Re: [MMUSIC] FQDN support in ice-sip-sdp

Christer Holmberg <> Thu, 11 April 2019 09:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EEF3F120287 for <>; Thu, 11 Apr 2019 02:10:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id p45hQTNtyb9W for <>; Thu, 11 Apr 2019 02:10:00 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E3DEB1200FC for <>; Thu, 11 Apr 2019 02:09:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HtksghrCXy5OQmy+84fWx/SAWGiADnbpl1nKHd/hURo=; b=bGExcMCdlpexKOqVAm21STujnM6JN73a3XCJr6TvJVPK8l3paBcr6AQ7vLjtFy/47R8TD9F1dcurT7+fhsIUA3iLHB+ppH08IXtLFEA5NGgnQnlVG+aV4nECu8egyXAGgabyUb0Tj7jZwql9PILUDYgF1f/12W5zYVsSvRj4YVQ=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.9; Thu, 11 Apr 2019 09:09:56 +0000
Received: from ([fe80::a832:85f:a8bb:73b9]) by ([fe80::a832:85f:a8bb:73b9%5]) with mapi id 15.20.1792.007; Thu, 11 Apr 2019 09:09:56 +0000
From: Christer Holmberg <>
To: Suhas Nandakumar <>, Roman Shpount <>
CC: mmusic WG <>, Flemming Andreasen <>
Thread-Topic: [MMUSIC] FQDN support in ice-sip-sdp
Thread-Index: AQHU6jzz/50YAJx2kEqY4siuQ2NZYqY0606AgADVT4CAAEAVAP//1AeAgADQ14CAAETnAA==
Date: Thu, 11 Apr 2019 09:09:55 +0000
Message-ID: <>
References: <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 569430dd-b69c-4a76-3ead-08d6be5d7737
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600139)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:HE1PR07MB4363;
x-ms-traffictypediagnostic: HE1PR07MB4363:
x-microsoft-antispam-prvs: <>
x-forefront-prvs: 00046D390F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(376002)(136003)(366004)(39860400002)(396003)(189003)(199004)(33656002)(6246003)(186003)(26005)(14454004)(8936002)(236005)(478600001)(68736007)(102836004)(11346002)(110136005)(53936002)(561944003)(8676002)(97736004)(476003)(81166006)(71190400001)(83716004)(71200400001)(2616005)(36756003)(53546011)(54906003)(6506007)(99286004)(81156014)(446003)(6436002)(44832011)(25786009)(4326008)(6486002)(5660300002)(106356001)(2906002)(76176011)(486006)(6116002)(105586002)(316002)(6512007)(6306002)(58126008)(229853002)(54896002)(3846002)(14444005)(86362001)(7736002)(256004)(82746002)(66066001)(93886005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4363;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: /szuGEBe3y5ki+IsWR9UZFZ5MKssWTgRgrmw1Uilb/8B8cuN+poRxEZfwRGR0QOPz3DSkRDO9DJ0lXeAo68zLL6PLerttQycgE4EVqwjOtyda3+5fk5gaDYQEn/Vjy4ZhrbiH1EFQVTU+xQkHIUva+Uo8D7NNgJ6emFqXQsQfLCno1AvqqKMvRGRhD4g+2Dc2Pb3aw2xyi4iTV0Xztypr86iUDzNZdu8Jiro32MSajym9eerB1260ovjAxc6zwx2xjz8bJngJtz65grG3njooJtfnOtDUs7LRBOzA0Cg9iCJe68Vm4BI9AxM7yQAzv/9/XTZKtaL+YWpdjf7WMsIaqckyoogb9pPFN647Q8WztUsOFyyVmYVeHNk0w/F5/51SAeZ25cWGSlqpWF7AWulf64WYxjGN0YLhNV9BRYHWhU=
Content-Type: multipart/alternative; boundary="_000_98CF630B5CCD4CE484B481A4C53979DCericssoncom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 569430dd-b69c-4a76-3ead-08d6be5d7737
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2019 09:09:55.9047 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4363
Archived-At: <>
Subject: Re: [MMUSIC] FQDN support in ice-sip-sdp
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 11 Apr 2019 09:10:04 -0000


I *think* I agree with Suhas that the FQDN handling should be a separate draft – a generic ICE draft produced by the ICE WG. ice-sip-sdp would then specify how it is implemented in SDP (separate a=candidiate lines etc).

Perhaps it could be combined with the mDNS draft?



From: Suhas Nandakumar <>
Date: Thursday, 11 April 2019 at 11.03
To: Roman Shpount <>
Cc: Christer Holmberg <>om>, Suhas Nandakumar <>om>, "" <>rg>, Flemming Andreasen <>
Subject: Re: [MMUSIC] FQDN support in ice-sip-sdp

On Wed, Apr 10, 2019 at 12:36 PM Roman Shpount <<>> wrote:
On Wed, Apr 10, 2019 at 3:13 PM Christer Holmberg <<>> wrote:
>Limiting FQDN scope to resolving to just one address is an unimplementable requirement. Currently on large number of devices, FQDN
>which is supposed to resolve to IPv4 address only, will resolve to both IPv6 and IPv4 addresses. For instance on virtually all IOS and most
>of the Android devices on mobile networks FQDN pointing to IPv4 returns results for IPv6 as well. Essentially what we are specifying now is
>that ICE candidates with FQDN address MUST be ignored.

Isn’t the main reason for allowing FQDN to enable usage of mDNS?

 It is now. Nothing in the latest language that I propose prohibits mDNS draft define how FQDN are supposed to work when mDNS is used. All my language states that default treatment for FQDN is to ignore it which keeps mDNS backwards compatible. I would also suggest adding an ICE option to specify that mDNS is supported. This being said, I am not sure mDNS prevents IPv4 address being resolved as IPv6 through DNS64, so mDNS is likely going to end up with two addresses for a single candidate.

In my opinion, the current ICE procedures assumes one IP address:port per candidate. If we allow a candidate to be associated with multiple IP addresses:ports, we would have to modify the ICE procedures in order to handle that: how a candidate can be part of multiple foundations (one for each resolved IP address:port), how the freezing/unfreezing procedure work, whether connectivity checks are sent to all resolved addresses, how the state of the candidate is set if one IP address:port succeeds but another doesn’t. Or, should the candidate be split into multiple candidates (one for each resolved IP address:port)? Etc etc etc etc etc. All of that could probably be done, but I think it would be quite a bit of work- an update (or even a bis) to RFC 8445. It is *NOT* an ice-sip-sdp specific issue in my opinion.

I am not suggesting changing that only one address is supported per candidate. What I am suggesting is that candidate needs some sort of hint when FQDN is used to specify how address should be resolved. Here is my proposed solution:

Add a candidate extension which specifies candidate address type, something like addrtype which can be set to "inipv4" or "inipv6". If IP address is used and it does not match the addrtype candidate extension, this candidate is ignored. When FQDN is used, it is resolved using A DNS request when addrtype is inipv4 or not present and using AAAA DNS request when addrtype is inipv6. Address family in c= line, when FQDN is a default candidate must be IN IPV4 if addrtype is inipv4 or not present, and must be IP IPV6 if addrtype is inipv6

a=candidate:2319437384 1 udp 2122260223 8a2fd7b5-41d5-4c15-ad83-d33a0d66a75a.local 60454 typ host inipv4
a=candidate:2319437384 1 udp 2122260223 8a2fd7b5-41d5-4c15-ad83-d33a0d66a78b.local 60454 typ host inipv6

I am not for or against the proposal. I am sure its fine.  I am concerned about the scope of this change and current implementations who are willing to support this new extension. Why can't this be in a total new draft ?

This keeps each candidate line to one address and works in cases when FQDN resolves to one IPv4 and one IPv6 address due to something like DNS64.

Roman Shpount