Network Working Group J. Uberti
Internet-Draft Google
Intended status: Standards Track J. Lennox
Expires: September 10, 2015 Vidyo
March 09, 2015
Improvements to ICE Candidate Nomination
draft-uberti-mmusic-nombis-00
Abstract
This document makes recommendations for simplifying and improving the
procedures for candidate nomination in Interactive Connectivity
Establishment (ICE).
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 10, 2015.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Uberti & Lennox Expires September 10, 2015 [Page 1]
Internet-Draft IceNom March 2015
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Goals and Requirements . . . . . . . . . . . . . . . . . . . 3
3.1. Minimize Call Setup Latency . . . . . . . . . . . . . . . 3
3.2. Allow Controlling Endpoint to Make Dynamic Decisions . . 3
3.3. Allow Selected Pair Change At Any Time Without Signaling 4
3.4. Allow Continuous Addition of Candidates . . . . . . . . . 4
3.5. Maintain Backwards Compatibility . . . . . . . . . . . . 4
3.6. Minimize Complexity Increase . . . . . . . . . . . . . . 5
4. Deprecating Aggressive Nomination . . . . . . . . . . . . . . 5
4.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 5
4.2. Operation . . . . . . . . . . . . . . . . . . . . . . . . 5
4.3. Backwards Compatibility . . . . . . . . . . . . . . . . . 6
4.4. Examples . . . . . . . . . . . . . . . . . . . . . . . . 6
5. Introducing Continuous Nomination . . . . . . . . . . . . . . 7
5.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 7
5.2. Operation . . . . . . . . . . . . . . . . . . . . . . . . 8
5.3. Backwards Compatibility . . . . . . . . . . . . . . . . . 9
5.4. Examples . . . . . . . . . . . . . . . . . . . . . . . . 9
5.4.1. Switching Between Pairs Based on RTT . . . . . . . . 9
5.4.2. Switching To A New TURN Server . . . . . . . . . . . 9
5.4.3. Switching From WLAN to WWAN . . . . . . . . . . . . . 10
6. Security Considerations . . . . . . . . . . . . . . . . . . . 10
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
9.1. Normative References . . . . . . . . . . . . . . . . . . 10
9.2. Informative References . . . . . . . . . . . . . . . . . 11
Appendix A. Change log . . . . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction
Interactive Connectivity Establishment (ICE) attempts to find the
'best' path for connectivity between two peers; in ICE parlance,
these paths are known as 'candidate pairs'. During the ICE process,
one endpoint, known as the 'controlling' endpoint, selects a
candidate pair as the best pair; this action is known as nomination.
ICE supports two different mechanisms for performing nomination,
known as Regular Nomination, and Aggressive Nomination.
However, each of these modes have flaws that restrict their
usefulness. Regular Nomination, as currently speced, requires a best
pair to be chosen before media transmission can start, causing
unnecessary call setup delay. Aggressive Nomination, while avoiding
this delay, gives the controlling endpoint much less discretion into
Uberti & Lennox Expires September 10, 2015 [Page 2]
Internet-Draft IceNom March 2015
which candidate pair is chosen, preventing it from making decisions
based on dynamic factors such as RTT or loss rate. Needless to say,
the presence of both modes also adds nontrivial complexity.
Lastly, ICE is currently defined as a finite process, where the
decision on the optimal candidate pair is made during call setup and
infrequently (if ever) changed. While this may be acceptable for
endpoints with static network configurations, it fails to meet the
needs of mobile endpoints, who may need to seamlessly move between
networks, or be connected to multiple networks simultaneously. In
these cases, the controlling endpoint may want to maintain multiple
potential candidate pairs, and make dynamic decisions to switch
between them as conditions change.
To address these challenges, this document makes two proposals for
refactoring ICE nomination - merging Regular and Aggressive
Nomination, and introducing a new mode, known as Continuous
Nomination. This makes ICE substantially more flexible without
increasing complexity.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Goals and Requirements
The goals for improved ICE nomination are enumerated below.
3.1. Minimize Call Setup Latency
Modern ICE agents will often have multiple network interfaces and
multiple servers from which to obtain ICE candidates. While some ICE
checks may succeed quickly, finishing the entire set of checks can
easily take multiple seconds; this concern is discussed in [RFC5245],
Section 8.1.1.1. As a result, ICE endpoints MUST be able to start
transmitting media immediately upon a successful ICE check, and MUST
retain the ability to switch if a better candidate pair becomes
available later.
3.2. Allow Controlling Endpoint to Make Dynamic Decisions
While an ICE endpoint will assign various priority values to its ICE
candidates, these priorities are static and can only be based on a
priori knowledge; the shortcomings of this approach are discussed in
the first paragraph of Section 2.6 in [RFC5245]. To properly make
choices in multi-network and multi-server scenarios, the controlling
Uberti & Lennox Expires September 10, 2015 [Page 3]
Internet-Draft IceNom March 2015
endpoint MUST be able to make dynamic decisions about the selected
candidate pair based on observed network performance. For example,
RTT could be used to evaluate which TURN servers to use, as described
in [I-D.williams-peer-redirect] To ensure symmetric flows, this
implies that the controlling endpoint MUST be able to communicate its
choice to the controlled side.
3.3. Allow Selected Pair Change At Any Time Without Signaling
Expanding on the requirement above, the need to make dynamic
decisions is not limited to call setup. A multihomed endpoint may
need to switch interfaces based on mobility considerations, or a
robust endpoint may want to keep multiple network paths warm and
switch immediately if connectivity is interrupted on one of them. As
the signaling channel may be affected by the event necessitating the
switch, this implies that the controlling endpoint MUST be able to
change the selected pair and indicate this to the remote side without
signaling. The need for this functionality has been stated in
[I-D.wing-mmusic-ice-mobility] and [I-D.singh-avtcore-mprtp].
The rules in [RFC5245] ensure that the controlled endpoint keeps its
candidate needed for the selected pair alive. However, in order for
alternate pairs to remain available, the controlled endpoint must
keep the associated candidates alive as well, following the
procedures outlined in [RFC5245], Section 4.1.1.4. This implies that
the controlling endpoint MUST have some way to indicate to the
controlled side that specific candidates are to be kept alive.
3.4. Allow Continuous Addition of Candidates
In certain network mobility scenarios, networks may come up and down
while the call is active. In order to allow candidates gathered on
newly available networks to be used for the selected pair or backup
pairs, the endpoint MUST be able to gather candidates on these
networks and communicate them to the remote side. While this could
be done using an ICE restart, as described in [RFC5245], Section 9.1,
the ICE restart may have unintended consequences, such as causing the
remote side to regather all candidates. Instead, it would be best if
the new candidates could be trickled, as discussed in
[I-D.ietf-mmusic-trickle-ice], but even after ICE processing has
completed.
3.5. Maintain Backwards Compatibility
To prevent interoperability problems, ICE endpoints that support the
functionality listed above MUST still maintain [RFC5245] compliance
when interacting with existing endpoints. However, the ideal
Uberti & Lennox Expires September 10, 2015 [Page 4]
Internet-Draft IceNom March 2015
solution SHOULD allow some improvements to occur when only the
controlling side supports the new functionality.
3.6. Minimize Complexity Increase
Increased functionality typically leads to increased complexity,
which leads to more edge cases, and more implementation bugs. This
suggests that in addition to proposing new ICE functionality, the
ideal solution SHOULD deprecate superfluous functionality.
4. Deprecating Aggressive Nomination
4.1. Overview
The main benefits of Regular Nomination are that the controlling side
can dynamically choose which candidate pair to use, and a clear
signal when the nomination process has completed, via the presence of
the USE-CANDIDATE flag in a Binding Request. The main benefit of
Aggressive Nomination is that it is only necessary to send a single
Binding Request before starting the transmission of media, reducing
setup latency. Why don't we have both?
By preserving the dynamic behavior of Regular Nomination, but
allowing media transmission to start upon a single successful
connectivity check, as in Aggressive Nomination, the requirements of
Section 3.1 and Section 3.2 can be met, while meeting the
compatibility requirement from Section 3.5 and, since Aggressive
Nomination is no longer needed, the complexity requirement from
Section 3.6.
4.2. Operation
Since media may be transmitted as soon as all components have a valid
pair, as indicated in [RFC5245], Page 69, an ICE Agent can begin
transmitting media as soon as this occurs, even if it has not sent a
Binding Request with USE-CANDIDATE.
This pair can change as more pairs are added to the Valid list on the
controlling side. When nomination completes, and a final pair is
selected, this is communicated to the controlled side via the typical
Binding Request with USE-CANDIDATE.
On the controlled side, the same process can occur, with the ICE
Agent transmitting media as soon as a valid pair exists. To
encourage use of symmetric RTP, the controlled ICE Agent SHOULD use
the same candidate pair on which it received media from the
controlling side. [Doesn't need to be secure media, since the
Uberti & Lennox Expires September 10, 2015 [Page 5]
Internet-Draft IceNom March 2015
controlling side will finalize this preference through USE-CANDIDATE
shortly.]
As this is legal ICE behavior, no negotiation of this mechanism
should be needed. In the event the receiver drops any packets that
arrive before a Binding Request with USE-CANDIDATE set, this will
simply lead to brief media clipping and will resolve itself once
nomination completes.
4.3. Backwards Compatibility
When acting in the controlled role, new implementations MUST NOT use
Aggressive Nomination.
When acting in the controlled role, and the controlling side is using
Aggressive Nomination (e.g. sending USE-CANDIDATE in its initial
Binding Requests), the standard PRIORITY-based mechanism outlined in
[RFC5245], Section 8.1.1.2 should be used to determine the reverse
media path.
Note that if implementations would prefer to just avoid Aggressive
Nomination altogether, they MAY indicate some TBD pseudo-option in
the ice-options attribute. Because compliant implementations MUST
NOT use Aggressive Nomination if an unknown ICE option is
encountered, this effectively prohibits the use of Aggressive
Nomination. [N.B. this could be the ice-options:continuous option
described below]
4.4. Examples
An example call setup using Regular Nomination as described above is
shown here. Alice is in the controlling role, and Bob is in the
controlled role; Alice has a single host candidate and Bob has both
host and relay candidates.
Alice's initial check to Bob's host candidate fails, but the check to
his relay candidate succeeds, so Alice starts transmitting media on
her host-relay pair. Bob's initial check from his host candidate to
Alice's host candidate succeeds, so he starts transmitting media over
this host-host pair to Alice. However, when Alice's host check is
later retransmitted, it succeeds, and Alice determines that the host-
host pair has a better RTT than the host-relay pair, so she cuts
media over to use the host-host pair. Eventually, Alice concludes
Regular Nomination by sending a final check to Bob with the USE-
CANDIDATE flag set. If Bob had selected a different pair to use than
Alice, this action would have forced Bob to use the same pair.
Uberti & Lennox Expires September 10, 2015 [Page 6]
Internet-Draft IceNom March 2015
Alice Network Bob
|(1) STUN Req (Bob host) | |
|---------------------------------------------------------->|
|(2) STUN Res (Bob host) | |
| Lost|<----------------------------|
|(3) STUN Req (Bob relay) | |
|---------------------------------------------------------->|
|(4) STUN Res (Bob relay) | |
|<----------------------------------------------------------|
|(5) RTP starts (Bob relay) | |
|==========================================================>|
|(6) STUN Req (Alice host) | |
|<----------------------------------------------------------|
|(7) STUN Res (Alice host) | |
|---------------------------------------------------------->|
|(8) RTP starts (Alice host) | |
|<==========================================================|
|(9) STUN Req (Bob host) | |
|---------------------------------------------------------->|
|(10) STUN Req (Bob host) | |
|<----------------------------------------------------------|
|(11) RTP switch (Bob host) | |
|==========================================================>|
|(12) STUN Req (Bob host, U-C)| |
|---------------------------------------------------------->|
|(13) STUN Res (Bob host) | |
|<----------------------------------------------------------|
5. Introducing Continuous Nomination
5.1. Overview
As discussed above, in mobile environments there can be multiple
possible valid candidate pairs, and these can change at various
points in the call, as new interfaces go up and down, signal strength
for wireless interfaces changes, and new relay servers are
discovered.
However, under 5245 rules, once a candidate pair is selected and
confirmed, via USE-CANDIDATE, nomination has completed and cannot be
restarted without performing an ICE restart. This is overly complex
in many cases, and especially problematic in some specific ones,
namely a wifi-cellular handover, where the signaling path for
communicating an ICE restart may be impacted by the handover.
To address this situation, this section introduces the concept of
"continuous nomination", where the controlling ICE endpoint can
adjust the selected candidate pair at any time. By allowing ICE
Uberti & Lennox Expires September 10, 2015 [Page 7]
Internet-Draft IceNom March 2015
processing to occur continuously during a call, rather than just at
call setup, the requirements expressed in Section 3.3 and Section 3.4
can be met.
5.2. Operation
Under continuous nomination, ICE never concludes; new candidates can
always be trickled, and a new candidate pair can be selected by the
controlling side at any time.
When selecting a new candidate pair, the controlling side informs the
controlled side of the chosen path by sending a new Binding Request
with a USE-CANDIDATE attribute. The decision about which candidate
pair to use is fully dynamic; the controlling side can use metrics
such as RTT or loss rate to change the selected pair at any time. If
Binding Requests need to be sent for any other reason, such as
consent checks [I-D.ietf-rtcweb-stun-consent-freshness], any checks
sent on the selected pair MUST include a USE-CANDIDATE attribute.
Upon receipt of a Binding Request with USE-CANDIDATE, the controlled
side MUST switch its media path to the candidate pair on which the
Binding Request was received.
During continuous nomination, the controlling side may still elect to
prune certain candidate pairs; for example, an implementation may
choose to drop relay candidates once a successful connection has been
established. The controlled side, however, should follow the
controlling side's lead in terms of deciding whether any pairs should
be pruned. [TODO: should the controlled side have any say in the
matter, e.g. to eliminate certain candidates?] The controlling ICE
Agent informs the remote side of its preferences by continuing to
send Binding Requests to the remote side on each candidate pair that
it wants to retain. The controlled ICE Agent SHOULD prune any
candidate pairs that have not received a Binding Request in N seconds
(30?), and SHOULD NOT keep alive any candidates that are not
associated with a live candidate pair. [TODO: decide if this
implicit timeout approach is correct, or if we should have some sort
of approach similar to TURN LIFETIME indicating when a pair should be
GCed, with LIFETIME==0 indicating immediate GC.] One side benefit of
doing this is that the continuous exchange of Binding Requests across
all candidate pairs allows the RTT and loss rate for each to be
reliably determined and kept up to date.
If the endpoints have negotiated Trickle ICE support
[I-D.ietf-mmusic-trickle-ice], and new candidates become available on
either side, the endpoint may send these candidates to the remote
side using the existing Trickle ICE mechanisms. Once all of the new
candidates have been transmitted, the endpoint MUST send an end-of-
Uberti & Lennox Expires September 10, 2015 [Page 8]
Internet-Draft IceNom March 2015
candidates messages, which indicates that no more candidates will be
sent in the near future.
At any point, either side may perform an ICE restart, which will
result in both sides gathering new ICE candidates, starting a new
continuous nomination sequence, and upon successful completion,
discarding all candidates from the previous nomination sequence.
5.3. Backwards Compatibility
Since standard ICE implementations may not expect the selected pair
to change after a USE-CANDIDATE attribute is received, support for
continuous nomination is explicitly indicated via a new "continuous"
value for ice-options. If the remote side does not support the
"continuous" option, the controlling side MUST fall back to Regular
Nomination, as specified in [RFC5245], Sectiom 8.1.1.
5.4. Examples
5.4.1. Switching Between Pairs Based on RTT
Alice and Bob have set up a call using ICE and have established
multiple valid pairs. The currently selected pair is for a peer-to-
peer route, as it had the highest initial priority value. However,
they have also kept alive a selected pair that goes through their
TURN servers. At a certain point, Alice detects, via the
connectivity checks that she continues to do on the relayed pair,
that it actually has a better RTT than the peer-to-peer path. She
then decides to switch media over to this path.
As mentioned above, this is easily handled by Alice immediately
switching her media to the relayed path; future STUN checks on this
path also include the USE-CANDIDATE attribute.
5.4.2. Switching To A New TURN Server
Alice and Bob have set up a call using ICE, and are currently sending
their media through Alice's TURN server. At a certain point, Alice's
application discovers a new TURN server that it thinks might provide
a better path for this call.
Alice gathers new candidates from this TURN server, and trickles them
to Bob. They perform connectivity checks using these candidates, and
Alice determines that the RTT when going through this TURN server is
better than the RTT of the current relayed path.
As in the previous example, this is easily handled by Alice switching
media to the new path, along with sending USE-CANDIDATE. If the old
Uberti & Lennox Expires September 10, 2015 [Page 9]
Internet-Draft IceNom March 2015
path is no longer needed, Alice can destroy the allocation on the old
TURN server, and Bob will stop checking it when it stops working.
5.4.3. Switching From WLAN to WWAN
Alice and Bob have set up a call using ICE, and are currently
exchanging their media directly via a peer-to-peer path. Alice is on
a mobile device, with both wifi and cellular interfaces, but for
power reasons, candidates have only been gathered on the wifi
interface. At a certain point, Alice leaves her home while the call
is active.
In response to the decreasing wifi signal strength, Alice starts to
collect candidates on the cellular interface, and trickles them to
Bob. They perform connectivity checks using these candidates, and,
because of the low wifi signal strength, these candidates are
preferred over the existing selected pair.
As in the previous examples, Alice can easily switch media to the new
selected pair. When Alice walks completely out of wifi range, and
the wifi interface goes down, the wifi candidates are pruned, and any
valid pairs on Bob's side that use those candidates will time out and
be pruned as well.
6. Security Considerations
TODO
7. IANA Considerations
A new ICE option "continuous" has been [will be] registered in the
"ICE Options" registry created by [RFC6336].
8. Acknowledgements
Several people provided significant input into this document,
including Martin Thomson, Brandon Williams, and Dan Wing. Emil Ivov
also provided several of the examples for continuous nomination.
9. References
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
Uberti & Lennox Expires September 10, 2015 [Page 10]
Internet-Draft IceNom March 2015
[RFC5245] Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", RFC 5245, April
2010.
[RFC6336] Westerlund, M. and C. Perkins, "IANA Registry for
Interactive Connectivity Establishment (ICE) Options", RFC
6336, July 2011.
9.2. Informative References
[I-D.ietf-mmusic-trickle-ice]
Ivov, E., Rescorla, E., and J. Uberti, "Trickle ICE:
Incremental Provisioning of Candidates for the Interactive
Connectivity Establishment (ICE) Protocol", draft-ietf-
mmusic-trickle-ice-02 (work in progress), January 2015.
[I-D.ietf-rtcweb-stun-consent-freshness]
Perumal, M., Wing, D., R, R., Reddy, T., and M. Thomson,
"STUN Usage for Consent Freshness", draft-ietf-rtcweb-
stun-consent-freshness-11 (work in progress), December
2014.
[I-D.singh-avtcore-mprtp]
Singh, V., Karkkainen, T., Ott, J., Ahsan, S., and L.
Eggert, "Multipath RTP (MPRTP)", draft-singh-avtcore-
mprtp-10 (work in progress), November 2014.
[I-D.williams-peer-redirect]
Williams, B. and T. Reddy, "Peer-specific Redirection for
Traversal Using Relays around NAT (TURN)", draft-williams-
peer-redirect-03 (work in progress), December 2014.
[I-D.wing-mmusic-ice-mobility]
Wing, D., Reddy, T., Patil, P., and P. Martinsen,
"Mobility with ICE (MICE)", draft-wing-mmusic-ice-
mobility-07 (work in progress), June 2014.
Appendix A. Change log
Changes in draft -00:
o Initial version, from mailing list discussion post-IETF 90.
Uberti & Lennox Expires September 10, 2015 [Page 11]
Internet-Draft IceNom March 2015
Authors' Addresses
Justin Uberti
Google
747 6th Ave S
Kirkland, WA 98033
USA
Email: justin@uberti.name
Jonathan Lennox
Vidyo
433 Hackensack Avenue
Hackensack, NJ 07601
USA
Email: jonathan@vidyo.com
Uberti & Lennox Expires September 10, 2015 [Page 12]