MMUSIC Working Group D. Yon Internet-Draft Dialout.Net, Inc Expires: November 12, 2004 G. Camarillo Ericsson May 14, 2004 Connection-Oriented Media Transport in the Session Description Protocol (SDP) draft-ietf-mmusic-sdp-comedia-06.txt Status of this Memo By submitting this Internet-Draft, I certify that any applicable patent or other IPR claims of which I am aware have been disclosed, and any of which I become aware will be disclosed, in accordance with RFC 3668. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http:// www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on November 12, 2004. Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract This document describes how to express media transport over connection-oriented protocols using the Session Description Protocol (SDP). It defines two new protocol identifiers: TCP and TCP/TLS. It also defines the SDP setup attribute, which describes the connection setup procedure, and the SDP reconnect attribute. Yon & Camarillo Expires November 12, 2004 [Page 1] Internet-Draft Connection-Oriented Media May 2004 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Protocol Identifiers . . . . . . . . . . . . . . . . . . . . . 3 3.1 TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.2 TCP/TLS . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Setup Attribute . . . . . . . . . . . . . . . . . . . . . . . 4 4.1 The Setup Attribute in the Offer/answer Model . . . . . . 4 4.2 Multiple-Connection Avoidance when Using Actpass . . . . . 5 5. The Reconnect Attribute . . . . . . . . . . . . . . . . . . . 6 6. Connection Lifetime . . . . . . . . . . . . . . . . . . . . . 7 6.1 Session Renegotiation . . . . . . . . . . . . . . . . . . 7 7. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 7.1 Passive/Active . . . . . . . . . . . . . . . . . . . . . . 8 7.2 Passive/Active with Reconnect . . . . . . . . . . . . . . 9 7.3 Actpass . . . . . . . . . . . . . . . . . . . . . . . . . 9 8. Security Considerations . . . . . . . . . . . . . . . . . . . 10 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 11.1 Normative References . . . . . . . . . . . . . . . . . . . . 11 11.2 Informational References . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 12 Intellectual Property and Copyright Statements . . . . . . . . 13 Yon & Camarillo Expires November 12, 2004 [Page 2] Internet-Draft Connection-Oriented Media May 2004 1. Introduction The Session Description Protocol [4] provides a general-purpose format for describing multimedia sessions in announcements or invitations. SDP uses an entirely textual data format (the US-ASCII subset of UTF-8 [6]) to maximize portability among transports. SDP does not define a protocol, but only the syntax to describe a multimedia session with sufficient information to participate in that session. Session descriptions may be sent using arbitrary existing application protocols for transport (e.g., SAP [9], SIP [10], RTSP [7], email, HTTP [8], etc.). SDP [4] defines two protocol identifiers: RTP/AVP and UDP, both of which represent unreliable connectionless protocols. While these transports are appropriate choices for multimedia streams, there are applications for which connection-oriented transports such as TCP are more appropriate. We define two new protocol identifiers: TCP and TCP/TLS. Both represent connection-oriented reliable transports. Connection-oriented protocols introduce a new factor when describing a session: how should end points perform the connection setup procedure. We define two new attributes to describe connection setup: setup and reconnect. 2. Terminology In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119 [2] and indicate requirement levels for compliant implementations. 3. Protocol Identifiers The following is the ABNF for an m= line, as specified by RFC 2327 [4]. media-field = "m=" media space port ["/" integer] space proto 1*(space fmt) CRLF We define two new values for the proto field: TCP and TCP/TLS. 3.1 TCP The TCP protocol identifier is similar to the UDP protocol identifier in that it only describes the transport protocol, and not the upper-layer protocol. An m= line that specifies "TCP" MUST further Yon & Camarillo Expires November 12, 2004 [Page 3] Internet-Draft Connection-Oriented Media May 2004 qualify the application-layer protocol using an fmt identifier. Media lines with the TCP protocol identifier are carried using TCP [1]. 3.2 TCP/TLS The TCP/TLS protocol identifier specifies that the session will use the Transport Layer Security (TLS) protocol [3] on top on a TCP [1] connection. An m= line that contain the TCP/TLS protocol identifier MUST further qualify the protocol using a fmt identifier. 4. Setup Attribute The setup attribute indicates which of the end points should initiate the connection establishment (e.g., send the initial TCP SYN). The setup attribute is charset-independent and can be a session-level or a media-level attribute. The following is the ABNF of the setup attribute: setup-attr = "a=setup:" role role = "active" / "passive" / "actpass" Active: The endpoint will initiate an outgoing connection. Passive: The endpoint will accept an incoming connection. ActPass: The endpoint will both accept an incoming connection and will initiate an outgoing connection. The default value of the setup attribute is actpass. That is, an m= line without an associated setup line is considered to be actpass. 4.1 The Setup Attribute in the Offer/answer Model The offer/answer model, defined in RFC 3264 [5], provides endpoints with a means to obtain shared view of a session. Some session parameters are negotiated (e.g., codecs to use), while others are simply communicated from one endpoint to the other (e.g., IP addresses). The value of the setup attribute falls into the first category. That is, both endpoints negotiate its value using the offer/answer model. The negotiation of the value of the setup attribute takes places as follows. The offerer states which role or roles is willing to perform and the answerer, taking the offerer's willingness into consideration, chooses which roles both endpoints will actually Yon & Camarillo Expires November 12, 2004 [Page 4] Internet-Draft Connection-Oriented Media May 2004 perform during connection establishment. The following are the values that the setup attribute can take in an offer/answer exchange: Offer Answer _______________ active passive passive active actpass active / passive / actpass The value active indicates that the endpoint SHOULD initiate a connection to the port number on the m= line of the other endpoint. The port number on its own m= line is irrelevant, and the opposite endpoint MUST NOT attempt to initiate a connection to the port number specified there. Nevertheless, since the m= line must contain a valid port number, the endpoint specifying using the value active SHOULD specify a port number of 9 (the discard port) on its m= line. The endpoint MUST NOT specify a port number of zero, as that carries other semantics in SDP. The value passive indicates that the endpoint SHOULD be ready to accept a connection on the port number specified in the m= line. The value actpass indicates that the endpoint SHOULD initiate a connection to the port number on the m= line of the other endpoint and that the endpoint SHOULD be ready to accept a connection on the port number specified in the m= line. It is RECOMMENDED that, if possible, endpoints set the port number on their m= line to the source port number which they will use to establish the connection towards the remote endpoint. This way, the transport-layer protocol (e.g., TCP) can take care of simultaneous opens. Endpoints typically use the actpass value for the following reasons: 1. The offerer has no preference as to whether it accepts or initiates the connection and, so, is letting the answerer choose. 2. The endpoints intend to use a single connection to transport the media, but it is not known whether NAT (Network Address Translator) issues will prevent either endpoint from initiating or accepting the connection. So, both endpoints will attempt to initiate a connection hoping that at least one will succeed. 4.2 Multiple-Connection Avoidance when Using Actpass When an offer/answer exchange results in actpass, each endpoint attempts to establish a transport connection towards the other endpoint. If only one of the connections succeeds, this connection is used to transfer media. Nevertheless, if both connections succeed, one of them needs to be terminated so that both endpoints exchange Yon & Camarillo Expires November 12, 2004 [Page 5] Internet-Draft Connection-Oriented Media May 2004 data over a single connection. In this section, we provide rules to choose which of the two connections should be terminated (or not even initiated). First of all, if the endpoints follow the recommendation of setting the port number in their m= line to the source port number which they will use to establish the connection towards the remote endpoint, the transport layer should take care of simultaneous opens (at least if TCP is the transport protocol). If, for some reason, any of the endpoints does not follow this recommendation, both endpoints should follow the rules below. If an endpoint is notified about a connection establishment attempt from the other endpoint before performing its own connection attempt, it SHOULD behave as a passive endpoint and SHOULD NOT attempt to establish any other connection. In case two connections are established, if an endpoint receives data (i.e., media) over one of the connections before having sent any data on any of the connections, the endpoint SHOULD terminate the connection that has not carried any data. When two connections are established and both endpoints start sending data before receiving anything from the other endpoint, it may happen that each of the endpoints choose a different connection to send data. If the answerer receives data over a connection after having sent data on the other connection, it SHOULD continue sending data on the other connection until an application-layer data boundary. At that point, the answerer SHOULD terminate this connection and start using the connection on which the offerer was sending data. Note that different applications may define application-layer boundaries in different ways. A typical suitable point for the answerer to change connections is the end of an application-layer message and the beginning of the next one. 5. The Reconnect Attribute The preceding description of the setup attribute has been in the context of using SDP to initiate a session. Still, SDP may be exchanged between endpoints at various stages of a session to accomplish tasks such as terminating a session, redirecting media to a new endpoint, or renegotiating the media parameters for a session. After the initial session has been established, it may be ambiguous as to whether subsequent SDP exchange represents a confirmation that the endpoint is to continue using the current media connection unchanged, or is a request to make a new media connection. The reconnect attribute, which is charset-independent and can be a Yon & Camarillo Expires November 12, 2004 [Page 6] Internet-Draft Connection-Oriented Media May 2004 session-level or a media-level attribute, is used to disambiguate these two scenarios. The following is the ABNF of the reconnect attribute: reconnect-attr = "a=reconnect" On reception of an m= line with a reconnect attribute, the endpoints SHOULD close the existing connection, in case it was still up, and SHOULD establish a new connection according to the setup attribute in the m= line. Either the offerer or the answerer can include a reconnect attribute in an m= line. In any event, if the offer contained this attribute, the answer MUST contain it as well. 6. Connection Lifetime An endpoint that intends to initiate the connection SHOULD initiate the connection immediately after it has sufficient information to do so, even if it does not intend to immediately begin sending media to the remote endpoint. This allows media to flow from the remote endpoint. An endpoint SHOULD NOT close the connection until the session has expired, been explicitly terminated, or the media stream is redirected to a different address or port. If the endpoint determines that the connection has been closed, it MAY attempt to re-establish the connection. The decision to do so is application and context dependant. 6.1 Session Renegotiation There are scenarios where SDP is sent by an endpoint in order to renegotiate an existing session. These include muting/unmuting a session, renegotiating the attributes of the media used by the session, or extending the length of a session about to expire. Connection-oriented media introduces some ambiguities into session renegotiation as to when the direction attribute must be obeyed and when it is ignored. The scenario of extending the duration of an existing session is a good example: in order to extend an existing session, endpoints will typically resend the original SDP with updated time information. In connectionless media the result is no change to the existing media streams. The problem with connection oriented media is that the original SDP will contain a setup attribute which can be considered as a request to create a new connection, as opposed to a request to maintain steady state. The following rule help avoid this ambiguity: Yon & Camarillo Expires November 12, 2004 [Page 7] Internet-Draft Connection-Oriented Media May 2004 If the transport section (the c= and m= lines) of an SDP description describes an existing connection between two endpoints and the m= line does not contain a reconnect attribute, the endpoints SHOULD use that connection to carry the media described in the remainder of the message. The endpoints SHOULD NOT attempt to set up a new connection, regardless of what is specified in the setup attribute. Note that if the port number in the m= line changes, there is no need to use the reconnect attribute because the new port will trigger the establishment of a new connection anyway. 7. Examples What follows are a number of examples that show the most common usage of the setup attribute combined with TCP-based media descriptions. For the purpose of brevity, the main portion of the session description is omitted in the examples and is assumed to be the following: v=0 o=me 2890844526 2890842807 IN IP4 10.1.1.2 s=Call me using TCP t=3034423619 3042462419 7.1 Passive/Active An offerer at 192.0.2.2 signals its availability for a T.38 fax session at port 54111: c=IN IP4 192.0.2.2 m=image 54111 TCP t38 a=setup:passive An answerer at 192.0.2.1 receiving this offer responds with the following answer: c=IN IP4 192.0.2.1 m=image 9 TCP t38 a=setup:active The endpoint at 192.0.2.1 then initiates the TCP connection to port 54111 at 192.0.2.2. Yon & Camarillo Expires November 12, 2004 [Page 8] Internet-Draft Connection-Oriented Media May 2004 7.2 Passive/Active with Reconnect Continuing the preceding example, consider the scenario where the TCP connection fails and the endpoints wish to reestablish the connection for the session. The endpoint at 192.0.2.2 signals this intent with the following SDP: c=IN IP4 192.0.2.2 m=image 54111 TCP t38 a=setup:passive a=reconnect The reconnect attribute informs the endpoint at 192.0.2.1 that this SDP represents the intent to establish a new connection for media transport, rather than continuing with the original connection. Because the endpoint at 192.0.2.1 may not yet be aware that the TCP connection has failed, this eliminates any ambiguity. If 192.0.2.1 agrees to continue the session using a new connection, it responds with: c=IN IP4 192.0.2.1 m=image 9 TCP t38 a=setup:active IN IP4 a=reconnect 7.3 Actpass An offerer at 192.0.2.2 signals its availability for a T.38 fax session at TCP port 54111. Additionally, this offerer is also willing to set up the media stream by initiating the TCP connection: c=IN IP4 192.0.2.2 m=image 54111 TCP t38 a=setup:actpass The endpoint at 192.0.2.1 responds with the following description: c=IN IP4 192.0.2.1 m=image 54321 TCP t38 a=setup:actpass This will cause the offerer (at 192.0.2.2) to initiate a connection to port 54321 at 192.0.2.1 and the answerer (at 192.0.2.1) to Yon & Camarillo Expires November 12, 2004 [Page 9] Internet-Draft Connection-Oriented Media May 2004 initiate a connection to port 54111 at 192.0.2.2. Ideally, the offerer would use 192.0.2.2:5411 as the source of its connection attempt and the answerer would use 192.0.2.1:54321 as its. 8. Security Considerations See RFC 2327 [4] for security and other considerations specific to the Session Description Protocol in general. An attacker may attempt to substitute TCP/TLS with only TCP in a session description. So, it is STRONGLY RECOMMENDED that integrity protection be applied to the SDP session descriptions. For session descriptions carried in SIP [10], S/MIME is the natural choice to provide such end-to-end integrity protection, as described in RFC 3261 [10]. Other applications MAY use a different form of integrity protection. This document touches upon NAT traversal. Implementers should be aware of some issues that relate to the use of private IP addresses within the offer/answer model (i.e., they are not specific to this document). When an endpoint receives a session description with a private IP address that belongs to a different address space, in most of the cases, the endpoint will not be able to reach such an address. Nevertheless, if this particular address also exists in the endpoint's address space, the endpoint may end up reaching a different peer than the one that generated the session description. It is RECOMMENDED that endpoints authenticate their peer somehow (e.g., using TLS [3]) or that they encrypt their media. 9. IANA Considerations This document defines two session and media level SDP attributes: setup and reconnect. Their formats are defined in Section 4 and Section 5 respectively. These two attributes should be registered by the IANA on http://www.iana.org/assignments/sdp-parameters under "att-field (both session and media level)". This document defines two proto values: TCP and TCP/TLS. Their formats are defined in Section 3.1 and Section 3.2 respectively. These two proto values should be registered by the IANA on http:// www.iana.org/assignments/sdp-parameters under "proto". 10. Acknowledgements The authors would like to thank Jonathan Rosenberg, Rohan Mahy, Anders Kristensen, Joerg Ott, Paul Kyzivat, Robert Yon & Camarillo Expires November 12, 2004 [Page 10] Internet-Draft Connection-Oriented Media May 2004 Fairlie-Cuninghame, and Colin Perkins for their valuable insights and contributions. 11. References 11.1 Normative References [1] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, September 1981. [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [3] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999. [4] Handley, M. and V. Jacobson, "SDP: Session Description Protocol", RFC 2327, April 1998. [5] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with Session Description Protocol (SDP)", RFC 3264, June 2002. [6] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, November 2003. 11.2 Informational References [7] Schulzrinne, H., Rao, A. and R. Lanphier, "Real Time Streaming Protocol (RTSP)", RFC 2326, April 1998. [8] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. [9] Handley, M., Perkins, C. and E. Whelan, "Session Announcement Protocol", RFC 2974, October 2000. [10] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M. and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. Yon & Camarillo Expires November 12, 2004 [Page 11] Internet-Draft Connection-Oriented Media May 2004 Authors' Addresses David Yon Dialout.Net, Inc One Indian Head Plaza Nashua, NH 03060 USA EMail: yon@dialout.net Gonzalo Camarillo Ericsson Hirsalantie 11 Jorvas 02420 Finland EMail: Gonzalo.Camarillo@ericsson.com Yon & Camarillo Expires November 12, 2004 [Page 12] Internet-Draft Connection-Oriented Media May 2004 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the IETF's procedures with respect to rights in IETF Documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Yon & Camarillo Expires November 12, 2004 [Page 13]