IETF Logo Mail Archive

Re: [Ice] Re-nomination and candidate pair switching in RFC 5245bis - PROPOSAL

Peter Thatcher <pthatcher@google.com> Wed, 30 August 2017 16:26 UTC

Return-Path: <pthatcher@google.com>
X-Original-To: ice@ietfa.amsl.com
Delivered-To: ice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B02F813213D for <ice@ietfa.amsl.com>; Wed, 30 Aug 2017 09:26:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y87DH36RoBA9 for <ice@ietfa.amsl.com>; Wed, 30 Aug 2017 09:26:28 -0700 (PDT)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80B671201F8 for <ice@ietf.org>; Wed, 30 Aug 2017 09:26:28 -0700 (PDT)
Received: by mail-oi0-x230.google.com with SMTP id k77so55297823oib.2 for <ice@ietf.org>; Wed, 30 Aug 2017 09:26:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Y2Wm0qQL+vC0rcAAiCyUL0EN2PNXZQjcJ9L3NAHb2wo=; b=MhYUuETPEmZrnGTv5bqIAJiXgI2Spry4LScI64gm8Rir0fJ89HYIBcbi/mF7eNbd/h qhukA0bKanx3vlFYGMm06gH5//29nr1rF5R1j/WEdtoxgxyvpiuiqDec06eWgor3SRs/ kA49ScwaN0j1SY3S/kgLRfc9OP52SUPEoyBQoaTYrgoqjPVxmdebspuEoFy5xgMVlYCE 2twDBhrzWZpW2CtfcMzocF1VAQHbDf8Duh+WTL122z0Y/OCoWjzx5sQXWwUyXc7ETl1v Drzo8sKNKzu8BMLk9TSgqALbvcLCDlaiWkk+se9i68ma9iV7C/qWj4jJ2ma04DFcEYvY 1ctw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Y2Wm0qQL+vC0rcAAiCyUL0EN2PNXZQjcJ9L3NAHb2wo=; b=SiCHw+35DFuNYHo/bH4SMjVko3FoBnZSQ3XRcvXhtsxAtSgnZkc3IpzA4PuTohg3tn S32FykldfE+dH2m0pahD3uYTx+yddV/kgSEJ85O4Mx3zIhFh0NGg0+in4l/rtXq5QtL3 v4okZ05lgJ0LMjC55ozQmy5P7MTaOlvZDj89TKDaopqFrtHOsYhvt7IeBakI9EAKmWXv nJRdUqIFpy8Mq9YyLnidIqJqFc8qpK//47+jwKJKMmS7RymtHyyPIMzJbe0PDIn8jMWp 9nPWiKhh7m61kshaPZfjaVA/L0quGZolaHXHjQ6Cxxbnkw5MbtUCR3t+G4hc934Pyrzn bTcw==
X-Gm-Message-State: AHYfb5hRyCgGrJQyeBOgpKg/mq5ZNmdvl4czBDvMcm/48P2Rc6hBNldQ nu+8S5MI6tPTmcCiIMCE+wq7ouC8xj4A
X-Google-Smtp-Source: ADKCNb4p8lRH5NzOwZxyZLD5ESuL9nYbkA21IK4Xik/drpOczwdM9mrlcGW4MmPgQCAUG6+95ZPreBPJGG7j8EGXLjc=
X-Received: by 10.202.78.78 with SMTP id c75mr2079887oib.53.1504110387354; Wed, 30 Aug 2017 09:26:27 -0700 (PDT)
MIME-Version: 1.0
References: <7594FB04B1934943A5C02806D1A2204B4CC9ED94@ESESSMB109.ericsson.se> <CAJrXDUHGYkivt5+dnX48C8TkR9W7afoUWAPv8+MbafYNsZsFmA@mail.gmail.com> <CAOW+2duR54wenv088kZSmKJj56u8j=Qi6KzNUNrjA0=o5qhekg@mail.gmail.com>
In-Reply-To: <CAOW+2duR54wenv088kZSmKJj56u8j=Qi6KzNUNrjA0=o5qhekg@mail.gmail.com>
From: Peter Thatcher <pthatcher@google.com>
Date: Wed, 30 Aug 2017 16:26:15 +0000
Message-ID: <CAJrXDUEKWCa7GsL_bSrdvVN-erROSgHJt5DO5VOZ2Qx3PQr15g@mail.gmail.com>
To: Bernard Aboba <bernard.aboba@gmail.com>
Cc: Christer Holmberg <christer.holmberg@ericsson.com>, "ice@ietf.org" <ice@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c1691e5810500557fafdec"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ice/w8phmjHpytwhbKgvX-fuUFh0rDs>
Subject: Re: [Ice] Re-nomination and candidate pair switching in RFC 5245bis - PROPOSAL
X-BeenThere: ice@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Interactive Connectivity Establishment \(ICE\)" <ice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ice>, <mailto:ice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ice/>
List-Post: <mailto:ice@ietf.org>
List-Help: <mailto:ice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ice>, <mailto:ice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Aug 2017 16:26:33 -0000

As far as "just enough" so that it isn't a hindrance: that's why I wanted
to say that agents *may* switch.  It allows a renomination in the future.
Saying they MUST NOT is a hindrance.  I would be fine if the *may* requires
negotiation.  That's what

On Wed, Aug 30, 2017 at 9:08 AM Bernard Aboba <bernard.aboba@gmail.com>
wrote:

> Peter said:
>
> "Your reasoning for saying that an agent can't switch candidate pairs is
> that it prevents the remote side from being able to release resources.  But
> the switching side would only switch if the candidate pair recently
> received an ICE check response (in other words, it knows the candidate pair
> works), in which case it knows that resources have not been released."
>
> [BA] There is a dicotomy between the situation prior to nomination and
> after it that isn't explained well in RFC 5245bis.  Prior to nomination,
> the agent can switch between validated candidate pairs, and hopefully we
> can make the language clear enough so that this will work well.
>
> While the same logic applies after nomination as well (e.g. it only makes
> sense to switch a valid pair), the text doesn't clarify the meaning of
> nomination with respect to resource release, nor does it talk about consent
> (presumably the mechanism that would be used to maintain pair validity
> after nomination), so that it's not clear how pair validity could be
> maintained.  Since there is much RFC 5245 text still remaining, the overall
> document reads as though while it represents an update to RFC 5245 it still
> is based on a pre-WebRTC mindset.
>
> All this makes me wonder whether we should limit our aspirations for RFC
> 5245bis to clarifying things "just enough" so that it isn't a hindrance.
> People interested in building a modern ICE implementation for use in WebRTC
> will probably focus more on Trickle-ICE, where implementation of consent
> can be assumed, and perhaps the meaning of nomination within a WebRTC
> context could be better explained.
>
>
>
> On Wed, Aug 30, 2017 at 11:19 AM, Peter Thatcher <pthatcher@google.com>
> wrote:
>
>> #2 and #3 are fine, but I'm not a fan of #1.
>>
>> Your reasoning for saying that an agent can't switch candidate pairs is
>> that it prevents the remote side from being able to release resources.  But
>> the switching side would only switch if the candidate pair recently
>> received an ICE check response (in other words, it knows the candidate pair
>> works), in which case it knows that resources have not been released.
>>
>> In other words, if the remote side chose to release resources, the local
>> side wouldn't do the switch.  So the remote side is free to release
>> resources; it's not prevented from doing so.  If it does, then the local
>> side will notice and not do a switch.   But if the remote side doesn't
>> release the resources, then the local side may switch.
>>
>> In other words, I think we can allow switching and resource release both.
>>
>> On Thu, Jul 27, 2017 at 4:01 AM Christer Holmberg <
>> christer.holmberg@ericsson.com> wrote:
>>
>>> Hi,
>>>
>>>
>>>
>>> Would anyone disagree with the following:
>>>
>>>
>>>
>>> 1)      explicitly indicating that re-nomination is **NOT** allowed
>>> without ICE restart; and
>>>
>>> 2)      once a pair has been selected, agents need to be able to send *
>>> *AND** receive media using that pair – but not using any other pair
>>> (read: resources associated with other pairs may be released); and
>>>
>>> 3)      PRIOR to selection, agents need to be able to send **AND**
>>> receive media on any valid pair (RFC 7675 adds restrictions, but that’s
>>> outside the scope of 5245bis)
>>>
>>>
>>>
>>> Regards,
>>>
>>>
>>>
>>> Christer
>>>
>>>
>>>
>>> *From:* Ice [mailto:ice-bounces@ietf.org] *On Behalf Of *Christer
>>> Holmberg
>>> *Sent:* 25 July 2017 10:17
>>> *To:* Bernard Aboba <bernard.aboba@gmail.com>
>>> *Cc:* ice@ietf.org
>>> *Subject:* Re: [Ice] Re-nomination and candidate pair switching in RFC
>>> 5245bis
>>>
>>>
>>>
>>> Hi Bernard,
>>>
>>>
>>>
>>> Regarding sending media PRIOR to nomination, we have previously agreed
>>> that any valid pair can be used for that. Perhaps it needs more
>>> clarification.
>>>
>>>
>>>
>>> Regarding receiving media after nomination, it was discussed in Prague,
>>> as it is covered by Peter’s PR. I don’t have access to the PR/minutes right
>>> now, but I think the outcome was that an agent is only expected to receive
>>> media on the nominated pair (otherwise it cannot free resources).
>>>
>>>
>>>
>>> Regards,
>>>
>>>
>>>
>>> Christer
>>>
>>>
>>>
>>> *From:* Bernard Aboba [mailto:bernard.aboba@gmail.com
>>> <bernard.aboba@gmail.com>]
>>> *Sent:* 25 July 2017 02:29
>>> *To:* Christer Holmberg <christer.holmberg@ericsson.com>
>>> *Cc:* ice@ietf.org
>>> *Subject:* Re: [Ice] Re-nomination and candidate pair switching in RFC
>>> 5245bis
>>>
>>>
>>>
>>> Christer said:
>>>
>>>
>>>
>>> "The whole discussion began when I was given a comment that the text
>>> above should be modified, to clarify that the pair used for media can
>>> change after a pair has been selected.
>>>
>>> But, if the outcome is that the pair can NOT change, maybe we need to
>>> clarify THAT instead :)"
>>>
>>>
>>>
>>> [BA] Currently, use of the "ice2" ICE option forestalls use of
>>> aggressive nomination (e.g. setting the nominated flag on more than one
>>> pair).  Since only the selected pair can be used to send media, that would
>>> seem to rule out changing the pair used for media after a pair has been
>>> selected:
>>>
>>>
>>>
>>>    Once a candidate pair has been selected
>>>
>>>    only that candidate pair (referred to as selected pair) is used for
>>>
>>>    sending media.
>>>
>>>
>>>
>>> What about changing the pair used for media prior to selection?  On this
>>> point, the text seems less clear than it could be.
>>>
>>>
>>>
>>> Prior to nomination, the specification allows the sending of media on a
>>> successful pair:
>>>
>>>
>>>
>>>    o  Once there is at least one nominated pair in the VALID LIST for
>>>
>>>       every component of at least one media stream and the state of the
>>>
>>>       CHECK LIST is Running:
>>>
>>>
>>>
>>> ...
>>>
>>>
>>>
>>>       *  The agent MUST continue to respond to any checks it may still
>>>
>>>          receive for that media stream, and MUST perform triggered
>>>
>>>          checks if required by the processing of Section 6.3 <https://tools.ietf.org/html/draft-ietf-ice-rfc5245bis-10#section-6.3>.
>>>
>>>
>>>
>>>       *  The agent MAY begin transmitting media for this media stream as
>>>
>>>          described in Section 11.1
>>> <https://tools.ietf.org/html/draft-ietf-ice-rfc5245bis-10#section-11.1>.
>>>
>>>
>>>
>>> However, the specification is not clear enough about the receiving side;
>>> while it recommends that implementations be prepared to receive prior to
>>> nomination, it does not require this. From Section 11.2:
>>>
>>>
>>>
>>>    ICE implementations SHOULD by default be
>>>
>>>    prepared to receive media on any of the candidates provided in the
>>>
>>>    most recent candidate exchange with the peer.
>>>
>>>
>>>
>>> What happens if an implementation is NOT prepared to receive media?
>>>
>>> In WebRTC, an implementation cannot send without consent, which
>>>
>>> suggests that perhaps an unwilling receiver could use consent to
>>>
>>> influence the potential sender.
>>>
>>>
>>>
>>> However, the specification does not even reference RFC 7675,
>>>
>>> so it is left unclear about how this is to be done.
>>>
>>> For example, a receiver might not reply to a consent
>>>
>>> request if the inability to receive is temporary ("I'm not ready yet"),
>>>
>>> but that might cause consent to time out prior to nomination and
>>>
>>> might even influence pair selection inappropriately.
>>>
>>>
>>>
>>> Another choice might be to revoke consent (which would
>>>
>>> invalidate the pair).  But that's pretty drastic unless the
>>>
>>> pair is truly unacceptable.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> >[BA] RFC 5245bis Section 7.1.1 continues to imply a single selected
>>> pair:
>>> >
>>> >   Eventually, there will be only a single nominated pair in the VALID
>>> >   LIST for each component.  Once the state of the CHECK LIST is set to
>>> >   Completed, that exact pair is selected by ICE for sending and
>>> >   receiving media for that component.
>>> >
>>> >Based on that text, an implementation might still release resources
>>> (e.g. unused TURN candidates) post-nomination. Given this, the "ice2" ICE
>>> option doesn't address >potential interoperability issues resulting from
>>> different resource release behaviors (although it does clear indicate lack
>>> of support for aggressive nomination):
>>>
>>> The whole discussion began when I was given a comment that the text
>>> above should be modified, to clarify that the pair used for media can
>>> change after a pair has been selected.
>>>
>>> But, if the outcome is that the pair can NOT change, maybe we need to
>>> clarify THAT instead :)
>>>
>>> >   NOTE: A controlling agent that does not support this specification
>>> >   (i.e. it is implemented according to RFC 5245) might nominate more
>>> >   than one candidate pair.  This was referred to as aggressive
>>> >   nomination in RFC 5245.  The usage of the 'ice2' ice option by
>>> >   endpoints supporting this specifcation should prevent such
>>> >   controlling agents from using aggressive nomination.
>>> >
>>> >Christer also said:
>>> >
>>> >"Also, my understanding was that endpoints supporting RFC 7675 might
>>> maintain consent on pairs currently not
>>> >used for media, in order to be able to re-nominate in case consent for
>>> the currently nominated pair expires. However,
>>> >RFC 7675 does not explicitly say anything about that."
>>> >
>>> >[BA] RFC 7675 Section 5 says:
>>> >
>>> >   Initial consent to send traffic is obtained using ICE [RFC5245].  An
>>> >   endpoint gains consent to send on a candidate pair when the pair
>>> >   enters the Succeeded ICE state.
>>> >
>>> >Given this, an RFC 5245bis implementation might request consent to send
>>> to
>>> >multiple remote peer candidates, so as to keep them alive. However,
>>> >there is nothing in RFC 7675 that requires the responder to grant
>>> >consent for that.  For example, based on the text in RFC 5245bis
>>> >Section 7.1.1, a conforming implementation might well revoke
>>> >consent on local candidates other than the local candidate in the
>>> >selected pair.
>>>
>>> Sure - the responder is not mandated to grant consent to multiple
>>> candidates after nomination. But, the option to do seems to be there
>>> (unless I've understood the RFC wrong), and the only reason to do so would
>>> be possible re-nomination.
>>>
>>> Anyway, I don't have any strong feelings which way we go, but we do need
>>> to make it clear in the spec whether re-nomination is allowed or not.
>>>
>>> Regards,
>>>
>>> Christer
>>>
>>>
>>>
>>> On Mon, Jul 24, 2017 at 4:33 PM, Christer Holmberg <
>>> christer.holmberg@ericsson.com> wrote:
>>>
>>> Hi
>>> ,
>>> >[BA] RFC 5245bis Section 7.1.1 continues to imply a single selected
>>> pair:
>>> >
>>> >   Eventually, there will be only a single nominated pair in the VALID
>>> >   LIST for each component.  Once the state of the CHECK LIST is set to
>>> >   Completed, that exact pair is selected by ICE for sending and
>>> >   receiving media for that component.
>>> >
>>> >Based on that text, an implementation might still release resources
>>> (e.g. unused TURN candidates) post-nomination. Given this, the "ice2" ICE
>>> option doesn't address >potential interoperability issues resulting from
>>> different resource release behaviors (although it does clear indicate lack
>>> of support for aggressive nomination):
>>>
>>> The whole discussion began when I was given a comment that the text
>>> above should be modified, to clarify that the pair used for media can
>>> change after a pair has been selected.
>>>
>>> But, if the outcome is that the pair can NOT change, maybe we need to
>>> clarify THAT instead :)
>>>
>>> >   NOTE: A controlling agent that does not support this specification
>>> >   (i.e. it is implemented according to RFC 5245) might nominate more
>>> >   than one candidate pair.  This was referred to as aggressive
>>> >   nomination in RFC 5245.  The usage of the 'ice2' ice option by
>>> >   endpoints supporting this specifcation should prevent such
>>> >   controlling agents from using aggressive nomination.
>>> >
>>> >Christer also said:
>>> >
>>> >"Also, my understanding was that endpoints supporting RFC 7675 might
>>> maintain consent on pairs currently not
>>> >used for media, in order to be able to re-nominate in case consent for
>>> the currently nominated pair expires. However,
>>> >RFC 7675 does not explicitly say anything about that."
>>> >
>>> >[BA] RFC 7675 Section 5 says:
>>> >
>>> >   Initial consent to send traffic is obtained using ICE [RFC5245].  An
>>> >   endpoint gains consent to send on a candidate pair when the pair
>>> >   enters the Succeeded ICE state.
>>> >
>>> >Given this, an RFC 5245bis implementation might request consent to send
>>> to
>>> >multiple remote peer candidates, so as to keep them alive. However,
>>> >there is nothing in RFC 7675 that requires the responder to grant
>>> >consent for that.  For example, based on the text in RFC 5245bis
>>> >Section 7.1.1, a conforming implementation might well revoke
>>> >consent on local candidates other than the local candidate in the
>>> >selected pair.
>>>
>>> Sure - the responder is not mandated to grant consent to multiple
>>> candidates after nomination. But, the option to do seems to be there
>>> (unless I've understood the RFC wrong), and the only reason to do so would
>>> be possible re-nomination.
>>>
>>> Anyway, I don't have any strong feelings which way we go, but we do need
>>> to make it clear in the spec whether re-nomination is allowed or not.
>>>
>>> Regards,
>>>
>>> Christer
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Jul 21, 2017 at 12:33 PM, Christer Holmberg <
>>> christer.holmberg@ericsson.com> wrote:
>>> Hi Bernard,
>>>
>>> Support of 5245bis is also negotiated, using the “ice2” ICE option.
>>>
>>> Also, my understanding was that endpoints supporting RFC 7675 might
>>> maintain consent on pairs currently not used for media, in order to be able
>>> to re-nominate in case consent for the currently nominated pair expires.
>>> However, RFC 7675 does not explicitly say anything about that.
>>>
>>> Regards,
>>>
>>> Christer
>>>
>>> From: Ice [mailto:ice-bounces@ietf.org] On Behalf Of Bernard Aboba
>>> Sent: 20 July 2017 14:22
>>> To: ice@ietf.org
>>> Subject: [Ice] Re-nomination and candidate pair switching in RFC 5245bis
>>>
>>> During the ICE WG meeting today, there was discussion of whether
>>> RFC5245bis should indicate that it is possible to re-nominate pairs
>>> (proposed by Peter), or whether it is possible to switch from one interface
>>> to another (Cullen).  While these capabilities are desirable, attempting to
>>> add them to RFC 5245bis without negotiation has the potential to break
>>> interoperability with existing RFC 5245 implementations.
>>>
>>> In my experience, this is an area where RFC 5245 implementations have
>>> very different interpretations. For example, some implementations (e.g.
>>> ones that did not support aggressive) discard non-selected candidate pairs
>>> after nomination. These implementations (e.g. particularly ones included in
>>> previous product releases) cannot be assumed to change their behavior after
>>> RFC 5245bis is published.  This raises the possibility that that
>>> interoperability could be impacted.
>>>
>>> Since in practice the desired candidate pair switching capabilities are
>>> most likely to be supported in WebRTC implementations supporting Trickle
>>> ICE, my recommendation is to think of candidate pair switching as a Trickle
>>> ICE capability.   Since Trickle-ICE support is negotiated, clarifications
>>> relating to candidate-pair switching can be linked to that negotiation.
>>>
>>> This provides a potential way forward that bypasses potential
>>> interoperability issues.  For example, if text on candidate-pair switching
>>> is to be added to (either to RFC 5245bis or Trickle-ICE) then the text
>>> could say that support for these behaviors can only be assumed if they are
>>> explicitly negotiated. The Trickle-ICE document could then create normative
>>> requirements for support of the new behaviors by stating that support for
>>> them is mandatory when supporting full-Trickle.
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Ice mailing list
>>> Ice@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ice
>>>
>>
>

v2.23.0 | Report a Bug | By Email