Re: [Ice] Re-nomination and candidate pair switching in RFC 5245bis - PROPOSAL
Peter Thatcher <pthatcher@google.com> Wed, 30 August 2017 16:26 UTC
Return-Path: <pthatcher@google.com>
X-Original-To: ice@ietfa.amsl.com
Delivered-To: ice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B02F813213D for <ice@ietfa.amsl.com>; Wed, 30 Aug 2017 09:26:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y87DH36RoBA9 for <ice@ietfa.amsl.com>; Wed, 30 Aug 2017 09:26:28 -0700 (PDT)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80B671201F8 for <ice@ietf.org>; Wed, 30 Aug 2017 09:26:28 -0700 (PDT)
Received: by mail-oi0-x230.google.com with SMTP id k77so55297823oib.2 for <ice@ietf.org>; Wed, 30 Aug 2017 09:26:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Y2Wm0qQL+vC0rcAAiCyUL0EN2PNXZQjcJ9L3NAHb2wo=; b=MhYUuETPEmZrnGTv5bqIAJiXgI2Spry4LScI64gm8Rir0fJ89HYIBcbi/mF7eNbd/h qhukA0bKanx3vlFYGMm06gH5//29nr1rF5R1j/WEdtoxgxyvpiuiqDec06eWgor3SRs/ kA49ScwaN0j1SY3S/kgLRfc9OP52SUPEoyBQoaTYrgoqjPVxmdebspuEoFy5xgMVlYCE 2twDBhrzWZpW2CtfcMzocF1VAQHbDf8Duh+WTL122z0Y/OCoWjzx5sQXWwUyXc7ETl1v Drzo8sKNKzu8BMLk9TSgqALbvcLCDlaiWkk+se9i68ma9iV7C/qWj4jJ2ma04DFcEYvY 1ctw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Y2Wm0qQL+vC0rcAAiCyUL0EN2PNXZQjcJ9L3NAHb2wo=; b=SiCHw+35DFuNYHo/bH4SMjVko3FoBnZSQ3XRcvXhtsxAtSgnZkc3IpzA4PuTohg3tn S32FykldfE+dH2m0pahD3uYTx+yddV/kgSEJ85O4Mx3zIhFh0NGg0+in4l/rtXq5QtL3 v4okZ05lgJ0LMjC55ozQmy5P7MTaOlvZDj89TKDaopqFrtHOsYhvt7IeBakI9EAKmWXv nJRdUqIFpy8Mq9YyLnidIqJqFc8qpK//47+jwKJKMmS7RymtHyyPIMzJbe0PDIn8jMWp 9nPWiKhh7m61kshaPZfjaVA/L0quGZolaHXHjQ6Cxxbnkw5MbtUCR3t+G4hc934Pyrzn bTcw==
X-Gm-Message-State: AHYfb5hRyCgGrJQyeBOgpKg/mq5ZNmdvl4czBDvMcm/48P2Rc6hBNldQ nu+8S5MI6tPTmcCiIMCE+wq7ouC8xj4A
X-Google-Smtp-Source: ADKCNb4p8lRH5NzOwZxyZLD5ESuL9nYbkA21IK4Xik/drpOczwdM9mrlcGW4MmPgQCAUG6+95ZPreBPJGG7j8EGXLjc=
X-Received: by 10.202.78.78 with SMTP id c75mr2079887oib.53.1504110387354; Wed, 30 Aug 2017 09:26:27 -0700 (PDT)
MIME-Version: 1.0
References: <7594FB04B1934943A5C02806D1A2204B4CC9ED94@ESESSMB109.ericsson.se> <CAJrXDUHGYkivt5+dnX48C8TkR9W7afoUWAPv8+MbafYNsZsFmA@mail.gmail.com> <CAOW+2duR54wenv088kZSmKJj56u8j=Qi6KzNUNrjA0=o5qhekg@mail.gmail.com>
In-Reply-To: <CAOW+2duR54wenv088kZSmKJj56u8j=Qi6KzNUNrjA0=o5qhekg@mail.gmail.com>
From: Peter Thatcher <pthatcher@google.com>
Date: Wed, 30 Aug 2017 16:26:15 +0000
Message-ID: <CAJrXDUEKWCa7GsL_bSrdvVN-erROSgHJt5DO5VOZ2Qx3PQr15g@mail.gmail.com>
To: Bernard Aboba <bernard.aboba@gmail.com>
Cc: Christer Holmberg <christer.holmberg@ericsson.com>, "ice@ietf.org" <ice@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c1691e5810500557fafdec"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ice/w8phmjHpytwhbKgvX-fuUFh0rDs>
Subject: Re: [Ice] Re-nomination and candidate pair switching in RFC 5245bis - PROPOSAL
X-BeenThere: ice@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Interactive Connectivity Establishment \(ICE\)" <ice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ice>, <mailto:ice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ice/>
List-Post: <mailto:ice@ietf.org>
List-Help: <mailto:ice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ice>, <mailto:ice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Aug 2017 16:26:33 -0000
As far as "just enough" so that it isn't a hindrance: that's why I wanted to say that agents *may* switch. It allows a renomination in the future. Saying they MUST NOT is a hindrance. I would be fine if the *may* requires negotiation. That's what On Wed, Aug 30, 2017 at 9:08 AM Bernard Aboba <bernard.aboba@gmail.com> wrote: > Peter said: > > "Your reasoning for saying that an agent can't switch candidate pairs is > that it prevents the remote side from being able to release resources. But > the switching side would only switch if the candidate pair recently > received an ICE check response (in other words, it knows the candidate pair > works), in which case it knows that resources have not been released." > > [BA] There is a dicotomy between the situation prior to nomination and > after it that isn't explained well in RFC 5245bis. Prior to nomination, > the agent can switch between validated candidate pairs, and hopefully we > can make the language clear enough so that this will work well. > > While the same logic applies after nomination as well (e.g. it only makes > sense to switch a valid pair), the text doesn't clarify the meaning of > nomination with respect to resource release, nor does it talk about consent > (presumably the mechanism that would be used to maintain pair validity > after nomination), so that it's not clear how pair validity could be > maintained. Since there is much RFC 5245 text still remaining, the overall > document reads as though while it represents an update to RFC 5245 it still > is based on a pre-WebRTC mindset. > > All this makes me wonder whether we should limit our aspirations for RFC > 5245bis to clarifying things "just enough" so that it isn't a hindrance. > People interested in building a modern ICE implementation for use in WebRTC > will probably focus more on Trickle-ICE, where implementation of consent > can be assumed, and perhaps the meaning of nomination within a WebRTC > context could be better explained. > > > > On Wed, Aug 30, 2017 at 11:19 AM, Peter Thatcher <pthatcher@google.com> > wrote: > >> #2 and #3 are fine, but I'm not a fan of #1. >> >> Your reasoning for saying that an agent can't switch candidate pairs is >> that it prevents the remote side from being able to release resources. But >> the switching side would only switch if the candidate pair recently >> received an ICE check response (in other words, it knows the candidate pair >> works), in which case it knows that resources have not been released. >> >> In other words, if the remote side chose to release resources, the local >> side wouldn't do the switch. So the remote side is free to release >> resources; it's not prevented from doing so. If it does, then the local >> side will notice and not do a switch. But if the remote side doesn't >> release the resources, then the local side may switch. >> >> In other words, I think we can allow switching and resource release both. >> >> On Thu, Jul 27, 2017 at 4:01 AM Christer Holmberg < >> christer.holmberg@ericsson.com> wrote: >> >>> Hi, >>> >>> >>> >>> Would anyone disagree with the following: >>> >>> >>> >>> 1) explicitly indicating that re-nomination is **NOT** allowed >>> without ICE restart; and >>> >>> 2) once a pair has been selected, agents need to be able to send * >>> *AND** receive media using that pair – but not using any other pair >>> (read: resources associated with other pairs may be released); and >>> >>> 3) PRIOR to selection, agents need to be able to send **AND** >>> receive media on any valid pair (RFC 7675 adds restrictions, but that’s >>> outside the scope of 5245bis) >>> >>> >>> >>> Regards, >>> >>> >>> >>> Christer >>> >>> >>> >>> *From:* Ice [mailto:ice-bounces@ietf.org] *On Behalf Of *Christer >>> Holmberg >>> *Sent:* 25 July 2017 10:17 >>> *To:* Bernard Aboba <bernard.aboba@gmail.com> >>> *Cc:* ice@ietf.org >>> *Subject:* Re: [Ice] Re-nomination and candidate pair switching in RFC >>> 5245bis >>> >>> >>> >>> Hi Bernard, >>> >>> >>> >>> Regarding sending media PRIOR to nomination, we have previously agreed >>> that any valid pair can be used for that. Perhaps it needs more >>> clarification. >>> >>> >>> >>> Regarding receiving media after nomination, it was discussed in Prague, >>> as it is covered by Peter’s PR. I don’t have access to the PR/minutes right >>> now, but I think the outcome was that an agent is only expected to receive >>> media on the nominated pair (otherwise it cannot free resources). >>> >>> >>> >>> Regards, >>> >>> >>> >>> Christer >>> >>> >>> >>> *From:* Bernard Aboba [mailto:bernard.aboba@gmail.com >>> <bernard.aboba@gmail.com>] >>> *Sent:* 25 July 2017 02:29 >>> *To:* Christer Holmberg <christer.holmberg@ericsson.com> >>> *Cc:* ice@ietf.org >>> *Subject:* Re: [Ice] Re-nomination and candidate pair switching in RFC >>> 5245bis >>> >>> >>> >>> Christer said: >>> >>> >>> >>> "The whole discussion began when I was given a comment that the text >>> above should be modified, to clarify that the pair used for media can >>> change after a pair has been selected. >>> >>> But, if the outcome is that the pair can NOT change, maybe we need to >>> clarify THAT instead :)" >>> >>> >>> >>> [BA] Currently, use of the "ice2" ICE option forestalls use of >>> aggressive nomination (e.g. setting the nominated flag on more than one >>> pair). Since only the selected pair can be used to send media, that would >>> seem to rule out changing the pair used for media after a pair has been >>> selected: >>> >>> >>> >>> Once a candidate pair has been selected >>> >>> only that candidate pair (referred to as selected pair) is used for >>> >>> sending media. >>> >>> >>> >>> What about changing the pair used for media prior to selection? On this >>> point, the text seems less clear than it could be. >>> >>> >>> >>> Prior to nomination, the specification allows the sending of media on a >>> successful pair: >>> >>> >>> >>> o Once there is at least one nominated pair in the VALID LIST for >>> >>> every component of at least one media stream and the state of the >>> >>> CHECK LIST is Running: >>> >>> >>> >>> ... >>> >>> >>> >>> * The agent MUST continue to respond to any checks it may still >>> >>> receive for that media stream, and MUST perform triggered >>> >>> checks if required by the processing of Section 6.3 <https://tools.ietf.org/html/draft-ietf-ice-rfc5245bis-10#section-6.3>. >>> >>> >>> >>> * The agent MAY begin transmitting media for this media stream as >>> >>> described in Section 11.1 >>> <https://tools.ietf.org/html/draft-ietf-ice-rfc5245bis-10#section-11.1>. >>> >>> >>> >>> However, the specification is not clear enough about the receiving side; >>> while it recommends that implementations be prepared to receive prior to >>> nomination, it does not require this. From Section 11.2: >>> >>> >>> >>> ICE implementations SHOULD by default be >>> >>> prepared to receive media on any of the candidates provided in the >>> >>> most recent candidate exchange with the peer. >>> >>> >>> >>> What happens if an implementation is NOT prepared to receive media? >>> >>> In WebRTC, an implementation cannot send without consent, which >>> >>> suggests that perhaps an unwilling receiver could use consent to >>> >>> influence the potential sender. >>> >>> >>> >>> However, the specification does not even reference RFC 7675, >>> >>> so it is left unclear about how this is to be done. >>> >>> For example, a receiver might not reply to a consent >>> >>> request if the inability to receive is temporary ("I'm not ready yet"), >>> >>> but that might cause consent to time out prior to nomination and >>> >>> might even influence pair selection inappropriately. >>> >>> >>> >>> Another choice might be to revoke consent (which would >>> >>> invalidate the pair). But that's pretty drastic unless the >>> >>> pair is truly unacceptable. >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >[BA] RFC 5245bis Section 7.1.1 continues to imply a single selected >>> pair: >>> > >>> > Eventually, there will be only a single nominated pair in the VALID >>> > LIST for each component. Once the state of the CHECK LIST is set to >>> > Completed, that exact pair is selected by ICE for sending and >>> > receiving media for that component. >>> > >>> >Based on that text, an implementation might still release resources >>> (e.g. unused TURN candidates) post-nomination. Given this, the "ice2" ICE >>> option doesn't address >potential interoperability issues resulting from >>> different resource release behaviors (although it does clear indicate lack >>> of support for aggressive nomination): >>> >>> The whole discussion began when I was given a comment that the text >>> above should be modified, to clarify that the pair used for media can >>> change after a pair has been selected. >>> >>> But, if the outcome is that the pair can NOT change, maybe we need to >>> clarify THAT instead :) >>> >>> > NOTE: A controlling agent that does not support this specification >>> > (i.e. it is implemented according to RFC 5245) might nominate more >>> > than one candidate pair. This was referred to as aggressive >>> > nomination in RFC 5245. The usage of the 'ice2' ice option by >>> > endpoints supporting this specifcation should prevent such >>> > controlling agents from using aggressive nomination. >>> > >>> >Christer also said: >>> > >>> >"Also, my understanding was that endpoints supporting RFC 7675 might >>> maintain consent on pairs currently not >>> >used for media, in order to be able to re-nominate in case consent for >>> the currently nominated pair expires. However, >>> >RFC 7675 does not explicitly say anything about that." >>> > >>> >[BA] RFC 7675 Section 5 says: >>> > >>> > Initial consent to send traffic is obtained using ICE [RFC5245]. An >>> > endpoint gains consent to send on a candidate pair when the pair >>> > enters the Succeeded ICE state. >>> > >>> >Given this, an RFC 5245bis implementation might request consent to send >>> to >>> >multiple remote peer candidates, so as to keep them alive. However, >>> >there is nothing in RFC 7675 that requires the responder to grant >>> >consent for that. For example, based on the text in RFC 5245bis >>> >Section 7.1.1, a conforming implementation might well revoke >>> >consent on local candidates other than the local candidate in the >>> >selected pair. >>> >>> Sure - the responder is not mandated to grant consent to multiple >>> candidates after nomination. But, the option to do seems to be there >>> (unless I've understood the RFC wrong), and the only reason to do so would >>> be possible re-nomination. >>> >>> Anyway, I don't have any strong feelings which way we go, but we do need >>> to make it clear in the spec whether re-nomination is allowed or not. >>> >>> Regards, >>> >>> Christer >>> >>> >>> >>> On Mon, Jul 24, 2017 at 4:33 PM, Christer Holmberg < >>> christer.holmberg@ericsson.com> wrote: >>> >>> Hi >>> , >>> >[BA] RFC 5245bis Section 7.1.1 continues to imply a single selected >>> pair: >>> > >>> > Eventually, there will be only a single nominated pair in the VALID >>> > LIST for each component. Once the state of the CHECK LIST is set to >>> > Completed, that exact pair is selected by ICE for sending and >>> > receiving media for that component. >>> > >>> >Based on that text, an implementation might still release resources >>> (e.g. unused TURN candidates) post-nomination. Given this, the "ice2" ICE >>> option doesn't address >potential interoperability issues resulting from >>> different resource release behaviors (although it does clear indicate lack >>> of support for aggressive nomination): >>> >>> The whole discussion began when I was given a comment that the text >>> above should be modified, to clarify that the pair used for media can >>> change after a pair has been selected. >>> >>> But, if the outcome is that the pair can NOT change, maybe we need to >>> clarify THAT instead :) >>> >>> > NOTE: A controlling agent that does not support this specification >>> > (i.e. it is implemented according to RFC 5245) might nominate more >>> > than one candidate pair. This was referred to as aggressive >>> > nomination in RFC 5245. The usage of the 'ice2' ice option by >>> > endpoints supporting this specifcation should prevent such >>> > controlling agents from using aggressive nomination. >>> > >>> >Christer also said: >>> > >>> >"Also, my understanding was that endpoints supporting RFC 7675 might >>> maintain consent on pairs currently not >>> >used for media, in order to be able to re-nominate in case consent for >>> the currently nominated pair expires. However, >>> >RFC 7675 does not explicitly say anything about that." >>> > >>> >[BA] RFC 7675 Section 5 says: >>> > >>> > Initial consent to send traffic is obtained using ICE [RFC5245]. An >>> > endpoint gains consent to send on a candidate pair when the pair >>> > enters the Succeeded ICE state. >>> > >>> >Given this, an RFC 5245bis implementation might request consent to send >>> to >>> >multiple remote peer candidates, so as to keep them alive. However, >>> >there is nothing in RFC 7675 that requires the responder to grant >>> >consent for that. For example, based on the text in RFC 5245bis >>> >Section 7.1.1, a conforming implementation might well revoke >>> >consent on local candidates other than the local candidate in the >>> >selected pair. >>> >>> Sure - the responder is not mandated to grant consent to multiple >>> candidates after nomination. But, the option to do seems to be there >>> (unless I've understood the RFC wrong), and the only reason to do so would >>> be possible re-nomination. >>> >>> Anyway, I don't have any strong feelings which way we go, but we do need >>> to make it clear in the spec whether re-nomination is allowed or not. >>> >>> Regards, >>> >>> Christer >>> >>> >>> >>> >>> >>> On Fri, Jul 21, 2017 at 12:33 PM, Christer Holmberg < >>> christer.holmberg@ericsson.com> wrote: >>> Hi Bernard, >>> >>> Support of 5245bis is also negotiated, using the “ice2” ICE option. >>> >>> Also, my understanding was that endpoints supporting RFC 7675 might >>> maintain consent on pairs currently not used for media, in order to be able >>> to re-nominate in case consent for the currently nominated pair expires. >>> However, RFC 7675 does not explicitly say anything about that. >>> >>> Regards, >>> >>> Christer >>> >>> From: Ice [mailto:ice-bounces@ietf.org] On Behalf Of Bernard Aboba >>> Sent: 20 July 2017 14:22 >>> To: ice@ietf.org >>> Subject: [Ice] Re-nomination and candidate pair switching in RFC 5245bis >>> >>> During the ICE WG meeting today, there was discussion of whether >>> RFC5245bis should indicate that it is possible to re-nominate pairs >>> (proposed by Peter), or whether it is possible to switch from one interface >>> to another (Cullen). While these capabilities are desirable, attempting to >>> add them to RFC 5245bis without negotiation has the potential to break >>> interoperability with existing RFC 5245 implementations. >>> >>> In my experience, this is an area where RFC 5245 implementations have >>> very different interpretations. For example, some implementations (e.g. >>> ones that did not support aggressive) discard non-selected candidate pairs >>> after nomination. These implementations (e.g. particularly ones included in >>> previous product releases) cannot be assumed to change their behavior after >>> RFC 5245bis is published. This raises the possibility that that >>> interoperability could be impacted. >>> >>> Since in practice the desired candidate pair switching capabilities are >>> most likely to be supported in WebRTC implementations supporting Trickle >>> ICE, my recommendation is to think of candidate pair switching as a Trickle >>> ICE capability. Since Trickle-ICE support is negotiated, clarifications >>> relating to candidate-pair switching can be linked to that negotiation. >>> >>> This provides a potential way forward that bypasses potential >>> interoperability issues. For example, if text on candidate-pair switching >>> is to be added to (either to RFC 5245bis or Trickle-ICE) then the text >>> could say that support for these behaviors can only be assumed if they are >>> explicitly negotiated. The Trickle-ICE document could then create normative >>> requirements for support of the new behaviors by stating that support for >>> them is mandatory when supporting full-Trickle. >>> >>> >>> >>> >>> _______________________________________________ >>> Ice mailing list >>> Ice@ietf.org >>> https://www.ietf.org/mailman/listinfo/ice >>> >> >
- Re: [Ice] Re-nomination and candidate pair switch… Christer Holmberg
- Re: [Ice] Re-nomination and candidate pair switch… Bernard Aboba
- Re: [Ice] Re-nomination and candidate pair switch… Christer Holmberg
- Re: [Ice] Re-nomination and candidate pair switch… Peter Thatcher
- Re: [Ice] Re-nomination and candidate pair switch… Bernard Aboba
- Re: [Ice] Re-nomination and candidate pair switch… Peter Thatcher
- Re: [Ice] Re-nomination and candidate pair switch… Peter Thatcher
- Re: [Ice] Re-nomination and candidate pair switch… Bernard Aboba
- Re: [Ice] Re-nomination and candidate pair switch… Peter Thatcher
- Re: [Ice] Re-nomination and candidate pair switch… Bernard Aboba
- Re: [Ice] Re-nomination and candidate pair switch… Christer Holmberg
- Re: [Ice] Re-nomination and candidate pair switch… Bernard Aboba
- Re: [Ice] Re-nomination and candidate pair switch… Christer Holmberg
- Re: [Ice] Re-nomination and candidate pair switch… Christer Holmberg
- Re: [Ice] Re-nomination and candidate pair switch… Bernard Aboba
- Re: [Ice] Re-nomination and candidate pair switch… Christer Holmberg
- Re: [Ice] Re-nomination and candidate pair switch… Christer Holmberg
- Re: [Ice] Re-nomination and candidate pair switch… Bernard Aboba
- Re: [Ice] Re-nomination and candidate pair switch… Christer Holmberg
- Re: [Ice] Re-nomination and candidate pair switch… Peter Thatcher
- Re: [Ice] Re-nomination and candidate pair switch… Peter Saint-Andre
- Re: [Ice] Re-nomination and candidate pair switch… Nils Ohlmeier