TSVWG                                                            V. Roca
Internet-Draft                                                  B. Teibi
Intended status: Standards Track                                   INRIA
Expires: September 5, November 7, 2018                                 March 4,                                    May 6, 2018

Sliding Window Random Linear Code (RLC) Forward Erasure Correction (FEC)
                          Schemes for FECFRAME
                   draft-ietf-tsvwg-rlc-fec-scheme-02
                   draft-ietf-tsvwg-rlc-fec-scheme-03

Abstract

   This document describes two fully-specified FEC Forward Erasure
   Correction (FEC) Schemes for Sliding Window Random Linear Codes
   (RLC), one for RLC over GF(2) (binary case), a second one for RLC
   over GF(2^^8), both of them with the possibility of controlling the
   code density.  They are meant to can protect arbitrary media streams along the
   lines defined by FECFRAME extended to sliding window FEC codes.
   These sliding window FEC codes rely on an encoding window that slides
   over the source symbols, generating new repair symbols whenever
   needed.  Compared to block FEC codes, these sliding window FEC codes
   offer key advantages with real-
   time real-time flows in terms of reduced FEC-related FEC-
   related latency while often providing improved packet erasure
   recovery capabilities.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 5, November 7, 2018.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  Limits of Block Codes with Real-Time Flows  . . . . . . .   3
     1.2.  Lower Latency and Better Protection of Real-Time Flows
           with the Sliding Window RLC Codes . . . . . . . . . . . .   4
     1.3.  Small Transmission Overheads with the Sliding Window RLC
           FEC Scheme  . . . . . . . . . . . . . . . . . . . . . . .   5
     1.4.  Document Organization . . . . . . . . . . . . . . . . . .   5   6
   2.  Definitions and Abbreviations . . . . . . . . . . . . . . . .   6
   3.  Procedures  . . . . . . . . . . . . . . . . . . . . . . . . .   6   7
     3.1.  Parameters  Possible Parameter Derivation . . . . . . . . . . . . . .   7
       3.1.1.  Detailed Parameter Derivation for CBR Real-Time Flows   8
       3.1.2.  Parameter Derivation for Other Real-Time Flows  . . .  10
       3.1.3.  Parameter Derivation for Non Real-Time Flows  . . . .   7  10
     3.2.  ADU, ADUI and Source Symbols Mappings . . . . . . . . . .   9  11
     3.3.  Encoding Window Management  . . . . . . . . . . . . . . .  10  12
     3.4.  Pseudo-Random Number Generator  . . . . . . . . . . . . .  11  13
     3.5.  Coding Coefficients Generation Function . . . . . . . . .  12  14
     3.6.  Linear Combination of Source Symbols Computation  . . . .  16
   4.  Sliding Window RLC FEC Scheme over GF(2^^8) for Arbitrary ADU
       Flows . . . . . . . . . . . . . . . . . . . . . . . . . . . .  14  17
     4.1.  Formats and Codes . . . . . . . . . . . . . . . . . . . .  14  17
       4.1.1.  FEC Framework Configuration Information . . . . . . .  14  17
       4.1.2.  Explicit Source FEC Payload ID  . . . . . . . . . . .  15  18
       4.1.3.  Repair FEC Payload ID . . . . . . . . . . . . . . . .  16  19
       4.1.4.  Additional Procedures . . . . . . . . . . . . . . . .  17  20
   5.  Sliding Window RLC FEC Scheme over GF(2) for Arbitrary ADU
       Flows . . . . . . . . . . . . . . . . . . . . . . . . . . . .  18  21
     5.1.  Formats and Codes . . . . . . . . . . . . . . . . . . . .  18  21
       5.1.1.  FEC Framework Configuration Information . . . . . . .  18  21
       5.1.2.  Explicit Source FEC Payload ID  . . . . . . . . . . .  18  21
       5.1.3.  Repair FEC Payload ID . . . . . . . . . . . . . . . .  18  21
       5.1.4.  Additional Procedures . . . . . . . . . . . . . . . .  18  21
   6.  FEC Code Specification  . . . . . . . . . . . . . . . . . . .  18  21
     6.1.  Encoding Side . . . . . . . . . . . . . . . . . . . . . .  18  21
     6.2.  Decoding Side . . . . . . . . . . . . . . . . . . . . . .  19  22
   7.  Implementation Status . . . . . . . . . . . . . . . . . . . .  20  23
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .  20  23
     8.1.  Attacks Against the Data Flow . . . . . . . . . . . . . .  20  24
       8.1.1.  Access to Confidential Content  . . . . . . . . . . .  20  24
       8.1.2.  Content Corruption  . . . . . . . . . . . . . . . . .  21  24
     8.2.  Attacks Against the FEC Parameters  . . . . . . . . . . .  21  24
     8.3.  When Several Source Flows are to be Protected Together  .  21  25
     8.4.  Baseline Secure FEC Framework Operation . . . . . . . . .  21  25
   9.  Operations and Management Considerations  . . . . . . . . . .  22  25
     9.1.  Operational Recommendations: Finite Field GF(2) Versus
           GF(2^^8)  . . . . . . . . . . . . . . . . . . . . . . . .  22  25
     9.2.  Operational Recommendations: Coding Coefficients Density
           Threshold . . . . . . . . . . . . . . . . . . . . . . . .  22  25
   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  23  26
   11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  23  26
   12. References  . . . . . . . . . . . . . . . . . . . . . . . . .  23  26
     12.1.  Normative References . . . . . . . . . . . . . . . . . .  23  26
     12.2.  Informative References . . . . . . . . . . . . . . . . .  24  27
   Appendix A.  Decoding Beyond Maximum Latency Optimization . . . .  26  29
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  26  30

1.  Introduction

   Application-Level Forward Erasure Correction (AL-FEC) codes, or
   simply FEC codes, are a key element of communication systems.  They
   are used to recover from packet losses (or erasures) during content
   delivery sessions to a large number of receivers (multicast/broadcast
   transmissions).  This is the case with the FLUTE/ALC protocol
   [RFC6726] in case of when used for reliable file transfers over lossy networks,
   and the FECFRAME protocol when used for reliable continuous media
   transfers over lossy networks.

   The present document only focusses on the FECFRAME protocol, used in
   multicast/broadcast delivery mode, with contents that feature
   stringent real-time constraints: each source packet has a maximum
   validity period after which it will not be considered by the
   destination application.

1.1.  Limits of Block Codes with Real-Time Flows

   With FECFRAME, there is a single FEC encoding point (either a end-
   host/server (source) or a middlebox) and a single FEC decoding point
   (either a end-host (receiver) or middlebox).  In this context,
   currently standardized AL-FEC codes for FECFRAME like Reed-Solomon
   [RFC6865], LDPC-Staircase [RFC6816], or Raptor/RaptorQ, are all
   linear block codes: they require the data flow to be segmented into
   blocks of a predefined maximum size.

   Defining

   To define this block size requires size, it is required to find an appropriate
   balance between robustness and decoding latency: the larger the block
   size, the higher the robustness (e.g., in front of long packet
   erasure bursts), but also the higher the maximum decoding latency
   (i.e., the maximum time required to recover an a lost (erased) packet
   thanks to FEC protection).  Therefore, with a multicast/broadcast
   session where different receivers experience different packet loss
   rates, the block size should be chosen by considering the worst
   communication conditions one wants to support, but without exceeding
   the desired maximum decoding latency.  This choice will impact then impacts the
   FEC-related latency of all receivers, even those experiencing a good
   communication quality, since no FEC encoding can happen until all receivers. the
   source data of the block is available at the sender, which directly
   depends on the block size.

1.2.  Lower Latency and Better Protection of Real-Time Flows with the
      Sliding Window RLC Codes

   This document introduces two fully-specified FEC Schemes that follow
   a totally different approach: the Sliding Window Random Linear Codes
   (RLC) over either Finite Field GF(2) or GF(8).  These FEC Schemes are
   used to protect arbitrary media streams along the lines defined by
   FECFRAME extended to sliding window FEC codes [fecframe-ext].  These
   FEC Schemes Schemes, and more generally Sliding Window FEC codes, are extremely efficient
   recommended for instance with media that feature real-time
   constraints sent within a multicast/broadcast
   session. session [Roca17].

   The RLC codes belong to the broad class of sliding window AL-FEC
   codes (A.K.A. convolutional codes).  The encoding process is based on
   an encoding window that slides over the set of source packets (in
   fact source symbols as we will see in Section 3.2), and which is
   either of fixed or variable size (elastic window).  Repair packets
   (symbols) are generated and sent on-the-fly, after computing a random linear
   combination of the source symbols present in the current encoding window.
   window, and passed to the transport layer.

   At the receiver, a linear system is managed from the set of received
   source and repair packets.  New variables (representing source
   symbols) and equations (representing the linear combination of each
   repair symbol received) are added upon receiving new packets.
   Variables are removed when they are too old with respect to their
   validity period (real-time constraints), as well as the associated
   equations they are involved in (Appendix A introduces an optimization
   that extends the time a variable is considered in the system).  Lost
   source symbols are then recovered thanks to this linear system
   whenever its rank permits it.

   With RLC codes (more generally with sliding window codes), the
   protection of a multicast/broadcast session also needs to be
   dimensioned by considering the worst communication conditions one
   wants to support.  However the receivers experiencing a good to
   medium communication quality will observe a reduced FEC-related
   latency close compared to zero block codes [Roca17] since an isolated lost
   source packet is quickly recovered with the following repair packet.
   On the opposite, with a block code, recovering an isolated lost
   source packet always requires waiting the end of the block for the first repair packet to arrive.
   arrive after the end of the block.  Additionally, under certain
   situations (e.g., with a limited FEC-
   related FEC-related latency budget and with
   constant bit rate bitrate transmissions after FECFRAME encoding), sliding
   window codes achieve can more easily efficiently achieve a target transmission
   quality (e.g., measured by the residual loss after FEC decoding) by
   sending fewer repair packets (i.e., higher code rate) than block
   codes.

1.3.  Small Transmission Overheads with the Sliding Window RLC FEC
      Scheme

   The Sliding Window RLC FEC Scheme is designed so as to reduce limit the
   transmission packet
   header overhead.  The main requirement is that each repair packet
   header must enable a receiver to reconstruct the set of source
   symbols plus the associated coefficients used during the encoding
   process.  In order to minimize packet overhead, the set of source
   symbols in the encoding window as well as the set of coefficients
   over GF(2^^m) (where m is 1 or 8, depending on the FEC Scheme) used
   in the linear combination are not individually listed in the repair
   packet header.  Instead, each FEC Repair Packet header contains:

   o  the Encoding Symbol Identifier (ESI) of the first source symbol in
      the encoding window as well as the number of symbols (since this
      number may vary with a variable size, elastic window).  These two
      pieces of information enable each receiver to easily reconstruct the set
      of source symbols considered during encoding, the only constraint
      being that there cannot be any gap;
   o  the seed used by a coding coefficients generation function
      (Section 3.5).  This information enables each receiver to generate
      the same set of coding coefficients over GF(2^^m) as the sender;

   Therefore, no matter the number of source symbols present in the
   encoding window, each FEC Repair Packet features a fixed 64-bit long
   header, called Repair FEC Payload ID (Figure 7).  Similarly, each FEC
   Source Packet features a fixed 32-bit long trailer, called Explicit
   Source FEC Payload ID (Figure 5), that contains the ESI of the first
   source symbol (see the ADUI and source symbol mapping, Section 3.2).

1.4.  Document Organization

   This fully-specified FEC Scheme follows the structure required by
   [RFC6363], section 5.6.  "FEC Scheme Requirements", namely:

   3.  Procedures:  This section describes procedures specific to this
      FEC Scheme, namely: RLC parameters derivation, ADUI and source
      symbols mapping, pseudo-random number generator, and coding
      coefficients generation function;
   4.  Formats and Codes:  This section defines the Source FEC Payload
      ID and Repair FEC Payload ID formats, carrying the signalling
      information associated to each source or repair symbol.  It also
      defines the FEC Framework Configuration Information (FFCI)
      carrying signalling information for the session;
   5.  FEC Code Specification:  Finally this section provides the code
      specification.

2.  Definitions and Abbreviations

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

   This document uses the following definitions and abbreviations:

   GF(q)  denotes a finite field (also known as the Galois Field) with q
      elements.  We assume that q = 2^^m in this document
   m  defines the length of the elements in the finite field, in bits.
      In this document, m is equal to 1 or 8
   ADU:  Application Data Unit
   ADUI:  Application Data Unit Information (includes the F, L and
      padding fields in addition to the ADU)
   E: size of an encoding symbol (i.e., source or repair symbol),
      assumed fixed (in bytes)
   br_in:  transmission bitrate at the input of the FECFRAME sender,
      assumed fixed (in bits/s)
   br_out:  transmission bitrate at the output of the FECFRAME sender,
      assumed fixed (in bits/s)
   max_lat:  maximum FEC-related latency within FECFRAME (in seconds)
   cr:  RLC coding rate, ratio between the total number of source
      symbols and the total number of source plus repair symbols
   plr:  packet loss rate on the packet erasure channel
   ew_size:  encoding window current size at a sender (in symbols)
   ew_max_size:  encoding window maximum size at a sender (in symbols)
   dw_max_size:  decoding window maximum size at a receiver (in symbols)
   ls_max_size:  linear system maximum size (or width) at a receiver (in
      symbols)
   PRNG:  pseudo-random number generator
   pmms_rand(maxv):  PRNG defined in Section 3.4 and used in this
      specification, that returns a new random integer in [0; maxv-1]
   DT:  coding coefficients density threshold, an integer between 0 and
      15 (inclusive) the controls the fraction of coefficients that are
      non zero

3.  Procedures

   This section introduces the procedures that are used by this these FEC
   Scheme.
   Schemes.

3.1.  Parameters  Possible Parameter Derivation

   The Sliding Window RLC FEC Scheme relies on several key parameters:

   Maximum FEC-related latency budget, max_lat (in seconds)  A source
      ADU flow can have real-time constraints, and therefore any
      FECFRAME related operation must take place within the validity
      period of each ADU.  When there are multiple flows with different
      real-time constraints, we consider the most stringent constraints
      (see [RFC6363], Section 10.2, item 6, for recommendations when
      several flows are globally protected).  The maximum FEC-related
      latency budget, max_lat, accounts for all sources of latency added
      by FEC encoding (at a sender) and FEC decoding (at a receiver).
      Other sources of latency (e.g., added by network communications)
      are out of scope and must be considered separately (said
      differently, they have already been deducted from max_lat).
      max_lat can be regarded as the latency budget permitted for all
      FEC-related operations.  This is an input parameter that enables
      to derive other internal parameters as explained below;
   Encoding window current (resp. maximum) size, ew_size (resp.
   ew_max_size) (in symbols):
      these parameters are used by a sender during FEC encoding.  More
      precisely, each repair symbol is a linear combination of the
      ew_size source symbols present in the encoding window when RLC
      encoding took place.  In all situations, we MUST have:

         ew_size <= ew_max_size
   Decoding  At session start, the encoding window will
      probably be small and then progressively increase until it reaches
      its maximum value.  At any time:

         ew_size <= ew_max_size
   Decoding window maximum size, dw_max_size (in symbols):  at a
      receiver, this parameter determines the maximum size of the
      decoding window.  Said differently, this is denotes the maximum number of received or
      lost source symbols in the linear system (i.e., the variables)
      that are still within their latency budget.  In
      situations where packets are sent with a fixed period, the
      dw_max_size parameter directly determines the budget;
   Linear system maximum decoding
      latency experienced size, ls_max_size (in symbols):  The linear
      system maximum size managed by the receiver, which necessarily needs to a receiver SHOULD NOT be
      in line with the smaller
      than this decoding window maximum FEC-related latency budget.  Note also
      that size, since it would mean that,
      after receiving a sufficient number of FEC Repair Packets, an ADU
      may not be recovered just because it has been removed from the optimization detailed in Appendix A can extend
      linear system, and not because it has timed-out.  This would be
      counter-productive.  On the opposite, the linear system MAY grow
      beyond this value with additional old source symbols (that timed-out) beyond
      dw_max_size; kept in the linear
      system whereas their associated ADUs timed-out (Appendix A);
   Symbol size, E (in bytes) and RLC code rate (cr):  the E parameter
      determines the (source or repair) source and repair symbol sizes. sizes (necessarily equal).
      The cr parameter determines the code rate, i.e., the amount of
      redundancy added to the flow (it (i.e., cr is the ratio between the
      total number of source symbols and the total number of source plus
      repair symbols).  These two parameters are input parameters that
      enable to derive other internal parameters as explained below.  In practice they
      will usually  An
      implementation at a sender SHOULD fix the E parameter and
      communicate it as part of the FEC Scheme-Specific Information
      (Section 4.1.1.2).  However there is no need to communicate the cr
      parameter per see (it's not required to process a repair packet at
      a receiver).  This code rate parameter can be fixed, especially with multicast/broadcast
      transmissions.  In specific use-cases, fixed.  However, in particular
      specific use-cases (e.g., with unicast transmissions in presence
      of a feedback mechanism that estimates the communication quality (out-of-scope quality,
      out-of-scope of FECFRAME), the code rate may be adjusted
      dynamically.

   Let us assume that the encoding symbol size (E, in bytes) and code
   rate (cr) are constant.  Let us also assume a constant transmission
   bitrate (br_out,

   The FEC Schemes specified in bits/s) at the output of the FECFRAME sender (as this document can be used in [Roca17]).  It means that the various
   manners.  They can protect one or more source flow bitrate needs to ADU flows having real-
   time constraints, or they can protect non-realtime source ADU flows.
   The source ADU flows may be
   adjusted according to Constant Bitrate (CBR) flows, while other
   may be of Variable Bitrate (VBR).  The FEC Schemes can be used in
   various environments like the added repair flow overhead Internet or over a CBR channel.  It
   follows that the FEC Scheme parameters can be derived in different
   ways, as described in order to keep the total transmission bitrate fixed and equal to br_out. following sections.

3.1.1.  Detailed Parameter Derivation for CBR Real-Time Flows

   In order
   to comply with the maximum FEC-related latency budget following, we need:

      dw_max_size = (max_lat * br_out * cr) / (8 * E)

   Sometimes consider a real-time flow with max_lat latency
   budget.  The encoding symbol size (E, in bytes) is constant.  The
   code rate (cr) is also constant, in line with the opposite can happen: expected
   communication loss model.  However the choice of this cr value is out
   of scope for this document.

   In a first configuration, the source ADU flow bitrate at the input of
   the FECFRAME sender is fixed (br_in, in bits/s).  It means that the
   transmission bitrate at the output of the FECFRAME sender will be
   higher, depending on the added repair flow overhead.  In order to
   comply with the maximum FEC-related latency budget budget, we need: have:

      dw_max_size = (max_lat * br_in) / (8 * E)

   Finally, there are situations where no such assumption can be made
   (e.g., with a variable bit rate input flow).

   In that case a second configuration, the
   encoding and decoding window FECFRAME sender generates a fixed
   bitrate flow, equal to the CBR channel bitrate (br_out, in bits/s),
   as in [Roca17].  The maximum sizes may source flow bitrate needs to be initialized, based
   on such
   that, with the input added repair flow features (e.g., overhead, the peak total transmission
   bitrate if remains (inferior or) equal to br_out.  Here we have:

      dw_max_size = (max_lat * br_out * cr) / (8 * E)

   For decoding to be possible, it is known)
   and great care must required that the encoding window
   maximum size be taken on timing aspects at a sender (see
   Section 3.3) and receiver.  The details of how most equal to manage these
   situations are use-case dependent and out of scope of this document.

   Then, the decoding window maximum size.
   So, once the dw_max_size has been determined, the ew_max_size can
   be defined.  For decoding to be possible, it is required that the
   encoding window maximum size SHOULD
   be at most equal to the decoding window
   maximum size.  It is often good practice to choose [Roca17]: computed with ([Roca17]):

      ew_max_size = dw_max_size * 0.75

   However any value

   The ew_max_size < dw_max_size can be used without
   impact on the FEC-related latency budget.  Finding is the optimal value
   will depend on main parameter, used by a FECFRAME sender.
   Whenever the use-case details and should be determined after
   simulations or field trials.  This FEC protection (i.e., cr value) is sufficient in front
   of course out of scope of this
   document.

   Note that the decoding beyond maximum latency optimization
   (Appendix A) enables an old source symbol to be kept in packet loss model, the linear
   system beyond ew_max_size guaranties that the FEC-related latency budget,
   recovery of lost ADUs will happen at a FECFRAME receiver on time.

   The dw_max_size is computed by a FECFRAME sender but not delivered explicitly
   communicated to a FECFRAME receiver.  However a FECFRAME receiver can
   easily evaluate the receiving application.  In any case, ew_max_size by observing the maximum Number of
   Source Symbols (NSS) value contained in the Repair FEC Payload ID of
   received FEC Repair Packets (Section 4.1.3).  A receiver can then
   easily compute dw_max_size:

      dw_max_size = max_NSS_observed / 0.75

   and chose an appropriate maximum linear system size.  Having a
   limited linear system maximum size is greater than (with the decoding optimization) or equal a practical requirement that enables to
   (without) the decoding window maximum size:
   forget old source symbols, no longer needed.  We have:

      ls_max_size >= dw_max_size

3.2.  ADU, ADUI and Source Symbols Mappings

   An ADU, coming from

   Using the application, cannot be mapped same maximum size is the minimum.  But it is good practice
   to source
   symbols directly.  Indeed, use a lost ADU recovered at a receiver must
   contain enough information larger value for ls_max_size as explained in Appendix A,
   without impacting maximum latency nor interoperability.

   The particular case of session start needs to be assigned to managed
   appropriately.  Here the right application
   flow (UDP port numbers and IP addresses cannot be used to that
   purpose as they are not protected by FEC encoding).  This requires
   adding ew_size progressively increases, upon
   receiving new source ADUs at the flow identifier to each ADU before doing FECFRAME sender, until it reaches
   the ew_max_size value, A FECFRAME receiver SHOULD continuously
   observe the received FEC encoding.

   Additionally, Repair Packets, since ADUs the NSS value carried
   in the Repair FEC Payload ID will increase too, and adjust the
   ls_max_size accordingly.

3.1.2.  Parameter Derivation for Other Real-Time Flows

   There are situations where the real-time source ADU flow is of
   variable size, padding bitrate (VBR).  A first possibility is needed so
   that each ADU (with its flow identifier) contribute to an integral
   number of source symbols.  This requires adding consider the original ADU
   length to each ADU before doing FEC encoding.  Because peak
   bitrate of these
   requirements, an intermediate format, the ADUI, or source ADU Information,
   is considered [RFC6363].

   For each incoming ADU, an ADUI flow, when this parameter is created as follows.  First known, and to
   reuse the derivation of all,
   3 bytes Section 3.1.1.

   There are prepended (Figure 1):

   Flow ID (F) (8-bit field):  this unsigned byte contains the integer
      identifier associated to also situations where the source ADU flow to which this ADU
      belongs.  It is assumed that a single byte peak bitrate is sufficient, which
      implies not know.  In
   that no more than 256 flows will be protected by a single
      FECFRAME instance.
   Length (L) (16-bit field):  this unsigned integer contains the length
      of this ADU, in network byte order (i.e., big endian).  This
      length is for case the previous parameter derivation cannot be directly
   applied.  An approach in that case consists in using ADU itself and does not include the F, L, or Pad
      fields.

   Then, zero padding is added to timing
   information when present (e.g., using the ADU if needed:

   Padding (Pad) (variable size field):  this timestamp field contains zero
      padding of an RTP
   packet header) to align manage the F, L, ADU and padding up to encoding window accordingly, in
   particular removing old symbols whose associated ADUs timed-out.

   No matter the choice of the FECFRAME sender, a size that is
      multiple FECFRAME receiver can
   still easily evaluate the ew_max_size by observing the maximum Number
   of E bytes (i.e., Source Symbols (NSS) value contained in the source Repair FEC Payload ID
   of received FEC Repair Packets.  A receiver can then compute
   dw_max_size and repair symbol length).

   The data unit resulting from derive an appropriate maximum linear system size,
   ls_max_size.

   When the ADU observed NSS fluctuates significantly and perhaps slowly, a
   FECFRAME receiver may want to adapt its ls_max_size accordingly in
   order to avoid managing linear systems that would be significantly
   too large.  It is worth noticing however that it is preferable to use
   an ls_max_size too large than the F, L, opposite.

   Beyond these general guidelines, the details of how to manage these
   situations at a FECFRAME sender and Pad fields is
   called ADUI.  Since ADUs can have different sizes, receiver remain out of scope of
   this document.

3.1.3.  Parameter Derivation for Non Real-Time Flows

   Finally there are situations where there is also no known real-time
   constraints.  FECFRAME and the
   case for ADUIs.  However an ADUI always contributes to FEC Schemes defined in this document
   can still be used.  The choice of appropriate parameter values can be
   directed by practical considerations.  It can be an integral
   number estimation of source symbols.

      symbol length, E              E                     E
   < ------------------ >< ------------------ >< ------------------ >
   +-+--+---------------------------------------------+-------------+
   |F| L|                     ADU                     |     Pad     |
   +-+--+---------------------------------------------+-------------+

    Figure 1: ADUI Creation example (here 3 source symbols are created
                              for this ADUI).

   Note that neither the initial 3 bytes nor the optional padding are
   sent over the network.  However, they are considered during FEC
   encoding, and a receiver who lost a certain FEC Source Packet (e.g., the UDP datagram containing this FEC Source Packet) will
   maximum memory amount that could be able to
   recover the ADUI if FEC decoding succeeds.  Thanks dedicated to the initial 3
   bytes, this receiver will get rid linear system at
   a FECFRAME receiver, or CPU computation requirements at a FECFRAME
   receiver, both of them depending on the padding (if any) and
   identify ls_max_size.  The same
   considerations can also apply to the corresponding ADU flow.

3.3.  Encoding Window Management

   Source symbols FECFRAME sender, where maximum
   memory and CPU computation requirements depend on the corresponding ADUs are removed from the
   encoding window:

   o  when the sliding encoding window has reached its maximum size, ew_max_size.  In that case
   Here also, the oldest symbol MUST be removed
      before adding NSS value contained in FEC Repair Packets is used to
   inform a new symbol, so that FECFRAME receiver of the current encoding coding window size always remains inferior or equal to the maximum size: ew_size
      <= ew_max_size;
   o  when an ADU has reached (and
   ew_max_size by observing its maximum validity duration in case value over the time).

   Beyond these general guidelines, the details of how to manage these
   situations at a
      real-time flow.  When FECFRAME sender and receiver remain out of scope of
   this happens, all source symbols
      corresponding to the document.

3.2.  ADU, ADUI that expired SHOULD be removed from the
      encoding window; and Source symbols are added to the sliding encoding window each time Symbols Mappings

   At a
   new sender, an ADU arrives, once coming from the ADU application cannot directly be
   mapped to source symbols mapping has been
   performed (Section 3.2).  The current size of symbols.  When multiple source flows (e.g., media
   streams) are mapped onto the encoding window,
   ew_size, same FECFRAME instance, each flow is updated after adding new source symbols.
   assigned its own Flow ID value (see below).  At a sender, this
   identifier is prepended to each ADU before FEC encoding.  This process
   may require way,
   FEC decoding at a receiver also recovers this Flow ID and a recovered
   ADU can be assigned to remove old the right source symbols so that: ew_size <=
   ew_max_size.

   Note flow (note that a transport
   port numbers and IP addresses cannot be used to that purpose as they
   are not recovered during FEC codec may feature practical limits in the decoding).

   Additionally, since ADUs are of variable size, padding is needed so
   that each ADU (with its flow identifier) contribute to an integral
   number of source symbols in the encoding window (e.g., for computational
   complexity reasons). symbols.  This factor may further limit requires adding the ew_max_size
   value, in addition original ADU
   length to each ADU before doing FEC encoding.  Because of these
   requirements, an intermediate format, the maximum FEC-related latency budget
   (Section 3.1).

3.4.  Pseudo-Random Number Generator

   The RLC codes rely on ADUI, or ADU Information,
   is considered [RFC6363].

   For each incoming ADU, an ADUI MUST created as follows.  First of
   all, 3 bytes are prepended (Figure 1):

   Flow ID (F) (8-bit field):  this unsigned byte contains the following Pseudo-Random Number Generator
   (PRNG), identical integer
      identifier associated to the PRNG used with LDPC-Staircase codes
   ([RFC5170], section 5.7).

   The Park-Miler "minimal standard" PRNG [PM88] MUST be used. source ADU flow to which this ADU
      belongs.  It
   defines a simple multiplicative congruential algorithm: Ij+1 = A * Ij
   (modulo M), with the following choices: A = 7^^5 = 16807 and M =
   2^^31 - 1 = 2147483647.  A validation criteria of such is assumed that a PRNG single byte is the
   following: if seed = 1, then the 10,000th value returned MUST sufficient, which
      implies that no more than 256 flows will be
   equal to 1043618065.

   Several implementations of protected by a single
      FECFRAME session instance.
   Length (L) (16-bit field):  this PRNG are known and discussed in unsigned integer contains the
   literature.  An optimized implementation length
      of this algorithm, using
   only 32-bit mathematics, ADU, in network byte order (i.e., big endian).  This
      length is for the ADU itself and which does not require any division, can
   be found in [rand31pmc].  It uses include the Park and Miller algorithm
   [PM88] with F, L, or Pad
      fields.

   Then, zero padding is added to the optimization suggested by D.  Carta in [CA90].  The
   history behind ADU if needed:

   Padding (Pad) (variable size field):  this algorithm field contains zero
      padding to align the F, L, ADU and padding up to a size that is detailed in [WI08].  Yet, any other
   implementation
      multiple of E bytes (i.e., the PRNG algorithm that matches source and repair symbol length).

   The data unit resulting from the above
   validation criteria, like ADU and the ones detailed in [PM88], is
   appropriate.

   This PRNG produces, natively, a 31-bit value between 1 F, L, and 0x7FFFFFFE
   (2^^31-2) inclusive.  Since it Pad fields is desired to scale the pseudo-random
   number between 0 and maxv-1 inclusive, one must keep
   called ADUI.  Since ADUs can have different sizes, this is also the most
   significant bits
   case for ADUIs.  However an ADUI always contributes to an integral
   number of source symbols.

      symbol length, E              E                     E
   < ------------------ >< ------------------ >< ------------------ >
   +-+--+---------------------------------------------+-------------+
   |F| L|                     ADU                     |     Pad     |
   +-+--+---------------------------------------------+-------------+

    Figure 1: ADUI Creation example (here 3 source symbols are created
                              for this ADUI).

   Note that neither the value returned by initial 3 bytes nor the PRNG (the least
   significant bits optional padding are known to be less random, and modulo-based
   solutions should be avoided [PTVF92]).  The following algorithm MUST
   be used:

   Input:

      raw_value: random integer generated by
   sent over the inner PRNG algorithm,
      between 1 and 0x7FFFFFFE (2^^31-2) inclusive.
      maxv: upper bound used network.  However, they are considered during the scaling operation.

   Output:

      scaled_value: random integer between 0 FEC
   encoding, and maxv-1 inclusive.

   Algorithm:

      scaled_value = (unsigned long) ((double)maxv * (double)raw_value /
      (double)0x7FFFFFFF);
      (NB: a receiver who lost a certain FEC Source Packet (e.g.,
   the above C type casting to unsigned long UDP datagram containing this FEC Source Packet when UDP is equivalent used
   as the transport protocol) will be able to
      using floor() with positive floating point values.)

   In this document, pmms_rand(maxv) denotes recover the PRNG function that
   implements ADUI if FEC
   decoding succeeds.  Thanks to the Park-Miller "minimal standard" algorithm, defined
   above, initial 3 bytes, this receiver will
   get rid of the padding (if any) and that scales identify the raw value between 0 corresponding ADU
   flow.

3.3.  Encoding Window Management

   Source symbols and maxv-1 inclusive,
   using the above scaling algorithm.

   Additionally, corresponding ADUs are removed from the pmms_srand(seed) function must be provided to
   enable
   encoding window:

   o  when the initialization of sliding encoding window has reached its maximum size,
      ew_max_size.  In that case the PRNG with a seed oldest symbol MUST be removed
      before calling
   pmms_rand(maxv) the first time.  The seed is adding a 31-bit integer between
   1 and 0x7FFFFFFE inclusive.  In this specification, new symbol, so that the seed is
   restricted current encoding window
      size always remains inferior or equal to a value between 1 and 0xFFFF inclusive, as this is the
   Repair_Key 16-bit field value maximum size: ew_size
      <= ew_max_size;
   o  when an ADU has reached its maximum validity duration in case of a
      real-time flow.  When this happens, all source symbols
      corresponding to the Repair FEC Payload ID
   (Section 4.1.3).

3.5.  Coding Coefficients Generation Function

   The coding coefficients, used during ADUI that expired SHOULD be removed from the
      encoding process, window;

   Source symbols are
   generated at the RLC encoder by added to the generate_coding_coefficients()
   function sliding encoding window each time a
   new repair symbol needs ADU arrives, once the ADU to be produced. source symbols mapping has been
   performed (Section 3.2).  The
   fraction current size of coefficients that are non zero (i.e., the density) encoding window,
   ew_size, is
   controlled by updated after adding new source symbols.  This process
   may require to remove old source symbols so that: ew_size <=
   ew_max_size.

   Note that a FEC codec may feature practical limits in the DT (Density Threshold) parameter.  When DT equals
   15, number of
   source symbols in the maximum encoding window (e.g., for computational
   complexity reasons).  This factor may further limit the ew_max_size
   value, in addition to the function guaranties that all coefficients
   are non zero (i.e., maximum density).  When DT is between 0 (minimum
   value) and strictly inferior FEC-related latency budget
   (Section 3.1).

3.4.  Pseudo-Random Number Generator

   The RLC codes rely on the following Pseudo-Random Number Generator
   (PRNG), identical to 15, the average probability of having PRNG used with LDPC-Staircase codes
   ([RFC5170], section 5.7).

   The Park-Miler "minimal standard" PRNG [PM88] MUST be used.  It
   defines a non zero coefficient equals (DT +1) / 16.

   These considerations apply both simple multiplicative congruential algorithm: Ij+1 = A * Ij
   (modulo M), with the RLC over GF(2) following choices: A = 7^^5 = 16807 and RLC over
   GF(2^^8), the only difference being the value M =
   2^^31 - 1 = 2147483647.  A validation criteria of such a PRNG is the m parameter.
   With
   following: if seed = 1, then the RLC over GF(2) FEC Scheme (Section 5), m MUST be equal to 1.
   With RLC over GF(2^^8) FEC Scheme (Section 4), m 10,000th value returned MUST be
   equal to 8.

   <CODE BEGINS>
   /*
    * Fills 1043618065.

   Several implementations of this PRNG are known and discussed in the table
   literature.  An optimized implementation of coding coefficients (of this algorithm, using
   only 32-bit mathematics, and which does not require any division, can
   be found in [rand31pmc].  It uses the right size)
    * provided Park and Miller algorithm
   [PM88] with the appropriate number of coding coefficients to
    * use for the repair symbol key provided.
    *
    * (in) repair_key    key associated to optimization suggested by D.  Carta in [CA90].  The
   history behind this repair symbol. This
    *                    parameter algorithm is ignored (useless) if m=2 and dt=15
    * (in) cc_tab[]      pointer to a table of the right size detailed in [WI08].

   This PRNG produces, natively, a 31-bit value between 1 and 0x7FFFFFFE
   (2^^31-2) inclusive.  Since it is desired to store
    *                    coding coefficients. All coefficients are
    *                    stored as bytes, regardless of scale the m parameter,
    *                    upon return of this function.
    * (in) cc_nb pseudo-random
   number between 0 and maxv-1 inclusive, one must keep the most
   significant bits of entries in the table. This value is
    *                    equal returned by the PRNG (the least
   significant bits are known to be less random, and modulo-based
   solutions should be avoided [PTVF92]).  The following algorithm MUST
   be used:

   Input:

      raw_value: random integer generated by the current encoding window size.
    * (in) dt inner PRNG algorithm,
      between 1 and 0x7FFFFFFE (2^^31-2) inclusive.
      maxv: upper bound used during the scaling operation.

   Output:

      scaled_value: random integer between 0 and 15 (inclusive) that maxv-1 inclusive.

   Algorithm:

      scaled_value = (unsigned long) ((double)maxv *                    controls (double)raw_value /
      (double)0x7FFFFFFF);
      (NB: the density. With value 15, all
    *                    coefficients are guaranteed above C type casting to unsigned long is equivalent to
      using floor() with positive floating point values.)

   In this document, pmms_rand(maxv) denotes the PRNG function that
   implements the Park-Miller "minimal standard" algorithm, defined
   above, and that scales the raw value between 0 and maxv-1 inclusive,
   using the above scaling algorithm.

   Additionally, the pmms_srand(seed) function must be non zero
    *                    (i.e. equal provided to 1
   enable the initialization of the PRNG with GF(2) a seed before calling
   pmms_rand(maxv) the first time.  The seed is a 31-bit integer between
   1 and equal 0x7FFFFFFE inclusive.  In this specification, the seed is
   restricted to a
    * value in {1,... 255} with GF(2^^8)), otherwise
    *                    a fraction between 1 and 0xFFFF inclusive, as this is the
   Repair_Key 16-bit field value of the Repair FEC Payload ID
   (Section 4.1.3).

3.5.  Coding Coefficients Generation Function

   The coding coefficients, used during the encoding process, are
   generated at the RLC encoder by the generate_coding_coefficients()
   function each time a new repair symbol needs to be produced.  The
   fraction of coefficients that are non zero (i.e., the density) is
   controlled by the DT (Density Threshold) parameter.  When DT equals
   15, the maximum value, the function guaranties that all coefficients
   are non zero (i.e., maximum density).  When DT is between 0 (minimum
   value) and strictly inferior to 15, the average probability of having
   a non zero coefficient equals (DT +1) / 16.

   These considerations apply both the RLC over GF(2) and RLC over
   GF(2^^8), the only difference being the value of the m parameter.
   With the RLC over GF(2) FEC Scheme (Section 5), m MUST be equal to 1.
   With RLC over GF(2^^8) FEC Scheme (Section 4), m MUST be equal to 8.

   <CODE BEGINS>
   /*
    * Fills in the table of coding coefficients (of the right size)
    * provided with the appropriate number of coding coefficients to
    * use for the repair symbol key provided.
    *
    * (in) repair_key    key associated to this repair symbol. This
    *                    parameter is ignored (useless) if m=2 and dt=15
    * (in) cc_tab[]      pointer to a table of the right size to store
    *                    coding coefficients. All coefficients are
    *                    stored as bytes, regardless of the m parameter,
    *                    upon return of this function.
    * (in) cc_nb         number of entries in the table. This value is
    *                    equal to the current encoding window size.
    * (in) dt            integer between 0 and 15 (inclusive) that
    *                    controls the density. With value 15, all
    *                    coefficients are guaranteed to be non zero
    *                    (i.e. equal to 1 with GF(2) and equal to a
    *                    value in {1,... 255} with GF(2^^8)), otherwise
    *                    a fraction of them will be 0.

    * (in) m             Finite Field GF(2^^m) parameter. In this
    *                    document only values 1 and 8 are considered.
    * (out)              returns an error code
    */
   int generate_coding_coefficients (UINT16    repair_key,
                                     UINT8     cc_tab[],
                                     UINT16    cc_nb,
                                     UINT8     dt,
                                     UINT8     m)
   {
       UINT32    i;

       if (dt > 15) {
           return SOMETHING_WENT_WRONG; /* bad dt parameter */
       }
       if (repair_key == 0 && dt != 15 && m != 2) {
           return SOMETHING_WENT_WRONG; /* bad repair_key parameter */
       }
       switch (m)
           return SOMETHING_WENT_WRONG; /* bad repair_key parameter */
       }
       switch (m) {
       case 1:
           if (dt == 15) {
               /* all coefficients are 1 */
               memset(cc_tab, 1, cc_nb);
           } else {
               /* here coefficients are either 0 or 1 */
               pmms_srand(repair_key);
               pmms_rand(16);    /* skip the first PRNG value */
               for (i = 0 ; i < cc_nb ; i++) {
                   if (pmms_rand(16) <= dt) {
                       cc_tab[i] = (UINT8) 1;
                   } else {
                       cc_tab[i] = (UINT8) 0;
                   }
               }
           }
           break;

       case 8:
           pmms_srand(repair_key);
           pmms_rand(256);    /* skip the first PRNG value */
           if (dt == 15) {
               /* coefficient 0 is avoided here in order to include
                * all the source symbols */
               for (i = 0 ; i < cc_nb ; i++) {
                   do {
       case 1:
           if (dt
                       cc_tab[i] = (UINT8) pmms_rand(256);
                   } while (cc_tab[i] == 15) {
               /* all coefficients are 1 */
               memset(cc_tab, 1, cc_nb); 0);
               }

           } else {
               /* here a certain fraction of coefficients are either should be 0 or 1 */
               pmms_srand(repair_key);
               for (i = 0 ; i < cc_nb ; i++) {
                   if (pmms_rand(16) <= dt) {
                       do {
                           cc_tab[i] = (UINT8) 1; pmms_rand(256);
                       } while (cc_tab[i] == 0);
                   } else {
                       cc_tab[i] = (UINT8) 0;
                   }
               }
           }
           break;

       case 8:
           pmms_srand(repair_key);
           if (dt == 15) {
               /* coefficient 0 0;
                   }
               }
           }
           break;

       default:
           /* bad parameter m */
           return SOMETHING_WENT_WRONG;
       }
       return EVERYTHING_IS_OKAY;
   }
   <CODE ENDS>

       Figure 2: Coding Coefficients Generation Function pseudo-code

   One can note in the above function that each call to pmms_srand()
   (PRNG initialisation) is immediately followed by a call to
   pmms_rand() whose return value is ignored.  This extra call is
   motivated by a possible bias in the first value generated depending
   on the way the repair key is managed by a FECFRAME implementation.
   Indeed, the PRNG sequences produced by two seeds in sequence have a
   high probability of starting with the same value since I1 = A * seed
   (modulo M) which is further scaled to a small range (either {0, ...
   15} or {0, ... 255}).  Producing several times the same first coding
   coefficient could reduce the protection of the first source symbol if
   multiple repair symbols are produced with the same coding window's
   left edge.  The extra call avoids such side effects.

3.6.  Linear Combination of Source Symbols Computation

   The two RLC FEC Schemes require the computation of a linear
   combination of source symbols, using the coding coefficients produced
   by the generate_coding_coefficients() function and stored in the
   cc_tab[] array.

   With the RLC over GF(2^^8) FEC Scheme, a linear combination of the
   ew_size source symbol present in the encoding window, say src_0 to
   src_ew_size_1, in order to generate a repair symbol, is computed as
   follows.  For each byte of position i in each source and the repair
   symbol, where i belongs to {0; E-1}, compute:

      repair[i] = cc_tab[0] * src_0[i] + cc_tab[1] * src_1[i] + ... +
      cc_tab[ew_size - 1] * src_ew_size_1[i]

   where * is avoided here the multiplication over GF(2^^8) and + is an XOR
   operation.  In practice various optimizations need to be used in
   order to include
                * make this computation efficient (see in particular [PGM13]).

   With the RLC over GF(2) FEC Scheme (binary case), a linear
   combination is computed as follows.  The repair symbol is the XOR sum
   of all the source symbols */
               for (i = 0 ; i < cc_nb ; i++) {
                   do {
                       cc_tab[i] = (UINT8) pmms_rand(256);
                   } while (cc_tab[i] == 0);
               }

           } else {
               /* here corresponding to a certain fraction of coding coefficient
   cc_tab[j] equal to 1 (i.e., the source symbols corresponding to zero
   coding coefficients should be 0 */
               for (i = 0 ; are ignored).  The XOR sum of the byte of
   position i < cc_nb ; i++) {
                   if (pmms_rand(16) <= dt) {
                       do {
                           cc_tab[i] = (UINT8) pmms_rand(256);
                       } while (cc_tab[i] == 0);
                   } else {
                       cc_tab[i] = 0;
                   }
               }
           }
           break;

       default:
           /* bad parameter m */
           return SOMETHING_WENT_WRONG;
       }
       return EVERYTHING_IS_OKAY;
   }
   <CODE ENDS>

       Figure 2: Coding Coefficients Generation Function pseudo-code in each source is computed and stored in the corresponding
   byte of the repair symbol, where i belongs to {0; E-1}.  In practice,
   the XOR sums will be computed several bytes at a time (e.g., on 64
   bit words, or on arrays of 16 or more bytes when using SIMD CPU
   extensions).

   With both FEC Schemes, the details of how to optimize the computation
   of these linear combinations are of high practical importance but out
   of scope of this document.

4.  Sliding Window RLC FEC Scheme over GF(2^^8) for Arbitrary ADU Flows

   This fully-specified FEC Scheme defines the Sliding Window Random
   Linear Codes (RLC) over GF(2^^8).

4.1.  Formats and Codes

4.1.1.  FEC Framework Configuration Information

   The

   Following the guidelines of [RFC6363], section 5.6, this section
   provides the FEC Framework Configuration Information (or FFCI) includes
   information that MUST FFCI).  This
   FCCI needs to be communicated shared (e.g., using SDP) between the sender and
   receiver(s).  More specifically, it enables the synchronization of
   the FECFRAME sender
   and receiver instances. instances in order to synchronize them.  It includes both a
   FEC Encoding ID, mandatory elements and for any FEC Scheme specification, plus
   scheme-specific elements, as detailed below. elements.

4.1.1.1.  Mandatory Information  FEC Encoding ID

   o  FEC Encoding ID: the value assigned to this fully specified FEC
      Scheme MUST be XXXX, as assigned by IANA (Section 10).

   When SDP is used to communicate the FFCI, this FEC Encoding ID is
   carried in the 'encoding-id' parameter.

4.1.1.2.  FEC Scheme-Specific Information

   The FEC Scheme-Specific Information (FSSI) includes elements that are
   specific to the present FEC Scheme.  More precisely:

   Encoding symbol size (E):  a non-negative integer that indicates the
      size of each encoding symbol in bytes;

   This element is required both by the sender (RLC encoder) and the
   receiver(s) (RLC decoder).

   When SDP is used to communicate the FFCI, this FEC Scheme-specific
   information is carried in the 'fssi' parameter in textual
   representation as specified in [RFC6364].  For instance:

   fssi=E:1400

   If another mechanism requires the FSSI to be carried as an opaque
   octet string (for instance, after a Base64 encoding), the encoding
   format consists of the following 2 octets:

      Encoding symbol length (E): 16-bit field.

    0                   1
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Encoding Symbol Length (E)  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                      Figure 3: FSSI Encoding Format

4.1.2.  Explicit Source FEC Payload ID

   A FEC Source Packet MUST contain an Explicit Source FEC Payload ID
   that is appended to the end of the packet as illustrated in Figure 4.

   +--------------------------------+
   |           IP Header            |
   +--------------------------------+
   |        Transport Header        |
   +--------------------------------+
   |              ADU               |
   +--------------------------------+
   | Explicit Source FEC Payload ID |
   +--------------------------------+

   Figure 4: Structure of an FEC Source Packet with the Explicit Source
                              FEC Payload ID

   More precisely, the Explicit Source FEC Payload ID is composed of the
   following field (Figure 5):

   Encoding Symbol ID (ESI) (32-bit field):  this unsigned integer
      identifies the first source symbol of the ADUI corresponding to
      this FEC Source Packet.  The ESI is incremented for each new
      source symbol, and after reaching the maximum value (2^32-1),
      wrapping to zero occurs.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                   Encoding Symbol ID (ESI)                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

              Figure 5: Source FEC Payload ID Encoding Format

4.1.3.  Repair FEC Payload ID

   A FEC Repair Packet can MAY contain one or more repair symbols.  When
   there are several repair symbols, all of them MUST have been
   generated from the same encoding window, using Repair_Key values that
   are managed as explained below.  A receiver can easily deduce the
   number of repair symbols within a FEC Repair Packet by comparing the
   received FEC Repair Packet size (equal to the UDP payload size when
   UDP is the underlying transport protocol) and the symbol size, E,
   communicated in the FFCI.

   A FEC Repair Packet MUST contain a Repair FEC Payload ID that is
   prepended to the repair symbol as illustrated in Figure 6.

   +--------------------------------+
   |           IP Header            |
   +--------------------------------+
   |        Transport Header        |
   +--------------------------------+
   |     Repair FEC Payload ID      |
   +--------------------------------+
   |         Repair Symbol          |
   +--------------------------------+

      Figure 6: Structure of an FEC Repair Packet with the Repair FEC
                                Payload ID

   More precisely, the Repair FEC Payload ID is composed of the
   following fields (Figure 7):

   Repair_Key (16-bit field):  this unsigned integer is used as a seed
      by the coefficient generation function (Section 3.5) in order to
      generate the desired number of coding coefficients.  Value 0 MUST
      NOT be used.  When a FEC Repair Packet contains several repair
      symbols, this repair key value is that of the first repair symbol.
      The remaining repair keys can be deduced by incrementing by 1 this
      value, up to a maximum value of 65535 after which it loops back to
      1 (note that 0 is not a valid value).
   Density Threshold for the coding coefficients, DT (4-bit field):
      this unsigned integer carried carries the Density Threshold (DT) used by
      the coding coefficient generation function Section 3.5.  More
      precisely, it controls the probability of having a non zero coding
      coefficient, which equals (DT+1) / 16.  When a FEC Repair Packet
      contains several repair symbols, the DT value applies to all of
      them;
   Number of Source Symbols in the encoding window, NSS (12-bit field):

      this unsigned integer indicates the number of source symbols in
      the encoding window when this repair symbol was generated.  When a
      FEC Repair Packet contains several repair symbols, this NSS value
      applies to all of them;
   ESI of First Source Symbol in the encoding window, FSS_ESI (32-bit
   field):
      this unsigned integer indicates the ESI of the first source symbol
      in the encoding window when this repair symbol was generated.
      When a FEC Repair Packet contains several repair symbols, this
      FSS_ESI value applies to all of them;

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       Repair_Key              |  DT   |NSS (# src symb in ew) |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                            FSS_ESI                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

              Figure 7: Repair FEC Payload ID Encoding Format

4.1.4.  Additional Procedures

   The following procedure applies:

   o  The ESI of source symbols MUST start with value 0 for the first
      source symbol and MUST be managed sequentially.  Wrapping to zero
      happens after reaching the maximum 32-bit value.

5.  Sliding Window RLC FEC Scheme over GF(2) for Arbitrary ADU Flows

   This fully-specified FEC Scheme defines the Sliding Window Random
   Linear Codes (RLC) over GF(2) (binary case).

5.1.  Formats and Codes

5.1.1.  FEC Framework Configuration Information

5.1.1.1.  Mandatory Information  FEC Encoding ID

   o  FEC Encoding ID: the value assigned to this fully specified FEC
      Scheme MUST be YYYY, as assigned by IANA (Section 10).

   When SDP is used to communicate the FFCI, this FEC Encoding ID is
   carried in the 'encoding-id' parameter.

5.1.1.2.  FEC Scheme-Specific Information

   All the considerations of Section 4.1.1.2 apply here.

5.1.2.  Explicit Source FEC Payload ID

   All the considerations of Section 4.1.1.2 apply here.

5.1.3.  Repair FEC Payload ID

   All the considerations of Section 4.1.1.2 apply here, with the only
   exception that the Repair_Key field is useless if DT = 15 (indeed, in
   that case all the coefficients are necessarily equal to 1 and the
   coefficient generation function does not use any PRNG).  When DT = 15
   it is RECOMMENDED that the sender use value 0 for the Repair_Key
   field, but a receiver SHALL ignore this field.

5.1.4.  Additional Procedures

   All the considerations of Section 4.1.1.2 apply here.

6.  FEC Code Specification

6.1.  Encoding Side

   This section provides a high level description of a Sliding Window
   RLC encoder.

   Whenever a new FEC Repair Packet is needed, the RLC encoder instance
   first gathers the ew_size source symbols currently in the sliding
   encoding window.  Then it chooses a repair key, which can be a non
   zero monotonically increasing integer value, incremented for each
   repair symbol up to a maximum value of 65535 (as it is carried within
   a 16-bit field) after which it loops back to 1 (indeed, being used as
   a PRNG seed, value 0 is prohibited).  This repair key is communicated
   to the coefficient generation function (Section Section 3.5) in order
   to generate ew_size coding coefficients.  Finally, the FECFRAME
   sender computes the repair symbol as a linear combination of the
   ew_size source symbols using the ew_size coding coefficients.  When E
   is small and when there is an incentive to pack several repair
   symbols within the same FEC Repair Packet, the appropriate number of
   repair symbols are computed.  The only constraint is to increment by
   1  In that case the repair key for each of them,
   them MUST be incremented by 1, keeping the same ew_size source
   symbols, since only the first repair key will be carried in the
   Repair FEC Payload ID.  The FEC Repair Packet can then be sent. passed to
   the transport layer for transmission.  The source versus repair FEC
   packet transmission order is out of scope of this document and
   several approaches exist that are implementation specific.

   Other solutions are possible to select a repair key value when a new
   FEC Repair Packet is needed, for instance by choosing a random
   integer between 1 and 65535.  However, selecting the same repair key
   as before (which may happen in case of a random process) is only
   meaningful if the encoding window has changed, otherwise the same FEC
   Repair Packet will be generated.

6.2.  Decoding Side

   This section provides a high level description of a Sliding Window
   RLC decoder.

   A FECFRAME receiver needs to maintain a linear system whose variables
   are the received and lost source symbols.  Upon receiving a FEC
   Repair Packet, a receiver first extracts all the repair symbols it
   contains (in case several repair symbols are packed together).  For
   each repair symbol, when at least one of the corresponding source
   symbols it protects has been lost, the receiver adds an equation to
   the linear system (or no equation if this repair packet does not
   change the linear system rank).  This equation of course re-uses the
   ew_size coding coefficients that are computed by the same coefficient
   generation function (Section Section 3.5), using the repair key and
   encoding window descriptions carried in the Repair FEC Payload ID.
   Whenever possible (i.e., when a sub-system covering one or more lost
   source symbols is of full rank), decoding is performed in order to
   recover lost source symbols.  Each time an ADUI can be totally
   recovered, padding is removed (thanks to the Length field, L, of the
   ADUI) and the ADU is assigned to the corresponding application flow
   (thanks to the Flow ID field, F, of the ADUI).  This ADU is finally
   passed to the corresponding upper application.  Received FEC Source
   Packets, containing an ADU, can MAY be passed to the application either
   immediately or after some time to guaranty an ordered delivery to the
   application.  This document does not mandate any approach as this is
   an operational and management decision.

   With real-time flows, a lost ADU that is decoded after the maximum
   latency or an ADU received after this delay should not be passed has no value to the
   application.  Instead  This raises the associated source symbols should question of deciding whether or not an
   ADU is late.  This decision MAY be
   removed from taken within the linear system maintained by FECFRAME receiver
   (e.g., using the decoding window, see Section 3.1) or within the
   application (e.g., using RTP timestamps within the ADU).  Deciding
   which option to follow and whether or not to pass all ADUs, including
   those assumed late, to the application are operational decisions that
   depend on the receiver(s). application and are therefore out of scope of this
   document.  Additionally, Appendix A discusses a backward compatible
   optimization whereby those late source symbols may MAY still be used within the
   FECFRAME receiver in order to improve the global robustness.

7.  Implementation Status

   Editor's notes: RFC Editor, please remove this section motivated by
   RFC 6982 before publishing the RFC.  Thanks.

   An implementation of the Sliding Window RLC FEC Scheme for FECFRAME
   exists:

   o  Organisation: Inria
   o  Description: This is an implementation of the Sliding Window RLC
      FEC Scheme limited to GF(2^^8).  It relies on a modified version
      of our OpenFEC (http://openfec.org) FEC code library.  It is
      integrated in our FECFRAME software (see [fecframe-ext]).
   o  Maturity: prototype.
   o  Coverage: this software complies with the Sliding Window RLC FEC
      Scheme.
   o  Lincensing: proprietary.
   o  Contact: vincent.roca@inria.fr

8.  Security Considerations

   The FEC Framework document [RFC6363] provides a comprehensive
   analysis of security considerations applicable to FEC Schemes.
   Therefore, the present section follows the security considerations
   section of [RFC6363] and only discusses specific topics.

8.1.  Attacks Against the Data Flow

8.1.1.  Access to Confidential Content

   The Sliding Window RLC FEC Scheme specified in this document does not
   change the recommendations of [RFC6363].  To summarize, if
   confidentiality is a concern, it is RECOMMENDED that one of the
   solutions mentioned in [RFC6363] is used with special considerations
   to the way this solution is applied (e.g., is encryption applied
   before or after FEC protection, within the end-system or in a
   middlebox) to the operational constraints (e.g., performing FEC
   decoding in a protected environment may be complicated or even
   impossible) and to the threat model.

8.1.2.  Content Corruption

   The Sliding Window RLC FEC Scheme specified in this document does not
   change the recommendations of [RFC6363].  To summarize, it is
   RECOMMENDED that one of the solutions mentioned in [RFC6363] is used
   on both the FEC Source and Repair Packets.

8.2.  Attacks Against the FEC Parameters

   The FEC Scheme specified in this document defines parameters that can
   be the basis of attacks.  More specifically, the following parameters
   of the FFCI may be modified by an attacker who targets receivers
   (Section 4.1.1.2):

   o  FEC Encoding ID: changing this parameter leads the receivers to
      consider a different FEC Scheme, which enables an attacker to
      create a Denial of Service (DoS);
   o  Encoding symbol length (E): setting this E parameter to a
      different value will confuse the receivers and create a DoS.  More
      precisely, the FEC Repair Packets received will probably no longer
      be multiple of E, leading receivers to reject them;

   It is therefore RECOMMENDED that security measures are taken to
   guarantee the FFCI integrity, as specified in [RFC6363].  How to
   achieve this depends on the way the FFCI is communicated from the
   sender to the receiver, which is not specified in this document.

   Similarly, attacks are possible against the Explicit Source FEC
   Payload ID and Repair FEC Payload ID: by modifying the Encoding
   Symbol ID (ESI), or the repair key, NSS or FSS_ESI.  It is therefore
   RECOMMENDED that security measures are taken to guarantee the FEC
   Source and Repair Packets as stated in [RFC6363].

8.3.  When Several Source Flows are to be Protected Together

   The Sliding Window RLC FEC Scheme specified in this document does not
   change the recommendations of [RFC6363].

8.4.  Baseline Secure FEC Framework Operation

   The Sliding Window RLC FEC Scheme specified in this document does not
   change the recommendations of [RFC6363] concerning the use of the
   IPsec/ESP security protocol as a mandatory to implement (but not
   mandatory to use) security scheme.  This is well suited to situations
   where the only insecure domain is the one over which the FEC
   Framework operates.

9.  Operations and Management Considerations

   The FEC Framework document [RFC6363] provides a comprehensive
   analysis of operations and management considerations applicable to
   FEC Schemes.  Therefore, the present section only discusses specific
   topics.

9.1.  Operational Recommendations: Finite Field GF(2) Versus GF(2^^8)

   The present document specifies two FEC Schemes that differ on the
   Finite Field used for the coding coefficients.  It is expected that
   the RLC over GF(2^^8) FEC Scheme will be mostly used since it
   warrants a higher packet loss protection.  In case of small encoding
   windows, the associated processing overhead is not an issue (e.g., we
   measured decoding speeds between 745 Mbps and 2.8 Gbps on an ARM
   Cortex-A15 embedded board in [Roca17]).  Of course the CPU overhead
   will increase with the encoding window size, because more operations
   in the GF(2^^8) finite field will be needed.

   The RLC over GF(2) FEC Scheme offers an alternative.  In that case
   operations symbols can be directly XOR-ed together which warrants
   high bitrate encoding and decoding operations, and can be an
   advantage with large encoding windows.  However packet loss
   protection is significantly reduced by using this FEC Scheme.

9.2.  Operational Recommendations: Coding Coefficients Density Threshold

   In addition to the choice of the Finite Field, the two FEC Schemes
   define a coding coefficient density threshold (DT) parameter.  This
   parameter enables a sender to control the code density, i.e., the
   proportion of coefficients that are non zero on average.  With RLC
   over GF(2^^8), it is usually appropriate that small encoding windows
   be associated to a density threshold equal to 15, the maximum value,
   in order to warrant a high loss protection.

   On the opposite, with larger encoding windows, it is usually
   appropriate that the density threshold be reduced.  With large
   encoding windows, an alternative can be to use RLC over GF(2) and a
   density threshold equal to 7 (i.e., an average density equal to 1/2)
   or smaller.

   Note that using a density threshold equal to 15 with RLC over GF(2)
   is equivalent to using an XOR code that compute the XOR sum of all
   the source symbols in the encoding window.  In that case: (1) a
   single repair symbol can be produced for any encoding window, and (2)
   the repair_key parameter becomes useless (the coding coefficients
   generation function does not rely on the PRNG).

10.  IANA Considerations

   This document registers two values in the "FEC Framework (FECFRAME)
   FEC Encoding IDs" registry [RFC6363] as follows:

   o  YYYY refers to the Sliding Window Random Linear Codes (RLC) over
      GF(2) FEC Scheme for Arbitrary Packet Flows, as defined in
      Section 5 of this document.
   o  XXXX refers to the Sliding Window Random Linear Codes (RLC) over
      GF(2^^8) FEC Scheme for Arbitrary Packet Flows, as defined in
      Section 4 of this document.

11.  Acknowledgments

   The authors would like to thank Marie-Jose Montpetit for her valuable
   feedbacks on this document.

12.  References

12.1.  Normative References

   [fecframe-ext]
              Roca, V. and A. Begen, "Forward Error Correction (FEC)
              Framework Extension to Sliding Window Codes", Transport
              Area Working Group (TSVWG) draft-ietf-tsvwg-fecframe-ext
              (Work in Progress), March 2018,
              <https://tools.ietf.org/html/
              draft-ietf-tsvwg-fecframe-ext>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC6363]  Watson, M., Begen, A., and V. Roca, "Forward Error
              Correction (FEC) Framework", RFC 6363,
              DOI 10.17487/RFC6363, October 2011,
              <https://www.rfc-editor.org/info/rfc6363>.

   [RFC6364]  Begen, A., "Session Description Protocol Elements for the
              Forward Error Correction (FEC) Framework", RFC 6364,
              DOI 10.17487/RFC6364, October 2011,
              <https://www.rfc-editor.org/info/rfc6364>.

12.2.  Informative References

   [CA90]     Carta, D., "Two Fast Implementations of the Minimal
              Standard Random Number Generator",  Communications of the
              ACM, Vol. 33, No. 1, pp.87-88, January 1990.

   [PGM13]    Plank, J., Greenan, K., and E. Miller, "A Complete
              Treatment of Software Implementations of Finite Field
              Arithmetic for Erasure Coding Applications", University of
              Tennessee Technical Report UT-CS-13-717,
              http://web.eecs.utk.edu/~plank/plank/papers/
              UT-CS-13-717.html, October 2013,
              <http://web.eecs.utk.edu/~plank/plank/papers/
              UT-CS-13-717.html>.

   [PM88]     Park, S. and K. Miller, "Random Number Generators: Good
              Ones are Hard to Find",  Communications of the ACM, Vol.
              31, No. 10, pp.1192-1201, 1988.

   [PTVF92]   Press, W., Teukolsky, S., Vetterling, W., and B. Flannery,
              "Numerical Recipies in C; Second Edition", Cambridge
              University Press, ISBN: 0-521-43108-5, 1992.

   [rand31pmc]
              Whittle, R., "31 bit pseudo-random number generator",
              September 2005, <http://www.firstpr.com.au/dsp/rand31/
              rand31-park-miller-carta.cc.txt>.

   [RFC5170]  Roca, V., Neumann, C., and D. Furodet, "Low Density Parity
              Check (LDPC) Staircase and Triangle Forward Error
              Correction (FEC) Schemes", RFC 5170, DOI 10.17487/RFC5170,
              June 2008, <https://www.rfc-editor.org/info/rfc5170>.

   [RFC6726]  Paila, T., Walsh, R., Luby, M., Roca, V., and R. Lehtonen,
              "FLUTE - File Delivery over Unidirectional Transport",
              RFC 6726, DOI 10.17487/RFC6726, November 2012,
              <https://www.rfc-editor.org/info/rfc6726>.

   [RFC6816]  Roca, V., Cunche, M., and J. Lacan, "Simple Low-Density
              Parity Check (LDPC) Staircase Forward Error Correction
              (FEC) Scheme for FECFRAME", RFC 6816,
              DOI 10.17487/RFC6816, December 2012,
              <https://www.rfc-editor.org/info/rfc6816>.

   [RFC6865]  Roca, V., Cunche, M., Lacan, J., Bouabdallah, A., and K.
              Matsuzono, "Simple Reed-Solomon Forward Error Correction
              (FEC) Scheme for FECFRAME", RFC 6865,
              DOI 10.17487/RFC6865, February 2013,
              <https://www.rfc-editor.org/info/rfc6865>.

   [Roca16]   Roca, V., Teibi, B., Burdinat, C., Tran, T., and C.
              Thienot, "Block or Convolutional AL-FEC Codes? A
              Performance Comparison for Robust Low-Latency
              Communications", HAL open-archive document,hal-01395937
              https://hal.inria.fr/hal-01395937/en/, November 2016,
              <https://hal.inria.fr/hal-01395937/en/>.

   [Roca17]   Roca, V., Teibi, B., Burdinat, C., Tran, T., and C.
              Thienot, "Less Latency and Better Protection with AL-FEC
              Sliding Window Codes: a Robust Multimedia CBR Broadcast
              Case Study", 13th IEEE International Conference on
              Wireless and Mobile Computing, Networking and
              Communications (WiMob17), October
              2017 https://hal.inria.fr/hal-01571609v1/en/, October
              2017, <https://hal.inria.fr/hal-01571609v1/en/>.

   [WI08]     Whittle, R., "Park-Miller-Carta Pseudo-Random Number
              Generator",  http://www.firstpr.com.au/dsp/rand31/,
              January 2008, <http://www.firstpr.com.au/dsp/rand31/>.

Appendix A.  Decoding Beyond Maximum Latency Optimization

   This annex introduces non normative considerations.  They are
   provided as suggestions, without any impact on interoperability.  For
   more information see [Roca16].

   It is possible to improve the decoding performance of sliding window
   codes without impacting maximum latency, at the cost of extra CPU
   overhead.  The optimization consists, for a receiver, to extend the
   linear system beyond the decoding window, by keeping a certain number
   of old source symbols: symbols.

      ls_max_size > dw_max_size

   Usually the following choice is a good trade-off between decoding
   performance and extra CPU overhead:

      ls_max_size = 2 * dw_max_size

   When the dw_max_size is very small, it may be preferable to keep a
   minimum ls_max_size value (e.g., LS_MIN_SIZE_DEFAULT = 40 symbols).
   Going below this threshold will not save a significant amount of
   memory nor CPU cycles.  Therefore:

      ls_max_size = max(2 * dw_max_size, LS_MIN_SIZE_DEFAULT)

   Finally, it is worth noting that a good receiver, i.e., a receiver
   that benefits from a protection that is significantly sufficient to
   recover from the packet losses, can choose to reduce its ls_max_size
   significantly.  In that case lost ADUs will be recovered rapidly,
   without relying on this optimization.

                                ls_max_size
   /---------------------------------^-------------------------------\

           late source symbols
    (pot. decoded but not delivered)            dw_max_size
   /--------------^-----------------\ /--------------^---------------\
   src0 src1 src2 src3 src4 src5 src6 src7 src8 src9 src10 src11 src12

    Figure 8: Relationship between parameters to decode beyond maximum
                                 latency.

   It means that source symbols, and therefore ADUs, may be decoded even
   if the added latency exceeds the maximum value permitted by the
   application.  It follows that the corresponding ADUs SHOULD NOT will not be
   delivered
   useful to the application and SHOULD be dropped once they are no
   longer needed. application.  However, decoding these "late symbols"
   significantly improves the global robustness in bad reception
   conditions and is therefore recommended for receivers experiencing
   bad communication conditions [Roca16].  In any case whether or not to
   use this optimization and what exact value to use for the ls_max_size
   parameter are decisions made by each receiver independently, without
   any impact on the other receivers nor on the source.

Authors' Addresses

   Vincent Roca
   INRIA
   Grenoble
   France

   EMail: vincent.roca@inria.fr

   Belkacem Teibi
   INRIA
   Grenoble
   France

   EMail: belkacem.teibi@inria.fr