MMUSIC Working Group                                        F. Andreasen
Internet-Draft                                       Cisco System, Systems, Inc.
Expires: December 3, 2006
Intended status: Standards Track                            G. Camarillo
Expires: May 22, 2008                                           Ericsson
                                                                 D. Oran
                                                      Cisco Systems, Inc
                                                                 D. Wing
                                                     Cisco Systems, Inc.
                                                            June 1, 2006
                                                       November 19, 2007

   Connectivity Preconditions for Session Description Protocol Media
                                Streams
              draft-ietf-mmusic-connectivity-precon-02.txt
              draft-ietf-mmusic-connectivity-precon-03.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on December 3, 2006. May 22, 2008.

Copyright Notice

   Copyright (C) The Internet Society (2006). IETF Trust (2007).

Abstract

   This document defines a new connectivity precondition for the Session
   Description Protocol (SDP) precondition framework described in RFC 3312
   (and its update, RFC4032). framework.  A connectivity
   precondition can be used to delay session establishment or
   modification until media stream connectivity has been verified successfully. successfully
   verified.  The method of verification may vary depending on the type
   of transport used for the media.  For reliable connection-oriented transports such as TCP
   verification is achieved by successful connection establishment.  For unreliable datagram transports
   such as UDP, verification involves probing the stream with data or
   control packets.  For reliable connection-oriented transports such as
   TCP, verification can be achieved simply by successful connection
   establishment or by probing the connection with data or control
   packets, depending on the situation.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  Connectivity Precondition Definition . . . . . . . . . . . . .  3
     3.1.  Syntax . . . . . . . . . . . . . . . . . . . . . . . . . .  3
     3.2.  Operational semantics Semantics  . . . . . . . . . . . . . . . . . .  4
     3.3.  Status type Type  . . . . . . . . . . . . . . . . . . . . . . .  4
     3.4.  Direction tag Tag  . . . . . . . . . . . . . . . . . . . . . .  4  5
     3.5.  Precondition strength Strength  . . . . . . . . . . . . . . . . . .  5
   4.  Verifying connectivity Connectivity . . . . . . . . . . . . . . . . . . . .  6
     4.1.  Procedures for connection-oriented transports  Media Stream to Dialog Correlation . . . . . .  7 . . . . . .  6
     4.2.  Procedures  Explicit Connectivity Verification Mechanisms  . . . . . .  7
     4.3.  Verifying Connectivity for datagram transports Connection-Oriented
           Transports . . . . . . . . . . . . . . . . . .  8 . . . . . .  9
   5.  Connectivity and Other Precondition Types  . . . . . . . . . .  9
   6.  Examples . . . . . . . . . . . . . . . . . . . . . . . . . . .  9
   6.
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 14
   7.
   8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 14
   8.
   9.  Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 15
     8.1.
     9.1.  Changes since -02  . . . . . . . . . . . . . . . . . . . . 15
     9.2.  Changes since -01  . . . . . . . . . . . . . . . . . . . . 15
   9.
   10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
     9.1.
     10.1. Normative References . . . . . . . . . . . . . . . . . . . 15
     9.2.
     10.2. Informative References . . . . . . . . . . . . . . . . . . 15 16
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17
   Intellectual Property and Copyright Statements . . . . . . . . . . 18

1.  Introduction

   The concept of a Session Description Protocol (SDP) [2] [RFC4566]
   precondition in the Session Initiation Protocol (SIP) [SIP] [RFC3261] is
   defined in RFC3312
   [4] [RFC3312] (updated by RFC4032 [6]). [RFC4032]).  A precondition is a
   condition that has to be satisfied for a given media stream in order
   for session establishment or modification to proceed.  When the
   precondition is not met, session progress is delayed until the
   precondition is
   satisfied, satisfied or the session establishment fails.  For
   example, RFC3312 [RFC3312] defines the Quality of Service precondition, which
   is used to ensure availability of network resources prior to
   establishing (i.e.
   alerting) a call. session (i.e., prior to starting alerting the callee).

   SIP sessions are typically established in order to setup one or more
   media streams.  Even though a media stream may be negotiated
   successfully,
   successfully through an SDP offer-answer exchange, the actual media
   stream itself may fail.  For example, when there is one or more
   Network Address Translators (NATs) or firewalls in the media path,
   the media stream may not be received by the far end.  In cases where
   the media is carried over a connection-oriented transport such as TCP
   [8],
   [RFC0793], the connection-establishment procedures may fail.  The
   connectivity precondition defined in this document ensures that
   session progress is delayed until media stream connectivity has been
   verified, or the session itself is abandoned.
   verified.

   The connectivity precondition type defined in this document follows
   the guidelines provided in RFC4032 [6] [RFC4032] to extend the SIP preconditions
   framework.

2.  Terminology

   In this document, the

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT
   RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in BCP 14, RFC 2119 [1] and indicate requirement levels for
   compliant implementations. [RFC2119].

3.  Connectivity Precondition Definition

3.1.  Syntax

   The connectivity precondition type is defined by the string "conn"
   and hence we modify the grammar found in RFC 3312 [RFC3312] as follows:

      precondition-type = "conn" | "qos" | token

   This precondition tag is registered with the IANA in Section 7. 8.

3.2.  Operational semantics Semantics

   According to RFC4032 [6], [RFC4032], documents defining new precondition types
   need to describe the behavior of UAs (User Agents) from the moment
   session establishment is suspended due to a set of preconditions
   until is resumed when these preconditions are met.  An entity that
   wishes to delay session establishment or modification until media
   stream connectivity has been established uses this precondition-type
   in an offer.  When a mandatory connectivity precondition is received
   in an offer, session establishment or modification is delayed until
   the connectivity precondition has been met, i.e., met (i.e., until media stream
   connectivity has been established in the desired direction(s). direction or
   directions).  The delay of session establishment defined here implies
   that alerting of the called party does not occur until the
   precondition has been satisfied.

   Packets may be both sent and received on the media streams in
   question, however
   question.  However, such packets SHOULD be limited to packets that
   are necessary to verify connectivity between the two endpoints
   involved on the media stream, i.e. stream.  That is, the underlying media stream
   SHOULD NOT be cut through.  For example, STUN packets [STUN],
   [I-D.ietf-behave-rfc3489bis], RTP [RFC3550] No-Op
   [I-D.ietf-avt-rtp-no-op] packets and their corresponding RTCP
   reports, as well as TCP SYN and ACK packets can be exchanged on media
   streams that support them as a way of verifying connectivity.

   When

   Some media streams are described by a single 'm' line but,
   nevertheless, involve multiple addresses.  For example, [RFC2733]
   specifies how to send FEC (Forward Error Correction) information as a
   separate stream (the address for the FEC stream is provided in an
   'a=fmtp' line).  When a media stream consists of multiple destination
   addresses, connectivity to all of them MUST be verified in order for
   the precondition to be met.  In the case of RTP-based media streams,
   RTCP connectivity however MAY be verified, but it is not a requirement.

3.3.  Status type

   RFC 3312 Type

   [RFC3312] defines support for two kinds of status types, namely
   segmented and end-to-end.  The connectivity precondition-type defined
   here MUST be used with the end-to-end status type; use of the
   segmented status type is undefined.

3.4.  Direction tag Tag

   The direction attributes defined in RFC 3312 [RFC3312] are interpreted as
   follows:

   o  send: The the party who that generated the session description (the offerer
      in an offer-answer exchange) is sending
      packets on the media stream to the other party, and the other
      party has received at least one of those packets, i.e., packets.  That is, there
      is connectivity in the forward (sending) direction.

   o  recv: The the other party (the answerer in an offer-answer exchange) is sending packets on the media stream to this party,
      the party that generated the session description, and this party
      has received at least one of those packets, i.e., packets.  That is, there is
      connectivity in the backwards (receiving) direction.

   o  sendrecv: Both both the send and recv conditions hold.  In the case of
      a connection-oriented transport such as TCP, once established the
      connection would usually have an associated direction tag of
      sendrecv because it can carry data in both directions.

   Note that a "send" connectivity precondition from the offerer's point
   of view corresponds to a "recv" connectivity precondition from the
   answerer's point of view, and vice versa.  If media stream
   connectivity in both directions is required before session
   establishment or modification continues, the desired status MUST needs to
   be set to "sendrecv".

3.5.  Precondition strength Strength

   Connectivity preconditions may have a strength-tag of either
   "mandatory" or "optional".

   When a mandatory connectivity precondition is offered, offered and the
   answerer cannot satisfy the connectivity precondition, e.g., precondition (e.g., because
   the offer does not include parameters that enable connectivity to be
   verified without media cut through, through) the offer MUST be rejected as
   described in RFC 3312. [RFC3312].

   When an optional connectivity precondition is offered, the answerer
   MUST generate its answer SDP as soon as possible; since possible.  Since session
   progress is not delayed in this case, it is not known whether the
   associated media streams will have connectivity.  If the answerer
   wants to delay session progress until connectivity has been verified,
   the answerer MUST increase the strength of the connectivity
   precondition by using a strength-tag of "mandatory" in the answer.

   Note that use of a "mandatory" precondition requires the presence of
   a SIP "Require" header with the option tag "precondition": "precondition".  Any SIP
   UA that does not support a mandatory precondition will reject such
   requests.  To get around this issue, an optional connectivity
   precondition and the SIP "Supported" header with the option tag
   "precondition" can be used instead.

   Offers with connectivity preconditions in re-INVITEs or UPDATEs
   follow the rules given in Section 6 of RFC 3312, i.e.: [RFC3312].  That is:

      "Both user agents SHOULD continue using the old session parameters
      until all the mandatory preconditions are met.  At that moment,
      the user agents can begin using the new session parameters."

   It should be noted, that

4.  Verifying Connectivity

   Media stream connectivity is ascertained by use of a connectivity
   verification mechanism between the media endpoints.  A connectivity
   verification mechanism may not exist be an explicit mechanism, such as ICE
   [I-D.ietf-mmusic-ice], or it may be an implicit mechanism, such as
   TCP.  Explicit mechanisms provide specifications for when
   connectivity between two
   entities initially, e.g., when one or both entities are behind a
   symmetric NAT.  Subsequent packet exchanges endpoints using an offer/answer exchange is
   ascertained, whereas implicit mechanisms do not.  The verification
   mechanism is negotiated as part of the normal offer/answer exchange,
   however it is not identified explicitly.  More than one mechanism may create
   be negotiated, but the
   necessary address bindings in offerer and answerer need not use the NAT(s) thereby creating
   connectivity. same.
   The ICE [7] methodology for example ensures that such
   bindings are created following an offer/answer exchange.

4.  Verifying rules guide which connectivity

   The above definitions of send and receive verification mechanism
   to use:

   1.  if an explicit connectivity preconditions
   beg two questions: How does the sender of a packet know verification mechanism (e.g., ICE) is
       negotiated, the other
   party received it, and how does precondition is met when the receiver of mechanism verifies
       connectivity successfully, otherwise

   2.  if a packet know who
   sent it (in particular, connection-oriented transport (e.g., TCP) is negotiated, the correlation between
       precondition is met when the connection is established.

   3.  in other cases, an incoming media
   packet and a particular SIP dialog implicit verification mechanism may not be obvious) ?

   Media
       provided by the transport itself or the media stream data using
       the transport (e.g., RTP no-op)

   4.  if none of the above apply, connectivity can cannot be ascertained in a variety of ways. verified
       reliably and the connectivity precondition will never be
       satisfied if requested.

   This document does not mandate any particular mechanism for doing so,
   however connectivity
   verification mechanism; however, in the appropriate machinery is likely following, we provide
   additional considerations for verification mechanisms.

4.1.  Media Stream to vary depending on the
   type of transport used Dialog Correlation

   SIP and SDP do not provide any inherent capabilities for an incoming
   media carriage.  In order to comply stream packet with
   the intent of an endpoint requiring connectivity preconditions, the
   following general principles apply:

   o  The 3-way handshake connection establishment procedures of a
      reliable transport protocol such as TCP are usually adequate particular dialog.  Thus, when an offerer
   is trying to
      demonstrate bi-directional connectivity (and hence "sendrecv" ascertain connectivity, and an incoming media capability).  Probe packets sent over stream
   packet is received, the connection are
      generally offerer may not required know which dialog had its
   "recv" connectivity verified.  Explicit connectivity verification
   mechanisms therefore typically provide a means to satisfy correlate the precondition.
   o  A pure datagram transport such as UDP (whether carrying RTP or
      some other protocol) by itself provides no useful feedback about
      connectivity.  Hence, media
   stream, whose connectivity is being verified, with a particular SIP
   dialog.  However, some sort connectivity verification mechanisms may not
   provide such a correlation.  Therefore, in the absence of probe traffic is necessary a dialog-
   to-media-stream correlation mechanism (e.g., ICE), a UAS (User Agent
   Server) MUST NOT require the offerer to
      ascertain whether packets are being received successfully.
   o confirm a connectivity
   precondition.

4.2.  Explicit Connectivity preconditions are used to verify Verification Mechanisms

   Explicit connectivity based
      on verification mechanisms typically use probe
   traffic with some sort of feedback to inform the address information exchanged in offers sender whether
   reception was successful.  Below we provide two examples of such
   mechanisms, and answers.  When
      overlapping IP address spaces how they are used (e.g. because with connectivity preconditions:

   Interactive Connectivity Establishment (ICE) [I-D.ietf-mmusic-ice]
   provides one or both
      endpoints are behind a Network Address Translator), it is possible
      to inadvertently verify connectivity with an unrelated entity.  In
      order to address this issue, a correlation mechanism is needed
      between media stream packets on one side and offers and answers on
      the other side.  ICE [7] defines one such correlation mechanism,
      however use of it is above and beyond the connection-oriented
      connectivity preconditions defined here.

   o  Some connection-oriented transport protocols may allow the data
      transfer phase to operate in an unreliable mode (today there is no
      standards-track IETF protocol which exhibits this characteristic).
      In such cases the success of connection establishment may not
      definitively demonstrate connectivity in the data phase, and hence
      probe traffic MAY be necessary to ascertain if the precondition is
      met.
   o  Hybrid protocols such as DCCP [14] provide their own feedback
      channel and initialization procedures, which can serve to verify
      connectivity without the use of explicit probe traffic.

   The determination depends on the exact method being used to verify
   connectivity.

4.1.  Procedures for connection-oriented transports

   TCP connections are bidirectional and hence there is no difference
   between send and recv connectivity preconditions.  Once the TCP
   three-way hand shake has completed (SYN, SYN-ACK, ACK), the TCP
   connection is established and data can be sent and received by either
   party, i.e. both a send and a receive connectivity precondition has
   been satisfied.  Implementations SHOULD NOT require the receipt of
   probe traffic in order to consider the precondition satisfied.

   SCTP [9] connections have similar semantics as TCP and SHOULD be
   treated the same as TCP.

   When a connection-oriented transport is part of an offer, it may be
   passive, active, or active/passive [12].  When it is passive, the
   offerer expects the answerer to initiate the connection
   establishment, and when it is active, the offerer wants to initiate
   the connection establishment.  When it is active/passive, the
   answerer decides.

   SIP and SDP do not provide any inherent capabilities for associating
   an incoming media stream packet with a particular dialog.  Thus, when
   the offerer is passive and an incoming connection is being
   established, the offerer cannot guarantee that the packet is
   associated with a particular dialog.  When SIP forking is being used,
   this implies that the offerer cannot determine which of the early
   dialogs now has its recv connectivity precondition satisfied - a
   correlation mechanism is missing.  This turns out not to be a problem
   however, since the successful completion of the connection-
   establishment procedure itself (e.g. receipt of SYN-ACK in the case
   of TCP) informs the answerer that the precondition has been
   satisfied, and hence there is no need for the offerer to explicitly
   inform the answerer of this (by sending a SIP UPDATE message).  In
   the absence of a correlation mechanism (e.g.  ICE), an answerer
   therefore MUST NOT require the offerer to confirm a connectivity
   precondition on a connection-oriented transport.

4.2.  Procedures for datagram transports

   Verification of connectivity on datagram transports usually entails
   the sending of probe traffic with some form of feedback to inform the
   sender whether reception was successful.  Techniques that can be used
   to verify connectivity on datagram transports include:

   o  ICE [7]: ICE provides one or more candidate addresses in signaling more candidate addresses in signaling between the
   offerer and the answerer and then uses STUN Binding Requests to
   determine which pairs of candidate addresses have connectivity.  Each
   STUN Binding Request contains a password which is communicated in the
   SDP as well; this enables correlation between STUN Binding Requests
   and candidate addresses for a particular media stream.  In  This
   furthermore provides correlation with a particular SIP dialog.

   ICE implementations may be either Full or Lite (see [I-D.ietf-mmusic-
   ice]).  Full implementations generate and respond to STUN Binding
   Requests, whereas Lite implementations only respond to them.  With
   ICE, connectivity one side is always checked
      in both directions by following a state machine with controlling agent, and the other side is a set
   controlled agent.  A Full implementation can take on either role,
   whereas a Lite implementation can only be a controlled agent.  The
   controlling agent decides which valid candidate to use and informs
   the controlled agent of
      states for it by identifying the offerer pair as the nominated
   pair.  This leads to the following connectivity precondition rules:

   o  A Full implementation ascertains both "send" and "recv"
      connectivity when it operates as a STUN client and has sent a set of states STUN
      Binding Request that resulted in a successful check for all the answerer: The
      offerer
      components of the media stream (as defined further in ICE).

   o  A Full or a Lite implementation ascertains "recv" connectivity for
      when it operates as a particular transport
      address pair by transitioning into STUN server and has received a STUN Binding
      Request that resulted in a successful response for all the "validating" state, whereas
      components of the media stream (as defined further in ICE).

   o  A Lite implementation ascertains "send" and "recv" connectivity is ascertained by transitioning into
      when the
      "valid" state.  The answerer ascertains both controlling agent has informed it of the nominated pair
      for all the components of the media stream.

   A simpler and slightly more delay-prone alternative to the above
   rules is for all ICE implementations to ascertain "send" and "recv"
   connectivity for a particular transport address pair by
      transitioning into media stream when the "send-valid" state.  As a consequence of
      this, ICE state for that media
   stream has moved to Completed.

   Note that there is never a need for the answerer UAS to request confirmation
   of the connectivity precondition when using ICE: the answerer can
   determine the status locally.  When  Also note, that when ICE is used to
   verify connectivity preconditions, the precondition is not satisfied
      as soon as one of the candidates becomes valid, i.e.
   until connectivity has been verified for all the component transport
   addresses used by the media stream.  For example, with an RTP-based
   media stream where RTCP is not suppressed, connectivity must MUST be
   ascertained for both RTP and RTCP; this is a tightening of the
   general operational semantics provided in Section 3.2 Section 3.2, which
   is imposed by ICE.  Finally, it should be noted, that though although
   connectivity has been ascertained, a new offer/answer exchange may be
   required before media can
      actually flow (per ICE).
   o

   RTP no-op [13]: The [I-D.ietf-avt-rtp-no-op] enables the sender of an RTP No-Op
   payload can to verify send connectivity by examining the RTCP report(s)
   being returned.  In particular, the source SSRC in the RTCP report
   block is used for correlation.  The RTCP report block also contains
   the SSRC of the sender of the report and the SSRC of incoming RTP
   No-Op packets identifies the sender of the RTP packet.  Thus, once RTP packet.  Thus, once
   send connectivity has been ascertained, receipt of an RTP No-Op
   packet from the same SSRC provides the necessary correlation to
   determine receive connectivity.  Alternatively, the duality of send
   and receive preconditions can be exploited, with one side confirming
   when his send precondition is satisfied, which in turn implies the
   other sides recv precondition is satisfied.

   The above are merely examples of explicit connectivity verification
   mechanisms.  Other techniques can be used as well.  It is however
   RECOMMENDED that ICE be supported by entities that support
   connectivity preconditions.  Use of ICE has the benefit of working
   for all media streams (not just RTP) as well as facilitate NAT and
   firewall traversal, which may otherwise interfere with connectivity.
   Furthermore, the ICE recommendation provides a baseline to ensure
   that all entities that require probe traffic to support the
   connectivity preconditions have a common way of ascertaining
   connectivity.

4.3.  Verifying Connectivity for Connection-Oriented Transports

   Connection-oriented transport protocols generally provide an implicit
   connectivity verification mechanism.  Connection establishment
   involves sending traffic in both directions thereby verifying
   connectivity at the transport protocol level.  When the connection-
   oriented protocol uses a three-way (or more) handshake for connection
   establishment, there is no difference between the "send" and "recv"
   precondition.  In the case of TCP for example, once the TCP three-way
   handshake has completed (SYN, SYN-ACK, ACK), the TCP connection is
   established and data can be sent and received by either party (i.e.,
   both a send and a receive connectivity precondition has been ascertained, receipt
   satisfied).  SCTP [RFC4960] connections have similar semantics as TCP
   and SHOULD be treated the same.

   When a connection-oriented transport is part of an RTP No-Op packet
      from offer, it may be
   passive, active, or active/passive [RFC4145].  When it is passive,
   the same SSRC provides offerer expects the necessary correlation answerer to determine
      receive connectivity.  Alternatively, initiate the duality of send connection
   establishment, and
      receive preconditions can be exploited, with one side confirming when his send precondition it is satisfied, which in turn implies active, the
      other sides recv precondition offerer wants to initiate
   the connection establishment.  When it is satisfied.

   The above are merely examples active/passive, the
   answerer decides.  As noted earlier, lack of techniques that a media-stream-to-dialog
   correlation mechanism can be used.  Other
   techniques make it difficult to guarantee with whom
   connectivity has been ascertained.  When the offerer takes on the
   passive role, the offerer will not necessarily know which meet SIP dialog
   originated an incoming connection request.  If the requirements offerer instead is
   active, this problem is avoided.

5.  Connectivity and Other Precondition Types

   The role of Section 4 above can be used
   as well.  It a connectivity precondition is however RECOMMENDED that ICE be supported by entities
   that support to ascertain media stream
   connectivity preconditions before establishing or modifying a session.  The
   underlying intent is for datagram transports.  Use
   of ICE has the benefit two parties to be able to exchange media
   packets successfully.  Connectivity by itself however may not fully
   satisfy this.  Quality of working Service for all datagram based media
   streams (not just RTP) as well as facilitate NAT and firewall
   traversal, which example may otherwise interfere with connectivity.
   Furthermore, be required for the
   media stream; this can be addressed by use of the ICE recommendation provides a baseline to ensure
   that all entities that require probe traffic "qos" preconditions
   defined in [RFC3312].  Similarly, succesful security parameter
   negotiation may be another prequisite to support meeting this; this can be
   addressed by use of the
   connectivity "sec" preconditions have at least one common way of
   ascertaining connectivity.

5. defined in [RFC5027].

6.  Examples

   The first example uses the connectivity precondition with TCP in the
   context of a session involving a wireless access medium.  Both UAs
   use a radio access network that does not allow them to send any data
   (not even a TCP SYN) until a radio bearer has been setup for the
   connection.  Figure 1 shows the message flow of this example (the
   PRACK transaction has been omitted for clarity):

               A                                    B
               |  INVITE                            |
               |  a=curr:conn e2e none              |
               |  a=des:conn mandatory e2e sendrecv |
               |  a=setup:holdconn                  |
               |----------------------------------->|
               |                                    |
               |  183 Session Progress              |
               |  a=curr:conn e2e none              |
               |  a=des:conn mandatory e2e sendrecv |
               |  a=setup:holdconn                  |
               |<-----------------------------------|
               |                                    |
               |  UPDATE                            |
               |  a=curr:conn e2e none              |
               |  a=des:conn mandatory e2e sendrecv |
     A's radio |  a=setup:actpass                   |
     bearer is +----------------------------------->|
     up        |                                    |
               |  200 OK                            |
               |  a=curr:conn e2e none              |
               |  a=des:conn mandatory e2e sendrecv |
               |  a=setup:active                    |
               |<-----------------------------------|
               |                                    |
               |                                    |
               |                                    |
               |                                    | B's radio
               |<---TCP Connection Establishment--->+ bearer is up
               |                                    | B sends TCP SYN
               |                                    |
               |                                    |
               |  180 Ringing                       | TCP connection
               |<-----------------------------------+ is up
               |                                    | B alerts the user
               |                                    |

          Figure 1: Message flow with two types of  preconditions

   A sends an INVITE requesting connection-establishment preconditions.
   The setup attribute in the offer is set to holdconn [RFC4145] because
   A cannot send or receive any data before setting up a radio bearer
   for the connection.

   B agrees to use the connectivity precondition by sending a 183
   (Session Progress) response.  The setup attribute in the answer is
   also set to holdconn because B, like A, cannot send or receive any
   data before setting up a radio bearer for the connection.

   When A's radio bearer is ready, A sends an UPDATE to B with a setup
   attribute with a value of actpass.  This attribute indicates that A
   can perform an active or a passive TCP open.  A is letting B choose
   which endpoint will initiate the connection.

   Since B's radio bearer is not ready yet, B chooses to be the one
   initiating the connection and indicates so with a setup attribute
   with a value of active.  At a later point, when B's radio bearer is
   ready, B initiates the TCP connection towards A.

   Once the TCP connection is established successfully, B alerts the
   callee and sends a 180 (Ringing) response.

   The second example shows a basic SIP session establishment using SDP
   connectivity preconditions and RTP No-Op.  Note that not all SDP
   details are provided in the following. below shows the  The message flow for this
   scenario is shown in Figure 2 below.

                  A                                            B

                  |                                            |
                  |-------------(1) INVITE SDP1--------------->|
                  |                                            |
                  |<------(2) 183 Session Progress SDP2--------|
                  |                                            |
                  |<~~~~~ Connectivity check to A ~~~~~~~~~~~~~|
                  |                                            |
                  |----------------(3) PRACK------------------>|
                  |                                            |
                  |~~~~~ Connectivity to A OK ~~~~~~~~~~~~~~~~>|
                  |                                            |
                  |<-----------(4) 200 OK (PRACK)--------------|
                  |                                            |
                  |~~~~~ Connectivity check to B ~~~~~~~~~~~~~>|
                  |<~~~~ Connectivity to B OK ~~~~~~~~~~~~~~~~~|
                  |                                            |
                  |-------------(5) UPDATE SDP3--------------->|
                  |                                            |
                  |<--------(6) 200 OK (UPDATE) SDP4-----------|
                  |                                            |
                  |<-------------(7) 180 Ringing---------------|
                  |                                            |
                  |                                            |
                  |                                            |

            Figure 2: Connectivity precondition with RTP no-op

   SDP1: A includes a mandatory end-to-end connectivity precondition
   with a desired status of "sendrecv"; this will ensure media stream
   connectivity in both directions before continuing with the session
   setup.  Since media stream connectivity in either direction is
   unknown at this point, the current status is set to "none".  A's
   local status table (see RFC 3312) [RFC3312]) for the connectivity precondition
   is as follows:

       Direction |  Current | Desired Strength |  Confirm
      -----------+----------+------------------+----------
         send    |    no    |   mandatory      |    no
         recv    |    no    |   mandatory      |    no

   and the resulting offer SDP is:

   m=audio 20000 RTP/AVP 0 96
   c=IN IP4 192.0.2.1
   a=rtpmap:96 no-op/8000
   a=curr:conn e2e none
   a=des:conn mandatory e2e sendrecv

   SDP2: When B receives the offer, B sees the mandatory sendrecv
   connectivity precondition.  B can ascertain connectivity to A ("send"
   from B's point of view) by use of the RTP No-Op, however B wants A to
   inform it about connectivity in the other direction ("recv" from B's
   point of view).  B's local status table therefore looks as follows:

       Direction |  Current | Desired Strength |  Confirm
      -----------+----------+------------------+----------
         send    |    no    |   mandatory      |    no
         recv    |    no    |   mandatory      |    no

   Since B wants to ask A for confirmation about the "recv" (from B's
   point of view) connectivity precondition, the resulting answer SDP
   becomes:

     m=audio 30000 RTP/AVP 0 96
     a=rtpmap:96 no-op/8000
     c=IN IP4 192.0.2.4
     a=curr:conn e2e none
     a=des:conn mandatory e2e sendrecv
     a=conf:conn e2e recv

   Meanwhile, B performs a connectivity check to A, which succeeds and
   hence B's local status table is updated as follows:

       Direction |  Current | Desired Strength |  Confirm
      -----------+----------+------------------+----------
         send    |    yes   |   mandatory      |    no
         recv    |    no    |   mandatory      |    no

   Since the "recv" connectivity precondition (from B's point of view)
   is still not satisfied, session establishment remains suspended.

   SDP3: When A receives the answer SDP, A notes that confirmation was
   requested for B's "recv" connectivity precondition, which is the
   "send" precondition from A's point of view.  A performs a
   connectivity check to B, which succeeds, and A's local status table
   becomes:

       Direction |  Current | Desired Strength |  Confirm
      -----------+----------+------------------+----------
         send    |    yes   |   mandatory      |    yes
         recv    |    no    |   mandatory      |    no

   Since B asked for confirmation about the "send" connectivity (from
   A's point of view), A now sends an UPDATE (5) to B to confirm the
   connectivity from A to B:

     m=audio 20000 RTP/AVP 0 96
     a=rtpmap:96 no-op/8000
     c=IN IP4 192.0.2.1
     a=curr:conn e2e send
     a=des:conn mandatory e2e sendrecv

6.

7.  Security Considerations

   In addition to the general security considerations for preconditions
   provided in RFC 3312, [RFC3312], the following security issues, which are
   specific to connectivity preconditions, should be considered.

   Connectivity preconditions rely on mechanisms beyond SDP, e.g.
   TCP[8] SDP such as
   TCP[RFC0793] connection establishment, RTP No-Op [13]
   [I-D.ietf-avt-rtp-no-op], or STUN [10], [I-D.ietf-behave-rfc3489bis] to
   establish and verify connectivity between an offerer and an answerer.
   An attacker that prevents those mechanism from succeeding can prevent
   media sessions from being established and hence it is RECOMMENDED
   that such mechanisms are adequately secured by message authentication
   and integrity protection.  Also, the mechanisms SHOULD consider how
   to prevent denial of service attacks.  Similarly, an attacker that
   can forge packets for these mechanisms can enable sessions to be
   established when there in fact is no media connectivity, which may
   lead to a poor user experience.  Authentication and integrity
   protection of such mechanisms can prevent this type of attacks and
   hence use of it is RECOMMENDED.

   It is also strongly RECOMMENDED that integrity protection be applied
   to the SDP session descriptions.  S/MIME [5] [RFC3853] is the natural
   choice to provide such end-to-end integrity protection, as described
   in RFC
   3261 [3].

7. [RFC3261].

8.  IANA Considerations

   IANA is hereby requested to register a RFC 3312 new precondition type
   called "conn" under
   the Precondition Types used with SIP subregistry, which is located
   under the name "Connectivity precondition".  The
   reference for this Session Initiation Protocol (SIP) Parameters registry.

   Precondition-Type  Description                          Reference
   -----------------  -----------------------------------  ---------
   conn               Connectivity precondition type is            [RFCxxxx]

   [Note to the current document.

8. RFC Editor: replace RFCxxxx with the number assigned to
   this RFC.]

9.  Change Log

8.1.

9.1.  Changes since -02

   Connectivity preconditions are now mechanism agnostic.  Clarified
   when and how to use ICE, RTP no-op, and connection establishment
   procedures to check connectivity.  Clarified relation with other
   precondition types.

9.2.  Changes since -01

   There are no changes since the previous version of the document.

9.

10.  References

9.1.

10.1.  Normative References

   [1]

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [2]  Handley, M.

   [RFC2733]  Rosenberg, J. and V. Jacobson, "SDP: Session Description
        Protocol", H. Schulzrinne, "An RTP Payload Format
              for Generic Forward Error Correction", RFC 2327, April 1998.

   [3] 2733,
              December 1999.

   [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
              A., Peterson, J., Sparks, R., Handley, M., and E.
              Schooler, "SIP: Session Initiation Protocol", RFC 3261,
              June 2002.

   [4]

   [RFC3312]  Camarillo, G., Marshall, W., and J. Rosenberg,
              "Integration of Resource Management and Session Initiation
              Protocol (SIP)", RFC 3312, October 2002.

   [5]

   [RFC3550]  Schulzrinne, H., Casner, S., Frederick, R., and V.
              Jacobson, "RTP: A Transport Protocol for Real-Time
              Applications", STD 64, RFC 3550, July 2003.

   [RFC3853]  Peterson, J., "S/MIME Advanced Encryption Standard (AES)
              Requirement for the Session Initiation Protocol (SIP)",
              RFC 3853, July 2004.

   [6]

   [RFC4032]  Camarillo, G. and P. Kyzivat, "Update to the Session
              Initiation Protocol (SIP) Preconditions Framework",
              RFC 4032, March 2005.

   [7]  Rosenberg, J., "Interactive Connectivity Establishment (ICE): A
        Methodology for Network  Address Translator (NAT) Traversal for
        Offer/Answer Protocols", draft-ietf-mmusic-ice-08 (work in
        progress), March

   [RFC4566]  Handley, M., Jacobson, V., and C. Perkins, "SDP: Session
              Description Protocol", RFC 4566, July 2006.

9.2.

10.2.  Informative References

   [8]

   [RFC0793]  Postel, J., "Transmission Control Protocol", STD 7,
              RFC 793, September 1981.

   [9]   Stone, J., Stewart, R., and D. Otis, "Stream Control
         Transmission Protocol (SCTP) Checksum Change", RFC 3309,
         September 2002.

   [10]  Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy, "STUN
         - Simple Traversal of User Datagram Protocol (UDP) Through
         Network Address Translators (NATs)", RFC 3489, March 2003.

   [11]  Schulzrinne, H. and S. Casner, "RTP Profile for Audio and Video
         Conferences with Minimal Control", STD 65, RFC 3551, July 2003.

   [12]

   [RFC4145]  Yon, D. and G. Camarillo, "TCP-Based Media Transport in
              the Session Description Protocol (SDP)", RFC 4145,
              September 2005.

   [13]

   [RFC4960]  Stewart, R., "Stream Control Transmission Protocol",
              RFC 4960, September 2007.

   [RFC5027]  Andreasen, F. and D. Wing, "Security Preconditions for
              Session Description Protocol (SDP) Media Streams",
              RFC 5027, October 2007.

   [I-D.ietf-avt-rtp-no-op]
              Andreasen, F., "A No-Op Payload Format for RTP",
         draft-wing-avt-rtp-noop-03 RTP",
              draft-ietf-avt-rtp-no-op-04 (work in progress), May 2007.

   [I-D.ietf-mmusic-ice]
              Rosenberg, J., "Interactive Connectivity Establishment
              (ICE): A Protocol for Network Address  Translator (NAT)
              Traversal for Offer/Answer Protocols",
              draft-ietf-mmusic-ice-19 (work in progress), May 2005.

   [14]  Kohler, E., "Datagram Congestion Control Protocol (DCCP)",
         draft-ietf-dccp-spec-13 October 2007.

   [I-D.ietf-mmusic-ice-tcp]
              Rosenberg, J., "TCP Candidates with Interactive
              Connectivity Establishment (ICE",
              draft-ietf-mmusic-ice-tcp-04 (work in progress), December 2005.
              July 2007.

   [I-D.ietf-behave-rfc3489bis]
              Rosenberg, J., Mahy, R., Matthews, P., and D. Wing,
              "Session Traversal Utilities for (NAT) (STUN)",
              draft-ietf-behave-rfc3489bis-13 (work in progress),
              November 2007.

Authors' Addresses

   Flemming Andreasen
   Cisco System, Systems, Inc.
   499 Thornall Street, 8th Floor
   Edison, NJ  08837
   USA

   Email: fandreas@cisco.com

   Gonzalo  Camarillo
   Ericsson
   Hirsalantie 11
   Jorvas  02420
   Finland

   Email: Gonzalo.Camarillo@ericsson.com

   David Oran
   Cisco Systems, Inc Inc.
   7 Ladyslipper Lane
   Acton, MA  01720
   USA

   Email: oran@cisco.com

   Dan Wing
   Cisco Systems, Inc.
   170 West Tasman Drive
   San Jose, CA  94301
   USA

   Email: dwing@cisco.com

Full Copyright Statement

   Copyright (C) The IETF Trust (2007).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.

Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Copyright Statement

   Copyright (C) The Internet Society (2006).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.

Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society. IETF
   Administrative Support Activity (IASA).