--- 1/draft-ietf-rtcweb-transports-07.txt 2015-02-27 07:15:02.769574182 -0800 +++ 2/draft-ietf-rtcweb-transports-08.txt 2015-02-27 07:15:02.797574854 -0800 @@ -1,18 +1,18 @@ Network Working Group H. Alvestrand Internet-Draft Google -Intended status: Standards Track October 22, 2014 -Expires: April 25, 2015 +Intended status: Standards Track February 27, 2015 +Expires: August 31, 2015 Transports for WebRTC - draft-ietf-rtcweb-transports-07 + draft-ietf-rtcweb-transports-08 Abstract This document describes the data transport protocols used by WebRTC, including the protocols used for interaction with intermediate boxes such as firewalls, relays and NAT boxes. Status of This Memo This Internet-Draft is submitted in full conformance with the @@ -21,25 +21,25 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on April 25, 2015. + This Internet-Draft will expire on August 31, 2015. Copyright Notice - Copyright (c) 2014 IETF Trust and the persons identified as the + Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as @@ -47,77 +47,76 @@ Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Requirements language . . . . . . . . . . . . . . . . . . . . 3 3. Transport and Middlebox specification . . . . . . . . . . . . 3 3.1. System-provided interfaces . . . . . . . . . . . . . . . 3 3.2. Ability to use IPv4 and IPv6 . . . . . . . . . . . . . . 3 3.3. Usage of temporary IPv6 addresses . . . . . . . . . . . . 4 3.4. Middle box related functions . . . . . . . . . . . . . . 4 - 3.5. Transport protocols implemented . . . . . . . . . . . . . 6 + 3.5. Transport protocols implemented . . . . . . . . . . . . . 5 4. Media Prioritization . . . . . . . . . . . . . . . . . . . . 6 4.1. Usage of Quality of Service - DSCP and Multiplexing . . . 6 4.2. Local prioritization . . . . . . . . . . . . . . . . . . 8 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 8.1. Normative References . . . . . . . . . . . . . . . . . . 9 - 8.2. Informative References . . . . . . . . . . . . . . . . . 12 + 8.2. Informative References . . . . . . . . . . . . . . . . . 11 Appendix A. Change log . . . . . . . . . . . . . . . . . . . . . 12 A.1. Changes from -00 to -01 . . . . . . . . . . . . . . . . . 12 - A.2. Changes from -01 to -02 . . . . . . . . . . . . . . . . . 13 + A.2. Changes from -01 to -02 . . . . . . . . . . . . . . . . . 12 A.3. Changes from -02 to -03 . . . . . . . . . . . . . . . . . 13 - A.4. Changes from -03 to -04 . . . . . . . . . . . . . . . . . 14 - A.5. Changes from -04 to -05 . . . . . . . . . . . . . . . . . 14 + A.4. Changes from -03 to -04 . . . . . . . . . . . . . . . . . 13 + A.5. Changes from -04 to -05 . . . . . . . . . . . . . . . . . 13 A.6. Changes from -05 to -06 . . . . . . . . . . . . . . . . . 14 A.7. Changes from -06 to -07 . . . . . . . . . . . . . . . . . 14 - Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 15 + A.8. Changes from -07 to -08 . . . . . . . . . . . . . . . . . 14 + Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 14 1. Introduction WebRTC is a protocol suite aimed at real time multimedia exchange between browsers, and between browsers and other entities. WebRTC is described in the WebRTC overview document, [I-D.ietf-rtcweb-overview], which also defines terminology used in this document. This document focuses on the data transport protocols that are used by conforming implementations, including the protocols used for interaction with intermediate boxes such as firewalls, relays and NAT boxes. This protocol suite intends to satisfy the security considerations described in the WebRTC security documents, [I-D.ietf-rtcweb-security] and [I-D.ietf-rtcweb-security-arch]. This document describes requirements that apply to all WebRTC - devices. When there are requirements that apply only to WebRTC User - Agents (also called browsers) , this is called out. - - The form "WebRTC endpoint" is used as a synonym for "WebRTC device" - in contexts where other text talks about endpoints. + devices. When there are requirements that apply only to WebRTC + browsers, this is called out by using the word "browser". 2. Requirements language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 3. Transport and Middlebox specification 3.1. System-provided interfaces The protocol specifications used here assume that the following - protocols are available to the WebRTC devices: + protocols are available to the implementations of the WebRTC + protocols: o UDP. This is the protocol assumed by most protocol elements described. o TCP. This is used for HTTP/WebSockets, as well as for TURN/SSL and ICE-TCP. For both protocols, IPv4 and IPv6 support is assumed. For UDP, this specification assumes the ability to set the DSCP code @@ -135,62 +134,56 @@ access to ICMP or raw IP. 3.2. Ability to use IPv4 and IPv6 Web applications running in a WebRTC browser MUST be able to utilize both IPv4 and IPv6 where available - that is, when two peers have only IPv4 connectivity to each other, or they have only IPv6 connectivity to each other, applications running in the WebRTC browser MUST be able to communicate. - WebRTC devices, when attached to networks with appropriate protocol - support MUST also be able to communicate using IPv6 and IPv4. - When TURN is used, and the TURN server has IPv4 or IPv6 connectivity to the peer or its TURN server, candidates of the appropriate types MUST be supported. The "Happy Eyeballs" specification for ICE - [I-D.reddy-mmusic-ice-happy-eyeballs] SHOULD be supported. + [I-D.martinsen-mmusic-ice-dualstack-fairness] SHOULD be supported. 3.3. Usage of temporary IPv6 addresses The IPv6 default address selection specification [RFC6724] specifies that temporary addresses [RFC4941] are to be preferred over permanent addresses. This is a change from the rules specified by [RFC3484]. For applications that select a single address, this is usually done by the IPV6_PREFER_SRC_TMP preference flag specified in [RFC5014]. However, this rule is not completely obvious in the ICE scope. This is therefore clarified as follows: - When a WebRTC endpoint gathers all IPv6 addresses on a host, and both + When a client gathers all IPv6 addresses on a host, and both temporary addresses and permanent addresses of the same scope are present, the client SHOULD discard the permanent addresses before forming pairs. This is consistent with the default policy described in [RFC6724]. 3.4. Middle box related functions - Except when called out, all requirements in this section apply to all - WebRTC devices. - The primary mechanism to deal with middle boxes is ICE, which is an appropriate way to deal with NAT boxes and firewalls that accept traffic from the inside, but only from the outside if it is in response to inside traffic (simple stateful firewalls). - WebRTC endpoints MUST support ICE [RFC5245]. The implementation MUST - be a full ICE implementation, not ICE-Lite. A full ICE - implementation allows interworking with both ICE and ICE-Lite - implementations when they are deployed appropriately. + ICE [RFC5245] MUST be supported. The implementation MUST be a full + ICE implementation, not ICE-Lite. A full ICE implementation allows + interworking with both ICE and ICE-Lite implementations when they are + deployed appropriately. In order to deal with situations where both parties are behind NATs of the type that perform endpoint-dependent mapping (as defined in - [RFC5128] section 2.4), WebRTC endpoints MUST support TURN [RFC5766]. + [RFC5128] section 2.4), TURN [RFC5766] MUST be supported. WebRTC browsers MUST support configuration of STUN and TURN servers, both from browser configuration and from an application. In order to deal with firewalls that block all UDP traffic, the mode of TURN that uses TCP between the client and the server MUST be supported, and the mode of TURN that uses TLS over TCP between the client and the server MUST be supported. See [RFC5766] section 2.1 for details. @@ -213,93 +206,84 @@ their respective relay servers. Third, using TCP only between the endpoint and its relay may result in less issues with TCP in regards to real-time constraints, e.g. due to head of line blocking. ICE-TCP candidates [RFC6544] MUST be supported; this may allow applications to communicate to peers with public IP addresses across UDP-blocking firewalls without using a TURN server. - If ICE-TCP connections are used, RTP framing according to [RFC4571] - MUST be used for all content that doesn't have its own framing - mechanism. + If TCP connections are used, RTP framing according to [RFC4571] MUST + be used, both for the RTP packets and for the DTLS packets used to + carry data channels. The ALTERNATE-SERVER mechanism specified in [RFC5389] (STUN) section 11 (300 Try Alternate) MUST be supported. - In order to deal with the scenario in which the media must traverse a - HTTP Proxy, WebRTC browser MUST support the HTTP CONNECT request - (Section 4.3.6 of [RFC7231]). WebRTC devices SHOULD support this - request. - - The HTTP Proxy may require authentication and therefore, if HTTP - CONNECT request is supported, proxy authentication as described in - Section 4.3.6 of [RFC7231] and [RFC7235] MUST also be supported. - - In addition, the HTTP CONNECT MUST include an indication of the - protocol being used with the HTTP CONNECT initiated tunnel as - described in [I-D.ietf-httpbis-tunnel-protocol] + The WebRTC implementation MAY support accessing the Internet through + an HTTP proxy. If it does so, it MUST support the "connect" header + as specified in [I-D.ietf-httpbis-tunnel-protocol]. 3.5. Transport protocols implemented For transport of media, secure RTP is used. The details of the profile of RTP used are described in "RTP Usage" [I-D.ietf-rtcweb-rtp-usage]. Key exchange MUST be done using DTLS- SRTP, as described in [I-D.ietf-rtcweb-security-arch]. For data transport over the WebRTC data channel - [I-D.ietf-rtcweb-data-channel], WebRTC endpoints MUST support SCTP - over DTLS over ICE. This encapsulation is specified in + [I-D.ietf-rtcweb-data-channel], WebRTC implementations MUST support + SCTP over DTLS over ICE. This encapsulation is specified in [I-D.ietf-tsvwg-sctp-dtls-encaps]. Negotiation of this transport in SDP is defined in [I-D.ietf-mmusic-sctp-sdp]. The SCTP extension for NDATA, [I-D.ietf-tsvwg-sctp-ndata], MUST be supported. The setup protocol for WebRTC data channels is described in - [I-D.jesup-rtcweb-data-protocol]. + [I-D.ietf-rtcweb-data-protocol]. - WebRTC devices MUST support multiplexing of DTLS and RTP over the - same port pair, as described in the DTLS_SRTP specification + WebRTC implementations MUST support multiplexing of DTLS and RTP over + the same port pair, as described in the DTLS_SRTP specification [RFC5764], section 5.1.2. All application layer protocol payloads over this DTLS connection are SCTP packets. Protocol identification MUST be supplied as part of the DTLS - handshake, as specified in [I-D.thomson-rtcweb-alpn]. + handshake, as specified in [I-D.ietf-rtcweb-alpn]. 4. Media Prioritization The WebRTC prioritization model is that the application tells the - WebRTC browser about the priority of media and data flows through an - API. + WebRTC implementation about the priority of media and data flows + through an API. The priority associated with a media or data flow is classified as "normal", "below normal", "high" or "very high". There are only four priority levels at the API. The priority settings affect two pieces of behavior: Packet markings and packet send sequence decisions. Each is described in its own section below. 4.1. Usage of Quality of Service - DSCP and Multiplexing - WebRTC endpoints SHOULD attempt to set QoS on the packets sent, + Implementations SHOULD attempt to set QoS on the packets sent, according to the guidelines in [I-D.ietf-tsvwg-rtcweb-qos]. It is appropriate to depart from this recommendation when running on platforms where QoS marking is not implemented. - The WebRTC endpoint MAY turn off use of DSCP markings if it detects + The implementation MAY turn off use of DSCP markings if it detects symptoms of unexpected behaviour like priority inversion or blocking of packets with certain DSCP markings. The detection of these conditions is implementation dependent. (Question: Does there need to be an API knob to turn off DSCP markings?) - All packets carrying data from the SCTP association supporting the + All packets arrying data from the SCTP association supporting the data channels MUST use a single DSCP code point. All packets on one TCP connection, no matter what it carries, MUST use a single DSCP code point. More advice on the use of DSCP code points with RTP is given in [I-D.ietf-dart-dscp-rtp]. There exist a number of schemes for achieving quality of service that do not depend solely on DSCP code points. Some of these schemes @@ -320,46 +304,46 @@ In each of the configurations mentioned, data channels may be carried in its own 5-tuple, or multiplexed together with one of the media flows. More complex configurations, such as sending a high priority video stream on one 5-tuple and sending all other video streams multiplexed together over another 5-tuple, can also be envisioned. More information on mapping media flows to 5-tuples can be found in [I-D.ietf-rtcweb-rtp-usage]. - A sending WebRTC endpoint MUST be able to support the following + A sending implementation MUST be able to support the following configurations: o multiplex all media and data on a single 5-tuple (fully bundled) + o send each media stream on its own 5-tuple and data on its own 5-tuple (fully unbundled) - o bundle each media type (audio, video or data) into its own 5-tuple - (bundling by media type) - - It MAY choose to support other configurations. + It MAY choose to support other configurations, such as bundling each + media type (audio, video or data) into its own 5-tuple (bundling by + media type). Sending data over multiple 5-tuples is not supported. - A receiving WebRTC endpoint MUST be able to receive media and data in + A receiving implementation MUST be able to receive media and data in all these configurations. 4.2. Local prioritization - When an WebRTC endpoint has packets to send on multiple streams (with - each media stream and each data channel considered as one "stream" - for this purpose) that are congestion-controlled under the same - congestion controller, the WebRTC endpoint SHOULD cause data to be - emitted in such a way that each stream at each level of priority is - being given approximately twice the transmission capacity (measured - in payload bytes) of the level below. + When an WebRTC implementation has packets to send on multiple streams + (with each media stream and each data channel considered as one + "stream" for this purpose) that are congestion-controlled under the + same congestion controller, the WebRTC implementation SHOULD cause + data to be emitted in such a way that each stream at each level of + priority is being given approximately twice the transmission capacity + (measured in payload bytes) of the level below. Thus, when congestion occurs, a "very high" priority flow will have the ability to send 8 times as much data as a "below normal" flow if both have data to send. This prioritization is independent of the media type. The details of which packet to send first are implementation defined. For example: If there is a very high priority audio flow sending 100 byte packets, and a normal priority video flow sending 1000 byte packets, and outgoing capacity exists for sending >5000 payload @@ -417,73 +401,73 @@ Eduardo Gueiros, Magnus Westerlund, Markus Isomaki and Dan Wing; the contributions from Andrew Hutton also deserve special mention. 8. References 8.1. Normative References [I-D.ietf-httpbis-tunnel-protocol] Hutton, A., Uberti, J., and M. Thomson, "The Tunnel- Protocol HTTP Request Header Field", draft-ietf-httpbis- - tunnel-protocol-00 (work in progress), August 2014. + tunnel-protocol-01 (work in progress), January 2015. [I-D.ietf-mmusic-sctp-sdp] - Loreto, S. and G. Camarillo, "Stream Control Transmission - Protocol (SCTP)-Based Media Transport in the Session - Description Protocol (SDP)", draft-ietf-mmusic-sctp-sdp-07 - (work in progress), July 2014. + Holmberg, C., Loreto, S., and G. Camarillo, "Stream + Control Transmission Protocol (SCTP)-Based Media Transport + in the Session Description Protocol (SDP)", draft-ietf- + mmusic-sctp-sdp-12 (work in progress), January 2015. + + [I-D.ietf-rtcweb-alpn] + Thomson, M., "Application Layer Protocol Negotiation for + Web Real-Time Communications (WebRTC)", draft-ietf-rtcweb- + alpn-00 (work in progress), July 2014. [I-D.ietf-rtcweb-data-channel] Jesup, R., Loreto, S., and M. Tuexen, "WebRTC Data - Channels", draft-ietf-rtcweb-data-channel-11 (work in - progress), July 2014. + Channels", draft-ietf-rtcweb-data-channel-13 (work in + progress), January 2015. [I-D.ietf-rtcweb-rtp-usage] Perkins, C., Westerlund, M., and J. Ott, "Web Real-Time Communication (WebRTC): Media Transport and Use of RTP", - draft-ietf-rtcweb-rtp-usage-15 (work in progress), May - 2014. + draft-ietf-rtcweb-rtp-usage-22 (work in progress), + February 2015. [I-D.ietf-rtcweb-security] Rescorla, E., "Security Considerations for WebRTC", draft- ietf-rtcweb-security-07 (work in progress), July 2014. [I-D.ietf-rtcweb-security-arch] Rescorla, E., "WebRTC Security Architecture", draft-ietf- rtcweb-security-arch-10 (work in progress), July 2014. [I-D.ietf-tsvwg-rtcweb-qos] Dhesikan, S., Jennings, C., Druta, D., Jones, P., and J. Polk, "DSCP and other packet markings for RTCWeb QoS", - draft-ietf-tsvwg-rtcweb-qos-02 (work in progress), June - 2014. + draft-ietf-tsvwg-rtcweb-qos-03 (work in progress), + November 2014. [I-D.ietf-tsvwg-sctp-dtls-encaps] Tuexen, M., Stewart, R., Jesup, R., and S. Loreto, "DTLS Encapsulation of SCTP Packets", draft-ietf-tsvwg-sctp- - dtls-encaps-05 (work in progress), July 2014. + dtls-encaps-09 (work in progress), January 2015. [I-D.ietf-tsvwg-sctp-ndata] Stewart, R., Tuexen, M., Loreto, S., and R. Seggelmann, "Stream Schedulers and a New Data Chunk for the Stream Control Transmission Protocol", draft-ietf-tsvwg-sctp- - ndata-01 (work in progress), July 2014. - - [I-D.reddy-mmusic-ice-happy-eyeballs] - Reddy, T., Patil, P., and P. Martinsen, "Happy Eyeballs - Extension for ICE", draft-reddy-mmusic-ice-happy- - eyeballs-07 (work in progress), June 2014. + ndata-02 (work in progress), January 2015. - [I-D.thomson-rtcweb-alpn] - Thomson, M., "Application Layer Protocol Negotiation for - Web Real-Time Communications (WebRTC)", draft-thomson- - rtcweb-alpn-00 (work in progress), April 2014. + [I-D.martinsen-mmusic-ice-dualstack-fairness] + Martinsen, P., Reddy, T., and P. Patil, "ICE IPv4/IPv6 + Dual Stack Fairness", draft-martinsen-mmusic-ice- + dualstack-fairness-02 (work in progress), February 2015. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC4571] Lazzaro, J., "Framing Real-time Transport Protocol (RTP) and RTP Control Protocol (RTCP) Packets over Connection- Oriented Transport", RFC 4571, July 2006. [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy Extensions for Stateless Address Autoconfiguration in @@ -515,42 +499,36 @@ 6156, April 2011. [RFC6544] Rosenberg, J., Keranen, A., Lowekamp, B., and A. Roach, "TCP Candidates with Interactive Connectivity Establishment (ICE)", RFC 6544, March 2012. [RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown, "Default Address Selection for Internet Protocol Version 6 (IPv6)", RFC 6724, September 2012. - [RFC7231] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol - (HTTP/1.1): Semantics and Content", RFC 7231, June 2014. - - [RFC7235] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol - (HTTP/1.1): Authentication", RFC 7235, June 2014. - 8.2. Informative References [I-D.ietf-dart-dscp-rtp] Black, D. and P. Jones, "Differentiated Services (DiffServ) and Real-time Communication", draft-ietf-dart- - dscp-rtp-08 (work in progress), October 2014. + dscp-rtp-10 (work in progress), November 2014. + + [I-D.ietf-rtcweb-data-protocol] + Jesup, R., Loreto, S., and M. Tuexen, "WebRTC Data Channel + Establishment Protocol", draft-ietf-rtcweb-data- + protocol-09 (work in progress), January 2015. [I-D.ietf-rtcweb-overview] Alvestrand, H., "Overview: Real Time Protocols for - Browser-based Applications", draft-ietf-rtcweb-overview-10 - (work in progress), June 2014. - - [I-D.jesup-rtcweb-data-protocol] - Jesup, R., Loreto, S., and M. Tuexen, "WebRTC Data Channel - Protocol", draft-jesup-rtcweb-data-protocol-04 (work in - progress), February 2013. + Browser-based Applications", draft-ietf-rtcweb-overview-13 + (work in progress), November 2014. [RFC3484] Draves, R., "Default Address Selection for Internet Protocol version 6 (IPv6)", RFC 3484, February 2003. [RFC5014] Nordmark, E., Chakrabarti, S., and J. Laganier, "IPv6 Socket API for Source Address Selection", RFC 5014, September 2007. [RFC5128] Srisuresh, P., Ford, B., and D. Kegel, "State of Peer-to- Peer (P2P) Communication across Network Address @@ -650,24 +629,30 @@ o Added reference to the ALPN header (being adopted by RTCWEB) o Added reference to the DART RTP document o Said explicitly that SCTP for data channels has a single DSCP codepoint A.7. Changes from -06 to -07 - o Updated terminology in accordance with -overview. Got rid of all - occurences of "WebRTC implementation". + o Updated references - o Modified description of ICE-TCP encapsulation in accordance with - list discussion. + o Removed reference to draft-hutton-rtcweb-nat-firewall- + considerations - o Added HTTP CONNECT requirement in accordance with list discussion. +A.8. Changes from -07 to -08 + + o Updated references + + o Deleted "bundle each media type (audio, video or data) into its + own 5-tuple (bundling by media type)" from MUST support + configuration, since JSEP does not have a means to negotiate this + configuration Author's Address Harald Alvestrand Google Email: harald@alvestrand.no