Interactive Connectivity Establishment Patiently Awaiting Connectivity (ICE PAC)
draft-ietf-ice-pac-01

The information below is for an old version of the document
Document Type Active Internet-Draft (ice WG)
Last updated 2019-04-17
Replaces draft-holmberg-ice-pac
Stream IETF
Intended RFC status Proposed Standard
Formats pdf htmlized bibtex
Stream WG state WG Document
Document shepherd Nils Ohlmeier
IESG IESG state I-D Exists
Consensus Boilerplate Yes
Telechat date
Responsible AD Adam Roach
Send notices to Nils Ohlmeier <nohlmeier@mozilla.com>
ICE Working Group                                            C. Holmberg
Internet-Draft                                                  Ericsson
Updates: 8445 (if approved)                                    J. Uberti
Intended status: Standards Track                                  Google
Expires: October 19, 2019                                 April 17, 2019

 Interactive Connectivity Establishment Patiently Awaiting Connectivity
                               (ICE PAC)
                         draft-ietf-ice-pac-01

Abstract

   During the process of creating a peer-to-peer connection, ICE agents
   can encounter situations where they have no candidate pairs to check,
   and, as a result, conclude that ICE processing has failed.  However,
   because additional candidate pairs can be discovered during ICE
   processing, declaring failure at this point may be premature.  This
   document discusses when these situations can occur and proposes a way
   to avoid premature failure.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on October 19, 2019.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect

Holmberg & Uberti       Expires October 19, 2019                [Page 1]
Internet-Draft                   ICE PAC                      April 2019

   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Relevant Scenarios  . . . . . . . . . . . . . . . . . . . . .   3
     3.1.  No Candidates From Peer . . . . . . . . . . . . . . . . .   3
     3.2.  All Candidates Discarded  . . . . . . . . . . . . . . . .   3
     3.3.  Immediate Candidate Pair Failure  . . . . . . . . . . . .   4
   4.  Update to RFC 8445  . . . . . . . . . . . . . . . . . . . . .   4
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   6.  IANA considerations . . . . . . . . . . . . . . . . . . . . .   5
   7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   5
   8.  Normative References  . . . . . . . . . . . . . . . . . . . .   5
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   5

1.  Introduction

   [RFC8445] describes a protocol, Interactive Connectivity
   Establishment (ICE), for Network Address Translator (NAT) traversal
   for UDP-based communication.

   Typically, when using ICE, ICE agents will exchange candidate
   addresses, form a list of candidate pairs, and then test each
   candidate pair to see if connectivity can be established.  If the
   test for a given pair fails, it is marked accordingly, and if all
   pairs have failed, the overall ICE process is considered to have
   failed.

   During the process of connectivity checks, additional candidates may
   be created as a result of successful inbound checks from the peer
   agent.  Such candidates are referred to as peer-reflexive candidates,
   and once discovered, will be used to form new candidate pairs which
   will be tested like any other.  However, there is an inherent race
   condition here; if, before learning about any peer-reflexive
   candidates, an agent runs out of candidate pairs to check, either
   because it has none, or it considers them all to have failed, it will
   prematurely declare failure and terminate ICE processing.  This race
   condition can occur in many common situations.

   This specification updates [RFC8445], by simply requiring that an
   agent wait a minimum amount of time before declaring ICE failure,
   even if there are no candidate pairs to check, or if all candidate
   pairs have failed.  This delay provides enough time for the discovery

Holmberg & Uberti       Expires October 19, 2019                [Page 2]
Internet-Draft                   ICE PAC                      April 2019

   of peer-reflexive candidates, which may eventually lead to ICE
   processing completing successfully.

2.  Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

3.  Relevant Scenarios

   As noted above, the core problem this specification attempts to
   address is the situation where even after local gathering and remote
   candidate signaling has completed, the ICE agent immediately ends up
   with no valid pairs and no candidate pairs left to check, resulting
   in a premature ICE failure.  This failure is premature because not
   enough time has elapsed to allow for discovery of peer-reflexive
   candidates from inbound connectivity checks; if discovered, these
   candidates are very likely to result in a valid pair.

   In most ICE scenarios, the lengthy timeouts for connectivity check
   transactions, typically tens of seconds, will prevent this problem
   from occuring.  However, there are certain specific cases where this
   problem will frequently occur.

3.1.  No Candidates From Peer

   It is entirely legal for an ICE agent to provide zero candidates of
   its own.  If the agent somehow knows that the peer agent is directly
   reachable, gathering local candidates is unnecessary and will only
   cause delays; the peer agent can discover the appropriate local
   candidate via connectivity checks.

   However, following the procedures from [RFC8445] strictly will result
   in immediate ICE failure, since the checklist at the peer agent will
   be empty.

3.2.  All Candidates Discarded

   Even if the ICE agent provides candidates, they may be discarded by
   the peer agent if it does not know what to do with them.  For
   example, candidates may use an address family that the peer agent
   does not support, (e.g., a host candidate with an IPv6 address in a
   NAT64 scenario), or may not be usable for some other reason (e.g., a
   candidate that contains a FQDN that fails to resolve).

Holmberg & Uberti       Expires October 19, 2019                [Page 3]
Internet-Draft                   ICE PAC                      April 2019

   In these scenarios, when the candidates are discarded, the checklist
   at the peer agent will once again be empty, leading to immediate ICE
   failure.

3.3.  Immediate Candidate Pair Failure

   Section 7.2.5.2 of [RFC8445] describes several situations in which a
   candidate pair will be considered to have failed, well before the
   connectivity check transaction timeout.

   As a result, even if the ICE agent provides usable candidates, the
   pairs created by the peer agent may fail immediately when checked,
   e.g., a check to a non-routable address that receives an immediate
   ICMP error.

   In this situation, the checklist at the peer agent may contain only
   failed pairs, resulting in immediate ICE failure.

4.  Update to RFC 8445

   In order to avoid the problem raised by this document, the ICE agent
   needs to wait enough time to allow peer-reflexive candidates to be
   discovered.  Accordingly, when full ICE implementations begin their
   ICE processing, as described in [RFC8445], Section 6.1, the agent
   MUST set a timer, and its duration SHOULD be equal to the agent's
   connectivity check transaction timeout.

   This timeout value is chosen to roughly coincide with the maximum
   possible duration of ICE connectivity checks from the peer agent,
   which, if successful, could create peer-reflexive candidates.
   Because the agent doesn't know the exact number of candidate pairs
   and pacing interval in use by the peer agent, this timeout value is
   simply a guess, albeit an educated one.  Regardless, for this
   particular problem, the desired benefits will be realized as long as
   the agent waits some reasonable amount of time.

   While the timer is running, if a checklist has no pairs left to
   check, i.e., there are no pairs that are not in the failed state, the
   agent MUST not conclude that ICE processing has failed, and MUST wait
   for the timer to elapse before doing so.

   One consequence of this behavior is that in cases where ICE should
   fail, e.g., where both sides provide candidates with unresolvable
   FQDNs ICE will no longer fail immediately, and only fail when the
   aforementioned timer expires.  However, because most ICE scenarios
   require an extended period of time to determine failure, the fact
   that some specific scenarios no longer fail fast should have minimal
   application impact, if any.

Holmberg & Uberti       Expires October 19, 2019                [Page 4]
Internet-Draft                   ICE PAC                      April 2019

5.  Security Considerations

   The security considerations for ICE are defined in [RFC8445].  This
   specification only recommends ICE agents to wait for a certain time
   of period before they declare ICE failure, and does not introduce new
   security considerations.

6.  IANA considerations

   This specification makes no requests to IANA.

7.  Acknowledgements

8.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
              editor.org/info/rfc2119>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC8445]  Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive
              Connectivity Establishment (ICE): A Protocol for Network
              Address Translator (NAT) Traversal", RFC 8445,
              DOI 10.17487/RFC8445, July 2018, <https://www.rfc-
              editor.org/info/rfc8445>.

Authors' Addresses

   Christer Holmberg
   Ericsson
   Hirsalantie 11
   Jorvas  02420
   Finland

   Email: christer.holmberg@ericsson.com

   Justin Uberti
   Google
   747 6th St W
   Kirkland  98033
   USA

   Email: justin@uberti.name

Holmberg & Uberti       Expires October 19, 2019                [Page 5]