draft-ietf-mmusic-connectivity-precon-07.txt   rfc5898.txt 
MMUSIC Working Group F. Andreasen Internet Engineering Task Force (IETF) F. Andreasen
Internet-Draft Cisco Systems Request for Comments: 5898 Cisco Systems
Intended status: Standards Track G. Camarillo Category: Standards Track G. Camarillo
Expires: September 5, 2010 Ericsson ISSN: 2070-1721 Ericsson
D. Oran D. Oran
D. Wing D. Wing
Cisco Systems Cisco Systems
March 4, 2010 July 2010
Connectivity Preconditions for Session Description Protocol (SDP) Media Connectivity Preconditions for Session Description Protocol (SDP)
Streams Media Streams
draft-ietf-mmusic-connectivity-precon-07.txt
Abstract Abstract
This document defines a new connectivity precondition for the Session This document defines a new connectivity precondition for the Session
Description Protocol (SDP) precondition framework. A connectivity Description Protocol (SDP) precondition framework. A connectivity
precondition can be used to delay session establishment or precondition can be used to delay session establishment or
modification until media stream connectivity has been successfully modification until media stream connectivity has been successfully
verified. The method of verification may vary depending on the type verified. The method of verification may vary depending on the type
of transport used for the media. For unreliable datagram transports of transport used for the media. For unreliable datagram transports
such as UDP, verification involves probing the stream with data or such as UDP, verification involves probing the stream with data or
control packets. For reliable connection-oriented transports such as control packets. For reliable connection-oriented transports such as
TCP, verification can be achieved simply by successful connection TCP, verification can be achieved simply by successful connection
establishment or by probing the connection with data or control establishment or by probing the connection with data or control
packets, depending on the situation. packets, depending on the situation.
Status of this Memo Status of This Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at This is an Internet Standards Track document.
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at This document is a product of the Internet Engineering Task Force
http://www.ietf.org/shadow.html. (IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
This Internet-Draft will expire on September 5, 2010. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc5898.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the BSD License. described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this 10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process. modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other it for publication as an RFC or to translate it into languages other
than English. than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Connectivity Precondition Definition . . . . . . . . . . . . . 4 3. Connectivity Precondition Definition . . . . . . . . . . . . . 4
3.1. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.2. Operational Semantics . . . . . . . . . . . . . . . . . . 5 3.2. Operational Semantics . . . . . . . . . . . . . . . . . . 4
3.3. Status Type . . . . . . . . . . . . . . . . . . . . . . . 5 3.3. Status Type . . . . . . . . . . . . . . . . . . . . . . . 5
3.4. Direction Tag . . . . . . . . . . . . . . . . . . . . . . 5 3.4. Direction Tag . . . . . . . . . . . . . . . . . . . . . . 5
3.5. Precondition Strength . . . . . . . . . . . . . . . . . . 6 3.5. Precondition Strength . . . . . . . . . . . . . . . . . . 5
4. Verifying Connectivity . . . . . . . . . . . . . . . . . . . . 7 4. Verifying Connectivity . . . . . . . . . . . . . . . . . . . . 6
4.1. Media Stream to Dialog Correlation . . . . . . . . . . . . 7 4.1. Correlation of Dialog to Media Stream . . . . . . . . . . 7
4.2. Explicit Connectivity Verification Mechanisms . . . . . . 8 4.2. Explicit Connectivity Verification Mechanisms . . . . . . 7
4.3. Verifying Connectivity for Connection-Oriented 4.3. Verifying Connectivity for Connection-Oriented
Transports . . . . . . . . . . . . . . . . . . . . . . . . 9 Transports . . . . . . . . . . . . . . . . . . . . . . . . 9
5. Connectivity and Other Precondition Types . . . . . . . . . . 10 5. Connectivity and Other Precondition Types . . . . . . . . . . 9
6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
7. Security Considerations . . . . . . . . . . . . . . . . . . . 15 7. Security Considerations . . . . . . . . . . . . . . . . . . . 14
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
9.1. Normative References . . . . . . . . . . . . . . . . . . . 16 9.1. Normative References . . . . . . . . . . . . . . . . . . . 15
9.2. Informative References . . . . . . . . . . . . . . . . . . 17 9.2. Informative References . . . . . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17
1. Introduction 1. Introduction
The concept of a Session Description Protocol (SDP) [RFC4566] The concept of a Session Description Protocol (SDP) [RFC4566]
precondition in the Session Initiation Protocol (SIP) [RFC3261] is precondition in the Session Initiation Protocol (SIP) [RFC3261] is
defined in RFC 3312 [RFC3312] (updated by RFC 4032 [RFC4032]). A defined in RFC 3312 [RFC3312] (updated by RFC 4032 [RFC4032]). A
precondition is a condition that has to be satisfied for a given precondition is a condition that has to be satisfied for a given
media stream in order for session establishment or modification to media stream in order for session establishment or modification to
proceed. When the precondition is not met, session progress is proceed. When the precondition is not met, session progress is
delayed until the precondition is satisfied or the session delayed until the precondition is satisfied or the session
establishment fails. For example, RFC 3312 [RFC3312] defines the establishment fails. For example, RFC 3312 [RFC3312] defines the
Quality of Service precondition, which is used to ensure availability Quality of Service precondition, which is used to ensure availability
of network resources prior to establishing a session (i.e., prior to of network resources prior to establishing a session (i.e., prior to
starting alerting the callee). starting to alert the callee).
SIP sessions are typically established in order to setup one or more SIP sessions are typically established in order to set up one or more
media streams. Even though a media stream may be negotiated media streams. Even though a media stream may be negotiated
successfully through an SDP offer-answer exchange, the actual media successfully through an SDP offer-answer exchange, the actual media
stream itself may fail. For example, when there is one or more stream itself may fail. For example, when there is one or more
Network Address Translators (NATs) or firewalls in the media path, Network Address Translators (NATs) or firewalls in the media path,
the media stream may not be received by the far end. In cases where the media stream may not be received by the far end. In cases where
the media is carried over a connection-oriented transport such as TCP the media is carried over a connection-oriented transport such as TCP
[RFC0793], the connection-establishment procedures may fail. The [RFC0793], the connection-establishment procedures may fail. The
connectivity precondition defined in this document ensures that connectivity precondition defined in this document ensures that
session progress is delayed until media stream connectivity has been session progress is delayed until media stream connectivity has been
verified. verified.
skipping to change at page 4, line 45 skipping to change at page 4, line 19
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
3. Connectivity Precondition Definition 3. Connectivity Precondition Definition
3.1. Syntax 3.1. Syntax
The connectivity precondition type is defined by the string "conn" The connectivity precondition type is defined by the string "conn",
and hence we modify the grammar found in RFC 3312 [RFC3312] and RFC and hence we modify the grammar found in RFC 3312 [RFC3312] and RFC
5027 [RFC5027] as follows: 5027 [RFC5027] as follows:
precondition-type = "conn" / "sec" / "qos" / token precondition-type = "conn" / "sec" / "qos" / token
This precondition tag is registered with the IANA in Section 8. This precondition tag is registered with the IANA in Section 8.
3.2. Operational Semantics 3.2. Operational Semantics
According to RFC 4032 [RFC4032], documents defining new precondition According to RFC 4032 [RFC4032], documents defining new precondition
skipping to change at page 5, line 29 skipping to change at page 4, line 47
modification is delayed until the connectivity precondition has been modification is delayed until the connectivity precondition has been
met (i.e., until media stream connectivity has been established in met (i.e., until media stream connectivity has been established in
the desired direction or directions). The delay of session the desired direction or directions). The delay of session
establishment defined here implies that alerting of the called party establishment defined here implies that alerting of the called party
does not occur until the precondition has been satisfied. does not occur until the precondition has been satisfied.
Packets may be both sent and received on the media streams in Packets may be both sent and received on the media streams in
question. However, such packets SHOULD be limited to packets that question. However, such packets SHOULD be limited to packets that
are necessary to verify connectivity between the two endpoints are necessary to verify connectivity between the two endpoints
involved on the media stream. That is, the underlying media stream involved on the media stream. That is, the underlying media stream
SHOULD NOT be cut through. For example, ICE connectivity checks SHOULD NOT be cut through. For example, Interactive Connectivity
[I-D.ietf-mmusic-ice] and TCP SYN and ACK packets can be exchanged on Establishment (ICE) connectivity checks [RFC5245] and TCP SYN, SYN-
media streams that support them as a way of verifying connectivity. ACK, and ACK packets can be exchanged on media streams that support
them as a way of verifying connectivity.
Some media streams are described by a single 'm' line but, Some media streams are described by a single 'm' line but,
nevertheless, involve multiple addresses. For example, RFC 5109 nevertheless, involve multiple addresses. For example, RFC 5109
[RFC5109] specifies how to send FEC (Forward Error Correction) [RFC5109] specifies how to send FEC (Forward Error Correction)
information as a separate stream (the address for the FEC stream is information as a separate stream (the address for the FEC stream is
provided in an 'a=fmtp' line). When a media stream consists of provided in an 'a=fmtp' line). When a media stream consists of
multiple destination addresses, connectivity to all of them MUST be multiple destination addresses, connectivity to all of them MUST be
verified in order for the precondition to be met. verified in order for the precondition to be met. In the case of RTP
media streams [RFC3550] that use RTCP, connectivity MUST be verified
for both RTP and RTCP; the RTCP transmission interval rules MUST
still be adhered to.
3.3. Status Type 3.3. Status Type
RFC 3312 [RFC3312] defines support for two kinds of status types, RFC 3312 [RFC3312] defines support for two kinds of status types --
namely segmented and end-to-end. The connectivity precondition-type namely, segmented and end-to-end. The connectivity precondition-type
defined here MUST be used with the end-to-end status type; use of the defined here MUST be used with the end-to-end status type; use of the
segmented status type is undefined. segmented status type is undefined.
3.4. Direction Tag 3.4. Direction Tag
The direction attributes defined in RFC 3312 [RFC3312] are The direction attributes defined in RFC 3312 [RFC3312] are
interpreted as follows: interpreted as follows:
o send: the party that generated the session description is sending o send: the party that generated the session description is sending
packets on the media stream to the other party, and the other packets on the media stream to the other party, and the other
skipping to change at page 6, line 43 skipping to change at page 6, line 19
described in RFC 3312 [RFC3312]. described in RFC 3312 [RFC3312].
When an optional connectivity precondition is offered, the answerer When an optional connectivity precondition is offered, the answerer
MUST generate its answer SDP as soon as possible. Since session MUST generate its answer SDP as soon as possible. Since session
progress is not delayed in this case, it is not known whether the progress is not delayed in this case, it is not known whether the
associated media streams will have connectivity. If the answerer associated media streams will have connectivity. If the answerer
wants to delay session progress until connectivity has been verified, wants to delay session progress until connectivity has been verified,
the answerer MUST increase the strength of the connectivity the answerer MUST increase the strength of the connectivity
precondition by using a strength-tag of "mandatory" in the answer. precondition by using a strength-tag of "mandatory" in the answer.
Note that use of a "mandatory" precondition requires the presence of Note that use of a mandatory precondition requires the presence of a
a SIP "Require" header with the option tag "precondition". Any SIP SIP "Require" header with the option tag "precondition". Any SIP UA
UA that does not support a mandatory precondition will reject such that does not support a mandatory precondition will reject such
requests. To get around this issue, an optional connectivity requests. To get around this issue, an optional connectivity
precondition and the SIP "Supported" header with the option tag precondition and the SIP "Supported" header with the option tag
"precondition" can be used instead. "precondition" can be used instead.
Offers with connectivity preconditions in re-INVITEs or UPDATEs Offers with connectivity preconditions in re-INVITEs or UPDATEs
follow the rules given in Section 6 of RFC 3312 [RFC3312]. That is: follow the rules given in Section 6 of RFC 3312 [RFC3312]. That is:
"Both user agents SHOULD continue using the old session parameters Both user agents SHOULD continue using the old session parameters
until all the mandatory preconditions are met. At that moment, until all the mandatory preconditions are met. At that moment,
the user agents can begin using the new session parameters." the user agents can begin using the new session parameters.
4. Verifying Connectivity 4. Verifying Connectivity
Media stream connectivity is ascertained by use of a connectivity Media stream connectivity is ascertained by use of a connectivity
verification mechanism between the media endpoints. A connectivity verification mechanism between the media endpoints. A connectivity
verification mechanism may be an explicit mechanism, such as ICE verification mechanism may be an explicit mechanism, such as ICE
[I-D.ietf-mmusic-ice] or ICE TCP [I-D.ietf-mmusic-ice-tcp], or it may [RFC5245] or ICE TCP [ICE-TCP], or it may be an implicit mechanism,
be an implicit mechanism, such as TCP. Explicit mechanisms provide such as TCP. Explicit mechanisms provide specifications for when
specifications for when connectivity between two endpoints using an connectivity between two endpoints using an offer/answer exchange is
offer/answer exchange is ascertained, whereas implicit mechanisms do ascertained, whereas implicit mechanisms do not. The verification
not. The verification mechanism is negotiated as part of the normal mechanism is negotiated as part of the normal offer/answer exchange;
offer/answer exchange, however it is not identified explicitly. More however, it is not identified explicitly. More than one mechanism
than one mechanism may be negotiated, but the offerer and answerer may be negotiated, but the offerer and answerer need not use the
need not use the same. The following rules guide which connectivity same. The following rules guide which connectivity verification
verification mechanism to use: mechanism to use:
1. if an explicit connectivity verification mechanism (e.g., ICE) is o If an explicit connectivity verification mechanism (e.g., ICE) is
negotiated, the precondition is met when the mechanism verifies negotiated, the precondition is met when the mechanism verifies
connectivity successfully, otherwise connectivity successfully.
2. if a connection-oriented transport (e.g., TCP) is negotiated, the o Otherwise, if a connection-oriented transport (e.g., TCP) is
precondition is met when the connection is established, otherwise negotiated, the precondition is met when the connection is
established.
3. if an implicit verification mechanism is provided by the o Otherwise, if an implicit verification mechanism is provided by
transport itself or the media stream data using the transport, the transport itself or the media stream data using the transport,
the precondition is met when the mechanism verifies connectivity the precondition is met when the mechanism verifies connectivity
successfully, otherwise successfully.
4. connectivity cannot be verified reliably and the connectivity o Otherwise, connectivity cannot be verified reliably, and the
precondition will never be satisfied if requested. connectivity precondition will never be satisfied if requested.
This document does not mandate any particular connectivity This document does not mandate any particular connectivity
verification mechanism; however, in the following, we provide verification mechanism; however, in the following, we provide
additional considerations for verification mechanisms. additional considerations for verification mechanisms.
4.1. Media Stream to Dialog Correlation 4.1. Correlation of Dialog to Media Stream
SIP and SDP do not provide any inherent capabilities for associating SIP and SDP do not provide any inherent capabilities for associating
an incoming media stream packet with a particular dialog. Thus, when an incoming media stream packet with a particular dialog. Thus, when
an offerer is trying to ascertain connectivity, and an incoming media an offerer is trying to ascertain connectivity, and an incoming media
stream packet is received, the offerer may not know which dialog had stream packet is received, the offerer may not know which dialog had
its "recv" connectivity verified. Explicit connectivity verification its "recv" connectivity verified. Explicit connectivity verification
mechanisms therefore typically provide a means to correlate the media mechanisms therefore typically provide a means to correlate the media
stream, whose connectivity is being verified, with a particular SIP stream, whose connectivity is being verified, with a particular SIP
dialog. However, some connectivity verification mechanisms may not dialog. However, some connectivity verification mechanisms may not
provide such a correlation. In the absence of a dialog-to-media- provide such a correlation. In the absence of a mechanism for the
stream correlation mechanism (e.g., ICE), a UAS (User Agent Server) correlation of dialog to media stream (e.g., ICE), a UAS (User Agent
MUST NOT require the offerer to confirm a connectivity precondition. Server) MUST NOT require the offerer to confirm a connectivity
precondition.
4.2. Explicit Connectivity Verification Mechanisms 4.2. Explicit Connectivity Verification Mechanisms
Explicit connectivity verification mechanisms typically use probe Explicit connectivity verification mechanisms typically use probe
traffic with some sort of feedback to inform the sender whether traffic with some sort of feedback to inform the sender whether
reception was successful. Below we provide two examples of such reception was successful. Below we provide two examples of such
mechanisms, and how they are used with connectivity preconditions: mechanisms, and how they are used with connectivity preconditions:
Interactive Connectivity Establishment (ICE) [I-D.ietf-mmusic-ice] Interactive Connectivity Establishment (ICE) [RFC5245] provides one
provides one or more candidate addresses in signaling between the or more candidate addresses in signaling between the offerer and the
offerer and the answerer and then uses STUN Binding Requests to answerer and then uses STUN (Simple Traversal of the UDP Protocol
determine which pairs of candidate addresses have connectivity. Each through NAT) Binding Requests to determine which pairs of candidate
STUN Binding Request contains a password which is communicated in the addresses have connectivity. Each STUN Binding Request contains a
SDP as well; this enables correlation between STUN Binding Requests password that is communicated in the SDP as well; this enables
and candidate addresses for a particular media stream. It also correlation between STUN Binding Requests and candidate addresses for
provides correlation with a particular SIP dialog. a particular media stream. It also provides correlation with a
particular SIP dialog.
ICE implementations may be either Full or Lite (see ICE implementations may be either full or lite (see [RFC5245]). Full
[I-D.ietf-mmusic-ice]). Full implementations generate and respond to implementations generate and respond to STUN Binding Requests,
STUN Binding Requests, whereas Lite implementations only respond to whereas lite implementations only respond to them. With ICE, one
them. With ICE, one side is a controlling agent, and the other side side is a controlling agent, and the other side is a controlled
is a controlled agent. A Full implementation can take on either agent. A full implementation can take on either role, whereas a lite
role, whereas a Lite implementation can only be a controlled agent. implementation can only be a controlled agent. The controlling agent
The controlling agent decides which valid candidate to use and decides which valid candidate to use and informs the controlled agent
informs the controlled agent of it by identifying the pair as the of it by identifying the pair as the nominated pair. This leads to
nominated pair. This leads to the following connectivity the following connectivity precondition rules:
precondition rules:
o A Full implementation ascertains both "send" and "recv" o A full implementation ascertains both "send" and "recv"
connectivity when it operates as a STUN client and has sent a STUN connectivity when it operates as a STUN client and has sent a STUN
Binding Request that resulted in a successful check for all the Binding Request that resulted in a successful check for all the
components of the media stream (as defined further in ICE). components of the media stream (as defined further in ICE).
o A Full or a Lite implementation ascertains "recv" connectivity o A full or a lite implementation ascertains "recv" connectivity
when it operates as a STUN server and has received a STUN Binding when it operates as a STUN server and has received a STUN Binding
Request that resulted in a successful response for all the Request that resulted in a successful response for all the
components of the media stream (as defined further in ICE). components of the media stream (as defined further in ICE).
o A Lite implementation ascertains "send" and "recv" connectivity o A lite implementation ascertains "send" and "recv" connectivity
when the controlling agent has informed it of the nominated pair when the controlling agent has informed it of the nominated pair
for all the components of the media stream. for all the components of the media stream.
A simpler and slightly more delay-prone alternative to the above A simpler and slightly more delay-prone alternative to the above
rules is for all ICE implementations to ascertain "send" and "recv" rules is for all ICE implementations to ascertain "send" and "recv"
connectivity for a media stream when the ICE state for that media connectivity for a media stream when the ICE state for that media
stream has moved to Completed. stream has moved to Completed.
Note that there is never a need for the answerer to request Note that there is never a need for the answerer to request
confirmation of the connectivity precondition when using ICE: the confirmation of the connectivity precondition when using ICE: the
answerer can determine the status locally. Also note, that when ICE answerer can determine the status locally. Also note, that when ICE
is used to verify connectivity preconditions, the precondition is not is used to verify connectivity preconditions, the precondition is not
satisfied until connectivity has been verified for all the component satisfied until connectivity has been verified for all the component
transport addresses used by the media stream. For example, with an transport addresses used by the media stream. For example, with an
RTP-based media stream where RTCP is not suppressed, connectivity RTP-based media stream where RTCP is not suppressed, connectivity
MUST be ascertained for both RTP and RTCP; this is a tightening of MUST be ascertained for both RTP and RTCP. Finally, it should be
the general operational semantics provided in Section 3.2, which is noted, that although connectivity has been ascertained, a new offer/
imposed by ICE. Finally, it should be noted, that although answer exchange may be required before media can flow (per ICE).
connectivity has been ascertained, a new offer/answer exchange may be
required before media can flow (per ICE).
The above are merely examples of explicit connectivity verification The above are merely examples of explicit connectivity verification
mechanisms. Other techniques can be used as well. It is however mechanisms. Other techniques can be used as well. It is however
RECOMMENDED that ICE be supported by entities that support RECOMMENDED that ICE be supported by entities that support
connectivity preconditions. Use of ICE has the benefit of working connectivity preconditions. Use of ICE has the benefit of working
for all media streams (not just RTP) as well as facilitate NAT and for all media streams (not just RTP) as well as facilitating NAT and
firewall traversal, which may otherwise interfere with connectivity. firewall traversal, which may otherwise interfere with connectivity.
Furthermore, the ICE recommendation provides a baseline to ensure Furthermore, the ICE recommendation provides a baseline to ensure
that all entities that require probe traffic to support the that all entities that require probe traffic to support the
connectivity preconditions have a common way of ascertaining connectivity preconditions have a common way of ascertaining
connectivity. connectivity.
4.3. Verifying Connectivity for Connection-Oriented Transports 4.3. Verifying Connectivity for Connection-Oriented Transports
Connection-oriented transport protocols generally provide an implicit Connection-oriented transport protocols generally provide an implicit
connectivity verification mechanism. Connection establishment connectivity verification mechanism. Connection establishment
involves sending traffic in both directions thereby verifying involves sending traffic in both directions thereby verifying
connectivity at the transport protocol level. When a three-way (or connectivity at the transport-protocol level. When a three-way (or
more) handshake for connection establishment succeeds, bi-directional more) handshake for connection establishment succeeds, bi-directional
communication is confirmed and both the "send" and "recv" communication is confirmed and both the "send" and "recv"
preconditions are satisfied whether requested or not. In the case of preconditions are satisfied whether requested or not. In the case of
TCP for example, once the TCP three-way handshake has completed (SYN, TCP for example, once the TCP three-way handshake has completed (SYN,
SYN-ACK, ACK), the TCP connection is established and data can be sent SYN-ACK, ACK), the TCP connection is established and data can be sent
and received by either party (i.e., both a send and a receive and received by either party (i.e., both a send and a receive
connectivity precondition has been satisfied). SCTP [RFC4960] connectivity precondition has been satisfied). SCTP (Stream Control
connections have similar semantics as TCP and SHOULD be treated the Transmission Protocol) [RFC4960] connections have similar semantics
same. as TCP and SHOULD be treated the same.
When a connection-oriented transport is part of an offer, it may be When a connection-oriented transport is part of an offer, it may be
passive, active, or active/passive [RFC4145]. When it is passive, passive, active, or active/passive [RFC4145]. When it is passive,
the offerer expects the answerer to initiate the connection the offerer expects the answerer to initiate the connection
establishment, and when it is active, the offerer wants to initiate establishment, and when it is active, the offerer wants to initiate
the connection establishment. When it is active/passive, the the connection establishment. When it is active/passive, the
answerer decides. As noted earlier, lack of a media-stream-to-dialog answerer decides. As noted earlier, lack of a media-stream-to-dialog
correlation mechanism can make it difficult to guarantee with whom correlation mechanism can make it difficult to guarantee with whom
connectivity has been ascertained. When the offerer takes on the connectivity has been ascertained. When the offerer takes on the
passive role, the offerer will not necessarily know which SIP dialog passive role, the offerer will not necessarily know which SIP dialog
originated an incoming connection request. If the offerer instead is originated an incoming connection request. If the offerer instead is
active, this problem is avoided. active, this problem is avoided.
5. Connectivity and Other Precondition Types 5. Connectivity and Other Precondition Types
The role of a connectivity precondition is to ascertain media stream The role of a connectivity precondition is to ascertain media stream
connectivity before establishing or modifying a session. The connectivity before establishing or modifying a session. The
underlying intent is for the two parties to be able to exchange media underlying intent is for the two parties to be able to exchange media
packets successfully. Connectivity by itself however may not fully packets successfully. However, connectivity by itself may not fully
satisfy this. Quality of Service for example may be required for the satisfy this. Quality of Service, for example, may be required for
media stream; this can be addressed by use of the "qos" precondition the media stream; this can be addressed by use of the "qos"
defined in RFC 3312 [RFC3312]. Similarly, successful security precondition defined in RFC 3312 [RFC3312]. Similarly, successful
parameter negotiation may be another prerequisite; this can be security parameter negotiation may be another prerequisite; this can
addressed by use of the "sec" precondition defined in RFC 5027 be addressed by use of the "sec" precondition defined in RFC 5027
[RFC5027]. [RFC5027].
6. Examples 6. Examples
The first example uses the connectivity precondition with TCP in the The first example uses the connectivity precondition with TCP in the
context of a session involving a wireless access medium. Both UAs context of a session involving a wireless access medium. Both UAs
use a radio access network that does not allow them to send any data use a radio access network that does not allow them to send any data
(not even a TCP SYN) until a radio bearer has been setup for the (not even a TCP SYN) until a radio bearer has been set up for the
connection. Figure 1 shows the message flow of this example (the connection. Figure 1 shows the message flow of this example (the
required PRACK transaction has been omitted for clarity): required PRACK transaction has been omitted for clarity -- see
[RFC3312] for details):
A B A B
| INVITE | | INVITE |
| a=curr:conn e2e none | | a=curr:conn e2e none |
| a=des:conn mandatory e2e sendrecv | | a=des:conn mandatory e2e sendrecv |
| a=setup:holdconn | | a=setup:holdconn |
|----------------------------------->| |----------------------------------->|
| | | |
| 183 Session Progress | | 183 Session Progress |
| a=curr:conn e2e none | | a=curr:conn e2e none |
skipping to change at page 11, line 42 skipping to change at page 10, line 52
| | B's radio | | B's radio
|<---TCP Connection Establishment--->+ bearer is up |<---TCP Connection Establishment--->+ bearer is up
| | B sends TCP SYN | | B sends TCP SYN
| | | |
| | | |
| 180 Ringing | TCP connection | 180 Ringing | TCP connection
|<-----------------------------------+ is up |<-----------------------------------+ is up
| | B alerts the user | | B alerts the user
| | | |
Figure 1: Message flow with two types of preconditions Figure 1: Message Flow with Two Types of Preconditions
A sends an INVITE requesting connection-establishment preconditions. A sends an INVITE requesting connection-establishment preconditions.
The setup attribute in the offer is set to holdconn [RFC4145] because The setup attribute in the offer is set to holdconn [RFC4145] because
A cannot send or receive any data before setting up a radio bearer A cannot send or receive any data before setting up a radio bearer
for the connection. for the connection.
B agrees to use the connectivity precondition by sending a 183 B agrees to use the connectivity precondition by sending a 183
(Session Progress) response. The setup attribute in the answer is (Session Progress) response. The setup attribute in the answer is
also set to holdconn because B, like A, cannot send or receive any also set to holdconn because B, like A, cannot send or receive any
data before setting up a radio bearer for the connection. data before setting up a radio bearer for the connection.
When A's radio bearer is ready, A sends an UPDATE to B with a setup When A's radio bearer is ready, A sends an UPDATE to B with a setup
attribute with a value of actpass. This attribute indicates that A attribute with a value of actpass. This attribute indicates that A
can perform an active or a passive TCP open. A is letting B choose can perform an active or a passive TCP open. A is letting B choose
which endpoint will initiate the connection. which endpoint will initiate the connection.
Since B's radio bearer is not ready yet, B chooses to be the one Since B's radio bearer is not ready yet, B chooses to be the one
initiating the connection and indicates so with a setup attribute initiating the connection and indicates this with a setup attribute
with a value of active. At a later point, when B's radio bearer is with a value of active. At a later point, when B's radio bearer is
ready, B initiates the TCP connection towards A. ready, B initiates the TCP connection towards A.
Once the TCP connection is established successfully, B knows the Once the TCP connection is established successfully, B knows the
"sendrecv" precondition is satisfied, and B proceeds with the session "sendrecv" precondition is satisfied, and B proceeds with the session
(i.e., alerts the Callee), and sends a 180 (Ringing) response. (i.e., alerts the Callee), and sends a 180 (Ringing) response.
The second example shows a basic SIP session establishment using SDP The second example shows a basic SIP session establishment using SDP
connectivity preconditions and ICE (the required PRACK transaction connectivity preconditions and ICE (the required PRACK transaction
and some SDP details have been omitted for clarity). The message and some SDP details have been omitted for clarity). The offerer (A)
flow for this scenario is shown in Figure 2 below. is a full ICE implementation whereas the answerer (B) is a lite ICE
implementation. The message flow for this scenario is shown in
Figure 2 below.
A B A B
| | | |
|-------------(1) INVITE SDP1--------------->| |-------------(1) INVITE SDP1--------------->|
| | | |
|<------(2) 183 Session Progress SDP2--------| |<------(2) 183 Session Progress SDP2--------|
| | | |
|<~~~~~ Connectivity check to A ~~~~~~~~~~~~~|
|~~~~~ Connectivity to A OK ~~~~~~~~~~~~~~~~>|
| |
|~~~~~ Connectivity check to B ~~~~~~~~~~~~~>| |~~~~~ Connectivity check to B ~~~~~~~~~~~~~>|
|<~~~~ Connectivity to B OK ~~~~~~~~~~~~~~~~~| |<~~~~ Connectivity to B OK ~~~~~~~~~~~~~~~~~|
| | | |
|-------------(3) UPDATE SDP3--------------->| |-------------(3) UPDATE SDP3--------------->|
| | | |
|<--------(4) 200 OK (UPDATE) SDP4-----------| |<--------(4) 200 OK (UPDATE) SDP4-----------|
| | | |
|<-------------(5) 180 Ringing---------------| |<-------------(5) 180 Ringing---------------|
| | | |
| | | |
Figure 2: Connectivity precondition with ICE Connectivity Checks Figure 2: Connectivity Precondition with ICE Connectivity Checks
SDP1: A includes a mandatory end-to-end connectivity precondition SDP1: A includes a mandatory end-to-end connectivity precondition
with a desired status of "sendrecv"; this will ensure media stream with a desired status of "sendrecv"; this will ensure media stream
connectivity in both directions before continuing with the session connectivity in both directions before continuing with the session
setup. Since media stream connectivity in either direction is setup. Since media stream connectivity in either direction is
unknown at this point, the current status is set to "none". A's unknown at this point, the current status is set to "none". A's
local status table (see [RFC3312]) for the connectivity precondition local status table (see [RFC3312]) for the connectivity precondition
is as follows: is as follows:
Direction | Current | Desired Strength | Confirm Direction | Current | Desired Strength | Confirm
-----------+----------+------------------+---------- -----------+----------+------------------+----------
send | no | mandatory | no send | no | mandatory | no
recv | no | mandatory | no recv | no | mandatory | no
and the resulting offer SDP is: and the resulting offer SDP is:
a=ice-pwd:asd88fgpdd777uzjYhagZg a=ice-pwd:asd88fgpdd777uzjYhagZg
a=ice-ufrag:8hhY a=ice-ufrag:8hhY
m=audio 20000 RTP/AVP 0 m=audio 20000 RTP/AVP 0
c=IN IP4 192.0.2.1 c=IN IP4 192.0.2.1
a=curr:conn e2e none a=rtcp:20001
a=des:conn mandatory e2e sendrecv a=curr:conn e2e none
a=candidate:1 1 UDP 2130706431 192.0.2.1 20000 typ host a=des:conn mandatory e2e sendrecv
a=candidate:1 1 UDP 2130706431 192.0.2.1 20000 typ host
SDP2: When B receives the offer, B sees the mandatory sendrecv SDP2: When B receives the offer, B sees the mandatory sendrecv
connectivity precondition. B can ascertain connectivity to A ("send" connectivity precondition. B is a lite ICE implementation and hence
from B's point of view) by use of the ICE connectivity check, however B can only ascertain "recv" connectivity (from B's point of view)
B wants A to inform it about connectivity in the other direction from A; thus, B wants A to inform it about connectivity in the other
("recv" from B's point of view). B's local status table therefore direction ("send" from B's point of view). B's local status table
looks as follows: therefore looks as follows:
Direction | Current | Desired Strength | Confirm Direction | Current | Desired Strength | Confirm
-----------+----------+------------------+---------- -----------+----------+------------------+----------
send | no | mandatory | no send | no | mandatory | no
recv | no | mandatory | no recv | no | mandatory | no
Since B wants to ask A for confirmation about the "recv" (from B's Since B is a lite ICE implementation and B wants to ask A for
point of view) connectivity precondition, the resulting answer SDP confirmation about the "send" (from B's point of view) connectivity
becomes: precondition, the resulting answer SDP becomes:
a=ice-lite
a=ice-pwd:qrCA8800133321zF9AIj98 a=ice-pwd:qrCA8800133321zF9AIj98
a=ice-ufrag:H92p a=ice-ufrag:H92p
m=audio 30000 RTP/AVP 0 m=audio 30000 RTP/AVP 0
c=IN IP4 192.0.2.4 c=IN IP4 192.0.2.4
a=rtcp:30001
a=curr:conn e2e none a=curr:conn e2e none
a=des:conn mandatory e2e sendrecv a=des:conn mandatory e2e sendrecv
a=conf:conn e2e recv a=conf:conn e2e send
a=candidate:1 1 UDP 2130706431 192.0.2.4 30000 typ host a=candidate:1 1 UDP 2130706431 192.0.2.4 30000 typ host
Meanwhile, B performs a successful send connectivity check to A by Since the "send" and the "recv" connectivity precondition (from B's
sending an ICE connectivity check packet to A and receiving the point of view) are still not satisfied, session establishment remains
corresponding response. B's local status table is updated as suspended.
follows:
SDP3: When A receives the answer SDP, A notes that B is a lite ICE
implementation and that confirmation was requested for B's "send"
connectivity precondition, which is the "recv" precondition from A's
point of view. A performs a successful send and recv connectivity
check to B by sending an ICE connectivity check to B and receiving
the corresponding response. A's local status table becomes:
Direction | Current | Desired Strength | Confirm Direction | Current | Desired Strength | Confirm
-----------+----------+------------------+---------- -----------+----------+------------------+----------
send | yes | mandatory | no send | yes | mandatory | no
recv | no | mandatory | no recv | yes | mandatory | yes
Since the "recv" connectivity precondition (from B's point of view)
is still not satisfied, session establishment remains suspended.
SDP3: When A receives the answer SDP, A notes that confirmation was whereas B's local status table becomes:
requested for B's "recv" connectivity precondition, which is the
"send" precondition from A's point of view. A performs a successful
send connectivity check to B by sending an ICE connectivity check to
B and receiving the corresponding response. A's local status table
becomes:
Direction | Current | Desired Strength | Confirm Direction | Current | Desired Strength | Confirm
-----------+----------+------------------+---------- -----------+----------+------------------+----------
send | yes | mandatory | yes send | no | mandatory | no
recv | no | mandatory | no recv | yes | mandatory | no
Since B asked for confirmation about the "send" connectivity (from Since B asked for confirmation about the "recv" connectivity (from
A's point of view), A now sends an UPDATE (5) to B to confirm the A's point of view), A now sends an UPDATE (5) to B to confirm the
connectivity from A to B: connectivity from A to B:
a=ice-pwd:asd88fgpdd777uzjYhagZg a=ice-pwd:asd88fgpdd777uzjYhagZg
a=ice-ufrag:8hhY a=ice-ufrag:8hhY
m=audio 20000 RTP/AVP 0 m=audio 20000 RTP/AVP 0
c=IN IP4 192.0.2.1 c=IN IP4 192.0.2.1
a=curr:conn e2e send a=rtcp:20001
a=curr:conn e2e sendrecv
a=des:conn mandatory e2e sendrecv a=des:conn mandatory e2e sendrecv
a=candidate:1 1 UDP 2130706431 192.0.2.1 20000 typ host a=candidate:1 1 UDP 2130706431 192.0.2.1 20000 typ host
B has both send and recv connectivity confirmed at this point and the B knows it has recv connectivity (verified by ICE as well as A's
session can continue. UPDATE) and send connectivity (confirmed by A's UPDATE) at this
point. B's local status table becomes:
Direction | Current | Desired Strength | Confirm
-----------+----------+------------------+----------
send | yes | mandatory | no
recv | yes | mandatory | no
and the session can continue.
7. Security Considerations 7. Security Considerations
General security considerations for preconditions are discussed in General security considerations for preconditions are discussed in
RFC 3312 [RFC3312] and RFC 4032 [RFC4032]. As discussed in RFC 4032 RFC 3312 [RFC3312] and RFC 4032 [RFC4032]. As discussed in RFC 4032
[RFC4032], it is strongly RECOMMENDED that integrity protection be [RFC4032], it is strongly RECOMMENDED that S/MIME [RFC3853] integrity
applied to the SDP session descriptions. S/MIME [RFC3853] protection be applied to the SDP session descriptions. When the user
protection, as described in RFC 3261 [RFC3261]. When the user agent agent provides identity services (rather than the proxy server), the
provides identity services (rather than the proxy server), the SIP SIP identity mechanism specified in RFC 4474 [RFC4474] provides an
identity mechanism specified in RFC 4474 [RFC4474] provides an
alternative end-to-end integrity protection. Additionally, the alternative end-to-end integrity protection. Additionally, the
following security issues relate specifically to connectivity following security issues relate specifically to connectivity
preconditions. preconditions.
Connectivity preconditions rely on mechanisms beyond SDP such as TCP Connectivity preconditions rely on mechanisms beyond SDP, such as TCP
[RFC0793] connection establishment, or ICE connectivity checks [RFC0793] connection establishment or ICE connectivity checks
[I-D.ietf-mmusic-ice] to establish and verify connectivity between an [RFC5245], to establish and verify connectivity between an offerer
offerer and an answerer. An attacker that prevents those mechanisms and an answerer. An attacker that prevents those mechanisms from
from succeeding (e.g., by keeping ICE connectivity checks from succeeding (e.g., by keeping ICE connectivity checks from arriving at
arriving to their destination) can prevent media sessions from being their destination) can prevent media sessions from being established.
established. While this attack relates to connectivity While this attack relates to connectivity preconditions, it is
preconditions, it is actually an attack against the connection actually an attack against the connection-establishment mechanisms
establishment mechanisms used by the endpoints. This attack can be used by the endpoints. This attack can be performed in the presence
performed in the presence or in the absence of connectivity or in the absence of connectivity preconditions. In their presence,
preconditions. In their presence, the whole session setup will be the whole session setup will be disrupted. In their absence, only
disrupted. In their absence, only the establishment of the the establishment of the particular stream under attack will be
particular stream under attack will be disrupted. This specification disrupted. This specification does not provide any mechanism against
does not provide any mechanism against attackers able to block attackers able to block traffic between the endpoints involved in the
traffic between the endpoints involved in the session because such an session because such an attacker will always be able to launch DoS
attacker will always be able to launch DoS (Denial of Service) (Denial-of-Service) attacks.
attacks.
Instead of blocking the connectivity checks, the attacker can Instead of blocking the connectivity checks, the attacker can
generate forged connectivity checks that would cause the endpoints to generate forged connectivity checks that would cause the endpoints to
assume that there was connectivity when there was actually no assume that there was connectivity when there was actually no
connectivity. This attack would result in a poor user's experience connectivity. This attack would result in the user experience being
because the session would be established without all the media poor because the session would be established without all the media
streams being ready. The same attack can be used, regardless of streams being ready. The same attack can be used, regardless of
whether or not connectivity preconditions are used, to attempt to whether or not connectivity preconditions are used, to attempt to
hijack a connection. The forged connectivity checks would trick the hijack a connection. The forged connectivity checks would trick the
endpoints into sending media to the wrong direction. To prevent endpoints into sending media to the wrong direction. To prevent
these attacks, it is RECOMMENDED that the mechanisms used to check these attacks, it is RECOMMENDED that the mechanisms used to check
connectivity are adequately secured by message authentication and connectivity are adequately secured by message authentication and
integrity protection. For example, Section 2.5 of integrity protection. For example, Section 2.5 of [RFC5245]
[I-D.ietf-mmusic-ice] discusses how message integrity and data origin discusses how message integrity and data origin authentication are
authentication are implemented in ICE connectivity checks. implemented in ICE connectivity checks.
8. IANA Considerations 8. IANA Considerations
IANA is hereby requested to register a new precondition type under IANA has registered a new precondition type under the Precondition
the Precondition Types used with SIP subregistry, which is located Types used with SIP subregistry, which is located under the Session
under the Session Initiation Protocol (SIP) Parameters registry. Initiation Protocol (SIP) Parameters registry.
Precondition-Type Description Reference Precondition-Type Description Reference
----------------- ----------------------------------- --------- ----------------- ----------------------------------- ---------
conn Connectivity precondition [RFCxxxx] conn Connectivity precondition [RFC5898]
[Note to the RFC Editor: replace RFCxxxx with the number assigned to
this RFC.]
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E. A., Peterson, J., Sparks, R., Handley, M., and E.
skipping to change at page 17, line 17 skipping to change at page 16, line 24
Authenticated Identity Management in the Session Authenticated Identity Management in the Session
Initiation Protocol (SIP)", RFC 4474, August 2006. Initiation Protocol (SIP)", RFC 4474, August 2006.
[RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session
Description Protocol", RFC 4566, July 2006. Description Protocol", RFC 4566, July 2006.
[RFC5027] Andreasen, F. and D. Wing, "Security Preconditions for [RFC5027] Andreasen, F. and D. Wing, "Security Preconditions for
Session Description Protocol (SDP) Media Streams", Session Description Protocol (SDP) Media Streams",
RFC 5027, October 2007. RFC 5027, October 2007.
[I-D.ietf-mmusic-ice] [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment
Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT) (ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", Traversal for Offer/Answer Protocols", RFC 5245,
draft-ietf-mmusic-ice-19 (work in progress), October 2007. April 2010.
9.2. Informative References 9.2. Informative References
[RFC0793] Postel, J., "Transmission Control Protocol", STD 7, [RFC0793] Postel, J., "Transmission Control Protocol", STD 7,
RFC 793, September 1981. RFC 793, September 1981.
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, July 2003.
[RFC4145] Yon, D. and G. Camarillo, "TCP-Based Media Transport in [RFC4145] Yon, D. and G. Camarillo, "TCP-Based Media Transport in
the Session Description Protocol (SDP)", RFC 4145, the Session Description Protocol (SDP)", RFC 4145,
September 2005. September 2005.
[RFC4960] Stewart, R., "Stream Control Transmission Protocol", [RFC4960] Stewart, R., "Stream Control Transmission Protocol",
RFC 4960, September 2007. RFC 4960, September 2007.
[RFC5109] Li, A., "RTP Payload Format for Generic Forward Error [RFC5109] Li, A., "RTP Payload Format for Generic Forward Error
Correction", RFC 5109, December 2007. Correction", RFC 5109, December 2007.
[I-D.ietf-mmusic-ice-tcp] [ICE-TCP] Perreault, S., Ed. and J. Rosenberg, "TCP Candidates with
Perreault, S. and J. Rosenberg, "TCP Candidates with Interactive Connectivity Establishment (ICE)", Work
Interactive Connectivity Establishment (ICE)", in Progress, October 2009.
draft-ietf-mmusic-ice-tcp-08 (work in progress),
October 2009.
Authors' Addresses Authors' Addresses
Flemming Andreasen Flemming Andreasen
Cisco Systems, Inc. Cisco Systems, Inc.
499 Thornall Street, 8th Floor 499 Thornall Street, 8th Floor
Edison, NJ 08837 Edison, NJ 08837
USA USA
Email: fandreas@cisco.com EMail: fandreas@cisco.com
Gonzalo Camarillo Gonzalo Camarillo
Ericsson Ericsson
Hirsalantie 11 Hirsalantie 11
Jorvas 02420 Jorvas 02420
Finland Finland
Email: Gonzalo.Camarillo@ericsson.com EMail: Gonzalo.Camarillo@ericsson.com
David Oran David Oran
Cisco Systems, Inc. Cisco Systems, Inc.
7 Ladyslipper Lane 7 Ladyslipper Lane
Acton, MA 01720 Acton, MA 01720
USA USA
Email: oran@cisco.com EMail: oran@cisco.com
Dan Wing Dan Wing
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 San Jose, CA 95134
USA USA
Email: dwing@cisco.com EMail: dwing@cisco.com
 End of changes. 74 change blocks. 
209 lines changed or deleted 208 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/