wdiff draft-ietf-mmusic-sdp-comedia-05.txt draft-ietf-mmusic-sdp-comedia-06.txt

INTERNET-DRAFT
MMUSIC Working Group D. Yon
Document: draft-ietf-mmusic-sdp-comedia-05.txt Dialout.Net
Expires September 2003 March 2003
Internet-Draft Dialout.Net, Inc
Expires: November 12, 2004 G. Camarillo
Ericsson
May 14, 2004

Connection-Oriented Media Transport in SDP
<draft-ietf-mmusic-sdp-comedia-05.txt> the Session Description
Protocol (SDP)
draft-ietf-mmusic-sdp-comedia-06.txt

Status of this Memo

This document is an Internet-Draft

By submitting this Internet-Draft, I certify that any applicable
patent or other IPR claims of which I am aware have been disclosed,
and is any of which I become aware will be disclosed, in full conformance accordance with
all provisions of Section 10 of RFC2026.
RFC 3668.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-
Drafts. Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at:
http://www.ietf.org/ietf/1id-abstracts.txt at http://
www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at: at
http://www.ietf.org/shadow.html.

This Internet-Draft will expire on November 12, 2004.

Abstract

This document describes how to express media transport over
connection-oriented protocols using the Session Description Protocol
(SDP). It defines two new protocol identifiers: TCP and TLS. TCP/TLS. It
also defines the syntax and semantics for an SDP "direction"
attribute that setup attribute, which describes the connection
setup procedure.

Yon 1

1 procedure, and the SDP reconnect attribute.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Protocol Identifiers . . . . . . . . . . . . . . . . . . . . . 3
3.1 TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.2 TCP/TLS . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Setup Attribute . . . . . . . . . . . . . . . . . . . . . . . 4
4.1 The Setup Attribute in the Offer/answer Model . . . . . . 4
4.2 Multiple-Connection Avoidance when Using Actpass . . . . . 5
5. The Reconnect Attribute . . . . . . . . . . . . . . . . . . . 6
6. Connection Lifetime . . . . . . . . . . . . . . . . . . . . . 7
6.1 Session Renegotiation . . . . . . . . . . . . . . . . . . 7
7. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
7.1 Passive/Active . . . . . . . . . . . . . . . . . . . . . . 8
7.2 Passive/Active with Reconnect . . . . . . . . . . . . . . 9
7.3 Actpass . . . . . . . . . . . . . . . . . . . . . . . . . 9
8. Security Considerations . . . . . . . . . . . . . . . . . . . 10
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
11.1 Normative References . . . . . . . . . . . . . . . . . . . . 11
11.2 Informational References . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 12
Intellectual Property and Copyright Statements . . . . . . . . 13

1. Introduction

The Session Description Protocol [SDP] [4] provides a general-purpose
format for describing multimedia sessions in announcements or
invitations. SDP uses an entirely textual data format (the US-ASCII
subset of [UTF-8]) UTF-8 [6]) to maximize portability among transports. SDP
does not define a protocol, but only the syntax to describe a
multimedia session with sufficient information to discover and participate in that
session. Session descriptions may be sent using arbitrary existing
application protocols for transport (e.g., SAP,
SIP, RTSP, SAP [9], SIP [10], RTSP
[7], email, HTTP, HTTP [8], etc.).

[SDP] describes

SDP [4] defines two protocol identifiers: RTP/AVP and UDP, both of
which are unreliable, represent unreliable connectionless protocols, an protocols. While these
transports are appropriate
choice choices for multimedia streams. There are, however, streams, there are
applications for which the connection-oriented transports such as TCP are
more
appropriate, but [SDP] provides no way to describe a session that
uses protocols other than RTP or UDP. appropriate. We define two new protocol identifiers: TCP and
TCP/TLS. Both represent connection-oriented reliable transports.

Connection-oriented protocols introduce a new factor when describing
a session: not only must it be possible to express that a protocol
will be based on this protocol, but it must also describe how should end points perform the connection setup
procedure. This memo defines We define two new protocol
identifiers, TCP and TLS, along with the syntax and semantics of the
a=direction attributes to describe connection setup:
setup and a=reconnect attributes.

2 reconnect.

2. Terminology

In this document, the key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT
RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as
described in BCP 14, RFC 2119 [7] [2] and indicate requirement levels for
compliant implementations.

3. Protocol Identifiers

The m= line in [SDP] following is where an endpoint specifies the protocol
used ABNF for the an m= line, as specified by RFC 2327
[4].

media-field = "m=" media in the session. See the "Media Announcements"
section of [SDP] space port ["/" integer]
space proto 1*(space fmt) CRLF

We define two new values for a discussion on protocol identifiers. the proto field: TCP and TCP/TLS.

3.1 TCP

The TCP protocol identifier is similar to the UDP protocol identifier
in that it only describes the transport protocol without
any connotation as to protocol, and not the
upper-layer protocol. An m= line that specifies "TCP" MUST further
qualify the application-layer protocol using a an fmt identifier.

Media lines with the TCP protocol identifier (see [SDP] Appendix B). are carried using TCP
[1].

3.2 TLS TCP/TLS

The TLS TCP/TLS protocol identifier specifies that the session will use
the Transport Layer Security (TLS) protocol [TLS] with an implied transport
protocol of TCP. To describe [3] on top on a media session that uses TLS over
TCP, the protocol identifier "TLS" must be specified in the m= line.

Yon INTERNET-DRAFT - Expires September 2003 2 TCP [1]
connection.

An m= line that specifies TLS contain the TCP/TLS protocol identifier MUST further
qualify the protocol using a fmt identifier.

4 Direction

4. Setup Attribute

An important

The setup attribute indicates which of connection-oriented protocols is the setup
procedure. One endpoint needs to end points should initiate
the connection and the
other endpoint needs to accept establishment (e.g., send the connection. initial TCP SYN). The direction
setup attribute is used to describe these roles, charset-independent and the syntax is as
follows:

a=direction:<role> can be a session-level or
a media-level attribute. The <role> following is one the ABNF of the following:

passive: setup
attribute:

setup-attr = "a=setup:" role
role = "active" / "passive" / "actpass"

Active: The endpoint will accept initiate an incoming outgoing connection.

active:
Passive: The endpoint will initiate accept an outgoing incoming connection.

both:
ActPass: The endpoint will both accept an incoming connection and
will initiate an outgoing connection.

4.1 Semantics

The default value of direction:passive

By specifying direction:passive, the endpoint indicates that the
port number specified in the setup attribute is actpass. That is, an m=
line without an associated setup line is available considered to accept be actpass.

4.1 The Setup Attribute in the Offer/answer Model

The offer/answer model, defined in RFC 3264 [5], provides endpoints
with a
connection means to obtain shared view of a session. Some session
parameters are negotiated (e.g., codecs to use), while others are
simply communicated from one endpoint to the other endpoint.

4.2 Semantics (e.g., IP
addresses). The value of direction:active

By specifying direction:active, the endpoint setup attribute falls into the first
category. That is, both endpoints negotiate its value using the
offer/answer model.

The negotiation of the value of the setup attribute takes places as
follows. The offerer states which role or roles is willing to perform
and the answerer, taking the offerer's willingness into
consideration, chooses which roles both endpoints will actually
perform during connection establishment. The following are the values
that the setup attribute can take in an offer/answer exchange:

Offer Answer
_______________
active passive
passive active
actpass active / passive / actpass

The value active indicates that it will the endpoint SHOULD initiate a
connection to the port number on the m= line of the other endpoint.
The port number on its own m= line is irrelevant, and the opposite
endpoint MUST NOT attempt to initiate a connection to the port number
specified there. Nevertheless, since the m= line must contain a valid
port number, the endpoint specifying
direction:active using the value active SHOULD
specify a port number of 9 (the discard port) on its m= line. The
endpoint MUST NOT specify a port number of zero, as that carries
other semantics in [SDP]. SDP.

The following
SDP fragment shows an example of direction:active:

c=IN IP4 10.1.1.1
m=image 9 TCP t38
a=direction:active IN IP4

4.3 Semantics of direction:both

By specifying direction:both, the endpoint value passive indicates that it will
both the endpoint SHOULD be ready to
accept a TCP connection on the port number of its own specified in the m= line,
and line.

The value actpass indicates that it will also the endpoint SHOULD initiate a
connection to the port number on the m= line of the other endpoint.

Yon INTERNET-DRAFT - Expires September 2003 3
Since this attribute describes behavior endpoint
and that is similar the endpoint SHOULD be ready to
connectionless media descriptions accept a connection on the
port number specified in [SDP], it the m= line. It is RECOMMENDED that, if
possible, endpoints set the default value
for port number on their m= line to the direction attribute and is therefore optional.

Endpoints may choose
source port number which they will use to specify direction:both for one or more establish the connection
towards the remote endpoint. This way, the transport-layer protocol
(e.g., TCP) can take care of simultaneous opens.

Endpoints typically use the actpass value for the following reasons:

1)
1. The endpoint offerer has no preference as to whether it accepts or
initiates the connection, and therefore connection and, so, is offering letting the remote
endpoint a choice of connection setup procedures.

2) answerer choose.
2. The endpoints intend to use a single connection to transport the
media, but it is not known whether firewall NAT (Network Address
Translator) issues will prevent either endpoint from initiating
or accepting the connection. Therefore So, both endpoints will attempt to
initiate a connection in hopes hoping that at least one will succeed.

If one

4.2 Multiple-Connection Avoidance when Using Actpass

When an offer/answer exchange results in actpass, each endpoint specifies either direction:active or
direction:passive and
attempts to establish a transport connection towards the other specifies direction:both, both
endpoints MUST behave as if the latter had specified the inverse
direction
endpoint. If only one of the former. For example, specifying direction:both
when the other endpoint specifies direction:active SHALL cause both
endpoints connections succeeds, this connection is
used to behave as transfer media. Nevertheless, if the former had specified
direction:passive. Conversely, specifying direction:both when the
other endpoint specifies direction:passive SHALL cause both
endpoints connections succeed,
one of them needs to behave as if the former had specified direction:active.

If be terminated so that both endpoints specify direction:both then each endpoint MUST
initiate exchange
data over a connection single connection. In this section, we provide rules to
choose which of the two connections should be terminated (or not even
initiated).

First of all, if the endpoints follow the recommendation of setting
the port number specified on the in their m= line of to the opposite endpoint. There is one exception source port number which they
will use to this requirement: establish the connection towards the remote endpoint, the
transport layer should take care of simultaneous opens (at least if
TCP is the transport protocol). If, for some reason, any of the
endpoints does not follow this recommendation, both endpoints should
follow the rules below.

If an endpoint receives the incoming is notified about a connection establishment attempt
from the opposite other endpoint prior to initiating before performing its own outbound connection, then that
endpoint MAY use that connection rather than attempt to make an
outbound connection to the opposite endpoint.

If only one connection succeeds, then that connection will be used
to carry the media. Once attempt,
it has transmitted data on this
connection, the initiating SHOULD behave as a passive endpoint MUST and SHOULD NOT perform another
connection attempt to the accepting endpoint. This allows the
accepting endpoint to release or recycle the listening port for
another session once it has received data from the initiating
endpoint.

If both connections succeed, the following rules SHALL apply:

a) Each endpoint MUST accept data from either
establish any other connection.

b) Once

In case two connections are established, if an endpoint has transmitted receives data to
(i.e., media) over one of the connections,
it MUST use that connection exclusively for transmission.

c) Once an endpoint has transmitted AND received data, if one connections before having sent any data
on any of the
connections is determined to be idle, connections, the endpoint SHOULD close
the idle connection.

Yon INTERNET-DRAFT - Expires September 2003 4

4.4 Optimizing direction:both

As discussed in the previous section, there is terminate the possibility
connection that has not carried any data.

When two connections will be created when only one is needed. While
rules in the previous section accommodate the closing of an idle
connection, they do not prevent a race condition where the are established and both endpoints
simultaneously start sending
data on opposite connections thereby
causing two connections to be used where one would have sufficed.
While it is not possible to entirely eliminate this race condition, before receiving anything from the other endpoint, it is in may happen
that each of the endpoints' interest to minimize its occurrence.
Therefore, when endpoints choose a session is negotiated through interactive exchange
of SDP between endpoints (as in the case of SIP) AND the result of
the negotiation is that each endpoint specifies direction:both, it
is RECOMMENDED that the endpoints use the following guidelines:

a) There comes a point during the exchange of SDP where one endpoint
is prepared to send the final message that will complete the
negotiation and allow the session to begin. For the purposes of
this discussion, the endpoint that will send this final message
will be called the Initiator, and the endpoint that will receive
this message will be called the Acceptor.

b) The Initiator, upon receiving sufficient information to initiate a
connection, MUST attempt to connect to the Acceptor as soon as
possible.

c) In order to lower the likelihood that the Acceptor will also
attempt to initiate a connection, the Initiator SHOULD incorporate
a short delay between initiating the connection and sending the
final SDP to the Acceptor.

d) The delay time chosen by the Initiator MUST NOT introduce an
unacceptable session setup delay should the different connection to the
Acceptor not succeed.

4.5 Bidirectional versus Unidirectional Media

In traditional SDP transport types the flow is unidirectional. If
the intent is for media to flow in both directions, both endpoints
must specify SDP that describes where to deliver the media and what
media type(s) to use. For example, if only Endpoint A presents SDP
then media can only flow towards Endpoint A, as Endpoint B has not
specified where and how to send media to it.

Because most connection-oriented media is inherently bi-directional,
endpoints may encounter a situation where only one side presented
SDP yet there is now a network path that can carry media in either
direction. In keeping with traditional SDP semantics, an endpoint
MUST NOT send data to the other endpoint unless it has specified SDP
information describing
data. If the type of media it can accept.

It is, however, perfectly acceptable for an endpoint to transmit answerer receives data on the same over a connection it is using to receive data, so long as

Yon INTERNET-DRAFT - Expires September 2003 5
the other endpoint has advertised its willingness to accept data.
Likewise, it is perfectly acceptable for an endpoint to receive after having
sent data on the same connection other connection, it is using to transmit SHOULD continue sending data to on
the
corresponding remote endpoint. In other words, for a bi-directional
application-level session, a connection may be used to send until an application-layer data in
both directions (contingent to rules outlined in Section 2.3) as
long as one side of the connection is attached to either of the
advertised SDP transport addresses.

4.6 Treating UDP and RTP/AVP like Connection Oriented Media

Endpoints MAY specify a direction attribute for UDP or RTP/AVP
media. This indicates boundary. At
that point, the endpoint would like to treat this
media as a type of connection-oriented media. (The endpoint may do answerer SHOULD terminate this to facilitate NAT traversal for example.) Note that for
backwards compatibility, an endpoint which can specify
direction:active MUST include valid addresses and ports in the SDP
as always. If the peer's SDP does not include a direction
attribute, it knows that the peer does not support connection-
oriented media, and media exchange will proceed normally, as if
connection-oriented media were not offered.

Endpoints that specify direction:passive MUST NOT send any media,
any packets whatsoever (including control packets such as RTCP),
from their passive ports until they receive a packet on these ports
and record the source address connection and port of the sender. The passive
endpoint then assumes that the first packet received corresponds to
its active peer. From this point onward, passive endpoints MUST
send UDP or RTP media from the same port as the port indicated in
the m= line. Passive endpoints MUST send RTCP media (if any) from start
using the port connection on which they expect to receive it (typically the RTP port
number plus 1).

Endpoints offerer was sending data.

Note that specify direction:active MUST be prepared to receive
on the ports from which they send. Once they learn the IP address
and port of their peer from the peer's SDP, they SHOULD immediately
send some kind of media (even if just comfort noise) to each of
these ports. This is so the peer can learn their IP address and
port, different applications may define application-layer
boundaries in order different ways. A typical suitable point for the
answerer to send media back without additional delay.
Effectively, change connections is the exchange end of an application-layer
message and the first media packet completes a bi-
directional handshake between beginning of the active and passive peer.

5 next one.

5. The Reconnect Attribute

The preceding description of the a=direction setup attribute has been in the
context of using SDP to initiate a session. However, Still, SDP may be
exchanged between endpoints at various stages of a session to
accomplish tasks such as terminating a session, redirecting media to
a new endpoint, or renegotiating the media parameters for a session,
etc. session.
After the initial session has been established, it may be ambiguous
as to whether subsequent SDP exchange represents a confirmation that
the endpoint is to continue using the current media connection
unchanged, or is a request to make a new media

Yon INTERNET-DRAFT - Expires September 2003 6 connection. The
reconnect attribute attribute, which is charset-independent and can be a
session-level or a media-level attribute, is used to disambiguate
these two scenarios, and the syntax scenarios. The following is as follows:

a=reconnect

SDP containing a=reconnect signals that the specified session does
NOT refer to an existing connection between the two endpoints. If
the endpoints agree to continue ABNF of the session, reconnect
attribute:

reconnect-attr = "a=reconnect"

On reception of an m= line with a reconnect attribute, the endpoints MUST
SHOULD close the existing connection for the currently negotiated session, connection, in case it was still up, and MUST create
SHOULD establish a new connection according to the a=direction setup attribute in
the SDP. If an endpoint receives SDP that contains
a=reconnect, the endpoint's response MUST also contain a=reconnect.
Endpoints MUST NOT include a=reconnect in SDP that negotiates the
start of a session.

See section 6, "Connection and Listener Lifetime Considerations" for
more information on scenarios that are relevant to m= line.

Either the a=reconnect
attribute.

6 Connection and Listener Lifetime Considerations

6.1 Listener Lifetime

An endpoint that has specified direction:both offerer or direction:passive
MUST be ready to accept the answerer can include a connection on reconnect attribute
in an m= line. In any event, if the appropriate address and
port during offer contained this attribute,
the time slot(s) advertised for that session. The
endpoint answer MUST keep the address and port available for incoming
connections until either:

a) The time window for the session has expired, or

b) The endpoint has received the expected number of incoming
connections on that address and port, or

c) Subsequent exchanges have superceded the SDP that originally
advertised the availability of the address and port.

Once the endpoint has determined that a listener is no longer needed
on a specific address and port, contain it SHOULD terminate the listener.
The endpoint is then free to re-use the address and port for
subsequent session advertisements.

6.2 as well.

6. Connection Lifetime

An endpoint that intends to initiate the connection MUST SHOULD initiate
the connection immediately after it has sufficient information to do
so, even if it does not intend to immediately begin sending media to
the remote endpoint. This allows media to flow from the remote
endpoint. An endpoint MUST SHOULD NOT close the connection until the
session has expired, been explicitly terminated, or the media stream
is redirected to a different address or port.

Yon INTERNET-DRAFT - Expires September 2003 7

If the endpoint determines that the connection has been closed, it
MAY attempt to re-establish the connection. The decision to do so is
application and/or and context dependant. If the endpoint opts to
re-establish the connection, it MUST NOT assume that the original
address and port advertised by the remote endpoint is still valid.
Instead, the endpoint MUST renegotiate the session parameters by
exchanging new SDP.

6.3

6.1 Session Renegotiation and Connection Lifetime

There are scenarios where SDP is sent by an endpoint in order to
renegotiate an existing session. These include muting/unmuting a
session, renegotiating the attributes of the media used by the
session, or extending the length of a session about to expire.
Connection-oriented media introduces some ambiguities into session
renegotiation as to when the direction attribute must be obeyed and
when it is ignored.

The scenario of extending the duration of an existing session is a
good example: in order to extend an existing session, endpoints will
typically resend the original SDP with updated time information. In
connectionless media the result is no change to the existing media
streams. The problem with connection oriented media is that the
original SDP will contain a direction setup attribute which can be
construed considered
as a request to create a new connection, as opposed to a request to
maintain steady state. To avoid this ambiguity, the The following rule SHALL apply to subsequent exchanges of SDP: help avoid this ambiguity:

If the transport section (the c= and m= lines)
combined with the direction attribute of an SDP
message
description describes an existing connection between two
endpoints, AND endpoints
and the SDP m= line does not contain a=reconnect,
then a reconnect attribute, the
endpoints MUST SHOULD use that connection to carry the media described
in the remainder of the message. The endpoints MUST SHOULD NOT attempt
to set up a new connection, regardless of what is specified in the
direction
setup attribute.

This disambiguates most session renegotiation scenarios, with
Note that if the
exception of muting. Muting a media stream is accomplished by
sending port number in the original session SDP but with an "a=inactive" or
"a=sendonly/recvonly" attribute. This m= line changes, there is still valid for connection
oriented media, with no
need to use the additional caveat that reconnect attribute because the endpoints MUST
NOT close new port will
trigger the establishment of a new connection described by that SDP.

7 anyway.

7. Examples

What follows are a number of examples that show the most common usage
of the direction setup attribute combined with TCP-based media descriptions.
For the purpose of brevity, the main portion of the session
description is omitted in the examples and is assumed to be the
following:

Yon INTERNET-DRAFT - Expires September 2003 8

v=0
o=me 2890844526 2890842807 IN IP4 10.1.1.2
s=Call me using TCP
t=3034423619 3042462419

7.1 Example: simple passive/active Passive/Active

An endpoint offerer at 10.1.1.2 192.0.2.2 signals the its availability of for a T.38 fax
session at port 54111:

c=IN IP4 10.1.1.2 192.0.2.2
m=image 54111 TCP t38
a=direction:passive
a=setup:passive

An endpoint answerer at 10.1.1.1 192.0.2.1 receiving this description offer responds with the
following:
following answer:

c=IN IP4 10.1.1.1 192.0.2.1
m=image 9 TCP t38
a=direction:active
a=setup:active

The endpoint at 10.1.1.1 192.0.2.1 then initiates the TCP connection to port
54111 at 10.1.1.2. 192.0.2.2.

7.2 Example: simple passive/active Passive/Active with reconnect Reconnect

Continuing the preceding example, consider the scenario where the TCP
connection fails and the endpoints wish to reestablish the connection
for the session. The endpoint at 10.1.1.2 192.0.2.2 signals this intent with
the following SDP:

c=IN IP4 10.1.1.2 192.0.2.2
m=image 54111 TCP t38
a=direction:passive
a=setup:passive
a=reconnect

The a=reconnect reconnect attribute informs the endpoint at 10.1.1.1 192.0.2.1 that this
SDP represents the intent to establish a new connection for media
transport, rather than continuing with the original connection.
Because the endpoint at 10.1.1.1 192.0.2.1 may not yet be aware that the TCP
connection has failed, this eliminates any ambiguity. If 10.1.1.1 192.0.2.1
agrees to continue the session using a new connection, it responds
with:

c=IN IP4 10.1.1.1 192.0.2.1
m=image 9 TCP t38
a=direction:active
a=setup:active IN IP4
a=reconnect

7.3 Example: agnostic both Actpass

An endpoint offerer at 10.1.1.2 192.0.2.2 signals the its availability of for a T.38 fax
session at TCP port 54111, but 54111. Additionally, this offerer is also willing
to set up the media stream by initiating the TCP connection:

Yon INTERNET-DRAFT - Expires September 2003 9
c=IN IP4 10.1.1.2
m=image 54111 TCP t38
a=direction:both

The endpoint at 10.1.1.1 has three choices:

1) It can respond with either of the two direction:active
descriptions listed in the previous example. In this case the
endpoint at 10.1.1.1 must initiate a connection to port 54111
at 10.1.1.2.

2) It can respond with a description similar to the following:

c=IN IP4 10.1.1.1
m=image 54321 TCP t38
a=direction:passive

In this case the endpoint at 10.1.1.2 must initiate a
connection to port 54321 at 10.1.1.1.

3) It can respond with a description that specifies
direction:both, which is covered in the next example.

7.4 Example: redundant both

An endpoint at 10.1.1.2 uses the same description as the previous
example:

c=IN IP4 10.1.1.2 192.0.2.2
m=image 54111 TCP t38
a=direction:both

Unlike the previous example, the
a=setup:actpass

The endpoint at 10.1.1.1 192.0.2.1 responds with the following description:

c=IN IP4 10.1.1.1 192.0.2.1
m=image 54321 TCP t38
a=direction:both
a=setup:actpass

This will cause the endpoint at 10.1.1.2 offerer (at 192.0.2.2) to initiate a connection
to port 54321 at 10.1.1.1, 192.0.2.1 and the endpoint at 10.1.1.1 answerer (at 192.0.2.1) to
initiate a connection to port 54111 at 10.1.1.2. Whichever TCP connection
succeeds will be used. If both succeed, one of the connections may
be closed as an optimization, using the rules in section 3.3.

In order to minimize the chance that two connections are created,
the endpoint at 10.1.1.1 may opt to use 192.0.2.2. Ideally, the recommendation in
section 3.4, which
offerer would result in events occurring in the following
sequence:

1) The endpoint at 10.1.1.2 sends SDP use 192.0.2.2:5411 as listed above. The
endpoint MUST enable a listener on port 54111 at this time,
but is not able to initiate a TCP connection due to the fact

Yon INTERNET-DRAFT - Expires September 2003 10
that it does not have sufficient information from the endpoint
at 10.1.1.1.

2) The endpoint at 10.1.1.1, upon receiving the SDP, immediately
initiates a TCP connection to 10.1.1.2:54111.

3) In order to minimize the chance source of a duplicate connection, its connection
attempt and the
endpoint at 10.1.1.1 pauses answerer would use 192.0.2.1:54321 as its.

8. Security Considerations

See RFC 2327 [4] for a short time security and other considerations specific to allow
the
endpoint at 10.1.1.2 Session Description Protocol in general.

An attacker may attempt to receive the substitute TCP/TLS with only TCP connection initiation.

4) After the short pause, the endpoint at 10.1.1.1 sends the SDP
response as listed above.

The pause in #3 gives the first TCP connection attempt a chance
session description. So, it is STRONGLY RECOMMENDED that integrity
protection be applied to
succeed, since withholding the SDP response deprives the endpoint at
10.1.1.2 of session descriptions. For session
descriptions carried in SIP [10], S/MIME is the information it needs natural choice to attempt its own TCP
connection.

7.5 Example: "Bidirectional" RTP and RTCP

An endpoint at 10.1.1.2 is behind
provide such end-to-end integrity protection, as described in RFC
3261 [10]. Other applications MAY use a different form of integrity
protection.

This document touches upon NAT and does not know its own
public address.

c=IN IP4 10.1.1.2
m=audio 9 RTP/AVP 0
a=direction:active

A peer with a public IP address responds as follows and waits to
receive RTP and RTCP packets from its active peer.

c=IN IP4 1.2.3.4
m=audio 18240 RTP/AVP 0
a=direction:passive

The endpoint at 10.1.1.2 immediately sends RTP from port 9012 traversal. Implementers should be
aware of some issues that relate to
1.2.3.4 port 18240. A NAT translates the source address use of private IP addresses
within the offer/answer model (i.e., they are not specific to 5.6.7.8
port 1542. The passive endpoint receives this RTP packet and stores this source address.
document).

When the passive an endpoint wants to send RTP
media it sends it back to 5.6.7.8 port 1542. The NAT translates this
destination receives a session description with a private IP
address back to 10.1.1.2 port 9012 and delivers it that belongs to a different address space, in most of the active endpoint.

Likewise
cases, the endpoint at 10.1.1.2 immediately sends RTCP from port
9013 will not be able to 1.2.3.4:18241. The NAT translates reach such an address.
Nevertheless, if this to 5.6.7.8:1984. The
passive endpoint receives particular address also exists in the RTCP packet and stores
endpoint's address space, the source
address. The passive endpoint sends its RTCP to 5.6.7.8:1984 which
is translated back to 10.1.1.2:9013 and delivered to may end up reaching a
different peer than the active
endpoint.

8 Security Considerations

See [SDP] for security and other considerations specific to one that generated the
Session Description Protocol in general.

Yon INTERNET-DRAFT - Expires September 2003 11

9 session description.
It is RECOMMENDED that endpoints authenticate their peer somehow
(e.g., using TLS [3]) or that they encrypt their media.

9. IANA Considerations

As recommended

This document defines two session and media level SDP attributes:
setup and reconnect. Their formats are defined in Section 4 and
Section 5 respectively. These two attributes should be registered by [SDP] Appendix B,
the direction IANA on http://www.iana.org/assignments/sdp-parameters under
"att-field (both session and reconnect
attributes described in this media level)".

This document defines two proto values: TCP and TCP/TLS. Their
formats are defined in Section 3.1 and Section 3.2 respectively.
These two proto values should be registered with
IANA, as should by the "TCP" and "TLS" protocol identifiers. IANA on http://
www.iana.org/assignments/sdp-parameters under "proto".

10. Acknowledgements

The author authors would like to thank Jonathan Rosenberg, Rohan Mahy,
Anders Kristensen, Jeorg Joerg Ott, Paul Kyzivat, and Robert Fairlie-
Cuninghame
Fairlie-Cuninghame, and Colin Perkins for their valuable insights and
contributions.

Yon INTERNET-DRAFT - Expires

11. References

11.1 Normative References

[1] Postel, J., "Transmission Control Protocol", STD 7, RFC 793,
September 2003 12

Appendix A: Direction Attribute Syntax

This appendix provides an Augmented BNF [ABNF] grammar for
expressing the direction attribute for connection setup. It is
intended as an extension to the grammar 1981.

[2] Bradner, S., "Key words for the Session Description
Protocol, as defined use in [SDP]. Specifically, it describes the
syntax for the new "connection-setup" attribute field, which MAY be
either a session-level or media-level attribute.

connection-setup = "direction" ":" direction-spec

direction-spec = "both" / "active" / "passive"

reconnect-attribute = "reconnect"

References

[ABNF] D. Crocker, P. Overell, "Augmented BNF for Syntax
Specifications: ABNF," RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.

[3] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2234, November 1997

[SDP] M.
2246, January 1999.

[4] Handley, M. and V. Jacobson, "SDP: Session Description
Protocol,"
Protocol", RFC 2327, April 1998

[T38] International Telecommunication Union, "Procedures for
Real-Time Group 3 Facsimile Communications over IP
Networks," Recommendation T.38, June 1998

[TLS] T. Dierks, C. Allen, "The TLS Protocol," 1998.

[5] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with
Session Description Protocol (SDP)", RFC 2246,
January 1999

[UTF-8] F. 3264, June 2002.

[6] Yergeau, F., "UTF-8, a transformation format of Unicode
and ISO 10646," 10646", STD
63, RFC 3629, November 2003.

11.2 Informational References

[7] Schulzrinne, H., Rao, A. and R. Lanphier, "Real Time Streaming
Protocol (RTSP)", RFC 2326, April 1998.

[8] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L.,
Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol --
HTTP/1.1", RFC 2616, June 1999.

[9] Handley, M., Perkins, C. and E. Whelan, "Session Announcement
Protocol", RFC 2044, 2974, October 1996

Author's Address 2000.

[10] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
Peterson, J., Sparks, R., Handley, M. and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002.

Authors' Addresses

David Yon
Dialout.Net, Inc. Inc
One Indian Head Plaza
Nashua, NH 03060

Phone: (603) 324-4100
USA

EMail: yon@dialout.net

Full Copyright

Gonzalo Camarillo
Ericsson
Hirsalantie 11
Jorvas 02420
Finland

EMail: Gonzalo.Camarillo@ericsson.com

Intellectual Property Statement

This document and translations IETF takes no position regarding the validity or scope of it may any
Intellectual Property Rights or other rights that might be copied and furnished claimed to
others, and derivative works that comment on or otherwise explain it
or assist in its
pertain to the implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction use of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However, technology described in
this

Yon INTERNET-DRAFT - Expires September 2003 13 document itself may or the extent to which any license under such rights
might or might not be modified in available; nor does it represent that it has
made any independent effort to identify any way, such as by removing rights. Information
on the copyright notice or references IETF's procedures with respect to rights in IETF Documents can
be found in BCP 78 and BCP 79.

Copies of IPR disclosures made to the Internet Society IETF Secretariat and any
assurances of licenses to be made available, or other
Internet organizations, except as needed for the purpose result of
developing Internet standards in which case the procedures an
attempt made to obtain a general license or permission for
copyrights defined in the Internet Standards process must be
followed, use of
such proprietary rights by implementers or as required to translate it into languages other than
English.

The limited permissions granted above are perpetual and will not users of this
specification can be
revoked by obtained from the Internet Society or IETF on-line IPR repository at
http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its successors attention any
copyrights, patents or patent applications, or assigns. other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.

Disclaimer of Validity

This document and the information contained herein is are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIMS DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."

Yon INTERNET-DRAFT - Expires September 2003 14 PURPOSE.

Copyright (C) The Internet Society (2004). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.

Acknowledgment

Funding for the RFC Editor function is currently provided by the
Internet Society.