[MMUSIC] Trickle ICE and frozen candidates

Emil Ivov <emcho@jitsi.org> Tue, 09 July 2013 12:44 UTC

Return-Path: <emil@sip-communicator.org>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 2149711E80FB for <mmusic@ietfa.amsl.com>; Tue, 9 Jul 2013 05:44:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.899
X-Spam-Status: No, score=-2.899 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, J_CHICKENPOX_53=0.6, J_CHICKENPOX_54=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id LDKey8o62lZQ for <mmusic@ietfa.amsl.com>; Tue, 9 Jul 2013 05:44:04 -0700 (PDT)
Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com []) by ietfa.amsl.com (Postfix) with ESMTP id 951D911E80E1 for <mmusic@ietf.org>; Tue, 9 Jul 2013 05:44:04 -0700 (PDT)
Received: by mail-wg0-f44.google.com with SMTP id m15so4699956wgh.23 for <mmusic@ietf.org>; Tue, 09 Jul 2013 05:44:03 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to :subject:content-type:content-transfer-encoding:x-gm-message-state; bh=3prPMSE9PMicv5C5SGQGHymujc6PvmBgkoFlZlYh0K8=; b=BCvHQtr0c7O2GDweQTKmLIDTIY+LqHIWhWeR1spLZhXcxsjN5c7oaW+pIzAnrOvmM4 VdcAGIh4cPm87GzAkTgpisY8TiPYuZr9M7nqj3kWHHeK31cbAqJpi/Yr4Ir7aFlyXb9p 9pDUDF2v+O3rO0stfPW/F/JZzXjhJGOuKtI1R3j1Glb5no6i55+VdP22gpnbYSM5JN8L eXr2O93AWM3YpdGF39H/CUlfQw5wjQg8zX8+MY/G8B6t5F/7t4/ZXHlbOOVjZV2rU+9H AJSKg02K4ajab3ekpMeei7C5MU1wV1q0CCq5Zm3YVn4NVZt71KfCUuRPnVh+6AMWdnZX 8eDw==
X-Received: by with SMTP id i10mr28640319wib.53.1373373843465; Tue, 09 Jul 2013 05:44:03 -0700 (PDT)
Received: from camionet.local ([2a01:e35:8a55:abc0:5cd6:e1f6:214:667b]) by mx.google.com with ESMTPSA id fs8sm60990325wib.0.2013. for <mmusic@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 09 Jul 2013 05:44:02 -0700 (PDT)
Message-ID: <51DC0595.4070203@jitsi.org>
Date: Tue, 09 Jul 2013 14:44:05 +0200
From: Emil Ivov <emcho@jitsi.org>
Organization: Jitsi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: MMUSIC IETF WG <mmusic@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Gm-Message-State: ALoCoQlkcEmLg0QcZxI+2iXFu9EekrEgGqeTDa8pddJr+gC9R5lKAAbNERBO8P+p1QiFslHeIMAJ
Subject: [MMUSIC] Trickle ICE and frozen candidates
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2013 12:44:09 -0000

Hey all,

In Orlando we discussed a few issues around trickle ICE without reaching 
any form of consensus so it would be great if we could do so here.

The most delicate is about handling frozen candidates with trickle ICE. 
I apologise for the long e-mail that's about to follow. It's just one of 
those gluey, hairy issues. The faster we get rid of it, the better, so 
please don't be intimidated by the text ;).

With vanilla ICE, we have the advantage of knowing that candidate pairs 
will be ordered the same way on both sides. Checks are executed in the 
same order, which allows NATs to open all the necessary holes in their 

The "frozen candidates" algorithm relies on this. It starts by 
unfreezing, on both sides, all the first pairs for all foundations. In 
other words, for an audio/video rtp/rtcp call, we normally start ICE 
processing with Audio.RTP and then unfreeze RTCP and Video when the 
first checks have succeeded (roughly put).

The problem with trickle ICE is that such an order is no longer 
guaranteed. It is hence possible that both agents obtain their STUN 
candidates in different order. For example, one of them first obtains 
Audio.RTP, while the other one first learns a mapping for Video RTCP.

Here's a more specific example: Imagine Alice and Bob both have a single 
host address each: A1 and B1 (both are NATed in different LANs). They 
both use ports 5000/5001 for Audio RTP/RTCP and ports 5002/5004 for 
Video RTP/RTCP.  They also both use a STUN server (no TURN for simplicity).

Now let's say that Alice gets (and trickles) a STUN candidate for her 
Audio.RTP base, while Bob first obtains one for RTCP.

For clarity, their check lists would hence look something like this:

Foundation:  A1B1	       A1B2	        A2B1	
Audio.RTP    A1:5000/B1:5000                    A2:5000/B1:5000	
Audio.RTCP   A1:5001/B1:5001   A1:5001/B2:5001		
Video.RTP    A1:5002/B1:5002			
Video.RTCP   A1:5003/B1:5003			

We now arrive at the essence: If we are to use freezing in a way that's 
similar to 5245, then Alice and Bob would both unfreeze the first pair 
they have for a given foundation and keep everyone else frozen: Alice 
will thus be sending STUN checks to Bob for Audio.RTCP, while Bob tries 
to conn. check Alice's Audio.RTP candidate.

While they do this, they will learn and trickle all the other candidates 
for these foundations but this wouldn't matter as they would have to 
remain frozen.

Both of the above checks and their entire foundations will hence fail 
since they won't be symmetric.

I hope the description makes sense.

So we basically have two ways to go about this:

1. Try to come up with some rules that avoid or fix the above situation. 
We could try to formulate text that basically starts the unfreezing only 
once we have symmetric candidates for all foundations.

2. We could start by unfreezing the first available pair for any 
foundation and then also unfreeze new pairs with a higher priority. New 
pairs with a lower priority will remain frozen until at least one higher 
priority pair succeeds.

3. We could also get rid of freezing and just start checks for anything 
we get. STUN transactions give us quite some leash in terms of time so 
that even if one of the peers starts checks for a given component 
earlier than the other, this should not be reason enough for failure. 
(Although it could lead to delays in some cases).

While 1 and especially 2 may be preferable in terms of efficiency, 
personally, I am worried that getting it right in terms of spec and 
implementation is non-trivial and this may become a common reason for 
interoperability problems. Therefore, 3 does seem like the simplest way 
to go.