--- 1/draft-ietf-mmusic-sdp-comedia-03.txt 2006-02-05 00:28:20.000000000 +0100 +++ 2/draft-ietf-mmusic-sdp-comedia-04.txt 2006-02-05 00:28:20.000000000 +0100 @@ -1,17 +1,17 @@ INTERNET-DRAFT D. Yon -Document: draft-ietf-mmusic-sdp-comedia-03.txt Dialout.Net -Expires December 2002 June 2002 +Document: draft-ietf-mmusic-sdp-comedia-04.txt Dialout.Net +Expires January 2003 July 2002 Connection-Oriented Media Transport in SDP - + Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. @@ -58,53 +58,53 @@ appropriate, but [SDP] provides no way to describe a session that uses protocols other than RTP or UDP. Connection-oriented protocols introduce a new factor when describing a session: not only must it be possible to express that a protocol will be based on this protocol, but it must also describe the connection setup procedure. This memo defines two new protocol identifiers, TCP and TLS, along with the syntax and semantics of the a=direction and a=reconnect attributes. -Terminology +2 Terminology In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in RFC 2119 [7] and indicate requirement levels for compliant implementations. -2 Protocol Identifiers +3 Protocol Identifiers The m= line in [SDP] is where an endpoint specifies the protocol used for the media in the session. See the "Media Announcements" section of [SDP] for a discussion on protocol identifiers. -2.1 TCP +3.1 TCP The TCP protocol identifier is similar to the UDP protocol identifier in that it only describes the transport protocol without any connotation as to the upper-layer protocol. An m= line that specifies "TCP" MUST further qualify the protocol using a fmt identifier (see [SDP] Appendix B). -2.2 TLS +3.2 TLS The TLS protocol identifier specifies that the session will use the Transport Layer Security protocol [TLS] with an implied transport protocol of TCP. To describe a media session that uses TLS over TCP, the protocol identifier "TLS" must be specified in the m= line. -Yon INTERNET-DRAFT - Expires December 2002 2 +Yon INTERNET-DRAFT - Expires January 2003 2 An m= line that specifies TLS MUST further qualify the protocol using a fmt identifier. -3 Direction Attribute +4 Direction Attribute An important attribute of connection-oriented protocols is the setup procedure. One endpoint needs to initiate the connection and the other endpoint needs to accept the connection. The direction attribute is used to describe these roles, and the syntax is as follows: a=direction: [] The is one of the following: @@ -120,50 +120,50 @@ address and port number from where the connection will originate, and consists of the following values: nettype addrtype unicast-address [port] The is an optional value that SHOULD be specified with direction:active or direction:both, and MUST NOT be specified with direction:passive. Within the , the source port number is RECOMMENDED but may be omitted. -3.1 Semantics of direction:passive +4.1 Semantics of direction:passive By specifying direction:passive, the endpoint indicates that the port number specified in the m= line is available to accept a connection from the other endpoint. The endpoint MUST NOT specify a after direction:passive. -3.2 Semantics of direction:active +4.2 Semantics of direction:active By specifying direction:active, the endpoint indicates that it will initiate a connection to the port number on the m= line of the other endpoint. The port number on its own m= line is irrelevant, and the opposite endpoint MUST NOT attempt to initiate a connection to the port number specified there. Nevertheless, since the m= line must contain a valid port number, the endpoint specifying direction:active SHOULD specify a port number of 9 (the discard port) on its m= line. The endpoint MUST NOT specify a port number of zero, as that carries other semantics in [SDP]. -Yon INTERNET-DRAFT - Expires December 2002 3 +Yon INTERNET-DRAFT - Expires January 2003 3 The endpoint SHOULD specify the address and port number from which it will initiate the connection in the position on the a=direction line. The following SDP fragment shows an example of direction:active: c=IN IP4 10.1.1.1 m=image 9 TCP t38 a=direction:active IN IP4 10.1.1.1 1892 -3.3 Semantics of direction:both +4.3 Semantics of direction:both By specifying direction:both, the endpoint indicates that it will both accept a TCP connection on the port number of its own m= line, and that it will also initiate a connection to the port number on the m= line of the other endpoint. As with direction:active, the endpoint SHOULD specify the address and port number from which it will initiate the connection in the position on the a=direction line. @@ -193,21 +193,21 @@ direction:passive. Conversely, specifying direction:both when the other endpoint specifies direction:passive SHALL cause both endpoints to behave as if the former had specified direction:active. If both endpoints specify direction:both then each endpoint MUST initiate a connection to the port number specified on the m= line of the opposite endpoint. There is one exception to this requirement: if an endpoint receives the incoming connection from the opposite endpoint prior to initiating its own outbound connection, then that -Yon INTERNET-DRAFT - Expires December 2002 4 +Yon INTERNET-DRAFT - Expires January 2003 4 endpoint MAY use that connection rather than attempt to make an outbound connection to the opposite endpoint. If only one connection succeeds, then that connection will be used to carry the media. Once it has transmitted data on this connection, the initiating endpoint MUST NOT perform another connection attempt to the accepting endpoint. This allows the accepting endpoint to release or recycle the listening port for another session once it has received data from the initiating endpoint. @@ -216,21 +216,21 @@ a) Each endpoint MUST accept data from either connection. b) Once an endpoint has transmitted data to one of the connections, it MUST use that connection exclusively for transmission. c) Once an endpoint has transmitted AND received data, if one of the connections is determined to be idle, the endpoint SHOULD close the idle connection. -3.4 Optimizing direction:both +4.4 Optimizing direction:both As discussed in the previous section, there is the possibility that two connections will be created when only one is needed. While rules in the previous section accommodate the closing of an idle connection, they do not prevent a race condition where the endpoints simultaneously start sending data on opposite connections thereby causing two connections to be used where one would have sufficed. While it is not possible to entirely eliminate this race condition, it is in the endpoints' interest to minimize its occurrence. Therefore, when a session is negotiated through interactive exchange @@ -247,26 +247,26 @@ b) The Initiator, upon receiving sufficient information to initiate a connection, MUST attempt to connect to the Acceptor as soon as possible. c) In order to lower the likelihood that the Acceptor will also attempt to initiate a connection, the Initiator SHOULD incorporate a short delay between initiating the connection and sending the final SDP to the Acceptor. -Yon INTERNET-DRAFT - Expires December 2002 5 +Yon INTERNET-DRAFT - Expires January 2003 5 d) The delay time chosen by the Initiator MUST NOT introduce an unacceptable session setup delay should the connection to the Acceptor not succeed. -3.5 Bidirectional versus Unidirectional Media +4.5 Bidirectional versus Unidirectional Media In traditional SDP transport types the flow is unidirectional. If the intent is for media to flow in both directions, both endpoints must specify SDP that describes where to deliver the media and what media type(s) to use. For example, if only Endpoint A presents SDP then media can only flow towards Endpoint A, as Endpoint B has not specified where and how to send media to it. Because most connection-oriented media is inherently bi-directional, endpoints may encounter a situation where only one side presented @@ -279,21 +279,21 @@ data on the same connection it is using to receive data, so long as the other endpoint has advertised its willingness to accept data. Likewise, it is perfectly acceptable for an endpoint to receive data on the same connection it is using to transmit data to the corresponding remote endpoint. In other words, for a bi-directional application-level session, a connection may be used to send data in both directions (contingent to rules outlined in Section 2.3) as long as one side of the connection is attached to either of the advertised SDP transport addresses. -3.6 Treating UDP and RTP/AVP like Connection Oriented Media +4.6 Treating UDP and RTP/AVP like Connection Oriented Media Endpoints MAY specify a direction attribute for UDP or RTP/AVP media. This indicates that the endpoint would like to treat this media as a type of connection-oriented media. (The endpoint may do this to facilitate NAT traversal for example.) Note that for backwards compatibility, an endpoint which can specify direction:active MUST include valid addresses and ports in the SDP as always. If the peer's SDP does not include a direction attribute, it knows that the peer does not support connection- oriented media, and media exchange will proceed normally, as if @@ -301,34 +301,34 @@ Endpoints that specify direction:passive MUST NOT send any media, any packets whatsoever (including control packets such as RTCP), from their passive ports until they receive a packet on these ports and record the source address and port of the sender. The passive endpoint then assumes that the first packet received corresponds to its active peer. From this point onward, passive endpoints MUST send UDP or RTP media from the same port as the port indicated in the m= line. Passive endpoints MUST send RTCP media (if any) from -Yon INTERNET-DRAFT - Expires December 2002 6 +Yon INTERNET-DRAFT - Expires January 2003 6 the port on which they expect to receive it (typically the RTP port number plus 1). Endpoints that specify direction:active MUST be prepared to receive on the ports from which they send. Once they learn the IP address and port of their peer from the peer's SDP, they SHOULD immediately send some kind of media (even if just comfort noise) to each of these ports. This is so the peer can learn their IP address and port, in order to send media back without additional delay. Effectively, the exchange of the first media packet completes a bi- directional handshake between the active and passive peer. -4 Reconnect Attribute +5 Reconnect Attribute The preceding description of the a=direction attribute has been in the context of using SDP to initiate a session. However, SDP may be exchanged between endpoints at various stages of a session to accomplish tasks such as terminating a session, redirecting media to a new endpoint, renegotiating the media parameters for a session, etc. After the initial session has been established, it may be ambiguous as to whether subsequent SDP exchange represents a confirmation that the endpoint is to continue using the current media connection unchanged, or is a request to make a new media @@ -344,34 +344,34 @@ and MUST create a new connection according to the a=direction attribute in the SDP. If an endpoint receives SDP that contains a=reconnect, the endpoint's response MUST also contain a=reconnect. Endpoints MUST NOT include a=reconnect in SDP that negotiates the start of a session. See section 6, "Connection and Listener Lifetime Considerations" for more information on scenarios that are relevant to the a=reconnect attribute. -5 Source-Address Considerations +6 Source-Address Considerations In the cases where the endpoint is initiating the connection, the endpoint SHOULD specify a source address on the a=direction line. In addition, the endpoint SHOULD include the source port in the source address. In most environments, the source port number can be determined by binding the socket before initiating the connect, as shown in the sample C code below: { SOCKET s_id SOCKADDR_IN cli_sin; -Yon INTERNET-DRAFT - Expires December 2002 7 +Yon INTERNET-DRAFT - Expires January 2003 7 int namelen; // Create the socket s_id = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); // Bind the socket to any IP address and port bzero((char *)&cli_sin,sizeof(cli_sin)); cli_sin.sin_family = AF_INET; cli_sin.sin_addr.s_addr = htonl(INADDR_ANY); cli_sin.sin_port = 0; @@ -411,81 +411,81 @@ endpoint omits the source port, the source address can be ambiguous if multiple, logical endpoints share the same network address. Therefore it is NOT RECOMMENDED that the source address be used for this purpose unless the SDP occurs in the context of a controlled network topology that guarantees that the source address is both correct (i.e., no NAT, or a NAT with an Application-Level Proxy that rewrites the SDP) and unambiguous (i.e., the source port is specified). -Yon INTERNET-DRAFT - Expires December 2002 8 +Yon INTERNET-DRAFT - Expires January 2003 8 -5.1 Source Address Timing Considerations +6.1 Source Address Timing Considerations When used in conjunction with a session signaling protocol such as SIP, there may be cases where an endpoint initiates a connection prior to the opposite endpoint receiving the SDP that describe the source address of the initiating endpoint. Therefore, an endpoint that has advertised an address and port number with direction:both or direction:passive MUST be ready to accept a connection on that address and port immediately. If the accepting endpoint requires the source address to identify the initiating endpoint, it MUST keep the connection active and allow sufficient time for the source address to arrive before discarding the connection. -6 Connection and Listener Lifetime Considerations +7 Connection and Listener Lifetime Considerations -6.1 Listener Lifetime +7.1 Listener Lifetime An endpoint that has specified direction:both or direction:passive MUST be ready to accept a connection on the appropriate address and port during the time slot(s) advertised for that session. The endpoint MUST keep the address and port available for incoming connections until either: a) The time window for the session has expired, or b) The endpoint has received the expected number of incoming connections on that address and port, or c) Subsequent exchanges have superceded the SDP that originally advertised the availability of the address and port. Once the endpoint has determined that a listener is no longer needed on a specific address and port, it SHOULD terminate the listener. The endpoint is then free to re-use the address and port for subsequent session advertisements. -6.2 Connection Lifetime +7.2 Connection Lifetime An endpoint that intends to initiate the connection MUST initiate the connection immediately after it has sufficient information to do so, even if it does not intend to immediately begin sending media to the remote endpoint. This allows media to flow from the remote endpoint. An endpoint MUST NOT close the connection until the session has expired, been explicitly terminated, or the media stream is redirected to a different address or port. If the endpoint determines that the connection has been closed, it MAY attempt to re-establish the connection. The decision to do so is application and/or context dependant. If the endpoint opts to re-establish the connection, it MUST NOT assume that the original address and port advertised by the remote endpoint is still valid. -Yon INTERNET-DRAFT - Expires December 2002 9 +Yon INTERNET-DRAFT - Expires January 2003 9 Instead, the endpoint MUST renegotiate the session parameters by exchanging new SDP. -6.3 Session Renegotiation and Connection Lifetime +7.3 Session Renegotiation and Connection Lifetime There are scenarios where SDP is sent by an endpoint in order to renegotiate an existing session. These include muting/unmuting a session, renegotiating the attributes of the media used by the session, or extending the length of a session about to expire. Connection-oriented media introduces some ambiguities into session renegotiation as to when the direction attribute must be obeyed and when it is ignored. The scenario of extending the duration of an existing session is a @@ -508,36 +508,36 @@ connection, regardless of what is specified in the direction attribute. This disambiguates most session renegotiation scenarios, with the exception of muting. Muting a media stream is accomplished by sending the original session SDP but with an "a=inactive" or "a=sendonly/recvonly" attribute. This is still valid for connection oriented media, with the additional caveat that the endpoints MUST NOT close the connection described by that SDP. -7 Examples +8 Examples What follows are a number of examples that show the most common usage of the direction attribute combined with TCP-based media descriptions. For the purpose of brevity, the main portion of the session description is omitted in the examples and is assumed to be the following: v=0 o=me 2890844526 2890842807 IN IP4 10.1.1.2 s=Call me using TCP t=3034423619 3042462419 -Yon INTERNET-DRAFT - Expires December 2002 10 +Yon INTERNET-DRAFT - Expires January 2003 10 -7.1 Example: simple passive/active +8.1 Example: simple passive/active An endpoint at 10.1.1.2 signals the availability of a T.38 fax session at port 54111: c=IN IP4 10.1.1.2 m=image 54111 TCP t38 a=direction:passive An endpoint at 10.1.1.1 receiving this description responds with the following: @@ -552,21 +552,21 @@ committed to a source address with a simple modification: c=IN IP4 10.1.1.1 m=image 9 TCP t38 a=direction:active IN IP4 10.1.1.1 1892 By adding the source address to the a=direction line, the endpoint at 10.1.1.1 must now use a source port of 1892 when initiating the TCP connection to port 54111 at 10.1.1.2. -7.2 Example: simple passive/active with reconnect +8.2 Example: simple passive/active with reconnect Continuing the preceding example, consider the scenario where the TCP connection fails and the endpoints wish to reestablish the connection for the session. The endpoint at 10.1.1.2 signals this intent with the following SDP: c=IN IP4 10.1.1.2 m=image 54111 TCP t38 a=direction:passive a=reconnect @@ -577,26 +577,26 @@ Because the endpoint at 10.1.1.1 may not yet be aware that the TCP connection has failed, this eliminates any ambiguity. If 10.1.1.1 agrees to continue the session using a new connection, it responds with: c=IN IP4 10.1.1.1 m=image 9 TCP t38 a=direction:active IN IP4 10.1.1.1 1893 a=reconnect -Yon INTERNET-DRAFT - Expires December 2002 11 +Yon INTERNET-DRAFT - Expires January 2003 11 Note that the source port is different in this message, since the OS will have likely chosen a new ephemeral port number for the new connection. -7.3 Example: agnostic both +8.3 Example: agnostic both An endpoint at 10.1.1.2 signals the availability of a T.38 fax session at TCP port 54111, but is also willing to set up the media stream by initiating the TCP connection: c=IN IP4 10.1.1.2 m=image 54111 TCP t38 a=direction:both The endpoint at 10.1.1.1 has three choices: @@ -611,21 +611,21 @@ c=IN IP4 10.1.1.1 m=image 54321 TCP t38 a=direction:passive In this case the endpoint at 10.1.1.2 must initiate a connection to port 54321 at 10.1.1.1. 3) It can respond with a description that specifies direction:both, which is covered in the next example. -7.4 Example: redundant both +8.4 Example: redundant both An endpoint at 10.1.1.2 uses the same description as the previous example: c=IN IP4 10.1.1.2 m=image 54111 TCP t38 a=direction:both Unlike the previous example, the endpoint at 10.1.1.1 responds with the following description: @@ -633,21 +633,21 @@ c=IN IP4 10.1.1.1 m=image 54321 TCP t38 a=direction:both This will cause the endpoint at 10.1.1.2 to initiate a connection to port 54321 at 10.1.1.1, and the endpoint at 10.1.1.1 to initiate a connection to port 54111 at 10.1.1.2. Whichever TCP connection succeeds will be used. If both succeed, one of the connections may be closed as an optimization, using the rules in section 3.3. -Yon INTERNET-DRAFT - Expires December 2002 12 +Yon INTERNET-DRAFT - Expires January 2003 12 In order to minimize the chance that two connections are created, the endpoint at 10.1.1.1 may opt to use the recommendation in section 3.4, which would result in events occurring in the following sequence: 1) The endpoint at 10.1.1.2 sends SDP as listed above. The endpoint MUST enable a listener on port 54111 at this time, but is not able to initiate a TCP connection due to the fact that it does not have sufficient information from the endpoint at 10.1.1.1. @@ -660,21 +660,21 @@ endpoint at 10.1.1.2 to receive the TCP connection initiation. 4) After the short pause, the endpoint at 10.1.1.1 sends the SDP response as listed above. The pause in #3 gives the first TCP connection attempt a chance to succeed, since withholding the SDP response deprives the endpoint at 10.1.1.2 of the information it needs to attempt its own TCP connection. -7.5 Example: "Bidirectional" RTP and RTCP +8.5 Example: "Bidirectional" RTP and RTCP An endpoint at 10.1.1.2 is behind a NAT and does not know its own public address. c=IN IP4 10.1.1.2 m=audio 9 RTP/AVP 0 a=direction:active A peer with a public IP address responds as follows and waits to receive RTP and RTCP packets from its active peer. @@ -688,68 +688,68 @@ port 1542. The passive endpoint receives this RTP packet and stores this source address. When the passive endpoint wants to send RTP media it sends it back to 5.6.7.8 port 1542. The NAT translates this destination address back to 10.1.1.2 port 9012 and delivers it to the active endpoint. Likewise the endpoint at 10.1.1.2 immediately sends RTCP from port 9013 to 1.2.3.4:18241. The NAT translates this to 5.6.7.8:1984. The passive endpoint receives the RTCP packet and stores the source -Yon INTERNET-DRAFT - Expires December 2002 13 +Yon INTERNET-DRAFT - Expires January 2003 13 address. The passive endpoint sends its RTCP to 5.6.7.8:1984 which is translated back to 10.1.1.2:9013 and delivered to the active endpoint. -8 Security Considerations +9 Security Considerations See [SDP] for security and other considerations specific to the Session Description Protocol in general. A possible security concern arises if a firewall were to monitor and act on the source address as described in the note in Section 4. Firewall implementers must take care to ensure that the SDP came from a trusted source before deciding whether to change the network traffic restrictions currently imposed by the firewall. -9 IANA Considerations +10 IANA Considerations As recommended by [SDP] Appendix B, the direction and reconnect attributes described in this document should be registered with IANA, as should the "TCP" and "TLS" protocol identifiers. Acknowledgements The author would like to thank Jonathan Rosenberg, Rohan Mahy, Anders Kristensen, Jeorg Ott, Paul Kyzivat, and Robert Fairlie- Cuninghame for their valuable insights and contributions. -Yon INTERNET-DRAFT - Expires December 2002 14 +Yon INTERNET-DRAFT - Expires January 2003 14 Appendix A: Direction Attribute Syntax This appendix provides an Augmented BNF [ABNF] grammar for expressing the direction attribute for connection setup. It is intended as an extension to the grammar for the Session Description Protocol, as defined in [SDP]. Specifically, it describes the syntax for the new "connection-setup" attribute field, which MAY be either a session-level or media-level attribute. connection-setup = "direction" ":" direction-spec - direction-spec = "passive" | qualified-direction + direction-spec = "passive" / qualified-direction - qualified-direction = direction-ident | direction-ident source + qualified-direction = direction-ident / direction-ident source - direction-ident = "both" | "active" | "passive" + direction-ident = "both" / "active" / "passive" - source = nettype addrtype unicast-address | + source = nettype addrtype unicast-address / nettype addrtype unicast-address port reconnect-attribute = "reconnect" References [ABNF] D. Crocker, P. Overell, "Augmented BNF for Syntax Specifications: ABNF," RFC 2234, November 1997 [SDP] M. Handley, V. Jacobson, "SDP: Session Description @@ -758,35 +758,35 @@ [T38] International Telecommunication Union, "Procedures for Real-Time Group 3 Facsimile Communications over IP Networks," Recommendation T.38, June 1998 [TLS] T. Dierks, C. Allen, "The TLS Protocol," RFC 2246, January 1999 [UTF-8] F. Yergeau, "UTF-8, a transformation format of Unicode and ISO 10646," RFC 2044, October 1996 -AuthorĘs Address +Author's Address David Yon Dialout.Net, Inc. One Indian Head Plaza Nashua, NH 03060 Phone: (603) 324-4100 EMail: yon@dialout.net Full Copyright Statement Copyright (C) The Internet Society (2001). All Rights Reserved. -Yon INTERNET-DRAFT - Expires December 2002 15 +Yon INTERNET-DRAFT - Expires January 2003 15 This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for @@ -797,11 +797,11 @@ The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." -Yon INTERNET-DRAFT - Expires December 2002 16 +Yon INTERNET-DRAFT - Expires January 2003 16