-
Notifications
You must be signed in to change notification settings - Fork 4
/
draft-ietf-mmusic-trickle-ice-01.xml
1441 lines (1433 loc) · 62.4 KB
/
draft-ietf-mmusic-trickle-ice-01.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<rfc category='std' ipr='trust200902'
docName='draft-ietf-mmusic-trickle-ice-01'>
<?rfc toc='yes' ?>
<?rfc symrefs='yes' ?>
<?rfc sortrefs='yes'?>
<?rfc iprnotified='no' ?>
<?rfc strict='yes' ?>
<?rfc compact='yes' ?>
<front>
<title abbrev='Trickle ICE'>
Trickle ICE: Incremental Provisioning of Candidates for the
Interactive Connectivity Establishment (ICE) Protocol
</title>
<author initials='E.' surname='Ivov'
fullname='Emil Ivov'>
<organization abbrev='Jitsi'>Jitsi</organization>
<address>
<postal>
<street></street>
<city>Strasbourg</city>
<code>67000</code>
<country>France</country>
</postal>
<phone>+33 6 72 81 15 55</phone>
<email>[email protected]</email>
</address>
</author>
<author fullname="Eric Rescorla" initials="E.K." surname="Rescorla">
<organization>RTFM, Inc.</organization>
<address>
<postal>
<street>2064 Edgewood Drive</street>
<city>Palo Alto</city>
<region>CA</region>
<code>94303</code>
<country>USA</country>
</postal>
<phone>+1 650 678 2350</phone>
<email>[email protected]</email>
</address>
</author>
<author fullname="Justin Uberti" initials="J." surname="Uberti">
<organization>Google</organization>
<address>
<postal>
<street>747 6th St S</street>
<city>Kirkland</city>
<region>WA</region>
<code>98033</code>
<country>USA</country>
</postal>
<phone>+1 857 288 8888</phone>
<email>[email protected]</email>
</address>
</author>
<date />
<abstract>
<t>
This document describes an extension to the Interactive
Connectivity Establishment (ICE) protocol that allows ICE agents
to send and receive candidates incrementally rather than
exchanging complete lists. With such incremental provisioning,
ICE agents can begin connectivity checks while they are still
gathering candidates and considerably shorten the time necessary
for ICE processing to complete.
</t>
<t>
The above mechanism is also referred to as "trickle ICE".
</t>
</abstract>
</front>
<middle>
<section title='Introduction'>
<t>
The Interactive Connectivity Establishment (ICE) protocol
<xref target="RFC5245"/> describes mechanisms for gathering,
candidates, prioritizing them, choosing default ones, exchanging
them with the remote party, pairing them and ordering them into
check lists. Once all of the above have been completed, and only
then, the participating agents can begin a phase of connectivity
checks and eventually select the pair of candidates that will be
used in the following session.
</t>
<t>
While the above sequence has the advantage of being relatively
straightforward to implement and debug once deployed, it may
also prove to be rather lengthy. Gathering candidates or
candidate harvesting would often involve things like querying
<xref target="RFC5389">STUN</xref> servers, discovering UPnP
devices, and allocating relayed candidates at
<xref target="RFC5766">TURN</xref> servers. All of these can
be delayed for a noticeable amount of time and while they can be
run in parallel, they still need to respect the pacing
requirements from <xref target="RFC5245"/>, which is likely to
delay them even further. Some or all of the above would also
have to be completed by the remote agent. Both agents would
next perform connectivity checks and only then would they be
ready to begin streaming media.
</t>
<t>
All of the above could lead to relatively lengthy session
establishment times and degraded user experience.
</t>
<t>
The purpose of this document is to define an alternative mode of
operation for ICE implementations, also known as "trickle ICE",
where candidates can be exchanged incrementally. This would
allow ICE agents to exchange host candidates as soon as a
session has been initiated. Connectivity checks for a media
stream would also start as soon as the first candidates for that
stream have become available.
</t>
<t>
Trickle ICE allows reducing session establishment times in cases
where connectivity is confirmed for the first exchanged
candidates (e.g. where the host candidates for one of the agents
are directly reachable from the second agent). Even when this is
not the case, running candidate harvesting for both agents and
connectivity checks all in parallel allows to considerably
reduce ICE processing times.
</t>
<t>
It is worth pointing out that before being introduced to the
IETF, trickle ICE had already been included in specifications
such as <xref target="XEP-0176">XMPP Jingle</xref> and it has
been in use in various implementations and deployments.
</t>
<t>
In addition to the basics of trickle ICE, this document also
describes how support for trickle ICE needs to be discovered,
how regular ICE processing needs to be modified when
building and updating check lists, and how trickle ICE
implementations should interoperate with agents that only
implement <xref target="RFC5245"/> processing.
</t>
<t>
This specification does not define usage of trickle ICE with any
specific signalling protocol, contrary to
<xref target="RFC5245"/> which contains a usage for ICE with
SIP. Such usages would have to be specified in separate
documents such as for example
<xref target="I-D.ivov-mmusic-trickle-ice-sip"/>.
</t>
<t>
Trickle ICE does however reuse and build upon the SDP syntax
defined by vanilla ICE.
</t>
</section>
<section title="Terminology">
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described
in <xref target="RFC2119"/>.
</t>
<t>
This specification makes use of all terminology defined by the
protocol for Interactive Connectivity Establishment in
<xref target="RFC5245"/>.
</t>
<t>
<list style="hanging">
<t hangText="Vanilla ICE:">
The Interactive Connectivity Establishment protocol as
defined in <xref target="RFC5245"/>.
</t>
<t hangText="Candidate Harvester:">
A module used by an ICE agent to obtain local candidates.
Candidate harvesters use different mechanisms for
discovering local candidates. Some of them would typically
make use of protocols such as STUN or TURN. Others may also
employ techniques that are not referenced within
<xref target="RFC5245"/>. UPnP based port allocation and
XMPP Jingle Relay Nodes <xref target="XEP-0278"/> are among
the possible examples.
</t>
<t hangText="Trickled Candidates:">
Candidates that a trickle ICE agent is sending subsequently
to but within the context defined by an offer or an answer.
Trickled candidates can be sent in parallel with candidate
harvesting and connectivity checks.
</t>
<t hangText="Trickling/Trickle (v.):">
The act of sending trickled candidates.
</t>
<t hangText="Half Trickle:">
A trickle ICE mode of operation where the offerer gathers
its first generation of candidates strictly before creating
and sending the offer. Once sent, that offer can be
processed by vanilla ICE agents and does not require support
for this specification. It also allows trickle ICE capable
answerers to still gather candidates and perform
connectivity checks in a non-blocking way, thus roughly
offering "half" the advantages of trickle ICE. The mechanism
is mostly meant for use in cases where support for trickle
ICE cannot be confirmed prior to sending a first offer.
</t>
<t hangText="Full Trickle:">
Regular mode of operation for trickle ICE agents, used in
opposition to the half trickle mode of operation.
</t>
</list>
</t>
</section>
<section title='Incompatibility with Standard ICE'
anchor='incompat'>
<t>
The ICE protocol was designed to be fairly flexible so that it
would work in and adapt to as many network environments as
possible. It is hence important to point out at least some of
the reasons why, despite its flexibility, the specification in
<xref target="RFC5245"/> would not support trickle ICE.
</t>
<t>
<xref target="RFC5245"/> describes the conditions required to
update check lists and timer states while an ICE agent is in the
Running state. These conditions are verified upon transaction
completion and one of them stipulates that:
</t>
<t>
<list style='empty'>
<t>
If there is not a pair in the valid list for each component
of the media stream, the state of the check list is set to
Failed.
</t>
</list>
</t>
<t>
This could be a problem and cause ICE processing to fail
prematurely in a number of scenarios. Consider the following
case:
</t>
<t>
<list style='symbols'>
<t>
Alice and Bob are both located in different networks with
Network Address Translation (NAT). Alice and Bob themselves
have different address but both networks use the same
<xref target="RFC1918"/> block.
</t>
<t>
Alice sends Bob the candidate 10.0.0.10 which also happens
to correspond to an existing host on Bob's network.
</t>
<t>
Bob creates a check list consisting solely of 10.0.0.10 and
starts checks.
</t>
<t>
These checks reach the host at 10.0.0.10 in Bob's network,
which responds with an ICMP "port unreachable" error and per
<xref target="RFC5245"/> Bob marks the transaction as
Failed.
</t>
</list>
At this point the check list only contains Failed candidates and
the valid list is empty. This causes the media stream and
potentially all ICE processing to Fail.
</t>
<t>
A similar race condition would occur if the initial offer from
Alice only contains candidates that can be determined as
unreachable (per
<xref target="I-D.keranen-mmusic-ice-address-selection"/>) from
any of the candidates that Bob has gathered. This would be the
case if Bob's candidates only contain IPv4 addresses and the
first candidate that he receives from Alice is an IPv6 one.
</t>
<t>
Another potential problem could arise when a non-trickle
ICE implementation sends an offer to a trickle one. Consider the
following case:
<list style='symbols'>
<t>
Alice's client has a non-trickle ICE implementation
</t>
<t>
Bob's client has support for trickle ICE.
</t>
<t>
Alice and Bob are behind NATs with address-dependent
filtering <xref target="RFC4787"/>.
</t>
<t>
Bob has two STUN servers but one of them is currently
unreachable
</t>
</list>
</t>
<t>
After Bob's agent receives Alice's offer it would immediately
start connectivity checks. It would also start gathering
candidates, which would take long because of the unreachable
STUN server. By the time Bob's answer is ready and sent to
Alice, Bob's connectivity checks may well have failed: until
Alice gets Bob's answer, she won't be able to start connectivity
checks and punch holes in her NAT. The NAT would hence be
filtering Bob's checks as originating from an unknown endpoint.
</t>
</section>
<section title='Determining Support for Trickle ICE' anchor="disco">
<t>
According to <xref target="RFC5245"/> every time an agent
supporting trickle ICE generates an offer or an answer, it MUST
include the "trickle" token in the ice-options attribute.
Syntax for this token is defined in <xref target="sdp.offer"/>.
</t>
<t>
Additionally, in order to avoid interoperability problems such
as those described in <xref target="incompat"/>, it is important
that trickle ICE negotiation is only attempted in cases where
the remote party actually supports this specification. Agents
that receive offers or answers can verify support by examining
them for the "trickle" ice-options token. However, agents
that are about to send a first offer, have no immediate way of
doing this. This means that usages of trickle for specific
protocols would need to either:
</t>
<t>
<list style='symbols'>
<t>
Provide a way for agents to verify support of trickle ICE
prior to initiating a session. XMPP's
<xref target="XEP-0030"> Service discovery</xref> is an
example for one such mechanism;
</t>
<t>
Make support for trickle ICE mandatory so that support could
be assumed the agents.
</t>
</list>
</t>
<t>
Alternately, for cases where a protocol provides neither of the
above, agents may either rely on provisioning/configuration, or
use the half trickle procedure described in
<xref target="half-trickle"/>.
</t>
<t>
Note that out-of-band discovery semantics and half trickle are
only necessary prior to session initiation, or in other words,
when sending the initial offer. Once a session is established
and trickle ICE support is confirmed for both parties, either
agent can use full trickle for subsequent offers.
</t>
<section title='Unilateral Use of Trickle ICE (Half Trickle)'
anchor="half-trickle">
<t>
The idea of using half trickle is about having the caller
send a regular, vanilla ICE offer, with a complete set of
candidates. This offer still indicates support for
trickle ice, so the answerer is able to respond with an
incomplete set of candidates and continue trickling the rest.
Half trickle offers will typically contain an
end-of-candidates indication.
</t>
<t>
The mechanism can be used in cases where there is no way for
an agent to verify in advance whether a remote party supports
trickle ice. Because it contains a full set of candidates, its
first offer can thus be handled by a regular vanilla ICE
agent, while still allowing a trickle one to use the
optimisation defined in this specification. This prevents
negotiation from failing in the former case while still giving
roughly half the trickle ICE benefits in the latter (hence the
name of the mechanism).
</t>
<t>
Use of half trickle is only necessary during an initial
offer/answer exchange. Once both parties have received a
session description from their peer, they can each reliably
determine trickle ICE support and use it for all subsequent
offer/answer exchanges.
</t>
<t>
It is worth pointing out that using half trickle may actually
bring more than just half the improvement in terms of user
experience. This can happen in cases where an agent
starts gathering candidates upon user interface cues that a
call is pending, such as activity on a keypad or the phone
going off hook. This would mean a part or all candidate
harvesting could have completed before the agent actually
needs to send the offer. Given that the answerer will be able
to trickle candidates, both agents will be able to start
connectivity checks and complete ICE processing earlier than
with vanilla ICE and potentially even as early as with full
trickle.
</t>
<t>
However, such anticipation is not not always possible. For
example, a multipurpose user agent or a WebRTC web page where
communication is a non-central feature (e.g. calling a support
line in case of a problem with the main features) would not
necessarily have a way of distinguishing between call
intentions and other user activity. Still, even in these
cases, using half trickle would be an improvement over vanilla
ICE as it would optimize performance for answerers.
</t>
</section>
</section>
<section title='Sending the Initial Offer' anchor="initial-offer">
<t>
An agent starts gathering candidates as soon as it has an
indication that communication is imminent (e.g. a user interface
cue or an explicit request to initiate a session). Contrary to
vanilla ICE, implementations of trickle ICE do not need to
gather candidates in a blocking manner. Therefore, unless half
trickle is being used, agents SHOULD generate and transmit their
initial offer as early as possible, in order to allow the remote
party to start gathering and trickling candidates.
</t>
<t>
Trickle ICE agents MAY include any set of candidates in an
offer. This includes the possibility of generating one with no
candidates, or one that contains all the candidates that the
agent is planning on using in the following session.
</t>
<t>
For optimal performance, it is RECOMMENDED that an initial offer
contains host candidates only. This would allow both agents to
start gathering server reflexive, relayed and other non-host
candidates simultaneously, and it would also enable them to
begin connectivity checks.
</t>
<t>
If the privacy implications of revealing host addresses are a
concern, agents MAY generate an offer that contains no
candidates and then only trickle candidates that do not reveal
host addresses (e.g. relayed candidates).
</t>
<t>
Prior to actually sending an initial offer, agents MAY verify if
the remote party supports trickle ICE, where such mechanisms
actually exist. If absence of such support is confirmed agents
MUST fall back to using vanilla ICE or abandon the entire
session.
</t>
<t>
All trickle ICE offers and answers MUST indicate support of this
specification, as explained in <xref target="sdp.offer"/>.
</t>
<t>
Calculating priorities and foundations, as well as determining
redundancy of candidates work the same way they do with vanilla
ICE.
</t>
<section title='Encoding the SDP' anchor="sdp.offer">
<t>
The process of encoding the SDP <xref target="RFC4566"/> is
mostly the same as the one used by vanilla ICE. Still, trickle
ICE does require a few differences described here.
</t>
<t>
Agents MUST indicate support for Trickle ICE by including the
"trickle" token for the "a=ice-options" attribute:
<figure>
<artwork>
<![CDATA[
a=ice-options:trickle
]]>
</artwork>
</figure>
</t>
<t>
As mentioned earlier in this section, Offers and Answers can
contain any set of candidates, which means that a trickle ICE
session description MAY contain no candidates at all. In such
cases the agent would still need to place an address in the
"c=" line(s). If the use of a host address there is
undesirable (e.g. for privacy reasons), the agent MAY set the
connection address to IP6 ::. In this case it MUST also
set the port number to 9 (Discard). There is no need to
include a fictitious candidate for the IP6 :: address when
doing so.
</t>
<t>
It is worth noting that the use of IP6 :: has been selected
over IP4 0.0.0.0, even though <xref target="RFC3264"/> already
gives the latter semantics appropriate for such use. The
reason for this choice is the historic use of 0.0.0.0 as a
means of putting a stream on hold <xref target="RFC2543"/> and
the ambiguity that this may cause with legacy libraries and
applications.
</t>
<t>
It is also worth mentioning that use of IP6 :: here does not
constitute any kind of indication as to the actual use of
IPv6 candidates in a session and it can very well appear in
a negotiation that only involves IPv4 candidates.
</t>
</section>
</section>
<section title='Receiving the Initial Offer' >
<t>
When an agent receives an initial offer, it will first check if
it indicates support for trickle ICE as explained in
<xref target="disco"/>. If this is not the case, the agent MUST
process the offer according to the <xref target="RFC5245"/>
procedures or standard <xref target="RFC3264"/> processing in
case no ICE support is detected at all.
</t>
<t>
It is worth pointing out that in case support for trickle ICE is
confirmed, an agent will automatically assume support for
vanilla ICE as well even if the support verification procedure
in <xref target="RFC5245"/> indicates otherwise. Specifically,
such verification would indicate lack of support when the offer
contains no candidates. The IP6 :: address present in the c=
line in that case would not "appear in a candidate attribute".
Obviously, a fallback to <xref target="RFC3264"/> is not
required when this happens.
</t>
<t>
If, the offer does indicate support for trickle ICE, the agent
will determine its role, start gathering and prioritizing
candidates and, while doing so it will also respond by sending
its own answer, so that both agents can start forming check
lists and begin connectivity checks.
</t>
<section title="Sending the Initial Answer">
<t>
An agent can respond to an initial offer at any point while
gathering candidates. The answer can again contain any set of
candidates including none or all of them. Unless it is
protecting host addresses for privacy reasons, the agent would
typically construct this initial answer including only them,
thus allowing the remote party to also start forming
checklists and performing connectivity checks.
</t>
<t>
The answer MUST indicate support for trickle ICE as described
by <xref target="disco"/>.
</t>
</section>
<section title="Forming check lists and beginning connectivity
checks" anchor="check.lists">
<t>
After exchanging offer and answer, and as soon as they have
obtained local and remote candidates, agents will begin
forming candidate pairs, computing their priorities and
creating check lists according to the vanilla ICE procedures
described in <xref target="RFC5245"/>. Obviously in order for
candidate pairing to be possible, it would be necessary that
both the offer and the answer contained candidates. If this
was not the case agents will still create the check lists (so
that their Active/Frozen state could be monitored and updated)
but they will only populate them once they actually have the
candidate pairs.
</t>
<t>
Initially, all check lists will have their Active/Frozen state
set to Frozen.
</t>
<t>
Trickle ICE agents will then inspect the first check list and
attempt to unfreeze all candidates belonging to the first
component on the first media stream (i.e. the first media
stream that was reported to the ICE implementation from the
using application). If this checklist is still empty however,
agents will hold off further processing until this is no
longer the case.
</t>
<t>
Respecting the order in which lists have been reported to an
ICE implementation, or in other words, the order in which
they appear in SDP, is crucial to the frozen candidates
algorithm and important when making sure that connectivity
checks are performed simultaneously by both agents.
</t>
</section>
<section title='Encoding the SDP' anchor="sdp.answer">
<t>
The process for encoding the SDP at the answerer is identical
to the process followed by the offerer for both full and lite
implementations, as described in <xref target="sdp.offer"/>.
</t>
</section>
</section>
<section title="Receiving the Initial Answer">
<t>
When receiving an answer, agents will follow vanilla ICE
procedures to determine their role and they would then
form check lists (as described in <xref target="check.lists"/>)
and begin connectivity checks .
</t>
</section>
<section title='Performing Connectivity Checks' >
<t>
For the most part, trickle ICE agents perform connectivity
checks following vanilla ICE procedures. Of course, the
asynchronous nature of candidate harvesting in trickle ICE would
impose a number of changes described here.
</t>
<section title="Check List and Timer State Updates"
anchor="state-updates">
<t>
The vanilla ICE specification requires that agents update
check lists and timer states upon completing a connectivity
check transaction. During such an update vanilla ICE agents
would set the state of a check list to Failed if the following
two conditions are satisfied:
</t>
<t>
<list style="symbols">
<t>
all of the pairs in the check list are either in the
Failed or Succeeded state;
</t>
<t>
if at least one of the components of the media stream
has no pairs in its valid list.
</t>
</list>
</t>
<t>
With trickle ICE, the above situation would often occur when
candidate harvesting and trickling are still in progress and
it is perfectly possible that future checks will succeed. For
this reason trickle ICE agents add the following conditions to
the above list:
</t>
<t>
<list style="symbols">
<t>
all candidate harvesters have completed and the agent
is not expecting to discover any new local candidates;
</t>
<t>
the remote agent has sent an end-of-candidates indication
for that check list as described in
<xref target="end-of-candidates"/>.
</t>
</list>
</t>
<t>
Vanilla ICE requires that agents then update all other check
lists, placing one pair in each of them into the Waiting
state, effectively unfreezing all remaining check lists. Given
that with trickle ICE, other check lists may still be empty at
that point, a trickle ICE agent SHOULD also maintain an
explicit Active/Frozen state for every check list, rather than
deducing it from the state of the pairs it contains. This
state should be set to Active when unfreezing the first pair
in a list or when that couldn't happen because a list was
empty.
</t>
</section>
</section>
<section title='Discovering and Sending Additional Local Candidates'
anchor="send-trickling">
<t>
After an offer or an answer have been sent, agents will most
likely continue discovering new local candidates as STUN, TURN
and other non-host candidate harvesting mechanisms begin to
yield results. Whenever an agent discovers such a new candidate
it will compute its priority, type, foundation and component id
according to normal vanilla ICE procedures.
</t>
<t>
The new candidate is then checked for redundancy against the
existing list of local candidates. If its transport address and
base match those of an existing candidate, it will be considered
redundant and will be ignored. This would often happen for
server reflexive candidates that match the host addresses they
were obtained from (e.g. when the latter are public IPv4
addresses). Contrary to vanilla ICE, trickle ICE agents will
consider the new candidate redundant regardless of its priority.
</t>
<t>
Next the client sends (i.e. trickles) the newly learnt
candidate(s) to the remote agent. The actual delivery of the new
candidates will be specified by using protocols such as SIP.
Trickle ICE imposes no restrictions on the way this is done or
whether it is done at all. For example, some applications may
choose not to send trickle updates for server reflexive
candidates and rely on the discovery of peer reflexive ones
instead.
</t>
<t>
When trickle updates are sent however, each candidate MUST be
delivered to the receiving Trickle ICE implementation not more
than once and in the same order that they were sent. In other
words, if there are any candidate retransmissions, they must
be hidden from the ICE implementation.
</t>
<t>
Also, candidate trickling needs to be correlated to a specific
ICE negotiation session, so that if there is an ICE restart, any
delayed updates for a previous session can be recognized as such
and ignored by the receiving party.
</t>
<t>
One important aspect of Vanilla ICE is that connectivity checks
for a specific foundation and component be attempted
simultaneously by both agents, so that any firewalls or NATs
fronting the agents would whitelist both endpoints and allow
all except for the first (suicide) packets to go through. This
is also crucial to unfreezing candidates in the right time.
</t>
<t>
In order to preserve this feature here, when trickling
candidates agents MUST respect the order of the components as
they appear (implicitly or explicitly) in the Offer/Answer
descriptions. Therefore a candidate for a specific component
MUST NOT be sent prior to candidates for other components within
the same foundation.
</t>
<t>
For example, the following session description contains two
components (RTP and RTCP), and two foundations (host and the
server reflexive):
<figure>
<artwork>
<![CDATA[
v=0
o=jdoe 2890844526 2890842807 IN IP4 10.0.1.1
s=
c=IN IP4 10.0.1.1
t=0 0
a=ice-pwd:asd88fgpdd777uzjYhagZg
a=ice-ufrag:8hhY
m=audio 5000 RTP/AVP 0
a=rtpmap:0 PCMU/8000
a=candidate:1 1 UDP 2130706431 10.0.1.1 5000 typ host
a=candidate:1 2 UDP 2130706431 10.0.1.1 5001 typ host
a=candidate:2 1 UDP 1694498815 192.0.2.3 5000 typ srflx
raddr 10.0.1.1 rport 8998
a=candidate:2 2 UDP 1694498815 192.0.2.3 5001 typ srflx
raddr 10.0.1.1 rport 8998
]]>
</artwork>
</figure>
For this description the RTCP host candidate MUST NOT be sent
prior to the RTP host candidate. Similarly the RTP server
reflexive candidate MUST be sent together with or prior to the
RTCP server reflexive candidate.
</t>
<t>
Note that the order restriction only applies among candidates
that belong to the same foundation.
</t>
<t>
It is also equally important to preserve this order across media
streams and this is covered by the requirement to always start
unfreezing candidates starting from the first media stream
<xref target="check.lists"/>.
</t>
<t>
Once the candidate has been sent to the remote party, the agent
checks if any remote candidates are currently known for this
same stream. If this is not the case the new candidate will
simply be added to the list of local candidates.
</t>
<t>
Otherwise, if the agent has already learned of one or more
remote candidates for this stream and component, it will begin
pairing the new local candidates with them and adding the pairs
to the existing check lists according to their priority.
</t>
<section title='Pairing newly learned candidates and updating
check lists'
anchor="cand-pairing">
<t>
Forming candidate pairs will work the way it is described by
the vanilla ICE specification. Actually adding the new pair to
a check list however, will happen according to the rules
described below.
</t>
<t>
If the check list where the pair is to be added already
contains the maximum number of candidate pairs (100 by default
as per <xref target="RFC5245"/>), the new pair is discarded.
</t>
<t>
If the new pair's local candidate is server reflexive, the
server reflexive candidate MUST be replaced by its base before
adding the pair to the list. Once this is done, the agent
examines the check list looking for another pair that would be
redundant with the new one. If such a pair exists, the newly
formed pair is ignored.
</t>
<t>
For all other pairs, including those with a server reflexive
local candidate that were not found to be redundant:
<list style="symbols">
<t>
if this check list is Frozen then the new pair will
also be assigned a Frozen state.
</t>
<t>
else if the check list is Active and it is either empty or
contains only candidates in the Succeeded and Failed
states, then the new pair's state is set to Waiting.
</t>
<t>
else if the check list is non-empty and Active, then the
new pair state will be set to
<list style="hanging">
<t hangText="Frozen: ">
if there is at least one pair in the list whose
foundation matches the one in the new pair and whose
state is neither Succeeded nor Failed (eventually the
new pair will get unfrozen after the the on-going
check for the existing pair concludes);
</t>
<t hangText="Waiting: ">
if the list contains no pairs with the same foundation
as the new one, or, in case such pairs exist but they
are all in either the Succeeded or Failed states.
</t>
</list>
</t>
</list>
</t>
</section>
<section title="Encoding the SDP for Additional Candidates">
<t>
To facilitate interoperability an ICE agent will encode
additional candidates using the vanilla ICE SDP syntax. For
example:
<figure>
<artwork>
<![CDATA[
a=candidate:2 1 UDP 1658497328 198.51.100.33 5000 typ host
]]>
</artwork>
</figure>
Given that such lines do not provide a relationship between
the candidate and the m line that it relates to, signalling
protocols using trickle ICE MUST establish that relation
themselves using an <xref target="RFC3388">MID</xref>. Such
MIDs use "media stream identification", as defined in
<xref target="RFC3388"/>, to identify a corresponding m-line.
When creating candidate lines usages of trickle ICE MUST use
the MID if possible, or the m-line index if not. Obviously,
agents MUST NOT send individual candidates prior to generating
the corresponding SDP session description.
</t>
<t>
The exact means of transporting additional candidates to a
remote agent is left to the protocols using trickle ICE. It is
important to note, however, that these candidate exchanges are
not part of the offer/answer model.
</t>
</section>
<section title='Announcing End of Candidates'
anchor="end-of-candidates">
<t>
Once all candidate harvesters for a specific media stream
complete, or expire, the agents will generate an
"end-of-candidates" indication for that stream and send it to
the remote agent via the signalling channel. Such indications
are sent in the form of a media-level attribute that has the
following form: end-of-candidates.
<figure>
<artwork>
<![CDATA[
a=end-of-candidates
]]>
</artwork>
</figure>
The end-of-candidates indications can be sent as part of an
offer, which would typically be the case with half trickle
initial offers, they can accompany the last candidate an agent
can send for a stream, and they can also be sent alone (e.g.
after STUN Binding requests or TURN Allocate requests to a
server timeout and the agent has no other active harvesters).
</t>
<t>
Controlled trickle ICE agents SHOULD always send
end-of-candidates indications once harvesting for a media stream
has completed unless ICE processing terminates before they've
had a chance to do so. Sending the indication is necessary in
order to avoid ambiguities and speed up ICE conclusion. This is
necessary in order to avoid ambiguities and speed up ICE
conclusion. Controlling agents on the other hand MAY sometimes
conclude ICE processing prior to sending end-of-candidates
notifications for all streams. This would typically be the case
with aggressive nomination. Yet it is RECOMMENDED that
controlling agents do send such indications whenever possible
for the sake of consistency and keeping middle boxes and
controlled agents up-to-date on the state of ICE processing.
</t>
<t>
When sending end-of-candidates during trickling, rather than as
a part of an offer or an answer, it is the responsibility of the
using protocol to define means that can be used to relate the
indication to one or more specific m-lines.
</t>
<t>
Receiving an end-of-candidates notification allows an agent to
update check list states and, in case valid pairs do not exist
for every component in every media stream, determine that ICE
processing has failed. It also allows agents to speed ICE
conclusion in cases where a candidate pair has been validates
but it involves the use of lower-preference transports such as
TURN. In such situations some implementations may choose to wait
in case higher-priority candidates are received and
end-of-candidates provides an indication that this is not going
to happen.
</t>
<t>
An agent MAY also choose to generate an end-of-candidates
event before candidate harvesting has actually completed, if the
agent determines that harvesting has continued for more than an
acceptable period of time. However, an agent MUST NOT send any
more candidates after it has send an end-of-candidates
notification.
</t>
<t>
When performing half trickle agents SHOULD send
end-of-candidates together with their initial offer unless they
are planning on potentially sending additional candidates in
case the remote party turns out to actually support trickle ICE.
</t>
<t>
When end-of-candidates is sent as part of an offer or an answer
it can appear as a session-level attribute, which would be
equivalent to having it appear in all m-lines.
</t>
<t>
Once an agent sends the end-of-candidates event, it will
update the state of the corresponding check list as explained
in section <xref target="state-updates"/>. Past that point
agents MUST NOT send any new candidates. Once an agent has
received an end-of-candidates indication, it MUST also ignore
any newly received candidates for that media stream. Adding new
candidates to the negotiation is hence only possible through an
ICE restart.
</t>
<t>
It is important to note that This specification does not
override vanilla ICE semantics for concluding ICE processing.
This means that even if end-of-candidates indications are sent
agents will still have to go through pair nomination. Also, if
pairs have been nominated for components and media streams, ICE
processing will still conclude even if end-of-candidate
indications have not been received for all streams.
</t>
</section>
</section>
<section title='Receiving Additional Remote Candidates'
anchor="recv-trickling">
<t>
At any point of ICE processing, a trickle ICE agent may receive
new candidates from the remote agent. When this happens and no
local candidates are currently known for this same stream, the
new remote candidates are simply added to the list of remote
candidates.
</t>
<t>
Otherwise, the new candidates are used for forming candidate
pairs with the pool of local candidates and they are added to
the local check lists as described in
<xref target="cand-pairing"/>.
</t>
<t>
Once the remote agent has completed candidate harvesting, it
will send an end-of-candidates event. Upon receiving such an
event, the local agent MUST update check list states as per
<xref target="state-updates"/>. This may lead to some check
lists being marked as Failed.
</t>
</section>
<section title='Receiving an End Of Candidates Notification'
anchor="end-of-candidates.recv">
<t>
When an agent receives an end-of-candidates notification
for a specific check list, they will update its state as per
<xref target="state-updates"/>. In case the list is still in
the Active state after the update, the agent will persist the
the fact that an end-of-candidates notification has been
received for and take it into account in future list updates.
</t>
</section>
<section title="Trickle ICE and Peer Reflexive Candidates">
<t>
Even though Trickle ICE does not explicitly modify the
procedures for handling peer reflexive candidates, their
processing could be impacted in implementations. With Trickle
ICE, it is possible that server reflexive candidates be
discovered as peer reflexive in cases where incoming
connectivity checks are received from these candidates before
the trickle updates that carry them.
</t>
<t>
While this would certainly increase the number of cases where
ICE processing nominates and selects candidates discovered as
peer-reflexive it does not require any change in processing.
</t>
<t>
It is also likely that, some applications would prefer not to