One document matched: draft-ietf-rtcweb-transports-07.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?rfc toc="yes"?>
<?rfc tocompact="yes"?>
<?rfc tocdepth="3"?>
<?rfc tocindent="yes"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<rfc category="std" docName="draft-ietf-rtcweb-transports-07"
ipr="trust200902">
<front>
<title abbrev="WebRTC Transports">Transports for WebRTC</title>
<author fullname="Harald Alvestrand" initials="H. T." surname="Alvestrand">
<organization>Google</organization>
<address>
<email>harald@alvestrand.no</email>
</address>
</author>
<date day="22" month="October" year="2014"/>
<abstract>
<t>This document describes the data transport protocols used by WebRTC,
including the protocols used for interaction with intermediate boxes
such as firewalls, relays and NAT boxes.</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>WebRTC is a protocol suite aimed at real time multimedia exchange
between browsers, and between browsers and other entities.</t>
<t>WebRTC is described in the WebRTC overview document, <xref
target="I-D.ietf-rtcweb-overview"/>, which also defines terminology used
in this document.</t>
<t>This document focuses on the data transport protocols that are used
by conforming implementations, including the protocols used for
interaction with intermediate boxes such as firewalls, relays and NAT
boxes.</t>
<t>This protocol suite intends to satisfy the security considerations
described in the WebRTC security documents, <xref
target="I-D.ietf-rtcweb-security"/> and <xref
target="I-D.ietf-rtcweb-security-arch"/>.</t>
<t>This document describes requirements that apply to all WebRTC
devices. When there are requirements that apply only to WebRTC User
Agents (also called browsers) , this is called out.</t>
<t>The form "WebRTC endpoint" is used as a synonym for "WebRTC device"
in contexts where other text talks about endpoints.</t>
</section>
<section title="Requirements language">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <xref
target="RFC2119">RFC 2119</xref>.</t>
</section>
<section anchor="app-transport"
title="Transport and Middlebox specification">
<t/>
<section title="System-provided interfaces">
<t>The protocol specifications used here assume that the following
protocols are available to the WebRTC devices:</t>
<t><list style="symbols">
<t>UDP. This is the protocol assumed by most protocol elements
described.</t>
<t>TCP. This is used for HTTP/WebSockets, as well as for TURN/SSL
and ICE-TCP.</t>
</list></t>
<t>For both protocols, IPv4 and IPv6 support is assumed.</t>
<t>For UDP, this specification assumes the ability to set the DSCP
code point of the sockets opened on a per-packet basis, in order to
achieve the prioritizations described in <xref
target="I-D.ietf-tsvwg-rtcweb-qos"/> (see <xref target="s-qos"/>) when
multiple media types are multiplexed. It does not assume that the DSCP
codepoints will be honored, and does assume that they may be zeroed or
changed, since this is a local configuration issue.</t>
<t>Platforms that do not give access to these interfaces will not be
able to support a conforming WebRTC implementation.</t>
<t>This specification does not assume that the implementation will
have access to ICMP or raw IP.</t>
</section>
<section title="Ability to use IPv4 and IPv6">
<t>Web applications running in a WebRTC browser MUST be able to
utilize both IPv4 and IPv6 where available - that is, when two peers
have only IPv4 connectivity to each other, or they have only IPv6
connectivity to each other, applications running in the WebRTC browser
MUST be able to communicate.</t>
<t>WebRTC devices, when attached to networks with appropriate protocol
support MUST also be able to communicate using IPv6 and IPv4.</t>
<t>When TURN is used, and the TURN server has IPv4 or IPv6
connectivity to the peer or its TURN server, candidates of the
appropriate types MUST be supported. The "Happy Eyeballs"
specification for ICE <xref
target="I-D.reddy-mmusic-ice-happy-eyeballs"/> SHOULD be
supported.</t>
</section>
<section title="Usage of temporary IPv6 addresses">
<t>The IPv6 default address selection specification <xref
target="RFC6724"/> specifies that temporary addresses <xref
target="RFC4941"/> are to be preferred over permanent addresses. This
is a change from the rules specified by <xref target="RFC3484"/>. For
applications that select a single address, this is usually done by the
IPV6_PREFER_SRC_TMP preference flag specified in <xref
target="RFC5014"/>. However, this rule is not completely obvious in
the ICE scope. This is therefore clarified as follows:</t>
<t>When a WebRTC endpoint gathers all IPv6 addresses on a host, and
both temporary addresses and permanent addresses of the same scope are
present, the client SHOULD discard the permanent addresses before
forming pairs. This is consistent with the default policy described in
<xref target="RFC6724"/>.</t>
</section>
<section anchor="s-middlebox" title="Middle box related functions">
<t>Except when called out, all requirements in this section apply to
all WebRTC devices.</t>
<t>The primary mechanism to deal with middle boxes is ICE, which is an
appropriate way to deal with NAT boxes and firewalls that accept
traffic from the inside, but only from the outside if it is in
response to inside traffic (simple stateful firewalls).</t>
<t>WebRTC endpoints MUST support ICE <xref target="RFC5245"/>. The
implementation MUST be a full ICE implementation, not ICE-Lite. A full
ICE implementation allows interworking with both ICE and ICE-Lite
implementations when they are deployed appropriately.</t>
<t>In order to deal with situations where both parties are behind NATs
of the type that perform endpoint-dependent mapping (as defined in
<xref target="RFC5128"/> section 2.4), WebRTC endpoints MUST support
TURN <xref target="RFC5766"/>.</t>
<t>WebRTC browsers MUST support configuration of STUN and TURN
servers, both from browser configuration and from an application.</t>
<t>In order to deal with firewalls that block all UDP traffic, the
mode of TURN that uses TCP between the client and the server MUST be
supported, and the mode of TURN that uses TLS over TCP between the
client and the server MUST be supported. See <xref target="RFC5766"/>
section 2.1 for details.</t>
<t>In order to deal with situations where one party is on an IPv4
network and the other party is on an IPv6 network, TURN extensions for
IPv6 <xref target="RFC6156"/> MUST be supported.</t>
<t>TURN TCP candidates, where the connection from the client's TURN
server to the peer is a TCP connection, <xref target="RFC6062"/> MAY
be supported.</t>
<t>However, such candidates are not seen as providing any significant
benefit, for the following reasons.</t>
<t>First, use of TURN TCP candidates would only be relevant in cases
which both peers are required to use TCP to establish a
PeerConnection.</t>
<t>Second, that use case is supported in a different way by both sides
establishing UDP relay candidates using TURN over TCP to connect to
their respective relay servers.</t>
<t>Third, using TCP only between the endpoint and its relay may result
in less issues with TCP in regards to real-time constraints, e.g. due
to head of line blocking.</t>
<t>ICE-TCP candidates <xref target="RFC6544"/> MUST be supported; this
may allow applications to communicate to peers with public IP
addresses across UDP-blocking firewalls without using a TURN
server.</t>
<t>If ICE-TCP connections are used, RTP framing according to <xref
target="RFC4571"/> MUST be used for all content that doesn't have its
own framing mechanism.</t>
<t>The ALTERNATE-SERVER mechanism specified in <xref
target="RFC5389"/> (STUN) section 11 (300 Try Alternate) MUST be
supported.</t>
<t>In order to deal with the scenario in which the media must traverse
a HTTP Proxy, WebRTC browser MUST support the HTTP CONNECT request
(Section 4.3.6 of <xref target="RFC7231"/>). WebRTC devices SHOULD
support this request.</t>
<t>The HTTP Proxy may require authentication and therefore, if HTTP
CONNECT request is supported, proxy authentication as described in
Section 4.3.6 of <xref target="RFC7231"/> and <xref target="RFC7235"/>
MUST also be supported.</t>
<t>In addition, the HTTP CONNECT MUST include an indication of the
protocol being used with the HTTP CONNECT initiated tunnel as
described in <xref target="I-D.ietf-httpbis-tunnel-protocol"/></t>
</section>
<section title="Transport protocols implemented">
<t>For transport of media, secure RTP is used. The details of the
profile of RTP used are described in "RTP Usage" <xref
target="I-D.ietf-rtcweb-rtp-usage"/>. Key exchange MUST be done using
DTLS-SRTP, as described in <xref
target="I-D.ietf-rtcweb-security-arch"/>.</t>
<t>For data transport over the WebRTC data channel <xref
target="I-D.ietf-rtcweb-data-channel"/>, WebRTC endpoints MUST support
SCTP over DTLS over ICE. This encapsulation is specified in <xref
target="I-D.ietf-tsvwg-sctp-dtls-encaps"/>. Negotiation of this
transport in SDP is defined in <xref
target="I-D.ietf-mmusic-sctp-sdp"/>. The SCTP extension for NDATA,
<xref target="I-D.ietf-tsvwg-sctp-ndata"/>, MUST be supported.</t>
<t>The setup protocol for WebRTC data channels is described in <xref
target="I-D.jesup-rtcweb-data-protocol"/>.</t>
<t>WebRTC devices MUST support multiplexing of DTLS and RTP over the
same port pair, as described in the DTLS_SRTP specification <xref
target="RFC5764"/>, section 5.1.2. All application layer protocol
payloads over this DTLS connection are SCTP packets.</t>
<t>Protocol identification MUST be supplied as part of the DTLS
handshake, as specified in <xref
target="I-D.thomson-rtcweb-alpn"/>.</t>
</section>
</section>
<section title="Media Prioritization">
<t>The WebRTC prioritization model is that the application tells the
WebRTC browser about the priority of media and data flows through an
API.</t>
<t>The priority associated with a media or data flow is classified as
"normal", "below normal", "high" or "very high". There are only four
priority levels at the API.</t>
<t>The priority settings affect two pieces of behavior: Packet markings
and packet send sequence decisions. Each is described in its own section
below.</t>
<section anchor="s-qos"
title="Usage of Quality of Service - DSCP and Multiplexing">
<t>WebRTC endpoints SHOULD attempt to set QoS on the packets sent,
according to the guidelines in <xref
target="I-D.ietf-tsvwg-rtcweb-qos"/>. It is appropriate to depart from
this recommendation when running on platforms where QoS marking is not
implemented.</t>
<t>The WebRTC endpoint MAY turn off use of DSCP markings if it detects
symptoms of unexpected behaviour like priority inversion or blocking
of packets with certain DSCP markings. The detection of these
conditions is implementation dependent. (Question: Does there need to
be an API knob to turn off DSCP markings?)</t>
<t>All packets carrying data from the SCTP association supporting the
data channels MUST use a single DSCP code point.</t>
<t>All packets on one TCP connection, no matter what it carries, MUST
use a single DSCP code point.</t>
<t>More advice on the use of DSCP code points with RTP is given in
<xref target="I-D.ietf-dart-dscp-rtp"/>.</t>
<t>There exist a number of schemes for achieving quality of service
that do not depend solely on DSCP code points. Some of these schemes
depend on classifying the traffic into flows based on 5-tuple (source
address, source port, protocol, destination address, destination port)
or 6-tuple (5-tuple + DSCP code point). Under differing conditions, it
may therefore make sense for a sending application to choose any of
the configurations:</t>
<t><list style="symbols">
<t>Each media stream carried on its own 5-tuple</t>
<t>Media streams grouped by media type into 5-tuples (such as
carrying all audio on one 5-tuple)</t>
<t>All media sent over a single 5-tuple, with or without
differentiation into 6-tuples based on DSCP code points</t>
</list>In each of the configurations mentioned, data channels may be
carried in its own 5-tuple, or multiplexed together with one of the
media flows.</t>
<t>More complex configurations, such as sending a high priority video
stream on one 5-tuple and sending all other video streams multiplexed
together over another 5-tuple, can also be envisioned. More
information on mapping media flows to 5-tuples can be found in <xref
target="I-D.ietf-rtcweb-rtp-usage"/>.</t>
<t>A sending WebRTC endpoint MUST be able to support the following
configurations:</t>
<t><list style="symbols">
<t>multiplex all media and data on a single 5-tuple (fully
bundled)</t>
<t>send each media stream on its own 5-tuple and data on its own
5-tuple (fully unbundled)</t>
<t>bundle each media type (audio, video or data) into its own
5-tuple (bundling by media type)</t>
</list>It MAY choose to support other configurations.</t>
<t>Sending data over multiple 5-tuples is not supported.</t>
<t>A receiving WebRTC endpoint MUST be able to receive media and data
in all these configurations.</t>
</section>
<section title="Local prioritization">
<t>When an WebRTC endpoint has packets to send on multiple streams
(with each media stream and each data channel considered as one
"stream" for this purpose) that are congestion-controlled under the
same congestion controller, the WebRTC endpoint SHOULD cause data to
be emitted in such a way that each stream at each level of priority is
being given approximately twice the transmission capacity (measured in
payload bytes) of the level below.</t>
<t>Thus, when congestion occurs, a "very high" priority flow will have
the ability to send 8 times as much data as a "below normal" flow if
both have data to send. This prioritization is independent of the
media type. The details of which packet to send first are
implementation defined.</t>
<t>For example: If there is a very high priority audio flow sending
100 byte packets, and a normal priority video flow sending 1000 byte
packets, and outgoing capacity exists for sending >5000 payload
bytes, it would be appropriate to send 4000 bytes (40 packets) of
audio and 1000 bytes (one packet) of video as the result of a single
pass of sending decisions.</t>
<t>Conversely, if the audio flow is marked normal priority and the
video flow is marked very high priority, the scheduler may decide to
send 2 video packets (2000 bytes) and 5 audio packets (500 bytes) when
outgoing capacity exists for sending > 2500 payload bytes.</t>
<t>If there are two very high priority audio flows, each will be able
to send 4000 bytes in the same period where a normal priority video
flow is able to send 1000 bytes.</t>
<t>Two example implementation strategies are:</t>
<t><list style="symbols">
<t>When the available bandwidth is known from the congestion
control algorithm, configure each codec and each data channel with
a target send rate that is appropriate to its share of the
available bandwidth.</t>
<t>When congestion control indicates that a specified number of
packets can be sent, send packets that are available to send using
a weighted round robin scheme across the connections.</t>
</list>Any combination of these, or other schemes that have the same
effect, is valid, as long as the distribution of transmission capacity
is approximately correct.</t>
<t>For media, it is usually inappropriate to use deep queues for
sending; it is more useful to, for instance, skip intermediate frames
that have no dependencies on them in order to achieve a lower bitrate.
For reliable data, queues are useful.</t>
</section>
</section>
<section anchor="IANA" title="IANA Considerations">
<t>This document makes no request of IANA.</t>
<t>Note to RFC Editor: this section may be removed on publication as an
RFC.</t>
</section>
<section anchor="Security" title="Security Considerations">
<t>Security considerations are enumerated in <xref
target="I-D.ietf-rtcweb-security"/>.</t>
</section>
<section anchor="Acknowledgements" title="Acknowledgements">
<t>This document is based on earlier versions embedded in <xref
target="I-D.ietf-rtcweb-overview"/>, which were the results of
contributions from many RTCWEB WG members.</t>
<t>Special thanks for reviews of earlier versions of this draft go to
Eduardo Gueiros, Magnus Westerlund, Markus Isomaki and Dan Wing; the
contributions from Andrew Hutton also deserve special mention.</t>
</section>
</middle>
<back>
<references title="Normative References">
<?rfc include='reference.RFC.2119'?>
<?rfc include='reference.RFC.4571'?>
<?rfc include='reference.RFC.4941'?>
<?rfc include='reference.RFC.5245'?>
<?rfc include='reference.RFC.5389'?>
<?rfc include='reference.RFC.5764'?>
<?rfc include='reference.RFC.5766'?>
<?rfc include='reference.RFC.6062'?>
<?rfc include='reference.RFC.6156'?>
<?rfc include='reference.RFC.6544'?>
<?rfc include='reference.RFC.6724'?>
<?rfc include='reference.RFC.7231'?>
<?rfc include='reference.RFC.7235'?>
<?rfc include='reference.I-D.ietf-httpbis-tunnel-protocol'?>
<?rfc include='reference.I-D.ietf-rtcweb-security'?>
<?rfc include='reference.I-D.ietf-rtcweb-rtp-usage'?>
<?rfc include='reference.I-D.ietf-rtcweb-data-channel'?>
<?rfc include='reference.I-D.ietf-rtcweb-security-arch'?>
<?rfc include='reference.I-D.ietf-tsvwg-rtcweb-qos'?>
<?rfc include='reference.I-D.ietf-tsvwg-sctp-dtls-encaps'?>
<?rfc include='reference.I-D.ietf-mmusic-sctp-sdp'?>
<?rfc include='reference.I-D.ietf-tsvwg-sctp-ndata'?>
<?rfc include='reference.I-D.reddy-mmusic-ice-happy-eyeballs'?>
<?rfc include='reference.I-D.thomson-rtcweb-alpn'?>
</references>
<references title="Informative References">
<?rfc include='reference.RFC.5128'?>
<?rfc include='reference.RFC.5014'?>
<?rfc include='reference.RFC.3484'?>
<?rfc include='reference.I-D.ietf-rtcweb-overview'?>
<?rfc include='reference.I-D.jesup-rtcweb-data-protocol'?>
<?rfc include='reference.I-D.ietf-dart-dscp-rtp'?>
</references>
<section title="Change log">
<t>This section should be removed before publication as an RFC.</t>
<section title="Changes from -00 to -01">
<t><list style="symbols">
<t>Clarified DSCP requirements, with reference to -qos-</t>
<t>Clarified "symmetric NAT" -> "NATs which perform
endpoint-dependent mapping"</t>
<t>Made support of TURN over TCP mandatory</t>
<t>Made support of TURN over TLS a MAY, and added open
question</t>
<t>Added an informative reference to -firewalls-</t>
<t>Called out that we don't make requirements on HTTP proxy
interaction (yet</t>
</list></t>
</section>
<section title="Changes from -01 to -02">
<t><list style="symbols">
<t>Required support for 300 Alternate Server from STUN.</t>
<t>Separated the ICE-TCP candidate requirement from the TURN-TCP
requirement.</t>
<t>Added new sections on using QoS functions, and on multiplexing
considerations.</t>
<t>Removed all mention of RTP profiles. Those are the business of
the RTP usage draft, not this one.</t>
<t>Required support for TURN IPv6 extensions.</t>
<t>Removed reference to the TURN URI scheme, as it was
unnecessary.</t>
<t>Made an explicit statement that multiplexing (or not) is an
application matter.</t>
</list>.</t>
</section>
<section title="Changes from -02 to -03">
<t><list style="symbols">
<t>Added required support for draft-ietf-tsvwg-sctp-ndata</t>
<t>Removed discussion of multiplexing, since this is present in
rtp-usage.</t>
<t>Added RFC 4571 reference for framing RTP packets over TCP.</t>
<t>Downgraded TURN TCP candidates from SHOULD to MAY, and added
more language discussing TCP usage.</t>
<t>Added language on IPv6 temporary addresses.</t>
<t>Added language describing multiplexing choices.</t>
<t>Added a separate section detailing what it means when we say
that an WebRTC implementation MUST support both IPv4 and IPv6.</t>
</list></t>
</section>
<section title="Changes from -03 to -04">
<t><list style="symbols">
<t>Added a section on prioritization, moved the DSCP section into
it, and added a section on local prioritization, giving a specific
algorithm for interpreting "priority" in local prioritization.</t>
<t>ICE-TCP candidates was changed from MAY to MUST, in recognition
of the sense of the room at the London IETF.</t>
</list></t>
</section>
<section title="Changes from -04 to -05">
<t><list style="symbols">
<t>Reworded introduction</t>
<t>Removed all references to "WebRTC". It now uses only the term
RTCWEB.</t>
<t>Addressed a number of clarity / language comments</t>
<t>Rewrote the prioritization to cover data channels and to
describe multiple ways of prioritizing flows</t>
<t>Made explicit reference to "MUST do DTLS-SRTP", and referred to
security-arch for details</t>
</list></t>
</section>
<section title="Changes from -05 to -06">
<t><list style="symbols">
<t>Changed all references to "RTCWEB" to "WebRTC", except one
reference to the working group</t>
<t>Added reference to the httpbis "connect" protocol (being
adopted by HTTPBIS)</t>
<t>Added reference to the ALPN header (being adopted by
RTCWEB)</t>
<t>Added reference to the DART RTP document</t>
<t>Said explicitly that SCTP for data channels has a single DSCP
codepoint</t>
</list></t>
</section>
<section title="Changes from -06 to -07">
<t><list style="symbols">
<t>Updated terminology in accordance with -overview. Got rid of
all occurences of "WebRTC implementation".</t>
<t>Modified description of ICE-TCP encapsulation in accordance
with list discussion.</t>
<t>Added HTTP CONNECT requirement in accordance with list
discussion.</t>
</list></t>
</section>
</section>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-23 14:29:27 |