TRANSPORT 10.1.7. "ice-options" Attribute Attribute Name: ice-options Long Form: ice-options Type of Attribute: session-level Subject to charset: No Purpose: This attribute is used with Interactive Connectivity Establishment (ICE), and indicates the ICE options or extensions used by the agent. Appropriate Values: See Section 5 of RFC 8839. Contact Name: IESG Contact e-mail: iesg@ietf.org Reference: RFC 8839 Mux Category: NORMAL 10.1.8. "ice-pacing" Attribute This specification also defines a new SDP attribute, "ice-pacing", according to the following data: Attribute Name: ice-pacing Type of Attribute: session-level Subject to charset: No Purpose: This attribute is used with Interactive Connectivity Establishment (ICE) to indicate desired connectivity check pacing values. Appropriate Values: See Section 5 of RFC 8839. Contact Name: IESG Contact e-mail: iesg@ietf.org Reference: RFC 8839 Mux Category: NORMAL 10.2. Interactive Connectivity Establishment (ICE) Options Registry IANA maintains a registry for "ice-options" identifiers under the Specification Required policy as defined in "Guidelines for Writing an IANA Considerations Section in RFCs" [RFC8126]. ICE options are of unlimited length according to the syntax in Section 5.6; however, they are RECOMMENDED to be no longer than 20 characters. This is to reduce message sizes and allow for efficient parsing. ICE options are defined at the session level. A registration request MUST include the following information: * The ICE option identifier to be registered * Name and email address of organization or individuals having change control * Short description of the ICE extension to which the option relates * Reference(s) to the specification defining the ICE option and the related extensions 10.3. Candidate Attribute Extension Subregistry Establishment This section creates a new subregistry, "Candidate Attribute Extensions", under the SDP Parameters registry: http://www.iana.org/assignments/sdp-parameters. The purpose of the subregistry is to register SDP "candidate" attribute extensions. When a "candidate" extension is registered in the subregistry, it needs to meet the "Specification Required" policies defined in [RFC8126]. "candidate" attribute extensions MUST follow the 'cand-extension' syntax. The attribute extension name MUST follow the 'extension-att- name' syntax, and the attribute extension value MUST follow the 'extension-att-value' syntax. A registration request MUST include the following information: * The name of the attribute extension. * Name and email address of organization or individuals having change control * A short description of the attribute extension. * A reference to a specification that describes the semantics, usage and possible values of the attribute extension. 11. Changes from RFC 5245 [RFC8445] describes the changes made to the common SIP procedures, including removal of aggressive nomination, modifying the procedures for calculating candidate pair states, scheduling connectivity checks, and the calculation of timer values. This document defines the following SDP offer/answer specific changes: * SDP offer/answer realization and usage of 'ice2' option. * Definition and usage of SDP "ice-pacing" attribute. * Explicit text that an ICE agent must not generate candidates with FQDNs, and must discard such candidates if received from the peer agent. * Relax requirement to include SDP "rtcp" attribute. * Generic clarifications of SDP offer/answer procedures. * ICE mismatch is now optional, and an agent has an option to not trigger mismatch and instead treat the default candidate as an additional candidate. * FQDNs and "0.0.0.0"/"::" IP addresses with port "9" default candidates do not trigger ICE mismatch. 12. References 12.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, DOI 10.17487/RFC3261, June 2002, <https://www.rfc-editor.org/info/rfc3261>. [RFC3262] Rosenberg, J. and H. Schulzrinne, "Reliability of Provisional Responses in Session Initiation Protocol (SIP)", RFC 3262, DOI 10.17487/RFC3262, June 2002, <https://www.rfc-editor.org/info/rfc3262>. [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with Session Description Protocol (SDP)", RFC 3264, DOI 10.17487/RFC3264, June 2002, <https://www.rfc-editor.org/info/rfc3264>. [RFC3312] Camarillo, G., Ed., Marshall, W., Ed., and J. Rosenberg, "Integration of Resource Management and Session Initiation Protocol (SIP)", RFC 3312, DOI 10.17487/RFC3312, October 2002, <https://www.rfc-editor.org/info/rfc3312>. [RFC3556] Casner, S., "Session Description Protocol (SDP) Bandwidth Modifiers for RTP Control Protocol (RTCP) Bandwidth", RFC 3556, DOI 10.17487/RFC3556, July 2003, <https://www.rfc-editor.org/info/rfc3556>. [RFC3605] Huitema, C., "Real Time Control Protocol (RTCP) attribute in Session Description Protocol (SDP)", RFC 3605, DOI 10.17487/RFC3605, October 2003, <https://www.rfc-editor.org/info/rfc3605>. [RFC4032] Camarillo, G. and P. Kyzivat, "Update to the Session Initiation Protocol (SIP) Preconditions Framework", RFC 4032, DOI 10.17487/RFC4032, March 2005, <https://www.rfc-editor.org/info/rfc4032>. [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session Description Protocol", RFC 4566, DOI 10.17487/RFC4566, July 2006, <https://www.rfc-editor.org/info/rfc4566>. [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/RFC5234, January 2008, <https://www.rfc-editor.org/info/rfc5234>. [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, "Session Traversal Utilities for NAT (STUN)", RFC 5389, DOI 10.17487/RFC5389, October 2008, <https://www.rfc-editor.org/info/rfc5389>. [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN)", RFC 5766, DOI 10.17487/RFC5766, April 2010, <https://www.rfc-editor.org/info/rfc5766>. [RFC5768] Rosenberg, J., "Indicating Support for Interactive Connectivity Establishment (ICE) in the Session Initiation Protocol (SIP)", RFC 5768, DOI 10.17487/RFC5768, April 2010, <https://www.rfc-editor.org/info/rfc5768>. [RFC6336] Westerlund, M. and C. Perkins, "IANA Registry for Interactive Connectivity Establishment (ICE) Options", RFC 6336, DOI 10.17487/RFC6336, July 2011, <https://www.rfc-editor.org/info/rfc6336>. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>. [RFC8445] Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal", RFC 8445, DOI 10.17487/RFC8445, July 2018, <https://www.rfc-editor.org/info/rfc8445>. 12.2. Informative References [RFC3725] Rosenberg, J., Peterson, J., Schulzrinne, H., and G. Camarillo, "Best Current Practices for Third Party Call Control (3pcc) in the Session Initiation Protocol (SIP)", BCP 85, RFC 3725, DOI 10.17487/RFC3725, April 2004, <https://www.rfc-editor.org/info/rfc3725>. [RFC3960] Camarillo, G. and H. Schulzrinne, "Early Media and Ringing Tone Generation in the Session Initiation Protocol (SIP)", RFC 3960, DOI 10.17487/RFC3960, December 2004, <https://www.rfc-editor.org/info/rfc3960>. [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols", RFC 5245, DOI 10.17487/RFC5245, April 2010, <https://www.rfc-editor.org/info/rfc5245>. [RFC5626] Jennings, C., Ed., Mahy, R., Ed., and F. Audet, Ed., "Managing Client-Initiated Connections in the Session Initiation Protocol (SIP)", RFC 5626, DOI 10.17487/RFC5626, October 2009, <https://www.rfc-editor.org/info/rfc5626>. [RFC5898] Andreasen, F., Camarillo, G., Oran, D., and D. Wing, "Connectivity Preconditions for Session Description Protocol (SDP) Media Streams", RFC 5898, DOI 10.17487/RFC5898, July 2010, <https://www.rfc-editor.org/info/rfc5898>. [RFC6679] Westerlund, M., Johansson, I., Perkins, C., O'Hanlon, P., and K. Carlberg, "Explicit Congestion Notification (ECN) for RTP over UDP", RFC 6679, DOI 10.17487/RFC6679, August 2012, <https://www.rfc-editor.org/info/rfc6679>. [RFC7675] Perumal, M., Wing, D., Ravindranath, R., Reddy, T., and M. Thomson, "Session Traversal Utilities for NAT (STUN) Usage for Consent Freshness", RFC 7675, DOI 10.17487/RFC7675, October 2015, <https://www.rfc-editor.org/info/rfc7675>. [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017, <https://www.rfc-editor.org/info/rfc8126>. [RFC8859] Nandakumar, S., "A Framework for Session Description Protocol (SDP) Attributes When Multiplexing", RFC 8859, DOI 10.17487/RFC8859, January 2021, <https://www.rfc-editor.org/info/rfc8859>. [RFC8863] Holmberg, C. and J. Uberti, "Interactive Connectivity Establishment Patiently Awaiting Connectivity (ICE PAC)", RFC 8863, DOI 10.17487/RFC8863, January 2021, <https://www.rfc-editor.org/info/rfc8863>. Appendix A. Examples For the example shown in Section 15 of [RFC8445], the resulting offer (message 5) encoded in SDP looks like (lines folded for clarity): v=0 o=jdoe 2890844526 2890842807 IN IP6 $L-PRIV-1.IP s= c=IN IP6 $NAT-PUB-1.IP t=0 0 a=ice-options:ice2 a=ice-pacing:50 a=ice-pwd:asd88fgpdd777uzjYhagZg a=ice-ufrag:8hhY m=audio $NAT-PUB-1.PORT RTP/AVP 0 b=RS:0 b=RR:0 a=rtpmap:0 PCMU/8000 a=candidate:1 1 UDP 2130706431 $L-PRIV-1.IP $L-PRIV-1.PORT typ host a=candidate:2 1 UDP 1694498815 $NAT-PUB-1.IP $NAT-PUB-1.PORT typ srflx raddr $L-PRIV-1.IP rport $L-PRIV-1.PORT The offer, with the variables replaced with their values, will look like (lines folded for clarity): v=0 o=jdoe 2890844526 2890842807 IN IP6 fe80::6676:baff:fe9c:ee4a s= c=IN IP6 2001:db8:8101:3a55:4858:a2a9:22ff:99b9 t=0 0 a=ice-options:ice2 a=ice-pacing:50 a=ice-pwd:asd88fgpdd777uzjYhagZg a=ice-ufrag:8hhY m=audio 45664 RTP/AVP 0 b=RS:0 b=RR:0 a=rtpmap:0 PCMU/8000 a=candidate:1 1 UDP 2130706431 fe80::6676:baff:fe9c:ee4a 8998 typ host a=candidate:2 1 UDP 1694498815 2001:db8:8101:3a55:4858:a2a9:22ff:99b9 45664 typ srflx raddr fe80::6676:baff:fe9c:ee4a rport 8998 The resulting answer looks like: v=0 o=bob 2808844564 2808844564 IN IP4 $R-PUB-1.IP s= c=IN IP4 $R-PUB-1.IP t=0 0 a=ice-options:ice2 a=ice-pacing:50 a=ice-pwd:YH75Fviy6338Vbrhrlp8Yh a=ice-ufrag:9uB6 m=audio $R-PUB-1.PORT RTP/AVP 0 b=RS:0 b=RR:0 a=rtpmap:0 PCMU/8000 a=candidate:1 1 UDP 2130706431 $R-PUB-1.IP $R-PUB-1.PORT typ host With the variables filled in: v=0 o=bob 2808844564 2808844564 IN IP4 192.0.2.1 s= c=IN IP4 192.0.2.1 t=0 0 a=ice-options:ice2 a=ice-pacing:50 a=ice-pwd:YH75Fviy6338Vbrhrlp8Yh a=ice-ufrag:9uB6 m=audio 3478 RTP/AVP 0 b=RS:0 b=RR:0 a=rtpmap:0 PCMU/8000 a=candidate:1 1 UDP 2130706431 192.0.2.1 3478 typ host Appendix B. The "remote-candidates" Attribute The "remote-candidates" attribute exists to eliminate a race condition between the updated offer and the response to the STUN Binding request that moved a candidate into the valid list. This race condition is shown in Figure 1. On receipt of message 4, agent L adds a candidate pair to the valid list. If there was only a single data stream with a single component, agent L could now send an updated offer. However, the check from agent R has not yet received a response, and agent R receives the updated offer (message 7) before getting the response (message 9). Thus, it does not yet know that this particular pair is valid. To eliminate this condition, the actual candidates at R that were selected by the offerer (the remote candidates) are included in the offer itself, and the answerer delays its answer until those pairs validate. Agent L Network Agent R |(1) Offer | | |------------------------------------------>| |(2) Answer | | |<------------------------------------------| |(3) STUN Req. | | |------------------------------------------>| |(4) STUN Res. | | |<------------------------------------------| |(5) STUN Req. | | |<------------------------------------------| |(6) STUN Res. | | |-------------------->| | | |Lost | |(7) Offer | | |------------------------------------------>| |(8) STUN Req. | | |<------------------------------------------| |(9) STUN Res. | | |------------------------------------------>| |(10) Answer | | |<------------------------------------------| Figure 1: Race Condition Flow Appendix C. Why Is the Conflict Resolution Mechanism Needed? When ICE runs between two peers, one agent acts as controlled, and the other as controlling. Rules are defined as a function of implementation type and offerer/answerer to determine who is controlling and who is controlled. However, the specification mentions that, in some cases, both sides might believe they are controlling, or both sides might believe they are controlled. How can this happen? The condition when both agents believe they are controlled shows up in third party call control cases. Consider the following flow: A Controller B |(1) INV() | | |<-------------| | |(2) 200(SDP1) | | |------------->| | | |(3) INV() | | |------------->| | |(4) 200(SDP2) | | |<-------------| |(5) ACK(SDP2) | | |<-------------| | | |(6) ACK(SDP1) | | |------------->| Figure 2: Role Conflict Flow This flow is a variation on flow III of RFC 3725 [RFC3725]. In fact, it works better than flow III since it produces fewer messages. In this flow, the controller sends an offerless INVITE to agent A, which responds with its offer, SDP1. The agent then sends an offerless INVITE to agent B, which it responds to with its offer, SDP2. The controller then uses the offer from each agent to generate the answers. When this flow is used, ICE will run between agents A and B, but both will believe they are in the controlling role. With the role conflict resolution procedures, this flow will function properly when ICE is used. At this time, there are no documented flows that can result in the case where both agents believe they are controlled. However, the conflict resolution procedures allow for this case, should a flow arise that would fit into this category. Appendix D. Why Send an Updated Offer? Section 12.1 of [RFC8445] describes rules for sending media. Both agents can send media once ICE checks complete, without waiting for an updated offer. Indeed, the only purpose of the updated offer is to "correct" the SDP so that the default destination for media matches where media is being sent based on ICE procedures (which will be the highest-priority nominated candidate pair). This raises the question -- why is the updated offer/answer exchange needed at all? Indeed, in a pure offer/answer environment, it would not be. The offerer and answerer will agree on the candidates to use through ICE, and then can begin using them. As far as the agents themselves are concerned, the updated offer/answer provides no new information. However, in practice, numerous components along the signaling path look at the SDP information. These include entities performing off-path QoS reservations, NAT traversal components such as ALGs and Session Border Controllers (SBCs), and diagnostic tools that passively monitor the network. For these tools to continue to function without change, the core property of SDP -- that the existing, pre-ICE definitions of the addresses used for media -- the "m=" and "c=" lines and the "rtcp" attribute -- must be retained. For this reason, an updated offer must be sent. Acknowledgements A large part of the text in this document was taken from [RFC5245], authored by Jonathan Rosenberg. Some of the text in this document was taken from [RFC6336], authored by Magnus Westerlund and Colin Perkins. Many thanks to Flemming Andreasen for shepherd review feedback. Thanks to following experts for their reviews and constructive feedback: Thomas Stach, Adam Roach, Peter Saint-Andre, Roman Danyliw, Alissa Cooper, Benjamin Kaduk, Mirja Kühlewind, Alexey Melnikov, and Éric Vyncke for their detailed reviews. Contributors The following experts have contributed textual and structural improvements for this work: Thomas Stach Email: thomass.stach@gmail.com Authors' Addresses Marc Petit-Huguenin Impedance Mismatch Email: marc@petit-huguenin.org Suhas Nandakumar Cisco Systems 707 Tasman Dr Milpitas, CA 95035 United States of America Email: snandaku@cisco.com Christer Holmberg Ericsson Hirsalantie 11 FI-02420 Jorvas Finland Email: christer.holmberg@ericsson.com Ari Keränen Ericsson FI-02420 Jorvas Finland Email: ari.keranen@ericsson.com Roman Shpount TurboBridge 4905 Del Ray Avenue, Suite 300 Bethesda, MD 20814 United States of America Email: rshpount@turbobridge.com