draft-ietf-mmusic-connectivity-precon-00.txt   draft-ietf-mmusic-connectivity-precon-01.txt 
MMUSIC Working Group F. Andreason MMUSIC Working Group F. Andreasen
Internet-Draft Cisco System, Inc. Internet-Draft Cisco System, Inc.
Expires: October 26, 2005 G. Camarillo Expires: April 22, 2006 G. Camarillo
Ericsson Ericsson
D. Oran D. Oran
Cisco Systems, Inc Cisco Systems, Inc
D. Wing D. Wing
Cisco Systems, Inc. Cisco Systems, Inc.
April 24, 2005 October 19, 2005
Connectivity Preconditions for Session Description Protocol Media Connectivity Preconditions for Session Description Protocol Media
Streams Streams
draft-ietf-mmusic-connectivity-precon-00.txt draft-ietf-mmusic-connectivity-precon-01.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 40 skipping to change at page 1, line 40
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on October 26, 2005. This Internet-Draft will expire on April 22, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2005).
Abstract Abstract
This document defines a new connectivity precondition for the Session This document defines a new connectivity precondition for the Session
Description Protocol precondition framework described in RFC 3312 Description Protocol precondition framework described in RFC 3312
(and its update, RFC4032). A connectivity precondition can be used (and its update, RFC4032). A connectivity precondition can be used
to delay session establishment or modification until media stream to delay session establishment or modification until media stream
connectivity has been verified successfully. The method of connectivity has been verified successfully. The method of
verification may vary depending on the type of transport used for the verification may vary depending on the type of transport used for the
media. For reliable connection-oriented transports such as TCP media. For reliable connection-oriented transports such as TCP
verification is achieved by successful connection establishment. For verification is achieved by successful connection establishment. For
unreliable datagram transports such as UDP, verification involves unreliable datagram transports such as UDP, verification involves
probing the stream with data or control packets. probing the stream with data or control packets.
NOTE: This document is the result of a merge of two prior documents
with overlapping scope: draft-ietf-mmusic-connectivityprecondition-02
and draft-ietf-mmusic-connection-precon-02. The former covered the
case of datagram unreliable transports; the latter the case of
connection-oriented reliable transports. The merged version covers
these two but also describes operations in hybrid cases of unreliable
connection-oriented transports and reliable datagram transports.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Connectivity Precondition Definition . . . . . . . . . . . . . 4 3. Connectivity Precondition Definition . . . . . . . . . . . . . 3
3.1 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.2 Operational semantics . . . . . . . . . . . . . . . . . . 5 3.2. Operational semantics . . . . . . . . . . . . . . . . . . 4
3.3 Status type . . . . . . . . . . . . . . . . . . . . . . . 5 3.3. Status type . . . . . . . . . . . . . . . . . . . . . . . 4
3.4 Direction tag . . . . . . . . . . . . . . . . . . . . . . 5 3.4. Direction tag . . . . . . . . . . . . . . . . . . . . . . 4
3.5 Precondition strength . . . . . . . . . . . . . . . . . . 6 3.5. Precondition strength . . . . . . . . . . . . . . . . . . 5
4. Verifying connectivity . . . . . . . . . . . . . . . . . . . . 7 4. Verifying connectivity . . . . . . . . . . . . . . . . . . . . 6
4.1 Procedures for connection-oriented transports . . . . . . 8 4.1. Procedures for connection-oriented transports . . . . . . 7
4.2 Procedures for datagram transports . . . . . . . . . . . . 8 4.2. Procedures for datagram transports . . . . . . . . . . . . 8
5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
6. Security Considerations . . . . . . . . . . . . . . . . . . . 14 6. Security Considerations . . . . . . . . . . . . . . . . . . . 14
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
8.1 Normative References . . . . . . . . . . . . . . . . . . . 15 8.1. Normative References . . . . . . . . . . . . . . . . . . . 15
8.2 Informative References . . . . . . . . . . . . . . . . . . 15 8.2. Informative References . . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 16 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17
Intellectual Property and Copyright Statements . . . . . . . . 17 Intellectual Property and Copyright Statements . . . . . . . . . . 18
1. Introduction 1. Introduction
The concept of a Session Description Protocol (SDP) [2] precondition The concept of a Session Description Protocol (SDP) [2] precondition
in the Session Initiation Protocol (SIP) [SIP] is defined in RFC3312 in the Session Initiation Protocol (SIP) [SIP] is defined in RFC3312
[4] (updated by RFC4032 [6]). A precondition is a condition that has [4] (updated by RFC4032 [6]). A precondition is a condition that has
to be satisfied for a given media stream in order for session to be satisfied for a given media stream in order for session
establishment or modification to proceed. When the precondition is establishment or modification to proceed. When the precondition is
not met, session progress is delayed until the precondition is not met, session progress is delayed until the precondition is
satisfied, or the session establishment fails. For example, RFC3312 satisfied, or the session establishment fails. For example, RFC3312
skipping to change at page 4, line 25 skipping to change at page 3, line 25
availability of network resources prior to establishing (i.e. availability of network resources prior to establishing (i.e.
alerting) a call. alerting) a call.
SIP sessions are typically established in order to setup one or more SIP sessions are typically established in order to setup one or more
media streams. Even though a media stream may be negotiated media streams. Even though a media stream may be negotiated
successfully, through an SDP offer-answer exchange, the actual media successfully, through an SDP offer-answer exchange, the actual media
stream itself may fail. For example, when there is one or more stream itself may fail. For example, when there is one or more
Network Address Translators (NATs) or firewalls in the media path, Network Address Translators (NATs) or firewalls in the media path,
the media stream may not be received by the far end. In cases where the media stream may not be received by the far end. In cases where
the media is carried over a connection-oriented transport such as TCP the media is carried over a connection-oriented transport such as TCP
[7], the connection-establishment procedures may fail. The [8], the connection-establishment procedures may fail. The
connectivity precondition defined in this document ensures that connectivity precondition defined in this document ensures that
session progress is delayed until media stream connectivity has been session progress is delayed until media stream connectivity has been
verified, or the session itself is abandoned. verified, or the session itself is abandoned.
The connectivity precondition type defined in this document follows The connectivity precondition type defined in this document follows
the guidelines provided in RFC4032 [6] to extend the SIP the guidelines provided in RFC4032 [6] to extend the SIP
preconditions framework. preconditions framework.
2. Terminology 2. Terminology
In this document, the key words "MUST", "MUST NOT", "REQUIRED", In this document, the key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT
RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as
described in BCP 14, RFC 2119 [1] and indicate requirement levels for described in BCP 14, RFC 2119 [1] and indicate requirement levels for
compliant implementations. compliant implementations.
3. Connectivity Precondition Definition 3. Connectivity Precondition Definition
3.1 Syntax 3.1. Syntax
The connectivity precondition type is defined by the string "conn" The connectivity precondition type is defined by the string "conn"
and hence we modify the grammar found in RFC 3312 as follows: and hence we modify the grammar found in RFC 3312 as follows:
precondition-type = "conn" | "qos" | token precondition-type = "conn" | "qos" | token
This precondition tag is registered with the IANA in Section 7. This precondition tag is registered with the IANA in Section 7.
3.2 Operational semantics 3.2. Operational semantics
According to RFC4032 [6], documents defining new precondition types According to RFC4032 [6], documents defining new precondition types
need to describe the behavior of UAs from the moment session need to describe the behavior of UAs from the moment session
establishment is suspended due to a set of preconditions until is establishment is suspended due to a set of preconditions until is
resumed when these preconditions are met. An entity that wishes to resumed when these preconditions are met. An entity that wishes to
delay session establishment or modification until media stream delay session establishment or modification until media stream
connectivity has been established uses this precondition-type in an connectivity has been established uses this precondition-type in an
offer. When a mandatory connectivity precondition is received in an offer. When a mandatory connectivity precondition is received in an
offer, session establishment or modification is delayed until the offer, session establishment or modification is delayed until the
connectivity precondition has been met, i.e., media stream connectivity precondition has been met, i.e., media stream
skipping to change at page 5, line 39 skipping to change at page 4, line 39
cut through. For example, STUN packets [STUN], RTP No-Op packets and cut through. For example, STUN packets [STUN], RTP No-Op packets and
corresponding RTCP reports, as well as TCP SYN and ACK packets can be corresponding RTCP reports, as well as TCP SYN and ACK packets can be
exchanged on media streams that support them as a way of verifying exchanged on media streams that support them as a way of verifying
connectivity. connectivity.
When the media stream consists of multiple destination addresses, When the media stream consists of multiple destination addresses,
connectivity to all of them MUST be verified in order for the connectivity to all of them MUST be verified in order for the
precondition to be met. In the case of RTP-based media streams, RTCP precondition to be met. In the case of RTP-based media streams, RTCP
connectivity however is not a requirement. connectivity however is not a requirement.
3.3 Status type 3.3. Status type
RFC 3312 defines support for two kinds of status types, namely RFC 3312 defines support for two kinds of status types, namely
segmented and end-to-end. The connectivity precondition-type defined segmented and end-to-end. The connectivity precondition-type defined
here MUST be used with the end-to-end status type; use of the here MUST be used with the end-to-end status type; use of the
segmented status type is undefined. segmented status type is undefined.
3.4 Direction tag 3.4. Direction tag
The direction attributes defined in RFC 3312 are interpreted as The direction attributes defined in RFC 3312 are interpreted as
follows: follows:
o send: The party who generated the session description (the offerer o send: The party who generated the session description (the offerer
in an offer-answer exchange) is sending packets on the media in an offer-answer exchange) is sending packets on the media
stream to the other party, and the other party has received at stream to the other party, and the other party has received at
least one of those packets, i.e., there is connectivity in the least one of those packets, i.e., there is connectivity in the
forward (sending) direction. forward (sending) direction.
o recv: The other party (the answerer in an offer-answer exchange) o recv: The other party (the answerer in an offer-answer exchange)
skipping to change at page 6, line 26 skipping to change at page 5, line 26
connection would usually have an associated direction tag of connection would usually have an associated direction tag of
sendrecv because it can carry data in both directions. sendrecv because it can carry data in both directions.
Note that a "send" connectivity precondition from the offerer's point Note that a "send" connectivity precondition from the offerer's point
of view corresponds to a "recv" connectivity precondition from the of view corresponds to a "recv" connectivity precondition from the
answerer's point of view, and vice versa. If media stream answerer's point of view, and vice versa. If media stream
connectivity in both directions is required before session connectivity in both directions is required before session
establishment or modification continues, the desired status MUST be establishment or modification continues, the desired status MUST be
set to "sendrecv". set to "sendrecv".
3.5 Precondition strength 3.5. Precondition strength
Connectivity preconditions may have a strength-tag of either Connectivity preconditions may have a strength-tag of either
"mandatory" or "optional". "mandatory" or "optional".
When a mandatory connectivity precondition is offered, and the When a mandatory connectivity precondition is offered, and the
answerer cannot satisfy the connectivity precondition, e.g., because answerer cannot satisfy the connectivity precondition, e.g., because
the offer does not include parameters that enable connectivity to be the offer does not include parameters that enable connectivity to be
verified without media cut through, the offer MUST be rejected as verified without media cut through, the offer MUST be rejected as
described in RFC 3312. described in RFC 3312.
skipping to change at page 7, line 13 skipping to change at page 6, line 13
Section 6 of RFC 3312, i.e.: Section 6 of RFC 3312, i.e.:
"Both user agents SHOULD continue using the old session parameters "Both user agents SHOULD continue using the old session parameters
until all the mandatory preconditions are met. At that moment, until all the mandatory preconditions are met. At that moment,
the user agents can begin using the new session parameters." the user agents can begin using the new session parameters."
It should be noted, that connectivity may not exist between two It should be noted, that connectivity may not exist between two
entities initially, e.g., when one or both entities are behind a entities initially, e.g., when one or both entities are behind a
symmetric NAT. Subsequent packet exchanges however may create the symmetric NAT. Subsequent packet exchanges however may create the
necessary address bindings in the NAT(s) thereby creating necessary address bindings in the NAT(s) thereby creating
connectivity. The ICE [12] methodology for example ensures that such connectivity. The ICE [7] methodology for example ensures that such
bindings are created following an offer/answer exchange. bindings are created following an offer/answer exchange.
4. Verifying connectivity 4. Verifying connectivity
The above definitions of send and receive connectivity preconditions The above definitions of send and receive connectivity preconditions
beg two questions: How does the sender of a packet know the other beg two questions: How does the sender of a packet know the other
party received it, and how does the receiver of a packet know who party received it, and how does the receiver of a packet know who
sent it (in particular, the correlation between an incoming media sent it (in particular, the correlation between an incoming media
packet and a particular SIP dialog may not be obvious). packet and a particular SIP dialog may not be obvious) ?
Media stream connectivity can be ascertained in a variety of ways. Media stream connectivity can be ascertained in a variety of ways.
This document does not mandate any particular mechanism for doing so, This document does not mandate any particular mechanism for doing so,
however the appropriate machinery is likely to vary depending on the however the appropriate machinery is likely to vary depending on the
type of transport used for media carriage. In order to comply with type of transport used for media carriage. In order to comply with
the intent of an endpoint requiring connectivity preconditions, the the intent of an endpoint requiring connectivity preconditions, the
following general principles apply: following general principles apply:
o The 3-way handshake connection establishment procedures of a o The 3-way handshake connection establishment procedures of a
reliable transport protocol such as TCP are usually adequate to reliable transport protocol such as TCP are usually adequate to
demonstrate bi-directional connectivity (and hence "sendrecv" demonstrate bi-directional connectivity (and hence "sendrecv"
media capability). Probe packets sent over the connection are media capability). Probe packets sent over the connection are
generally not required to satisfy the precondition. generally not required to satisfy the precondition.
o A pure datagram transport such as UDP (whether carrying RTP or o A pure datagram transport such as UDP (whether carrying RTP or
some other protocol) by itself provides no useful feedback about some other protocol) by itself provides no useful feedback about
connectivity. Hence, some sort of probe traffic is necessary to connectivity. Hence, some sort of probe traffic is necessary to
ascertain whether packets are being received successfully. ascertain whether packets are being received successfully.
o Connectivity preconditions are used to verify connectivity based
on the address information exchanged in offers and answers. When
overlapping IP address spaces are used (e.g. because one or both
endpoints are behind a Network Address Translator), it is possible
to inadvertently verify connectivity with an unrelated entity. In
order to address this issue, a correlation mechanism is needed
between media stream packets on one side and offers and answers on
the other side. ICE [7] defines one such correlation mechanism,
however use of it is above and beyond the connection-oriented
connectivity preconditions defined here.
o Some connection-oriented transport protocols may allow the data o Some connection-oriented transport protocols may allow the data
transfer phase to operate in an unreliable mode (today there is no transfer phase to operate in an unreliable mode (today there is no
standards-track IETF protocol which exhibits this characteristic). standards-track IETF protocol which exhibits this characteristic).
In such cases the success of connection establishment may not In such cases the success of connection establishment may not
definitively demonstrate connectivity in the data phase, and hence definitively demonstrate connectivity in the data phase, and hence
probe traffic MAY be necessary to ascertain if the precondition is probe traffic MAY be necessary to ascertain if the precondition is
met. met.
o Hybrid protocols such as DCCP [13] provide their own feedback o Hybrid protocols such as DCCP [14] provide their own feedback
channel and initialization procedures, which can serve to verify channel and initialization procedures, which can serve to verify
connectivity without the use of explicit probe traffic. connectivity without the use of explicit probe traffic.
The determination depends on the exact method being used to verify The determination depends on the exact method being used to verify
connectivity. connectivity.
4.1 Procedures for connection-oriented transports 4.1. Procedures for connection-oriented transports
TCP connections are bidirectional and hence there is no difference TCP connections are bidirectional and hence there is no difference
between send and recv connectivity preconditions. Once the TCP between send and recv connectivity preconditions. Once the TCP
three-way hand shake has completed (SYN, SYN-ACK, ACK), the TCP three-way hand shake has completed (SYN, SYN-ACK, ACK), the TCP
connection is established and data can be sent and received by either connection is established and data can be sent and received by either
party, i.e. both a send and a receive connectivity precondition has party, i.e. both a send and a receive connectivity precondition has
been satisfied. Implementations SHOULD NOT require the receipt of been satisfied. Implementations SHOULD NOT require the receipt of
probe traffic in order to consider the precondition satisfied. probe traffic in order to consider the precondition satisfied.
SCTP [8] connections have similar semantics as TCP and SHOULD be SCTP [9] connections have similar semantics as TCP and SHOULD be
treated the same as TCP. treated the same as TCP.
4.2 Procedures for datagram transports When a connection-oriented transport is part of an offer, it may be
passive, active, or active/passive [12]. When it is passive, the
offerer expects the answerer to initiate the connection
establishment, and when it is active, the offerer wants to initiate
the connection establishment. When it is active/passive, the
answerer decides.
Verification of connectivity on datagram transports usually entail SIP and SDP do not provide any inherent capabilities for associating
an incoming media stream packet with a particular dialog. Thus, when
the offerer is passive and an incoming connection is being
established, the offerer cannot guarantee that the packet is
associated with a particular dialog. When SIP forking is being used,
this implies that the offerer cannot determine which of the early
dialogs now has its recv connectivity precondition satisfied - a
correlation mechanism is missing. This turns out not to be a problem
however, since the successful completion of the connection-
establishment procedure itself (e.g. receipt of SYN-ACK in the case
of TCP) informs the answerer that the precondition has been
satisfied, and hence there is no need for the offerer to explicitly
inform the answerer of this (by sending a SIP UPDATE message). In
the absence of a correlation mechanism (e.g. ICE), an answerer
therefore MUST NOT require the offerer to confirm a connectivity
precondition on a connection-oriented transport.
4.2. Procedures for datagram transports
Verification of connectivity on datagram transports usually entails
the sending of probe traffic with some form of feedback to inform the the sending of probe traffic with some form of feedback to inform the
sender whether reception was successful. Any of the following sender whether reception was successful. Techniques that can be used
techniques MAY be used. Other techniques which meet the requirement to verify connectivity on datagram transports include:
of Section 4 above MAY also be used.
o RTP no-op [11]: The sender of an RTP No-Op payload can verify send o ICE [7]: ICE provides one or more candidate addresses in signaling
between the offerer and the answerer and then uses STUN Binding
Requests to determine which pairs of candidate addresses have
connectivity. Each STUN Binding Request contains a password which
is communicated in the SDP as well; this enables correlation
between STUN Binding Requests and candidate addresses for a
particular media stream. In ICE, connectivity is always checked
in both directions by following a state machine with a set of
states for the offerer and a set of states for the answerer: The
offerer ascertains "recv" connectivity for a particular transport
address pair by transitioning into the "validating" state, whereas
"send" connectivity is ascertained by transitioning into the
"valid" state. The answerer ascertains both "send" and "recv"
connectivity for a particular transport address pair by
transitioning into the "send-valid" state. As a consequence of
this, there is never a need for the answerer to request
confirmation of the connectivity precondition when using ICE: the
answerer can determine the status locally. When ICE is used to
verify connectivity preconditions, the precondition is satisfied
as soon as one of the candidates becomes valid, i.e. connectivity
has been verified for all the component transport addresses used
by the media stream. For example, with an RTP-based media stream
where RTCP is not suppressed, connectivity must be ascertained for
both RTP and RTCP; this is a tightening of the general operational
semantics provided in Section 3.2 imposed by ICE. Finally, it
should be noted, that though connectivity has been ascertained, a
new offer/answer exchange may be required before media can
actually flow (per ICE).
o RTP no-op [13]: The sender of an RTP No-Op payload can verify send
connectivity by examining the RTCP report(s) being returned. In connectivity by examining the RTCP report(s) being returned. In
particular, the source SSRC in the RTCP report block is used for particular, the source SSRC in the RTCP report block is used for
correlation. The RTCP report block also contains the SSRC of the correlation. The RTCP report block also contains the SSRC of the
sender of the report and the SSRC of incoming RTP No-Op packets sender of the report and the SSRC of incoming RTP No-Op packets
identifies the sender of the RTP packet. Thus, once send identifies the sender of the RTP packet. Thus, once send
connectivity has been ascertained, receipt of an RTP No-Op packet connectivity has been ascertained, receipt of an RTP No-Op packet
from the same SSRC provides the necessary correlation to determine from the same SSRC provides the necessary correlation to determine
receive connectivity. Alternatively, the duality of send and receive connectivity. Alternatively, the duality of send and
receive preconditions can be exploited, with one side confirming receive preconditions can be exploited, with one side confirming
when his send precondition is satisfied, which in turn implies the when his send precondition is satisfied, which in turn implies the
other sides recv precondition is satisfied. other sides recv precondition is satisfied.
o STUN [2]: The STUN binding request message sent to check
connectivity contains a transaction ID which is returned in the
STUN binding response, thus send connectivity is verified easily.
STUN binding requests also contain a username and a password which
ICE [12] communicates via SIP. When an incoming STUN message is
received, it is therefore easy to determine the source of that
message and hence receive connectivity can be determined that way.
ICE presents the peer with a number of alternative candidate
addresses for a particular media stream. Once connectivity has
been verified for one of those candidate addresses, connectivity
has been verified, regardless of whether this candidate address is
the one that ends up being used. If a media stream consists of
multiple destination addresses, verification of a candidate
address for each must occur in order for the precondition to be
satisfied.
It is however RECOMMENDED that the No-Op RTP payload format be The above are merely examples of techniques that can be used. Other
supported by entities that support connectivity preconditions. This techniques which meet the requirements of Section 4 above can be used
will ensure that all entities that require probe traffic to support as well. It is however RECOMMENDED that ICE be supported by entities
the connectivity preconditions have at least one common way of that support connectivity preconditions for datagram transports. Use
of ICE has the benefit of working for all datagram based media
streams (not just RTP) as well as facilitate NAT and firewall
traversal, which may otherwise interfere with connectivity.
Furthermore, the ICE recommendation provides a baseline to ensure
that all entities that require probe traffic to support the
connectivity preconditions have at least one common way of
ascertaining connectivity. ascertaining connectivity.
5. Examples 5. Examples
The first example uses the connectivity precondition with TCP in the The first example uses the connectivity precondition with TCP in the
context of a session involving a wireless access medium. Both UAs context of a session involving a wireless access medium. Both UAs
use a radio access network that does not allow them to send any data use a radio access network that does not allow them to send any data
(not even a TCP SYN) until a radio bearer has been setup for the (not even a TCP SYN) until a radio bearer has been setup for the
connection. Figure 1 shows the message flow of this example (the connection. Figure 1 shows the message flow of this example (the
PRACK transaction has been omitted for clarity): PRACK transaction has been omitted for clarity):
skipping to change at page 14, line 27 skipping to change at page 14, line 27
a=curr:conn e2e send a=curr:conn e2e send
a=des:conn mandatory e2e sendrecv a=des:conn mandatory e2e sendrecv
6. Security Considerations 6. Security Considerations
In addition to the general security considerations for preconditions In addition to the general security considerations for preconditions
provided in RFC 3312, the following security issues, which are provided in RFC 3312, the following security issues, which are
specific to connectivity preconditions, should be considered. specific to connectivity preconditions, should be considered.
Connectivity preconditions rely on mechanisms beyond SDP, e.g. Connectivity preconditions rely on mechanisms beyond SDP, e.g.
TCP[7] connection establishment, RTP No-Op [11] or STUN [9], to TCP[8] connection establishment, RTP No-Op [13] or STUN [10], to
establish and verify connectivity between an offerer and an answerer. establish and verify connectivity between an offerer and an answerer.
An attacker that prevents those mechanism from succeeding can prevent An attacker that prevents those mechanism from succeeding can prevent
media sessions from being established and hence it is RECOMMENDED media sessions from being established and hence it is RECOMMENDED
that such mechanisms are adequately secured by message authentication that such mechanisms are adequately secured by message authentication
and integrity protection. Also, the mechanisms SHOULD consider how and integrity protection. Also, the mechanisms SHOULD consider how
to prevent denial of service attacks. Similarly, an attacker that to prevent denial of service attacks. Similarly, an attacker that
can forge packets for these mechanisms can enable sessions to be can forge packets for these mechanisms can enable sessions to be
established when there in fact is no media connectivity, which may established when there in fact is no media connectivity, which may
lead to a poor user experience. Authentication and integrity lead to a poor user experience. Authentication and integrity
protection of such mechanisms can prevent this type of attacks and protection of such mechanisms can prevent this type of attacks and
skipping to change at page 15, line 5 skipping to change at page 15, line 7
3261 [3]. 3261 [3].
7. IANA Considerations 7. IANA Considerations
IANA is hereby requested to register a RFC 3312 precondition type IANA is hereby requested to register a RFC 3312 precondition type
called "conn" with the name "Connectivity precondition". The called "conn" with the name "Connectivity precondition". The
reference for this precondition type is the current document. reference for this precondition type is the current document.
8. References 8. References
8.1 Normative References 8.1. Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
[2] Handley, M. and V. Jacobson, "SDP: Session Description [2] Handley, M. and V. Jacobson, "SDP: Session Description
Protocol", RFC 2327, April 1998. Protocol", RFC 2327, April 1998.
[3] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., [3] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002. Session Initiation Protocol", RFC 3261, June 2002.
skipping to change at page 15, line 28 skipping to change at page 15, line 30
Resource Management and Session Initiation Protocol (SIP)", Resource Management and Session Initiation Protocol (SIP)",
RFC 3312, October 2002. RFC 3312, October 2002.
[5] Peterson, J., "S/MIME Advanced Encryption Standard (AES) [5] Peterson, J., "S/MIME Advanced Encryption Standard (AES)
Requirement for the Session Initiation Protocol (SIP)", Requirement for the Session Initiation Protocol (SIP)",
RFC 3853, July 2004. RFC 3853, July 2004.
[6] Camarillo, G. and P. Kyzivat, "Update to the Session Initiation [6] Camarillo, G. and P. Kyzivat, "Update to the Session Initiation
Protocol (SIP) Preconditions Framework", RFC 4032, March 2005. Protocol (SIP) Preconditions Framework", RFC 4032, March 2005.
8.2 Informative References [7] Rosenberg, J., "Interactive Connectivity Establishment (ICE): A
Methodology for Network Address Translator (NAT) Traversal for
Offer/Answer Protocols", draft-ietf-mmusic-ice-05 (work in
progress), July 2005.
[7] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, 8.2. Informative References
[8] Postel, J., "Transmission Control Protocol", STD 7, RFC 793,
September 1981. September 1981.
[8] Stone, J., Stewart, R., and D. Otis, "Stream Control [9] Stone, J., Stewart, R., and D. Otis, "Stream Control
Transmission Protocol (SCTP) Checksum Change", RFC 3309, Transmission Protocol (SCTP) Checksum Change", RFC 3309,
September 2002. September 2002.
[9] Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy, "STUN [10] Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy, "STUN
- Simple Traversal of User Datagram Protocol (UDP) Through - Simple Traversal of User Datagram Protocol (UDP) Through
Network Address Translators (NATs)", RFC 3489, March 2003. Network Address Translators (NATs)", RFC 3489, March 2003.
[10] Schulzrinne, H. and S. Casner, "RTP Profile for Audio and Video [11] Schulzrinne, H. and S. Casner, "RTP Profile for Audio and Video
Conferences with Minimal Control", STD 65, RFC 3551, July 2003. Conferences with Minimal Control", STD 65, RFC 3551, July 2003.
[11] Andreasen, F., "RTP No-Op Payload Format", [12] Yon, D. and G. Camarillo, "TCP-Based Media Transport in the
draft-wing-avt-rtp-noop-01 (work in progress), October 2004. Session Description Protocol (SDP)", RFC 4145, September 2005.
[12] Rosenberg, J., "Interactive Connectivity Establishment (ICE): A [13] Andreasen, F., "A No-Op Payload Format for RTP",
Methodology for Network Address Translator (NAT) Traversal for draft-wing-avt-rtp-noop-03 (work in progress), May 2005.
Multimedia Session Establishment Protocols",
draft-ietf-mmusic-ice-04 (work in progress), February 2005.
[13] Kohler, E., "Datagram Congestion Control Protocol (DCCP)", [14] Kohler, E., "Datagram Congestion Control Protocol (DCCP)",
draft-ietf-dccp-spec-11 (work in progress), March 2005. draft-ietf-dccp-spec-11 (work in progress), March 2005.
Authors' Addresses Authors' Addresses
Flemming Andreasen Flemming Andreasen
Cisco System, Inc. Cisco System, Inc.
499 Thornall Street, 8th Floor 499 Thornall Street, 8th Floor
Edison, NJ 08837 Edison, NJ 08837
USA USA
 End of changes. 36 change blocks. 
78 lines changed or deleted 126 lines changed or added

This html diff was produced by rfcdiff 1.27, available from http://www.levkowetz.com/ietf/tools/rfcdiff/