Re: [MMUSIC] ICE candidate address selection update draft

Ari Keranen <> Fri, 03 August 2012 19:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8BF9E21E8042 for <>; Fri, 3 Aug 2012 12:28:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id AqQOJmfviULP for <>; Fri, 3 Aug 2012 12:28:00 -0700 (PDT)
Received: from (unknown [IPv6:2001:14b8:400:101::2]) by (Postfix) with ESMTP id B06A421E8041 for <>; Fri, 3 Aug 2012 12:27:58 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4D9624E6F1; Fri, 3 Aug 2012 22:27:57 +0300 (EEST)
X-Virus-Scanned: amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id UZyDNAx2YJPh; Fri, 3 Aug 2012 22:27:56 +0300 (EEST)
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTPSA id 2CDDE4E6F0; Fri, 3 Aug 2012 22:27:55 +0300 (EEST)
Message-ID: <>
Date: Fri, 03 Aug 2012 12:27:53 -0700
From: Ari Keranen <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Simon Perreault <>
References: <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Subject: Re: [MMUSIC] ICE candidate address selection update draft
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 03 Aug 2012 19:28:00 -0000

On 8/3/12 12:03 PM, Simon Perreault wrote:
> Le 2012-08-03 11:58, Ari Keranen a écrit :
>> Yes, you should not get ULAs from the STUN server as long as the STUN
>> server is properly located (on the Internet, outside of the organization
>> perimeter and on the other side of any NATs). And the peer reflexive
>> candidate (which would be global address) can be then matched with
>> peer's globals.
> But reflexive candidates don't always work. I know I said NPTv6, but we
> shouldn't prevent ICE from working behind evil NAT66. And an ICE client
> may not be able to reach a STUN server so you can't rely on having
> reflexive candidates. So you should still try to match ULAs with globals.

OK, this is quite a corner case, but I'm afraid you're right. However, 
if you have a global address on the interface (i.e., you're not behind 
an evil NAT66), matching ULAs with globals doesn't make sense. So, I'd 
suggest text along the lines of:

    o  Candidate addresses from Unique Local Addresses (ULAs) SHOULD NOT
       be combined with any other candidates except other ULA candidates.
       However, if an interface does not have any global addresses, the
       ULA SHOULD be used.

(changed MUST to SHOULD and added the second sentence)