MMUSIC Working Group F. Andreasen Internet-Draft Cisco
System,Systems, Inc. Expires: December 3, 2006Intended status: Standards Track G. Camarillo Expires: May 22, 2008 Ericsson D. Oran Cisco Systems, IncD. Wing Cisco Systems, Inc. June 1, 2006November 19, 2007 Connectivity Preconditions for Session Description Protocol Media Streams draft-ietf-mmusic-connectivity-precon-02.txtdraft-ietf-mmusic-connectivity-precon-03.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on December 3, 2006.May 22, 2008. Copyright Notice Copyright (C) The Internet Society (2006).IETF Trust (2007). Abstract This document defines a new connectivity precondition for the Session Description Protocol (SDP) precondition framework described in RFC 3312 (and its update, RFC4032).framework. A connectivity precondition can be used to delay session establishment or modification until media stream connectivity has been verified successfully.successfully verified. The method of verification may vary depending on the type of transport used for the media. For reliable connection-oriented transports such as TCP verification is achieved by successful connection establishment. Forunreliable datagram transports such as UDP, verification involves probing the stream with data or control packets. For reliable connection-oriented transports such as TCP, verification can be achieved simply by successful connection establishment or by probing the connection with data or control packets, depending on the situation. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Connectivity Precondition Definition . . . . . . . . . . . . . 3 3.1. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.2. Operational semanticsSemantics . . . . . . . . . . . . . . . . . . 4 3.3. Status typeType . . . . . . . . . . . . . . . . . . . . . . . 4 3.4. Direction tagTag . . . . . . . . . . . . . . . . . . . . . . 45 3.5. Precondition strengthStrength . . . . . . . . . . . . . . . . . . 5 4. Verifying connectivityConnectivity . . . . . . . . . . . . . . . . . . . . 6 4.1. Procedures for connection-oriented transportsMedia Stream to Dialog Correlation . . . . . . 7. . . . . . 6 4.2. ProceduresExplicit Connectivity Verification Mechanisms . . . . . . 7 4.3. Verifying Connectivity for datagram transportsConnection-Oriented Transports . . . . . . . . . . . . . . . . . . 8. . . . . . 9 5. Connectivity and Other Precondition Types . . . . . . . . . . 9 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 6.7. Security Considerations . . . . . . . . . . . . . . . . . . . 14 7.8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 8.9. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 15 126.96.36.199. Changes since -02 . . . . . . . . . . . . . . . . . . . . 15 9.2. Changes since -01 . . . . . . . . . . . . . . . . . . . . 15 9.10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15 188.8.131.52. Normative References . . . . . . . . . . . . . . . . . . . 15 184.108.40.206. Informative References . . . . . . . . . . . . . . . . . . 1516 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17 Intellectual Property and Copyright Statements . . . . . . . . . . 18 1. Introduction The concept of a Session Description Protocol (SDP) [RFC4566] precondition in the Session Initiation Protocol (SIP) [SIP][RFC3261] is defined in RFC3312 [RFC3312] (updated by RFC4032 ).[RFC4032]). A precondition is a condition that has to be satisfied for a given media stream in order for session establishment or modification to proceed. When the precondition is not met, session progress is delayed until the precondition is satisfied,satisfied or the session establishment fails. For example, RFC3312[RFC3312] defines the Quality of Service precondition, which is used to ensure availability of network resources prior to establishing (i.e. alerting)a call.session (i.e., prior to starting alerting the callee). SIP sessions are typically established in order to setup one or more media streams. Even though a media stream may be negotiated successfully,successfully through an SDP offer-answer exchange, the actual media stream itself may fail. For example, when there is one or more Network Address Translators (NATs) or firewalls in the media path, the media stream may not be received by the far end. In cases where the media is carried over a connection-oriented transport such as TCP ,[RFC0793], the connection-establishment procedures may fail. The connectivity precondition defined in this document ensures that session progress is delayed until media stream connectivity has been verified, or the session itself is abandoned.verified. The connectivity precondition type defined in this document follows the guidelines provided in RFC4032 [RFC4032] to extend the SIP preconditions framework. 2. Terminology In this document, theThe key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED","MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119  and indicate requirement levels for compliant implementations.[RFC2119]. 3. Connectivity Precondition Definition 3.1. Syntax The connectivity precondition type is defined by the string "conn" and hence we modify the grammar found in RFC 3312[RFC3312] as follows: precondition-type = "conn" | "qos" | token This precondition tag is registered with the IANA in Section 7.8. 3.2. Operational semanticsSemantics According to RFC4032 ,[RFC4032], documents defining new precondition types need to describe the behavior of UAs (User Agents) from the moment session establishment is suspended due to a set of preconditions until is resumed when these preconditions are met. An entity that wishes to delay session establishment or modification until media stream connectivity has been established uses this precondition-type in an offer. When a mandatory connectivity precondition is received in an offer, session establishment or modification is delayed until the connectivity precondition has been met, i.e.,met (i.e., until media stream connectivity has been established in the desired direction(s).direction or directions). The delay of session establishment defined here implies that alerting of the called party does not occur until the precondition has been satisfied. Packets may be both sent and received on the media streams in question, howeverquestion. However, such packets SHOULD be limited to packets that are necessary to verify connectivity between the two endpoints involved on the media stream, i.e.stream. That is, the underlying media stream SHOULD NOT be cut through. For example, STUN packets [STUN],[I-D.ietf-behave-rfc3489bis], RTP [RFC3550] No-Op [I-D.ietf-avt-rtp-no-op] packets and their corresponding RTCP reports, as well as TCP SYN and ACK packets can be exchanged on media streams that support them as a way of verifying connectivity. WhenSome media streams are described by a single 'm' line but, nevertheless, involve multiple addresses. For example, [RFC2733] specifies how to send FEC (Forward Error Correction) information as a separate stream (the address for the FEC stream is provided in an 'a=fmtp' line). When a media stream consists of multiple destination addresses, connectivity to all of them MUST be verified in order for the precondition to be met. In the case of RTP-based media streams, RTCP connectivity howeverMAY be verified, but it is not a requirement. 3.3. Status type RFC 3312Type [RFC3312] defines support for two kinds of status types, namely segmented and end-to-end. The connectivity precondition-type defined here MUST be used with the end-to-end status type; use of the segmented status type is undefined. 3.4. Direction tagTag The direction attributes defined in RFC 3312[RFC3312] are interpreted as follows: o send: Thethe party whothat generated the session description (the offerer in an offer-answer exchange)is sending packets on the media stream to the other party, and the other party has received at least one of those packets, i.e.,packets. That is, there is connectivity in the forward (sending) direction. o recv: Thethe other party (the answerer in an offer-answer exchange)is sending packets on the media stream to this party,the party that generated the session description, and this party has received at least one of those packets, i.e.,packets. That is, there is connectivity in the backwards (receiving) direction. o sendrecv: Bothboth the send and recv conditions hold. In the case of a connection-oriented transport such as TCP, once established the connection would usually have an associated direction tag of sendrecv because it can carry data in both directions.Note that a "send" connectivity precondition from the offerer's point of view corresponds to a "recv" connectivity precondition from the answerer's point of view, and vice versa. If media stream connectivity in both directions is required before session establishment or modification continues, the desired status MUSTneeds to be set to "sendrecv". 3.5. Precondition strengthStrength Connectivity preconditions may have a strength-tag of either "mandatory" or "optional". When a mandatory connectivity precondition is offered,offered and the answerer cannot satisfy the connectivity precondition, e.g.,precondition (e.g., because the offer does not include parameters that enable connectivity to be verified without media cut through,through) the offer MUST be rejected as described in RFC 3312.[RFC3312]. When an optional connectivity precondition is offered, the answerer MUST generate its answer SDP as soon as possible; sincepossible. Since session progress is not delayed in this case, it is not known whether the associated media streams will have connectivity. If the answerer wants to delay session progress until connectivity has been verified, the answerer MUST increase the strength of the connectivity precondition by using a strength-tag of "mandatory" in the answer. Note that use of a "mandatory" precondition requires the presence of a SIP "Require" header with the option tag "precondition":"precondition". Any SIP UA that does not support a mandatory precondition will reject such requests. To get around this issue, an optional connectivity precondition and the SIP "Supported" header with the option tag "precondition" can be used instead. Offers with connectivity preconditions in re-INVITEs or UPDATEs follow the rules given in Section 6 of RFC 3312, i.e.:[RFC3312]. That is: "Both user agents SHOULD continue using the old session parameters until all the mandatory preconditions are met. At that moment, the user agents can begin using the new session parameters." It should be noted, that4. Verifying Connectivity Media stream connectivity is ascertained by use of a connectivity verification mechanism between the media endpoints. A connectivity verification mechanism may not existbe an explicit mechanism, such as ICE [I-D.ietf-mmusic-ice], or it may be an implicit mechanism, such as TCP. Explicit mechanisms provide specifications for when connectivity between two entities initially, e.g., when one or both entities are behind a symmetric NAT. Subsequent packet exchangesendpoints using an offer/answer exchange is ascertained, whereas implicit mechanisms do not. The verification mechanism is negotiated as part of the normal offer/answer exchange, however it is not identified explicitly. More than one mechanism may createbe negotiated, but the necessary address bindings inofferer and answerer need not use the NAT(s) thereby creating connectivity.same. The ICE  methodology for example ensures that such bindings are createdfollowing an offer/answer exchange. 4. Verifyingrules guide which connectivity The above definitions of send and receiveverification mechanism to use: 1. if an explicit connectivity preconditions beg two questions: How does the sender of a packet knowverification mechanism (e.g., ICE) is negotiated, the other party received it, and how doesprecondition is met when the receiver ofmechanism verifies connectivity successfully, otherwise 2. if a packet know who sent it (in particular,connection-oriented transport (e.g., TCP) is negotiated, the correlation betweenprecondition is met when the connection is established. 3. in other cases, an incoming media packet and a particular SIP dialogimplicit verification mechanism may notbe obvious) ? Mediaprovided by the transport itself or the media stream data using the transport (e.g., RTP no-op) 4. if none of the above apply, connectivity cancannot be ascertained in a variety of ways.verified reliably and the connectivity precondition will never be satisfied if requested. This document does not mandate any particular mechanism for doing so, howeverconnectivity verification mechanism; however, in the appropriate machinery is likelyfollowing, we provide additional considerations for verification mechanisms. 4.1. Media Stream to vary depending on the type of transport usedDialog Correlation SIP and SDP do not provide any inherent capabilities for an incoming media carriage. In order to complystream packet with the intent of an endpoint requiring connectivity preconditions, the following general principles apply: o The 3-way handshake connection establishment procedures ofa reliable transport protocol such as TCP are usually adequateparticular dialog. Thus, when an offerer is trying to demonstrate bi-directional connectivity (and hence "sendrecv"ascertain connectivity, and an incoming media capability). Probe packets sent overstream packet is received, the connection are generallyofferer may not requiredknow which dialog had its "recv" connectivity verified. Explicit connectivity verification mechanisms therefore typically provide a means to satisfycorrelate the precondition. o A pure datagram transport such as UDP (whether carrying RTP or some other protocol) by itself provides no useful feedback about connectivity. Hence,media stream, whose connectivity is being verified, with a particular SIP dialog. However, some sortconnectivity verification mechanisms may not provide such a correlation. Therefore, in the absence of probe traffic is necessarya dialog- to-media-stream correlation mechanism (e.g., ICE), a UAS (User Agent Server) MUST NOT require the offerer to ascertain whether packets are being received successfully. oconfirm a connectivity precondition. 4.2. Explicit Connectivity preconditions are used to verifyVerification Mechanisms Explicit connectivity based onverification mechanisms typically use probe traffic with some sort of feedback to inform the address information exchanged in offerssender whether reception was successful. Below we provide two examples of such mechanisms, and answers. When overlapping IP address spaceshow they are used (e.g. becausewith connectivity preconditions: Interactive Connectivity Establishment (ICE) [I-D.ietf-mmusic-ice] provides one or both endpoints are behind a Network Address Translator), it is possible to inadvertently verify connectivity with an unrelated entity. In order to address this issue, a correlation mechanism is needed between media stream packets on one side and offers and answers on the other side. ICE  defines one such correlation mechanism, however use of it is above and beyond the connection-oriented connectivity preconditions defined here. o Some connection-oriented transport protocols may allow the data transfer phase to operate in an unreliable mode (today there is no standards-track IETF protocol which exhibits this characteristic). In such cases the success of connection establishment may not definitively demonstrate connectivity in the data phase, and hence probe traffic MAY be necessary to ascertain if the precondition is met. o Hybrid protocols such as DCCP  provide their own feedback channel and initialization procedures, which can serve to verify connectivity without the use of explicit probe traffic. The determination depends on the exact method being used to verify connectivity. 4.1. Procedures for connection-oriented transports TCP connections are bidirectional and hence there is no difference between send and recv connectivity preconditions. Once the TCP three-way hand shake has completed (SYN, SYN-ACK, ACK), the TCP connection is established and data can be sent and received by either party, i.e. both a send and a receive connectivity precondition has been satisfied. Implementations SHOULD NOT require the receipt of probe traffic in order to consider the precondition satisfied. SCTP  connections have similar semantics as TCP and SHOULD be treated the same as TCP. When a connection-oriented transport is part of an offer, it may be passive, active, or active/passive . When it is passive, the offerer expects the answerer to initiate the connection establishment, and when it is active, the offerer wants to initiate the connection establishment. When it is active/passive, the answerer decides. SIP and SDP do not provide any inherent capabilities for associating an incoming media stream packet with a particular dialog. Thus, when the offerer is passive and an incoming connection is being established, the offerer cannot guarantee that the packet is associated with a particular dialog. When SIP forking is being used, this implies that the offerer cannot determine which of the early dialogs now has its recv connectivity precondition satisfied - a correlation mechanism is missing. This turns out not to be a problem however, since the successful completion of the connection- establishment procedure itself (e.g. receipt of SYN-ACK in the case of TCP) informs the answerer that the precondition has been satisfied, and hence there is no need for the offerer to explicitly inform the answerer of this (by sending a SIP UPDATE message). In the absence of a correlation mechanism (e.g. ICE), an answerer therefore MUST NOT require the offerer to confirm a connectivity precondition on a connection-oriented transport. 4.2. Procedures for datagram transports Verification of connectivity on datagram transports usually entails the sending of probe traffic with some form of feedback to inform the sender whether reception was successful. Techniques that can be used to verify connectivity on datagram transports include: o ICE : ICE provides one or more candidate addresses in signalingmore candidate addresses in signaling between the offerer and the answerer and then uses STUN Binding Requests to determine which pairs of candidate addresses have connectivity. Each STUN Binding Request contains a password which is communicated in the SDP as well; this enables correlation between STUN Binding Requests and candidate addresses for a particular media stream. InThis furthermore provides correlation with a particular SIP dialog. ICE implementations may be either Full or Lite (see [I-D.ietf-mmusic- ice]). Full implementations generate and respond to STUN Binding Requests, whereas Lite implementations only respond to them. With ICE, connectivityone side is always checked in both directions by followinga state machine withcontrolling agent, and the other side is a setcontrolled agent. A Full implementation can take on either role, whereas a Lite implementation can only be a controlled agent. The controlling agent decides which valid candidate to use and informs the controlled agent of states forit by identifying the offererpair as the nominated pair. This leads to the following connectivity precondition rules: o A Full implementation ascertains both "send" and "recv" connectivity when it operates as a STUN client and has sent a set of statesSTUN Binding Request that resulted in a successful check for all the answerer: The offerercomponents of the media stream (as defined further in ICE). o A Full or a Lite implementation ascertains "recv" connectivity forwhen it operates as a particular transport address pair by transitioning intoSTUN server and has received a STUN Binding Request that resulted in a successful response for all the "validating" state, whereascomponents of the media stream (as defined further in ICE). o A Lite implementation ascertains "send" and "recv" connectivity is ascertained by transitioning intowhen the "valid" state. The answerer ascertains bothcontrolling agent has informed it of the nominated pair for all the components of the media stream. A simpler and slightly more delay-prone alternative to the above rules is for all ICE implementations to ascertain "send" and "recv" connectivity for a particular transport address pair by transitioning intomedia stream when the "send-valid" state. As a consequence of this,ICE state for that media stream has moved to Completed. Note that there is never a need for the answererUAS to request confirmation of the connectivity precondition when using ICE: the answerer can determine the status locally. WhenAlso note, that when ICE is used to verify connectivity preconditions, the precondition is not satisfied as soon as one of the candidates becomes valid, i.e.until connectivity has been verified for all the component transport addresses used by the media stream. For example, with an RTP-based media stream where RTCP is not suppressed, connectivity mustMUST be ascertained for both RTP and RTCP; this is a tightening of the general operational semantics provided in Section 3.2Section 3.2, which is imposed by ICE. Finally, it should be noted, that thoughalthough connectivity has been ascertained, a new offer/answer exchange may be required before media can actuallyflow (per ICE). oRTP no-op : The[I-D.ietf-avt-rtp-no-op] enables the sender of an RTP No-Op payload canto verify send connectivity by examining the RTCP report(s) being returned. In particular, the source SSRC in the RTCP report block is used for correlation. The RTCP report block also contains the SSRC of the sender of the report and the SSRC of incoming RTP No-Op packets identifies the sender of the RTP packet. Thus, onceRTP packet. Thus, once send connectivity has been ascertained, receipt of an RTP No-Op packet from the same SSRC provides the necessary correlation to determine receive connectivity. Alternatively, the duality of send and receive preconditions can be exploited, with one side confirming when his send precondition is satisfied, which in turn implies the other sides recv precondition is satisfied. The above are merely examples of explicit connectivity verification mechanisms. Other techniques can be used as well. It is however RECOMMENDED that ICE be supported by entities that support connectivity preconditions. Use of ICE has the benefit of working for all media streams (not just RTP) as well as facilitate NAT and firewall traversal, which may otherwise interfere with connectivity. Furthermore, the ICE recommendation provides a baseline to ensure that all entities that require probe traffic to support the connectivity preconditions have a common way of ascertaining connectivity. 4.3. Verifying Connectivity for Connection-Oriented Transports Connection-oriented transport protocols generally provide an implicit connectivity verification mechanism. Connection establishment involves sending traffic in both directions thereby verifying connectivity at the transport protocol level. When the connection- oriented protocol uses a three-way (or more) handshake for connection establishment, there is no difference between the "send" and "recv" precondition. In the case of TCP for example, once the TCP three-way handshake has completed (SYN, SYN-ACK, ACK), the TCP connection is established and data can be sent and received by either party (i.e., both a send and a receive connectivity precondition has been ascertained, receiptsatisfied). SCTP [RFC4960] connections have similar semantics as TCP and SHOULD be treated the same. When a connection-oriented transport is part of an RTP No-Op packet fromoffer, it may be passive, active, or active/passive [RFC4145]. When it is passive, the same SSRC providesofferer expects the necessary correlationanswerer to determine receive connectivity. Alternatively,initiate the duality of sendconnection establishment, and receive preconditions can be exploited, with one side confirmingwhen his send preconditionit is satisfied, which in turn impliesactive, the other sides recv preconditionofferer wants to initiate the connection establishment. When it is satisfied. The above are merely examplesactive/passive, the answerer decides. As noted earlier, lack of techniques thata media-stream-to-dialog correlation mechanism can be used. Other techniquesmake it difficult to guarantee with whom connectivity has been ascertained. When the offerer takes on the passive role, the offerer will not necessarily know which meetSIP dialog originated an incoming connection request. If the requirementsofferer instead is active, this problem is avoided. 5. Connectivity and Other Precondition Types The role of Section 4 above can be used as well. Ita connectivity precondition is however RECOMMENDED that ICE be supported by entities that supportto ascertain media stream connectivity preconditionsbefore establishing or modifying a session. The underlying intent is for datagram transports. Use of ICE hasthe benefittwo parties to be able to exchange media packets successfully. Connectivity by itself however may not fully satisfy this. Quality of workingService for all datagram based media streams (not just RTP) as well as facilitate NAT and firewall traversal, whichexample may otherwise interfere with connectivity. Furthermore,be required for the media stream; this can be addressed by use of the ICE recommendation provides a baseline to ensure that all entities that require probe traffic"qos" preconditions defined in [RFC3312]. Similarly, succesful security parameter negotiation may be another prequisite to supportmeeting this; this can be addressed by use of the connectivity"sec" preconditions have at least one common way of ascertaining connectivity. 5.defined in [RFC5027]. 6. Examples The first example uses the connectivity precondition with TCP in the context of a session involving a wireless access medium. Both UAs use a radio access network that does not allow them to send any data (not even a TCP SYN) until a radio bearer has been setup for the connection. Figure 1 shows the message flow of this example (the PRACK transaction has been omitted for clarity): A B | INVITE | | a=curr:conn e2e none | | a=des:conn mandatory e2e sendrecv | | a=setup:holdconn | |----------------------------------->| | | | 183 Session Progress | | a=curr:conn e2e none | | a=des:conn mandatory e2e sendrecv | | a=setup:holdconn | |<-----------------------------------| | | | UPDATE | | a=curr:conn e2e none | | a=des:conn mandatory e2e sendrecv | A's radio | a=setup:actpass | bearer is +----------------------------------->| up | | | 200 OK | | a=curr:conn e2e none | | a=des:conn mandatory e2e sendrecv | | a=setup:active | |<-----------------------------------| | | | | | | | | B's radio |<---TCP Connection Establishment--->+ bearer is up | | B sends TCP SYN | | | | | 180 Ringing | TCP connection |<-----------------------------------+ is up | | B alerts the user | | Figure 1: Message flow with two types of preconditions A sends an INVITE requesting connection-establishment preconditions. The setup attribute in the offer is set to holdconn [RFC4145] because A cannot send or receive any data before setting up a radio bearer for the connection. B agrees to use the connectivity precondition by sending a 183 (Session Progress) response. The setup attribute in the answer is also set to holdconn because B, like A, cannot send or receive any data before setting up a radio bearer for the connection. When A's radio bearer is ready, A sends an UPDATE to B with a setup attribute with a value of actpass. This attribute indicates that A can perform an active or a passive TCP open. A is letting B choose which endpoint will initiate the connection. Since B's radio bearer is not ready yet, B chooses to be the one initiating the connection and indicates so with a setup attribute with a value of active. At a later point, when B's radio bearer is ready, B initiates the TCP connection towards A. Once the TCP connection is established successfully, B alerts the callee and sends a 180 (Ringing) response. The second example shows a basic SIP session establishment using SDP connectivity preconditions and RTP No-Op. Note that not all SDP details are provided in the following. below shows theThe message flow for this scenario is shown in Figure 2 below. A B | | |-------------(1) INVITE SDP1--------------->| | | |<------(2) 183 Session Progress SDP2--------| | | |<~~~~~ Connectivity check to A ~~~~~~~~~~~~~| | | |----------------(3) PRACK------------------>| | | |~~~~~ Connectivity to A OK ~~~~~~~~~~~~~~~~>| | | |<-----------(4) 200 OK (PRACK)--------------| | | |~~~~~ Connectivity check to B ~~~~~~~~~~~~~>| |<~~~~ Connectivity to B OK ~~~~~~~~~~~~~~~~~| | | |-------------(5) UPDATE SDP3--------------->| | | |<--------(6) 200 OK (UPDATE) SDP4-----------| | | |<-------------(7) 180 Ringing---------------| | | | | | | Figure 2: Connectivity precondition with RTP no-op SDP1: A includes a mandatory end-to-end connectivity precondition with a desired status of "sendrecv"; this will ensure media stream connectivity in both directions before continuing with the session setup. Since media stream connectivity in either direction is unknown at this point, the current status is set to "none". A's local status table (see RFC 3312)[RFC3312]) for the connectivity precondition is as follows: Direction | Current | Desired Strength | Confirm -----------+----------+------------------+---------- send | no | mandatory | no recv | no | mandatory | no and the resulting offer SDP is: m=audio 20000 RTP/AVP 0 96 c=IN IP4 192.0.2.1 a=rtpmap:96 no-op/8000 a=curr:conn e2e none a=des:conn mandatory e2e sendrecv SDP2: When B receives the offer, B sees the mandatory sendrecv connectivity precondition. B can ascertain connectivity to A ("send" from B's point of view) by use of the RTP No-Op, however B wants A to inform it about connectivity in the other direction ("recv" from B's point of view). B's local status table therefore looks as follows: Direction | Current | Desired Strength | Confirm -----------+----------+------------------+---------- send | no | mandatory | no recv | no | mandatory | no Since B wants to ask A for confirmation about the "recv" (from B's point of view) connectivity precondition, the resulting answer SDP becomes: m=audio 30000 RTP/AVP 0 96 a=rtpmap:96 no-op/8000 c=IN IP4 192.0.2.4 a=curr:conn e2e none a=des:conn mandatory e2e sendrecv a=conf:conn e2e recv Meanwhile, B performs a connectivity check to A, which succeeds and hence B's local status table is updated as follows: Direction | Current | Desired Strength | Confirm -----------+----------+------------------+---------- send | yes | mandatory | no recv | no | mandatory | no Since the "recv" connectivity precondition (from B's point of view) is still not satisfied, session establishment remains suspended. SDP3: When A receives the answer SDP, A notes that confirmation was requested for B's "recv" connectivity precondition, which is the "send" precondition from A's point of view. A performs a connectivity check to B, which succeeds, and A's local status table becomes: Direction | Current | Desired Strength | Confirm -----------+----------+------------------+---------- send | yes | mandatory | yes recv | no | mandatory | no Since B asked for confirmation about the "send" connectivity (from A's point of view), A now sends an UPDATE (5) to B to confirm the connectivity from A to B: m=audio 20000 RTP/AVP 0 96 a=rtpmap:96 no-op/8000 c=IN IP4 192.0.2.1 a=curr:conn e2e send a=des:conn mandatory e2e sendrecv 6.7. Security Considerations In addition to the general security considerations for preconditions provided in RFC 3312,[RFC3312], the following security issues, which are specific to connectivity preconditions, should be considered. Connectivity preconditions rely on mechanisms beyond SDP, e.g. TCPSDP such as TCP[RFC0793] connection establishment, RTP No-Op [I-D.ietf-avt-rtp-no-op], or STUN ,[I-D.ietf-behave-rfc3489bis] to establish and verify connectivity between an offerer and an answerer. An attacker that prevents those mechanism from succeeding can prevent media sessions from being established and hence it is RECOMMENDED that such mechanisms are adequately secured by message authentication and integrity protection. Also, the mechanisms SHOULD consider how to prevent denial of service attacks. Similarly, an attacker that can forge packets for these mechanisms can enable sessions to be established when there in fact is no media connectivity, which may lead to a poor user experience. Authentication and integrity protection of such mechanisms can prevent this type of attacks and hence use of it is RECOMMENDED. It is also strongly RECOMMENDED that integrity protection be applied to the SDP session descriptions. S/MIME [RFC3853] is the natural choice to provide such end-to-end integrity protection, as described in RFC 3261 . 7.[RFC3261]. 8. IANA Considerations IANA is hereby requested to register a RFC 3312new precondition type called "conn"under the Precondition Types used with SIP subregistry, which is located under the name "Connectivity precondition". The reference for thisSession Initiation Protocol (SIP) Parameters registry. Precondition-Type Description Reference ----------------- ----------------------------------- --------- conn Connectivity precondition type is[RFCxxxx] [Note to the current document. 8.RFC Editor: replace RFCxxxx with the number assigned to this RFC.] 9. Change Log 220.127.116.11. Changes since -02 Connectivity preconditions are now mechanism agnostic. Clarified when and how to use ICE, RTP no-op, and connection establishment procedures to check connectivity. Clarified relation with other precondition types. 9.2. Changes since -01 There are no changes since the previous version of the document. 9.10. References 18.104.22.168. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.  Handley, M.[RFC2733] Rosenberg, J. and V. Jacobson, "SDP: Session Description Protocol",H. Schulzrinne, "An RTP Payload Format for Generic Forward Error Correction", RFC 2327, April 1998. 2733, December 1999. [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [RFC3312] Camarillo, G., Marshall, W., and J. Rosenberg, "Integration of Resource Management and Session Initiation Protocol (SIP)", RFC 3312, October 2002. [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications", STD 64, RFC 3550, July 2003. [RFC3853] Peterson, J., "S/MIME Advanced Encryption Standard (AES) Requirement for the Session Initiation Protocol (SIP)", RFC 3853, July 2004. [RFC4032] Camarillo, G. and P. Kyzivat, "Update to the Session Initiation Protocol (SIP) Preconditions Framework", RFC 4032, March 2005.  Rosenberg, J., "Interactive Connectivity Establishment (ICE): A Methodology for Network Address Translator (NAT) Traversal for Offer/Answer Protocols", draft-ietf-mmusic-ice-08 (work in progress), March[RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session Description Protocol", RFC 4566, July 2006. 22.214.171.124. Informative References [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, September 1981.  Stone, J., Stewart, R., and D. Otis, "Stream Control Transmission Protocol (SCTP) Checksum Change", RFC 3309, September 2002.  Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy, "STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)", RFC 3489, March 2003.  Schulzrinne, H. and S. Casner, "RTP Profile for Audio and Video Conferences with Minimal Control", STD 65, RFC 3551, July 2003. [RFC4145] Yon, D. and G. Camarillo, "TCP-Based Media Transport in the Session Description Protocol (SDP)", RFC 4145, September 2005. [RFC4960] Stewart, R., "Stream Control Transmission Protocol", RFC 4960, September 2007. [RFC5027] Andreasen, F. and D. Wing, "Security Preconditions for Session Description Protocol (SDP) Media Streams", RFC 5027, October 2007. [I-D.ietf-avt-rtp-no-op] Andreasen, F., "A No-Op Payload Format for RTP", draft-wing-avt-rtp-noop-03RTP", draft-ietf-avt-rtp-no-op-04 (work in progress), May 2007. [I-D.ietf-mmusic-ice] Rosenberg, J., "Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols", draft-ietf-mmusic-ice-19 (work in progress), May 2005.  Kohler, E., "Datagram Congestion Control Protocol (DCCP)", draft-ietf-dccp-spec-13October 2007. [I-D.ietf-mmusic-ice-tcp] Rosenberg, J., "TCP Candidates with Interactive Connectivity Establishment (ICE", draft-ietf-mmusic-ice-tcp-04 (work in progress), December 2005.July 2007. [I-D.ietf-behave-rfc3489bis] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, "Session Traversal Utilities for (NAT) (STUN)", draft-ietf-behave-rfc3489bis-13 (work in progress), November 2007. Authors' Addresses Flemming Andreasen Cisco System,Systems, Inc. 499 Thornall Street, 8th Floor Edison, NJ 08837 USA Email: firstname.lastname@example.org Gonzalo Camarillo Ericsson Hirsalantie 11 Jorvas 02420 Finland Email: Gonzalo.Camarillo@ericsson.com David Oran Cisco Systems, IncInc. 7 Ladyslipper Lane Acton, MA 01720 USA Email: email@example.com Dan Wing Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 94301 USA Email: firstname.lastname@example.org Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property StatementThe IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at email@example.com. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.Acknowledgment Funding for the RFC Editor function is currentlyprovided by the Internet Society.IETF Administrative Support Activity (IASA).