Re: [MMUSIC] FQDN support in ice-sip-sdp

Christer Holmberg <> Thu, 11 April 2019 08:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DBE7412013E for <>; Thu, 11 Apr 2019 01:05:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id JyaABf8Y7ZUc for <>; Thu, 11 Apr 2019 01:05:57 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5983A12011D for <>; Thu, 11 Apr 2019 01:05:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Azy1WdXlCrg68Yw2lbjluGpVLzE+uoLF4DJjHKw5hHg=; b=gIvuYb9pbfcxwEpSZnYXteRGBr2NSn5vhuRzU17TDV98wv1VIxS+3/V8Du50FS8EstrLHt0balR/NJzVmba3Sw1ocmjQqhnP9w7ILCTSiUOyYTEJZNulSmSLi1ZSsmSckOM2rnwwxN78WZCu9dMmQe9ZGDSj99t0nnychq618Is=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.8; Thu, 11 Apr 2019 08:05:54 +0000
Received: from ([fe80::a832:85f:a8bb:73b9]) by ([fe80::a832:85f:a8bb:73b9%5]) with mapi id 15.20.1792.007; Thu, 11 Apr 2019 08:05:54 +0000
From: Christer Holmberg <>
To: Roman Shpount <>
CC: Suhas Nandakumar <>, mmusic WG <>, Flemming Andreasen <>
Thread-Topic: [MMUSIC] FQDN support in ice-sip-sdp
Thread-Index: AQHU6jzz/50YAJx2kEqY4siuQ2NZYqY0606AgADVT4CAAEAVAP//1AeAgAED24A=
Date: Thu, 11 Apr 2019 08:05:54 +0000
Message-ID: <>
References: <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 41e6d50b-b94a-4fc5-6a12-08d6be54857c
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020); SRVR:HE1PR07MB3339;
x-ms-traffictypediagnostic: HE1PR07MB3339:
x-microsoft-antispam-prvs: <>
x-forefront-prvs: 00046D390F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(366004)(136003)(396003)(376002)(39860400002)(199004)(189003)(8936002)(82746002)(6916009)(2906002)(44832011)(316002)(68736007)(229853002)(8676002)(6486002)(6512007)(81156014)(81166006)(6436002)(76176011)(3846002)(14444005)(97736004)(4326008)(25786009)(58126008)(6116002)(6246003)(33656002)(54906003)(66066001)(99286004)(53936002)(256004)(478600001)(14454004)(93886005)(5660300002)(105586002)(106356001)(26005)(186003)(36756003)(102836004)(86362001)(6506007)(7736002)(305945005)(71190400001)(71200400001)(83716004)(2616005)(11346002)(446003)(476003)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3339;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 1+kuCQ7tUaTC7tjX/Ddwv+7w19kEpKwpk2et2gBvHl6VfD0+a/fSHGV41nblUU8NwYA3bqkXvzCXTuR4KdsbxIvDfghdxjThESRJdzRZBv4Crp7J6VMqaJqWyD98bEYDLArVifhoiACp6Ddbmwm2+Cwq9ql9JJj+Nn0mUBEP3bsRkdxnhryWHermoKqcJPgcEvlY6AlumJlyrNqORgY34S8xcZtB1cmCQ53gI2udhvGoIK+RALsRFfYoHv0hYIWP1JXUeC6+NAqLYmBNM8ZCaQo2BLjJzL8VdJT7AVDYHVzgND+afXBaySsBkY6R1aj+6JgIhP+MDN4mdrmKutul5XUya8ITcXlcfeso2oXNzk4bgYjAFYeZuhvoBa3g4SpYsTn90PNZR6pj1LskTIhbjvNmJycV3mKCAVtpFLJg9Go=
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 41e6d50b-b94a-4fc5-6a12-08d6be54857c
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2019 08:05:54.3896 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3339
Archived-At: <>
Subject: Re: [MMUSIC] FQDN support in ice-sip-sdp
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 11 Apr 2019 08:06:00 -0000


>>>Limiting FQDN scope to resolving to just one address is an unimplementable requirement. Currently on large number of devices, FQDN 
>>>which is supposed to resolve to IPv4 address only, will resolve to both IPv6 and IPv4 addresses. For instance on virtually all IOS and most 
>>>of the Android devices on mobile networks FQDN pointing to IPv4 returns results for IPv6 as well. Essentially what we are specifying now is 
>>>that ICE candidates with FQDN address MUST be ignored.
>>Isn’t the main reason for allowing FQDN to enable usage of mDNS?
> It is now. Nothing in the latest language that I propose prohibits mDNS draft define how FQDN are supposed to 
> work when mDNS is used. All my language states that default treatment for FQDN is to ignore it which keeps 
> mDNS backwards compatible. I would also suggest adding an ICE > option to specify that mDNS is supported. 
> This being said, I am not sure mDNS prevents IPv4 address being resolved as IPv6 through DNS64, so mDNS is 
> likely going to end up with two addresses for a single candidate.
>> In my opinion, the current ICE procedures assumes one IP address:port per candidate. If we allow a candidate to 
>> be associated with multiple IP addresses:ports, we would have to modify the ICE procedures in order to handle 
>> that: how a candidate can be part of multiple foundations (one for each resolved IP address:port), how the 
>> freezing/unfreezing procedure work, whether connectivity checks are sent to all resolved addresses, how the 
>> state of the candidate is set if one IP address:port succeeds but another doesn’t. Or, should the candidate be 
>> split into multiple candidates (one for each resolved IP address:port)? Etc etc etc etc etc. All of that could probably 
>> be done, but I think it would be quite a bit of work- an update (or even a bis) to RFC 8445. It is *NOT* an ice-sip-sdp 
>> specific issue in my opinion.
> I am not suggesting changing that only one address is supported per candidate. What I am suggesting is that candidate 
> needs some sort of hint when FQDN is used to specify how address should be resolved. Here is my proposed solution:
> Add a candidate extension which specifies candidate address type, something like addrtype which can be set to 
> "inipv4" or "inipv6". If IP address is used and it does not match the addrtype candidate extension, this candidate is 
> ignored. When FQDN is used, it is resolved using A DNS request when addrtype is inipv4 or not present and using 
> AAAA DNS request when addrtype is inipv6. Address family in c= line, when FQDN is a default candidate must be 
> IN IPV4 if addrtype is inipv4 or not present, and must be IP IPV6 if addrtype is inipv6 
> Example:
> a=candidate:2319437384 1 udp 2122260223 8a2fd7b5-41d5-4c15-ad83-d33a0d66a75a.local 60454 typ host inipv4
> a=candidate:2319437384 1 udp 2122260223 8a2fd7b5-41d5-4c15-ad83-d33a0d66a78b.local 60454 typ host inipv6  
> This keeps each candidate line to one address and works in cases when FQDN resolves to one IPv4 and one IPv6 address 
> due to something like DNS64. 

So, if I understand you correctly, you are suggesting that the one providing the FQDN candidate splits it into two separate candidates (two a=candidate lines when SDP is used), and the remote peer will process them as two separate candidates, but if DNS returns both an IPv4 and IPv6 address the peer will only use the IP version indicated by the address type ("inipv4" or "inipv6").