One document matched: draft-ietf-taps-transports-07.xml
<?xml version="1.0" encoding="us-ascii"?>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.0.28 -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC0768 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.0768.xml">
<!ENTITY RFC0792 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.0792.xml">
<!ENTITY RFC0793 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.0793.xml">
<!ENTITY RFC0896 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.0896.xml">
<!ENTITY RFC1122 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.1122.xml">
<!ENTITY RFC1191 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.1191.xml">
<!ENTITY RFC1716 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.1716.xml">
<!ENTITY RFC1981 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.1981.xml">
<!ENTITY RFC2018 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.2018.xml">
<!ENTITY RFC2045 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.2045.xml">
<!ENTITY RFC2460 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.2460.xml">
<!ENTITY RFC2461 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.2461.xml">
<!ENTITY RFC2617 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.2617.xml">
<!ENTITY RFC2710 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.2710.xml">
<!ENTITY RFC3168 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.3168.xml">
<!ENTITY RFC3205 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.3205.xml">
<!ENTITY RFC3436 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.3436.xml">
<!ENTITY RFC3450 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.3450.xml">
<!ENTITY RFC3452 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.3452.xml">
<!ENTITY RFC3550 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.3550.xml">
<!ENTITY RFC3738 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.3738.xml">
<!ENTITY RFC3758 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.3758.xml">
<!ENTITY RFC3828 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.3828.xml">
<!ENTITY RFC3926 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.3926.xml">
<!ENTITY RFC3971 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.3971.xml">
<!ENTITY RFC4324 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.4324.xml">
<!ENTITY RFC4336 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.4336.xml">
<!ENTITY RFC4340 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.4340.xml">
<!ENTITY RFC4341 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.4341.xml">
<!ENTITY RFC4342 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.4342.xml">
<!ENTITY RFC4433 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.4433.xml">
<!ENTITY RFC4614 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.4614.xml">
<!ENTITY RFC4654 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.4654.xml">
<!ENTITY RFC4820 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.4820.xml">
<!ENTITY RFC4821 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.4821.xml">
<!ENTITY RFC4895 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.4895.xml">
<!ENTITY RFC4960 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.4960.xml">
<!ENTITY RFC5061 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.5061.xml">
<!ENTITY RFC5097 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.5097.xml">
<!ENTITY RFC5246 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.5246.xml">
<!ENTITY RFC5238 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.5238.xml">
<!ENTITY RFC5404 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.5404.xml">
<!ENTITY RFC5461 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.5461.xml">
<!ENTITY RFC5595 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.5595.xml">
<!ENTITY RFC5596 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.5596.xml">
<!ENTITY RFC5651 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.5651.xml">
<!ENTITY RFC5662 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.5662.xml">
<!ENTITY RFC5672 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.5672.xml">
<!ENTITY RFC5740 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.5740.xml">
<!ENTITY RFC5775 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.5775.xml">
<!ENTITY RFC5681 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.5681.xml">
<!ENTITY RFC6056 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6056.xml">
<!ENTITY RFC6083 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6083.xml">
<!ENTITY RFC6093 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6093.xml">
<!ENTITY RFC6525 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6525.xml">
<!ENTITY RFC6546 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6546.xml">
<!ENTITY RFC6347 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6347.xml">
<!ENTITY RFC6356 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6356.xml">
<!ENTITY RFC6363 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6363.xml">
<!ENTITY RFC6455 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6455.xml">
<!ENTITY RFC6458 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6458.xml">
<!ENTITY RFC6584 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6584.xml">
<!ENTITY RFC6726 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6726.xml">
<!ENTITY RFC6773 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6773.xml">
<!ENTITY RFC6824 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6824.xml">
<!ENTITY RFC6897 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6897.xml">
<!ENTITY RFC6935 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6935.xml">
<!ENTITY RFC6936 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6936.xml">
<!ENTITY RFC6951 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.6951.xml">
<!ENTITY RFC7053 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.7053.xml">
<!ENTITY RFC7230 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.7230.xml">
<!ENTITY RFC7231 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.7231.xml">
<!ENTITY RFC7232 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.7232.xml">
<!ENTITY RFC7233 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.7233.xml">
<!ENTITY RFC7234 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.7234.xml">
<!ENTITY RFC7235 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.7235.xml">
<!ENTITY RFC7301 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.7301.xml">
<!ENTITY RFC7323 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.7323.xml">
<!ENTITY RFC7457 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.7457.xml">
<!ENTITY RFC7496 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.7496.xml">
<!ENTITY RFC7525 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.7525.xml">
<!ENTITY RFC7540 SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml/reference.RFC.7540.xml">
<!ENTITY I-D.ietf-tsvwg-rfc5405bis SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml3/reference.I-D.ietf-tsvwg-rfc5405bis.xml">
<!ENTITY I-D.ietf-aqm-ecn-benefits SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml3/reference.I-D.ietf-aqm-ecn-benefits.xml">
<!ENTITY I-D.ietf-tsvwg-sctp-dtls-encaps SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml3/reference.I-D.ietf-tsvwg-sctp-dtls-encaps.xml">
<!ENTITY I-D.ietf-tsvwg-sctp-ndata SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml3/reference.I-D.ietf-tsvwg-sctp-ndata.xml">
<!ENTITY I-D.ietf-tsvwg-natsupp SYSTEM "http://unicorn-wg.github.io/idrefs/bibxml3/reference.I-D.ietf-tsvwg-natsupp.xml">
]>
<?rfc toc="yes"?>
<rfc ipr="trust200902" docName="draft-ietf-taps-transports-07" category="info">
<front>
<title abbrev="TAPS Transports">Services provided by IETF transport protocols and congestion control mechanisms</title>
<author initials="G." surname="Fairhurst" fullname="Godred Fairhurst" role="editor">
<organization>University of Aberdeen</organization>
<address>
<postal>
<street>School of Engineering, Fraser Noble Building</street>
<city>Aberdeen AB24 3UE</city>
</postal>
<email>gorry@erg.abdn.ac.uk</email>
</address>
</author>
<author initials="B." surname="Trammell" fullname="Brian Trammell" role="editor">
<organization>ETH Zurich</organization>
<address>
<postal>
<street>Gloriastrasse 35</street>
<city>8092 Zurich</city>
<country>Switzerland</country>
</postal>
<email>ietf@trammell.ch</email>
</address>
</author>
<author initials="M." surname="Kuehlewind" fullname="Mirja Kuehlewind" role="editor">
<organization>ETH Zurich</organization>
<address>
<postal>
<street>Gloriastrasse 35</street>
<city>8092 Zurich</city>
<country>Switzerland</country>
</postal>
<email>mirja.kuehlewind@tik.ee.ethz.ch</email>
</address>
</author>
<date year="2015" month="October" day="07"/>
<abstract>
<t>This document describes services provided by existing IETF protocols and
congestion control mechanisms. It is designed to help application and
network stack programmers and to inform the work of the IETF TAPS Working
Group.</t>
</abstract>
</front>
<middle>
<section anchor="introduction" title="Introduction">
<t>Most Internet applications make use of the Transport Services provided by
TCP (a reliable, in-order stream protocol) or UDP (an unreliable datagram
protocol). We use the term “Transport Service” to mean the end-to-end
service provided to an application by the transport layer. That service
can only be provided correctly if information about the intended usage is
supplied from the application. The application may determine this
information at design time, compile time, or run time, and may include
guidance on whether a feature is required, a preference by the
application, or something in between. Examples of features of Transport
Services are reliable delivery, ordered delivery, content privacy to
in-path devices, and integrity protection.</t>
<t>The IETF has defined a wide variety of transport protocols beyond TCP and
UDP, including SCTP, DCCP, MP-TCP, and UDP-Lite. Transport services
may be provided directly by these transport protocols, or layered on top
of them using protocols such as WebSockets (which runs over TCP), RTP
(over TCP or UDP) or WebRTC data channels (which run over SCTP over DTLS
over UDP or TCP). Services built on top of UDP or UDP-Lite typically also
need to specify additional mechanisms, including a congestion control
mechanism (such as NewReno, TFRC or LEDBAT). This extends the set of available
Transport Services beyond those provided to applications by TCP and UDP.</t>
<t>[GF: Ledbat is a mechanism, not protocol - hence use the work “support” in para below.]</t>
<t>Transport protocols can also be differentiated by the features of the
services they provide: for instance, SCTP offers a message-based service
providing full or partial reliability and allowing to minimize the head of line
blocking due to the support of unordered and unordered message delivery within
multiple streams, UDP-Lite and DCCP provide partial integrity protection, and LEDBAT
can support low-priority “scavenger” communication.</t>
</section>
<section anchor="terminology" title="Terminology">
<t>The following terms are defined throughout this document, and in
subsequent documents produced by TAPS describing the composition and
decomposition of transport services.</t>
<t>[EDITOR’S NOTE: we may want to add definitions for the different kinds of
interfaces that are important here.]</t>
<t>[GF: Interfaces may be covered by Micahel Welzl’s companion document?]</t>
<t><list style="hanging">
<t hangText='Transport Service Feature:'>
a specific end-to-end feature that a transport service provides to its
clients. Examples include confidentiality, reliable delivery, ordered
delivery, message-versus-stream orientation, etc.</t>
<t hangText='Transport Service:'>
a set of transport service features, without an association to any given
framing protocol, which provides a complete service to an application.</t>
<t hangText='Transport Protocol:'>
an implementation that provides one or more different transport services
using a specific framing and header format on the wire.</t>
<t hangText='Transport Protocol Component:'>
an implementation of a transport service feature within a protocol.</t>
<t hangText='Transport Service Instance:'>
an arrangement of transport protocols with a selected set of features
and configuration parameters that implements a single transport service,
e.g. a protocol stack (RTP over UDP).</t>
<t hangText='Application:'>
an entity that uses the transport layer for end-to-end delivery data
across the network (this may also be an upper layer protocol or tunnel
encapsulation).</t>
</list></t>
</section>
<section anchor="existing-transport-protocols" title="Existing Transport Protocols">
<t>This section provides a list of known IETF transport protocol and
transport protocol frameworks.</t>
<section anchor="transport-control-protocol-tcp" title="Transport Control Protocol (TCP)">
<t>TCP is an IETF standards track transport protocol.
<xref target="RFC0793"/> introduces TCP as follows: “The
Transmission Control Protocol (TCP) is intended for use as a highly
reliable host-to-host protocol between hosts
in packet-switched computer communication networks, and in interconnected
systems of such networks.” Since its introduction, TCP has become the
default connection-oriented,
stream-based transport protocol in the Internet. It is widely implemented
by endpoints and
widely used by common applications.</t>
<section anchor="protocol-description" title="Protocol Description">
<t>TCP is a connection-oriented protocol, providing a three way handshake to
allow a client and server to set up a connection and negotiate features,
and mechanisms for orderly
completion and immediate teardown of a connection. TCP is defined by a family
of RFCs <xref target="RFC4614"/>.</t>
<t>TCP provides multiplexing to multiple sockets on each host using port numbers.]
A similar approach is adopted by other IETF-defined transports.
An active TCP session is identified by its four-tuple of local and remote IP
addresses and local port and remote port numbers. The destination port during
connection setup is often used to indicate the requested service.</t>
<t>TCP partitions a continuous stream of bytes into segments, sized to fit in IP
packets. ICMP-based PathMTU discovery <xref target="RFC1191"/><xref target="RFC1981"/> as well as
Packetization Layer Path MTU Discovery (PMTUD) <xref target="RFC4821"/> are supported.</t>
<t>Each byte in the stream is identified by a sequence number. The sequence
number is used to order segments on receipt, to identify segments in
acknowledgments, and to detect unacknowledged segments for retransmission.
This is the basis of the reliable, ordered delivery of data in a TCP stream. TCP
Selective Acknowledgment <xref target="RFC2018"/> extends this mechanism by making it
possible to identify missing segments more precisely, reducing spurious
retransmission.</t>
<t>Receiver flow control is provided by a sliding window: limiting the amount of
unacknowledged data that can be outstanding at a given time. The window scale
option <xref target="RFC7323"/> allows a receiver to use windows greater than 64KB.</t>
<t>All TCP senders provide Congestion Control <xref target="RFC5681"/>: This uses a separate
window, where each time congestion is detected, this congestion window is
reduced. Most of the used congestion control mechanisms use one of three
mechanisms to detect congestion: A retransmission timer (with exponential
back-up), detection of loss (interpreted as a congestion signal), or Explicit
Congestion Notification (ECN) <xref target="RFC3168"/> to provide early signaling (see
<xref target="I-D.ietf-aqm-ecn-benefits"/>). In addition, a congestion control mechanism
may react to changes in delay as an early indication for congestion.</t>
<t>A TCP protocol instance can be extended <xref target="RFC4614"/> and tuned. Some features
are sender-side only, requiring no negotiation with the receiver; some are
receiver-side only, some are explicitly negotiated during connection setup.</t>
<t>By default, TCP segment partitioning uses Nagle’s algorithm <xref target="RFC0896"/> to
buffer data at the sender into large segments, potentially incurring
sender-side buffering delay; this algorithm can be disabled by the sender to
transmit more immediately, e.g., to reduce latency for interactive sessions.</t>
<t>TCP provides a push and a urgent function to enable data to be directly accessed
by the receiver wihout having to wait for in-order delivery of the data.
However, <xref target="RFC6093"/> does not recommend the use of the urgent flag due to the range of
TCP implementations that process TCP urgent indications differently.</t>
<t>A checksum provides an Integrity Check and is mandatory across the entire
packet. This check protects from delivery of corrupted data and miselivery of
packets to the wrong endpoint.
This check is relatively weak, applications that require end to end integrity of
data are recommended to include a stronger integrity check of their payload
data. The TCP checksum does not support partial corruption protection (as in
DCCP/UDP-Lite).</t>
<t>TCP only supports unicast connections.</t>
</section>
<section anchor="interface-description" title="Interface description">
<t>A User/TCP Interface is defined in <xref target="RFC0793"/> providing six user commands:
Open, Send, Receive, Close, Status. This interface does not describe
configuration of TCP options or parameters beside use of the PUSH and URGENT
flags.</t>
<t><xref target="RFC1122"/> describes extensions of the TCP/application layer interface for 1) reporting
soft errors such as reception fo ICMP error messages, extensive retransmission or urgent
pointer advance, 2) providing a possibility to specify the Type-of-Service (TOS) for segments,
3) providing a fush call to empty the TCP send queue, and 4) multihoming support.</t>
<t>In API implementations derived from the BSD Sockets API, TCP sockets are
created using the <spanx style="verb">SOCK_STREAM</spanx> socket type as described in the IEEE Portable
Operating System Interface (POSIX) Base Specifications <xref target="POSIX"/>.
The features used by a protocol instance may be set and tuned via this API.
However, there is no RFC that documents this interface.</t>
</section>
<section anchor="transport-features" title="Transport Features">
<t>The transport features provided by TCP are:</t>
<t>[EDITOR’S NOTE: expand each of these slightly]</t>
<t><list style="symbols">
<t>unicast transport</t>
<t>connection setup with feature negotiation and application-to-port mapping, implemented using SYN segments and the TCP option field to negotiate features.</t>
<t>port multiplexing: each TCP session is uniquely identified by a combination of the ports and IP address fields.</t>
<t>Uni-or bidirectional communication</t>
<t>stream-oriented delivery in a single stream</t>
<t>fully reliable delivery, implemented using ACKs sent from the receiver to confirm delivery.</t>
<t>error detection: a segment checksum verifies delivery to the correct endpoint and integrity of the data and options.</t>
<t>segmentation: packets are fragmented to a negotiated maximum segment size, further constrained by the effective MTU from PMTUD.</t>
<t>data bundling, an optional mechanism that uses Nagle’s algorithm to coalesce data sent within the same RTT into full-sized segments.</t>
<t>flow control using a window-based mechanism, where the receiver advertises the window that it is willing to buffer.</t>
<t>congestion control: a window-based method that uses AIMD to control the sending rate and to conservatively choose a rate after congestion is detected.</t>
</list></t>
</section>
</section>
<section anchor="multipath-tcp-mptcp" title="Multipath TCP (MPTCP)">
<t>Multipath TCP <xref target="RFC6824"/> is an extension for TCP to support multi-homing. It is
designed to be as transparent as possible to middle-boxes. It does so by
establishing regular TCP flows between a pair of source/destination endpoints,
and multiplexing the application’s stream over these flows.</t>
<section anchor="protocol-description-1" title="Protocol Description">
<t>MPTCP uses TCP options for its control plane. They are used to signal multipath
capabilities, as well as to negotiate data sequence numbers, and advertise other
available IP addresses and establish new sessions between pairs of endpoints.</t>
</section>
<section anchor="interface-description-1" title="Interface Description">
<t>By default, MPTCP exposes the same interface as TCP to the application.
<xref target="RFC6897"/> however describes a richer API for MPTCP-aware applications.</t>
<t>This Basic API describes how an application can</t>
<t><list style="symbols">
<t>enable or disable MPTCP;</t>
<t>bind a socket to one or more selected local endpoints;</t>
<t>query local and remote endpoint addresses;</t>
<t>get a unique connection identifier (similar to an address–port pair for TCP).</t>
</list></t>
<t>The document also recommends the use of extensions defined for SCTP <xref target="RFC6458"/>
(see next section) to support multihoming.</t>
</section>
<section anchor="transport-features-1" title="Transport features">
<t>As an extension to TCP, MPTCP provides mostly the same features. By
establishing multiple sessions between available endpoints, it can additionally
provide soft failover solutions should one of the paths become unusable. In
addition, by multiplexing one byte stream over separate paths, it can achieve a
higher throughput than TCP in certain situations (note however that coupled
congestion control <xref target="RFC6356"/> might limit this benefit to maintain fairness to
other flows at the bottleneck). When aggregating capacity over multiple paths,
and depending on the way packets are scheduled on each TCP subflow, an
additional delay and higher jitter might be observed observed before in-order
delivery of data to the applications.</t>
<t>The transport features provided by MPTCP in addition to TCP therefore are:</t>
<t><list style="symbols">
<t>congestion control with load balancing over mutiple connections.</t>
<t>endpoint multiplexing of a single byte stream (higher throughput).</t>
<t>address family multiplexing: sub-flows can be started over IPv4 or IPv6 for
the same session.</t>
<t>resilience to network failure and/or handover.</t>
</list></t>
<t>[AUTHOR’S NOTE: it is unclear whether MPTCP has to provide data bundling.]</t>
</section>
</section>
<section anchor="stream-control-transmission-protocol-sctp" title="Stream Control Transmission Protocol (SCTP)">
<t>SCTP is a message-oriented standards track transport protocol. The base
protocol is specified in <xref target="RFC4960"/>.
It supports multi-homing to handle path failures.
It also optionally supports path failover to provide resilliance to path failures.
An SCTP association has multiple unidirectional streams in each direction and
provides in-sequence delivery of user messages only within each stream. This
allows it to minimize head of line blocking.
SCTP is extensible and the currently defined extensions include mechanisms
for dynamic re-configurations of streams <xref target="RFC6525"/> and
IP-addresses <xref target="RFC5061"/>.
Furthermore, the extension specified in <xref target="RFC3758"/> introduces the concept of
partial reliability for user messages.</t>
<t>SCTP was originally developed for transporting telephony signalling messages
and is deployed in telephony signalling networks, especially in mobile
telephony networks. It can also be used for other services, for example in the
WebRTC framework for data channels and is therefore deployed in all
WEB-browsers supporting WebRTC.</t>
<section anchor="protocol-description-2" title="Protocol Description">
<t>SCTP is a connection-oriented protocol using a four way handshake to establish
an SCTP association and a three way message exchange to gracefully shut it down.
It uses the same port number concept as DCCP, TCP, UDP, and UDP-Lite, and
only supports unicast.</t>
<t>SCTP uses the 32-bit CRC32c for protecting SCTP packets against bit errors
and miselivery of packets to the wrong endpoint.
This is stronger than the 16-bit checksums used by TCP or UDP.
However, a partial checksum coverage, as provided by DCCP or UDP-Lite is not
supported.</t>
<t>SCTP has been designed with extensibility in mind. Each SCTP packet starts with
a single common header containing the port numbers, a verification tag and
the CRC32c checksum.
This common header is followed by a sequence of chunks.
Each chunk consists of a type field, flags, a length field and a value.
<xref target="RFC4960"/> defines how a receiver processes chunks with an unknown chunk type.
The support of extensions can be negotiated during the SCTP handshake.</t>
<t>SCTP provides a message-oriented service. Multiple small user messages can
be bundled into a single SCTP packet to improve the efficiency.
For example, this bundling may be done by delaying user messages at the sender
similar to the Nagle algorithm used by TCP.
User messages which would result in IP packets larger than the MTU will be
fragmented at the sender and reassembled at the receiver.
There is no protocol limit on the user message size.
ICMP-based path MTU discovery as specified for IPv4 in <xref target="RFC1191"/> and for IPv6
in <xref target="RFC1981"/> as well as packetization layer path MTU discovery as specified in
<xref target="RFC4821"/> with probe packets using the padding chunks defined the <xref target="RFC4820"/>
are supported.</t>
<t><xref target="RFC4960"/> specifies a TCP friendly congestion control to protect the network
against overload. SCTP also uses a sliding window flow control to protect
receivers against overflow. Similar to TCP, SCTP also supports delaying
acknowledgements. <xref target="RFC7053"/> provides a way for the sender of user messages
to request the immediate sending of the corresponding acknowledgements.</t>
<t>Each SCTP association has between 1 and 65536 uni-directional streams in
each direction. The number of streams can be different in each direction.
Every user-message is sent on a particular stream.
User messages can be sent un-ordered or ordered upon request by the upper layer.
Un-ordered messages can be delivered as soon as they are completely received.
Ordered messages sent on the same stream are delivered at the receiver
in the same order as sent by the sender. For user messages not requiring
fragmentation, this minimises head of line blocking.</t>
<t>The base protocol defined in <xref target="RFC4960"/> does not allow interleaving of
user-messages, which results in sending a large message on one stream can block
the sending of user messages on other streams.
<xref target="I-D.ietf-tsvwg-sctp-ndata"/> overcomes this limitation.
Furthermore, <xref target="I-D.ietf-tsvwg-sctp-ndata"/> specifies multiple algorithms for
the sender side selection of which streams to send data from supporting a
variety of scheduling algorithms including priority based methods.
The stream re-configuration extension defined in <xref target="RFC6525"/> allows streams
to be reset during the lifetime of an association and to increase the number of
streams, if the number of streams negotiated in the SCTP handshake becomes
insufficient.</t>
<t>Each user message sent is either delivered to
the receiver or, in case of excessive retransmissions, the association is
terminated in a non-graceful way <xref target="RFC4960"/>, similar to TCP behaviour.
In addition to this reliable transfer, the partial reliability extension
<xref target="RFC3758"/> allows a sender to abandon user messages.
The application can specify the policy for abandoning user messages.
Examples for these policies defined in <xref target="RFC3758"/> and <xref target="RFC7496"/> are:</t>
<t><list style="symbols">
<t>Limiting the time a user message is dealt with by the sender.</t>
<t>Limiting the number of retransmissions for each fragment of a user message.
If the number of retransmissions is limited to 0, one gets a service similar
to UDP.</t>
<t>Abandoning messages of lower priority in case of a send buffer shortage.</t>
</list></t>
<t>SCTP supports multi-homing. Each SCTP endpoint uses a list of IP-addresses
and a single port number. These addresses can be any mixture of IPv4 and IPv6
addresses.
These addresses are negotiated during the handshake and the address
re-configuration extension specified in <xref target="RFC5061"/> in combination with
<xref target="RFC4895"/> can be used to change these addresses in an authenticated way
during the livetime of an SCTP association.
This allows for transport layer mobility.
Multiple addresses are used for improved resilience.
If a remote address becomes unreachable, the traffic is switched over to a
reachable one, if one exists.
Each SCTP end-point supervises continuously the reachability of all peer
addresses using a heartbeat mechanism.</t>
<t>For securing user messages, the use of TLS over SCTP has been specified in
<xref target="RFC3436"/>. However, this solution does not support all services provided
by SCTP (for example un-ordered delivery or partial reliability), and therefore
the use of DTLS over SCTP has been specified in <xref target="RFC6083"/> to overcome these
limitations. When using DTLS over SCTP, the application can use almost all
services provided by SCTP.</t>
<t><xref target="I-D.ietf-tsvwg-natsupp"/> defines methods for endpoints and
middleboxes to provide support NAT for SCTP over IPv4.
For legacy NAT traversal, <xref target="RFC6951"/> defines the UDP encapsulation of
SCTP-packets. Alternatively, SCTP packets can be encapsulated in DTLS packets
as specified in <xref target="I-D.ietf-tsvwg-sctp-dtls-encaps"/>. The latter encapsulation
is used within the WebRTC context.</t>
<t>SCTP has a well-defined API, described in the next subsection.</t>
</section>
<section anchor="interface-description-2" title="Interface Description">
<t><xref target="RFC4960"/> defines an abstract API for the base protocol.
This API describes the following functions callable by the upper layer of SCTP:
Initialize, Associate, Send, Receive, Receive Unsent Message,
Receive Unacknowledged Message, Shutdown, Abort, SetPrimary, Status,
Change Heartbeat, Request Heartbeat, Get SRTT Report, Set Failure Threshold,
Set Protocol Parameters, and Destroy.
The following notifications are provided by the SCTP stack to the upper layer:
COMMUNICATION UP, DATA ARRIVE, SHUTDOWN COMPLETE, COMMUNICATION LOST,
COMMUNICATION ERROR, RESTART, SEND FAILURE, NETWORK STATUS CHANGE.</t>
<t>An extension to the BSD Sockets API is defined in <xref target="RFC6458"/> and covers:</t>
<t><list style="symbols">
<t>the base protocol defined in <xref target="RFC4960"/>. The API allows to control the
local addresses and port numbers and the primary path. Furthermore
the application has fine control about parameters like retransmission
thresholds, the path supervision parameters, the delayed acknowledgement
timeout, and the fragmentation point. The API provides a mechanism
to allow the SCTP stack to notify the application about event if the
application has requested them. These notifications provide Information
about status changes of the association and each of the peer addresses.
In case of send failures that application can also be notified and user
messages can be returned to the application. When sending user messages,
the stream id, a payload protocol identifier, an indication whether ordered
delivery is requested or not. These parameters can also be provided on
message reception. Additionally a context can be provided when sending,
which can be use in case of send failures. The sending of arbitrary large
user messages is supported.</t>
<t>the SCTP Partial Reliability extension defined in <xref target="RFC3758"/> to specify
for a user message the PR-SCTP policy and the policy specific parameter.</t>
<t>the SCTP Authentication extension defined in <xref target="RFC4895"/> allowing to manage
the shared keys, the HMAC to use, set the chunk types which are only accepted
in an authenticated way, and get the list of chunks which are accepted by the
local and remote end point in an authenticated way.</t>
<t>the SCTP Dynamic Address Reconfiguration extension defined in <xref target="RFC5061"/>.
It allows to manually add and delete local addresses for SCTP associations
and the enabling of automatic address addition and deletion. Furthermore
the peer can be given a hint for choosing its primary path.</t>
</list></t>
<t>For the following SCTP protocol extensions the BSD Sockets API extension is
defined in the document specifying the protocol extensions:</t>
<t><list style="symbols">
<t>the SCTP Stream Reconfiguration extension defined in <xref target="RFC6525"/>.
The API allows to trigger the reset operation for incoming and
outgoing streams and the whole association. It provides also a way
to notify the association about the corresponding events. Furthermore
the application can increase the number of streams.</t>
<t>the UDP Encapsulation of SCTP packets extension defined in <xref target="RFC6951"/>.
The API allows the management of the remote UDP encapsulation port.</t>
<t>the SCTP SACK-IMMEDIATELY extension defined in <xref target="RFC7053"/>.
The API allows the sender of a user message to request the receiver to
send the corresponding acknowledgement immediately.</t>
<t>the additional PR-SCTP policies defined in <xref target="RFC7496"/>.
The API allows to enable/disable the PR-SCTP extension,
choose the PR-SCTP policies defined in the document and provide statistical
information about abandoned messages.</t>
</list></t>
<t>Future documents describing SCTP protocol extensions are expected to describe
the corresponding BSD Sockets API extension in a <spanx style="verb">Socket API Considerations</spanx>
section.</t>
<t>The SCTP socket API supports two kinds of sockets:</t>
<t><list style="symbols">
<t>one-to-one style sockets (by using the socket type <spanx style="verb">SOCK_STREAM</spanx>).</t>
<t>one-to-many style socket (by using the socket type <spanx style="verb">SOCK_SEQPACKET</spanx>).</t>
</list></t>
<t>One-to-one style sockets are similar to TCP sockets, there is a 1:1 relationship
between the sockets and the SCTP associations (except for listening sockets).
One-to-many style SCTP sockets are similar to unconnected UDP sockets, where there
is a 1:n relationship between the sockets and the SCTP associations.</t>
<t>The SCTP stack can provide information to the applications about state
changes of the individual paths and the association whenever they occur.
These events are delivered similar to user messages but are specifically
marked as notifications.</t>
<t>New functions have been introduced to support the use of
multiple local and remote addresses.
Additional SCTP-specific send and receive calls have been defined to permit
SCTP-specific information to be snet without using ancillary data
in the form of additional cmsgs.
These functions provide support for detecting partial delivery of
user messages and notifications.</t>
<t>The SCTP socket API allows a fine-grained control of the protocol behaviour
through an extensive set of socket options.</t>
<t>The SCTP kernel implementations of FreeBSD, Linux and Solaris follow mostly
the specified extension to the BSD Sockets API for the base protocol and the
corresponding supported protocol extensions.</t>
</section>
<section anchor="transport-features-2" title="Transport Features">
<t>The transport features provided by SCTP are:</t>
<t>[GF: This needs to be harmonised with the components for TCP]</t>
<t><list style="symbols">
<t>unicast.</t>
<t>connection setup with feature negotiation and application-to-port mapping.</t>
<t>port multiplexing.</t>
<t>message-oriented delivery.</t>
<t>fully reliable or partially reliable delivery.</t>
<t>ordered and unordered delivery within a stream.</t>
<t>support for multiple concurrent streams.</t>
<t>support for stream scheduling prioritization.</t>
<t>flow control.</t>
<t>congestion control.</t>
<t>user message bundling.</t>
<t>user message fragmentation and reassembly.</t>
<t>strong error/misdelivery detection (CRC32c).</t>
<t>transport layer multihoming for resilience.</t>
<t>transport layer mobility.</t>
</list></t>
</section>
</section>
<section anchor="user-datagram-protocol-udp" title="User Datagram Protocol (UDP)">
<t>The User Datagram Protocol (UDP) <xref target="RFC0768"/> <xref target="RFC2460"/> is an IETF
standards track transport protocol. It provides a unidirectional,
datagram protocol that preserves message boundaries. It provides
none of the following transport features: error correction,
congestion control, or flow control. It can be used to send
broadcast datagrams (IPv4) or multicast datagrams (IPv4 and IPv6), in
addition to unicast (and anycast) datagrams. IETF guidance on the
use of UDP is provided in<xref target="I-D.ietf-tsvwg-rfc5405bis"/>. UDP is widely implemented and
widely used by common applications, including DNS.</t>
<section anchor="protocol-description-3" title="Protocol Description">
<t>UDP is a connection-less protocol that maintains message boundaries,
with no connection setup or feature negotiation. The protocol uses
independent messages, ordinarily called datagrams. Each stream of
messages is independently
managed, therefore retransmission does not hold back data sent using
other logical streams. It provides detection
of payload errors and misdelivery of packets to the wrong endpoint,
either of which result in discard of received datagrams.</t>
<t>It is possible to create IPv4 UDP datagrams with no checksum, and
while this is generally discouraged <xref target="RFC1122"/> <xref target="I-D.ietf-tsvwg-rfc5405bis"/>, certain
special cases permit its use. These datagrams relie on the IPv4
header checksum to protect from misdelivery to the wrong endpoint.
IPv6 does not by permit UDP datagrams with no checksum, although
in certain cases this rule may be relaxed <xref target="RFC6935"/>.
The checksum support
considerations for omitting the checksum are defined in <xref target="RFC6936"/>.
Note that due to the relatively weak form of checksum used by UDP,
applications that require end to end integrity of data are
recommended to include a stronger integrity check of their payload
data.</t>
<t>It does not provide reliability and does not provide retransmission.
This implies messages may be re-ordered,
lost, or duplicated in transit.</t>
<t>A receiving application that is unable to
run sufficiently fast, or frequently, may miss messages since
there is no flow control. The lack of
congestion handling implies UDP traffic may experience loss when using
an overlaoded path and may cause the loss of
messages from other protocols (e.g., TCP) when sharing the same
network path.</t>
<t>[GF: This para isn’t needed”:
Messages with payload errors are ordinarily detected by an invalid end-
to-end checksum and are discarded before being delivered to an
application. UDP-Lite (see <xref target="RFC3828"/>, and below) provides the ability for
portions of the message contents to be exempt from checksum coverage.]</t>
<t>On transmission, UDP encapsulates each datagram into an IP packet,
which may in turn be fragmented by IP and are reassembled before
delivery to the UDP receiver.</t>
<t>Applications that need to provide
fragmentation or that have other requirements such as receiver flow
control, congestion control, PathMTU discovery/PLPMTUD, support for
ECN, etc need these to be provided by protocols operating over UDP <xref target="I-D.ietf-tsvwg-rfc5405bis"/>.</t>
</section>
<section anchor="interface-description-3" title="Interface Description">
<t><xref target="RFC0768"/> describes basic requirements for an API for UDP.
Guidance on use of common APIs is provided in <xref target="I-D.ietf-tsvwg-rfc5405bis"/>.</t>
<t>A UDP endpoint consists of a tuple of (IP address, port number).
Demultiplexing using multiple abstract endpoints (sockets) on the
same IP address are supported. The same socket may be used by a
single server to interact with multiple clients (note: this behavior
differs from TCP, which uses a pair of tuples to identify a
connection). Multiple server instances (processes) that bind the same
socket can cooperate to service multiple clients– the socket
implementation arranges to not duplicate the same received unicast
message to multiple server processes.</t>
<t>Many operating systems also allow a UDP socket to be “connected”,
i.e., to bind a UDP socket to a specific (remote) UDP endpoint.
Unlike TCP’s connect primitive, for UDP, this is only a local
operation that serves to simplify the local send/receive functions
and to filter the traffic for the specified addresses and ports
<xref target="I-D.ietf-tsvwg-rfc5405bis"/>.</t>
</section>
<section anchor="transport-features-3" title="Transport Features">
<t>The transport features provided by UDP are:</t>
<t><list style="symbols">
<t>unicast.</t>
<t>multicast, anycast, or IPv4 broadcast.</t>
<t>port multiplexing. A receiving port can be configured to receive datagrams from multiple senders.</t>
<t>message-oriented delivery.</t>
<t>unidirectional or bidirectional. Transmission in each direction is independent.</t>
<t>non-reliable delivery.</t>
<t>non-ordered delivery.</t>
<t>IPv6 jumbograms.</t>
<t>error and misdelivery detection (checksum).</t>
<t>optional checksum. All or none of the payload data is protected.</t>
</list></t>
</section>
</section>
<section anchor="lightweight-user-datagram-protocol-udp-lite" title="Lightweight User Datagram Protocol (UDP-Lite)">
<t>The Lightweight User Datagram Protocol (UDP-Lite) <xref target="RFC3828"/> is an IETF
standards track transport protocol.
It provides a unidirectional,
datagram protocol that preserves message boundaries.
IETF guidance on the use of UDP-Lite is provided in
<xref target="I-D.ietf-tsvwg-rfc5405bis"/>.</t>
<section anchor="protocol-description-4" title="Protocol Description">
<t>UDP-Lite is a connection-less datagram protocol,
with no connection setup or feature negotiation.
The protocol use messages,
rather than a byte-stream. Each stream of messages is independently
managed, therefore retransmission does not hold back data sent using
other logical streams.</t>
<t>It provides multiplexing to multiple sockets on each host using port
numbers, and its operation follows that for UDP.
An active UDP-Lite session is identified by its four-tuple of local and
remote IP addresses and local port and remote port numbers.</t>
<t>UDP-Lite changes the semantics of the UDP “payload length” field to
that of a “checksum coverage length” field, and is identified by
a different IP protocol/next-header value. Otherwise, UDP-Lite is
semantically identical to UDP. Applications using UDP-Lite therefore
can not make
assumptions regarding the correctness of the data received in the
insensitive part of the UDP-Lite payload.</t>
<t>As for UDP, mechanisms for receiver flow control, congestion control,
PMTU or PLPMTU
discovery, support for ECN, etc need to be provided by
upper layer protocols <xref target="I-D.ietf-tsvwg-rfc5405bis"/>.</t>
<t>Examples of use include a class of applications that
can derive benefit from having
partially-damaged payloads delivered, rather than discarded. One
use is to support error
tolerate payload corruption when used over paths that include error-prone links,
another
application is when header integrity checks are required, but
payload integrity is provided by some other mechanism (e.g., <xref target="RFC6936"/>.</t>
<t>A UDP-Lite service may support IPv4 broadcast, multicast, anycast and
unicast, and IPv6 multicast, anycast and unicast.</t>
</section>
<section anchor="interface-description-4" title="Interface Description">
<t>There is no current API specified in the RFC Series, but guidance on
use of common APIs is provided in <xref target="I-D.ietf-tsvwg-rfc5405bis"/>.</t>
<t>The interface of UDP-Lite differs
from that of UDP by the addition of a single (socket) option that
communicates a checksum coverage length value: at the sender, this
specifies the intended checksum coverage, with the remaining
unprotected part of the payload called the “error-insensitive part”.
The checksum coverage may also be made visible to the application
via the UDP-Lite MIB module <xref target="RFC5097"/>.</t>
</section>
<section anchor="transport-features-4" title="Transport Features">
<t>The transport features provided by UDP-Lite are:</t>
<t><list style="symbols">
<t>unicast.</t>
<t>multicast, anycast, or IPv4 broadcast.</t>
<t>port multiplexing (as for UDP).</t>
<t>message-oriented delivery (as for UDP).</t>
<t>non-reliable delivery (as for UDP).</t>
<t>non-ordered delivery (as for UDP).</t>
<t>error and misdelivery detection (checksum).</t>
<t>partialor full integrity protection. The checksum coverage field indicates the size of the payload data covered by the checksum.</t>
</list></t>
</section>
</section>
<section anchor="datagram-congestion-control-protocol-dccp" title="Datagram Congestion Control Protocol (DCCP)">
<t>Datagram Congestion Control Protocol (DCCP) <xref target="RFC4340"/> is an
IETF standards track
bidirectional transport protocol that provides unicast connections of
congestion-controlled messages without providing reliability.</t>
<t>The DCCP Problem Statement describes the goals that
DCCP sought to address <xref target="RFC4336"/>. It is suitable for
applications that transfer fairly large amounts of data and that can
benefit from control over the trade off between timeliness and
reliability <xref target="RFC4336"/>.</t>
<t>It offers low overhead, and many characteristics
common to UDP, but can avoid “Re-inventing the wheel”
each time a new multimedia application emerges.
Specifically it includes core functions (feature
negotiation, path state management, RTT calculation,
PMTUD, etc): This allows applications to use a
compatible method defining how they send packets
and where suitable to choose common algorithms to
manage their functions.
Examples of suitable applications include interactive applications,
streaming media or on-line games <xref target="RFC4336"/>.</t>
<section anchor="protocol-description-5" title="Protocol Description">
<t>DCCP is a connection-oriented datagram protocol, providing a three way
handshake to allow a client and server to set up a connection,
and mechanisms for orderly completion and immediate teardown of
a connection. The protocol is defined by a family of RFCs.</t>
<t>It provides multiplexing to multiple sockets at each endpoint using
port numbers. An active DCCP session is identified by its four-tuple
of local and remote IP addresses and local port and remote port numbers.
At connection setup, DCCP also exchanges the service code <xref target="RFC5595"/>,
a mechanism that allows transport instantiations to indicate
the service treatment that is expected from the network.</t>
<t>The protocol segments data into messages, typically sized to
fit in IP packets, but which may be fragmented providing they
are less than the maximum packet size.
A DCCP interface allows applications to
request fragmentation for packets larger than PMTU, but not
larger than the maximum packet size allowed by the current
congestion control mechanism (CCMPS) <xref target="RFC4340"/>.</t>
<t>Each message
is identified by a sequence number. The sequence number is used to
identify segments
in acknowledgments, to detect unacknowledged segments, to measure RTT,
etc.
The protocol may support ordered or unordered delivery of data, and does
not
itself provide retransmission.
DCCP supports
reduced checksum coverage, a partial integrity mechanisms similar to UDP-lIte.
There is also a Data Checksum option that when enabled,
contains a strong CRC, to enable endpoints to detect application data corruption.</t>
<t>Receiver flow control is supported: limiting the amount of
unacknowledged data that can be outstanding at a given time.</t>
<t>A DCCP protocol instance can be extended <xref target="RFC4340"/> and tuned using
features.
Some features are sender-side only, requiring no negotiation with the
receiver;
some are receiver-side only, some are explicitly negotiated during
connection setup.</t>
<t>A DCCP service is unicast.</t>
<t>DCCP supports negotiation of the congestion control profile,
to provide Plug and Play congestion control mechanisms.
Examples of specified profiles include
<xref target="RFC4341"/> <xref target="RFC4342"/> <xref target="RFC5662"/>.
All IETF-defined methods provide Congestion Control.</t>
<t>DCCP use a Connect packet to initiate a session, and permits
half-connections that allow each client to choose the
features it wishes to support. Simultaneous open
<xref target="RFC5596"/>, as in TCP, can enable interoperability in
the presence of middleboxes. The Connect packet includes
a Service Code field <xref target="RFC5595"/> designed to allow middle
boxes and endpoints to identify the characteristics
required by a session.</t>
<t>A lightweight UDP-based encapsulation (DCCP-UDP)
has been defined <xref target="RFC6773"/> that permits DCCP to be
used over paths where it is not natively supported.
Support in NAPT/NATs is defined in <xref target="RFC4340"/> and <xref target="RFC5595"/>.</t>
<t>Upper layer protocols specified on top of DCCP
include: DTLS <xref target="RFC5595"/>, RTP <xref target="RFC5672"/>,
ICE/SDP <xref target="RFC6773"/>.</t>
<t>A common packet format has allowed tools to evolve that can
read and interpret DCCP packets (e.g. Wireshark).</t>
</section>
<section anchor="interface-description-5" title="Interface Description">
<t>API characteristics include:
- Datagram transmission.
- Notification of the current maximum packet size.
- Send and reception of zero-length payloads.
- Slow Receiver flow control at a receiver.
- Detect a Slow receiver at the sender.</t>
<t>There is no current API curremntly specified in the RFC Series.</t>
</section>
<section anchor="transport-features-5" title="Transport Features">
<t>The transport features provided by DCCP are:</t>
<t><list style="symbols">
<t>unicast.</t>
<t>connection setup with feature negotiation and application-to-port mapping.</t>
<t>Service Codes. Identifies the upper layer service to the endpoint and network.</t>
<t>port multiplexing.</t>
<t>message-oriented delivery.</t>
<t>non-reliable delivery.</t>
<t>ordered delivery.</t>
<t>flow control. The slow receiver function allows a receiver to control the rate of the sender.</t>
<t>drop notification. Allows a receiver to notify which datagrams were not delivered to the peer upper layer protocol.</t>
<t>timestamps.</t>
<t>partial and full integrity protection (with optional strong integrity check).</t>
</list></t>
</section>
</section>
<section anchor="lightweight-user-datagram-protocol-udp-lite-1" title="Lightweight User Datagram Protocol (UDP-Lite)">
<t>The Lightweight User Datagram Protocol (UDP-Lite) <xref target="RFC3828"/> is an IETF
standards track transport protocol. It provides a unidirectional,
datagram protocol that preserves message boundaries.
IETF guidance on the use of UDP-Lite is provided in
<xref target="I-D.ietf-tsvwg-rfc5405bis"/>.</t>
<section anchor="protocol-description-6" title="Protocol Description">
<t>UDP-Lite is a connection-less datagram protocol,
with no connection setup or feature negotiation.
The protocol use messages,
rather than a byte-stream. Each stream of messages is independently
managed, therefore retransmission does not hold back data sent using
other logical streams.</t>
<t>It provides multiplexing to multiple sockets on each host using port
numbers, and its operation follows that for UDP.
An active UDP-Lite session is identified by its four-tuple of local and
remote IP addresses and local port and remote port numbers.</t>
<t>UDP-Lite changes the semantics of the UDP “payload length” field to
that of a “checksum coverage length” field, and is identified by
a different IP protocol/next-header value. Otherwise, UDP-Lite is
semantically identical to UDP. Applications using UDP-Lite therefore
can not make
assumptions regarding the correctness of the data received in the
insensitive part of the UDP-Lite payload.</t>
<t>As for UDP, mechanisms for receiver flow control, congestion control,
PMTU or PLPMTU
discovery, support for ECN, etc need to be provided by
upper layer protocols <xref target="I-D.ietf-tsvwg-rfc5405bis"/>.</t>
<t>Examples of use include a class of applications that
can derive benefit from having
partially-damaged payloads delivered, rather than discarded. One
use is to support error
tolerate payload corruption when used over paths that include error-prone links,
another
application is when header integrity checks are required, but
payload integrity is provided by some other mechanism (e.g., <xref target="RFC6936"/>.</t>
<t>A UDP-Lite service may support IPv4 broadcast, multicast, anycast and
unicast, and IPv6 multicast, anycast and unicast.</t>
</section>
<section anchor="interface-description-6" title="Interface Description">
<t>There is no current API specified in the RFC Series, but guidance on
use of common APIs is provided in <xref target="I-D.ietf-tsvwg-rfc5405bis"/>.</t>
<t>The interface of UDP-Lite differs
from that of UDP by the addition of a single (socket) option that
communicates a checksum coverage length value: at the sender, this
specifies the intended checksum coverage, with the remaining
unprotected part of the payload called the “error-insensitive part”.
The checksum coverage may also be made visible to the application
via the UDP-Lite MIB module <xref target="RFC5097"/>.</t>
</section>
<section anchor="transport-features-6" title="Transport Features">
<t>The transport features provided by UDP-Lite are:</t>
<t><list style="symbols">
<t>unicast</t>
<t>multicast, anycast, or IPv4 broadcast.</t>
<t>port multiplexing (as for UDP).</t>
<t>message-oriented delivery (as for UDP).</t>
<t>non-reliable delivery(as for UDP).</t>
<t>non-ordered delivery (as for UDP).</t>
<t>partial or full integrity protection.</t>
</list></t>
</section>
</section>
<section anchor="internet-control-message-protocol-icmp" title="Internet Control Message Protocol (ICMP)">
<t>The Internet Control Message Protocol (ICMP) <xref target="RFC0792"/> for IPv4 and <xref target="RFC4433"/> for IPv6 are IETF
standards track protocols.</t>
<t>It provides a conection-less unidirectional protocol that delivers individual messages.
It provides
none of the following transport features: error correction,
congestion control, or flow control. Some messages may be sent as
broadcast datagrams (IPv4) or multicast datagrams (IPv4 and IPv6), in
addition to unicast (and anycast) datagrams.</t>
<section anchor="protocol-description-7" title="Protocol Description">
<t>ICMP is a conection-less unidirectional protocol that delivers individual messages.
The protocol uses
independent messages, ordinarily called datagrams. Each message is required to
carry a checksum as an integrity check and to protect from misdelivery to the wrong endpoint.</t>
<t>ICMP messages typically relay diagnostic information from an endpoint <xref target="RFC1122"/> or
network device <xref target="RFC1716"/> addressed to the sender of a flow. This usually contains
the network protocol header of a packet that encountered the reported issue.
Some formats of messages may also
carry other payload data. Each message carries an integrity check calculated in
the same way as UDP.</t>
<t>The RFC series defines additional IPv6 message formats to support a range of uses.
In the case of IPv6 the protocol incorporates neighbour discovery <xref target="RFC2461"/> <xref target="RFC3971"/>}
(provided by ARP for IPv4) and the Multicast Listener
Discovery (MLD) <xref target="RFC2710"/> group management functions (provided by IGMP for IPv4).</t>
<t>Reliable transmission can not be assumed.
A receiving application that is unable to
run sufficiently fast, or frequently, may miss messages since
there is no flow or congestion control.
In addition some network devices rate-limit ICMP messages.</t>
<t>Transport Protocols and upper layer protocols can use ICMP messages to help them
take appropriate decisions when network or endpoint errors are reported.
For example to implement, ICMP-based PathMTU discovery <xref target="RFC1191"/><xref target="RFC1981"/> or
assist in Packetization Layer Path MTU Discovery (PMTUD) <xref target="RFC4821"/>.
Such reactions to received messages needs to protects from
off-path data injection <xref target="I-D.ietf-tsvwg-rfc5405bis"/>, avoiding an application receiving
packets that were created by an unauthorized third party.
An application therefore needs to
ensure that aLL messaged are appropriately validated, by checking
the payload of the messages to ensure these are received in response to
actually transmitted traffic (e.g., a reported error condition that corresponds to
a UDP datagram or TCP segment was actually sent by the application). This
requires context <xref target="RFC6056"/>, such as local state about communication instances to
each destination (e.g., in the TCP, DCCP, or SCTP protocols). This state is
not always maintained by UDP-based applications <xref target="I-D.ietf-tsvwg-rfc5405bis"/>.</t>
<t>Any response to ICMP error messages ought to be robust to temporary
routing failures (sometimes called “soft errors”), e.g., transient ICMP
“unreachable” messages ought to not normally cause a communication abort
<xref target="RFC5461"/> <xref target="I-D.ietf-tsvwg-rfc5405bis"/>.</t>
</section>
<section anchor="interface-description-7" title="Interface Description">
<t>ICMP processing is integrated into many connection-oriented transports,
but like other functions needs to be provided by an upper-layer protocol
when using UDP and UDP-Lite.
On some stacks, a bound socket also allows a UDP application to be notified
when ICMP error messages are received for its transmissions
<xref target="I-D.ietf-tsvwg-rfc5405bis"/>.</t>
</section>
<section anchor="transport-features-7" title="Transport Features">
<t>The transport features provided by ICMP are:</t>
<t><list style="symbols">
<t>unidirectional.</t>
<t>multicast, anycast and IP4 broadcast.</t>
<t>message-oriented delivery.</t>
<t>non-reliable delivery.</t>
<t>non-ordered delivery.</t>
<t>error and misdelivery detection (checksum).</t>
</list></t>
</section>
</section>
<section anchor="realtime-transport-protocol-rtp" title="Realtime Transport Protocol (RTP)">
<t>RTP provides an end-to-end network transport service, suitable for
applications transmitting real-time data, such as audio, video or
data, over multicast or unicast network services, including TCP, UDP,
UDP-Lite, or DCCP.</t>
<t>[EDITOR’S NOTE: Varun Singh signed up as contributor for this section. Given the complexity of RTP, suggest to have an abbreviated section here contrasting RTP with other transports, and focusing on those features that are RTP-unique. Gorry Fairhurst contributed this stub section]</t>
<section anchor="protocol-description-8" title="Protocol Description">
<t>The RTP standard <xref target="RFC3550"/> defines a pair of protocols, RTP and the
Real Time Control Protocol, RTCP. The transport does not provide
connection setup, but relies on out-of-band techniques or associated
control protocols to setup, negotiate parameters or tear-down a session.</t>
<t>An RTP sender encapsulates audio/video data into RTP packets
to transport media streams.
The RFC-series specifies RTP media formats allow packets to carry a
wide range of media, and specifies a wide range of mulriplexing,
error control and other support mechanisms.</t>
<t>If a frame of media data is large, it will be fragment this
into several RTP packets. If small, several
frames may be bundled into a single RTP packet.
RTP may runs over a congestion-controlled or non-congestion-controlled
transport protocol.</t>
<t>An RTP receiver collects RTP packets from network, validates them
for correctness, and sends them to the media decoder input-queue.
Missing packet detection is performed by the channel decoder.
The play-out buffer is ordered by time stamp and is used to
reorder packets. Damaged frames may be repaired before the media
payloads are decompressed to display or store the data.</t>
<t>RTCP is an associated control protocol that works with RTP.
Both the RTP sender and receiver can send RTCP report packets.
This is used to periodically
send control information and report performance.
Based on received RTCP feedback, an RTP sender
can adjust the transmission, e.g., perform rate adaptation
at the application layer in the case of congestion.</t>
<t>An RTCP receiver report (RTCP RR) is returned to the sender
periodically to report key parameters (e.g, the fraction of packets
lost in the last reporting interval, the cumulative number of
packets lost, the highest sequence number received, and the
inter-arrival jitter). The RTCP RR packets also contain timing
information that allows the sender to estimate the network
round trip time (RTT) to the receivers.</t>
<t>The interval between reports sent from each receiver tends
to be on the order of a few seconds on average, although
this varies with the session rate, and sub-second reporting
intervals are possible for high rate sessions.
The interval is randomised to avoid synchronization of
reports from multiple receivers.</t>
</section>
<section anchor="interface-description-8" title="Interface Description">
<t>[EDITOR’S NOTE: to do]</t>
</section>
<section anchor="transport-features-8" title="Transport Features">
<t>The transport features provided by RTP are:</t>
<t><list style="symbols">
<t>unicast.</t>
<t>multicast, anycast or IPv4 broadcast.</t>
<t>port multiplexing.</t>
<t>message-oriented delivery.</t>
<t>associated protocols for connection setup with feature negotiation and application-to-port mapping.</t>
<t>support for media types and other extensions.</t>
<t>segmentation and aggregation.</t>
<t>performance reporting.</t>
<t>drop notification.</t>
<t>timestamps.</t>
</list></t>
</section>
</section>
<section anchor="file-delivery-over-unidirectional-transportasynchronous-layered-coding-reliable-multicast-flutealc" title="File Delivery over Unidirectional Transport/Asynchronous Layered Coding Reliable Multicast (FLUTE/ALC)">
<t>FLUTE/ALC is an IETF standards track protocol specified in <xref target="RFC6726"/>
and <xref target="RFC5775"/>,. ALC provides an underlying
reliable transport service and FLUTE a file-oriented specialization
of the ALC service (e.g., to carry associated metadata). The
<xref target="RFC6726"/> and <xref target="RFC5775"/> protocols are non-backward-compatible updates
of the <xref target="RFC3926"/> and <xref target="RFC3450"/> experimental protocols; these
experimental protocols are currently largely deployed in the 3GPP
Multimedia Broadcast and Multicast Services (MBMS) (see <xref target="MBMS"/>,
section 7) and similar contexts (e.g., the Japanese ISDB-Tmm standard).</t>
<t>The FLUTE/ALC protocol has been designed to support massively scalable
reliable bulk data dissemination to receiver groups of arbitrary size using IP
Multicast over any type of delivery network, including unidirectional networks
(e.g., broadcast wireless channels). However, the FLUTE/ALC protocol also
supports point-to-point unicast transmissions.</t>
<t>FLUTE/ALC bulk data
dissemination has been designed for discrete file or memory-based “objects”.
Transmissions happen either in push mode, where content is sent once, or in
on-demand mode, where content is continuously sent during periods of time that
can largely exceed the average time required to download the session objects
(see <xref target="RFC5651"/>, section 4.2).</t>
<t>Altough FLUTE/ALC is not well adapted to byte- and message-streaming, there is
an exception: FLUTE/ALC is used to carry 3GPP Dynamic Adaptive Streaming over
HTTP (DASH) when scalability is a requirement (see <xref target="MBMS"/>, section 5.6).
In that case, each Audio/Video segment is transmitted as a distinct FLUTE/ALC
object in push mode. FLUTE/ALC uses packet erasure coding (also
known as Application-Level Forward Erasure Correction, or AL-FEC) in a
proactive way. The goal of using AL-FEC is both to increase the robustness in
front of packet erasures and to improve the efficiency of the on-demand
service. FLUTE/ALC transmissions can be governed by a congestion control
mechanism such as the “Wave and Equation Based Rate Control” (WEBRC) <xref target="RFC3738"/>
when FLUTE/ALC is used in a layered transmission manner, with several session
channels over which ALC packets are sent. However many FLUTE/ALC deployments
involve only Constant Bit Rate (CBR) channels with no competing flows, for
which a sender-based rate control mechanism is sufficient. In any case,
FLUTE/ALC’s reliability, delivery mode, congestion control, and flow/rate
control mechanisms are distinct components that can be separately controlled
to meet different application needs.</t>
<section anchor="protocol-description-9" title="Protocol Description">
<t>The FLUTE/ALC protocol works on top of UDP (though it could work on top of any
datagram delivery transport protocol), without requiring any connectivity from
receivers to the sender. Purely unidirectional networks are therefore
supported by FLUTE/ALC. This guarantees scalability to an
unlimited number of receivers in a session, since
the sender behaves exactly the same regardness of the number of receivers.</t>
<t>FLUTE/ALC supports the transfer of bulk objects such as file or in- memory
content, using either a push or an on-demand mode. in push mode, content is
sent once to the receivers, while in on-demand mode, content is sent
continuously during periods of time that can greatly exceed the average time
required to download the session objects.</t>
<t>This enables receivers to join a session asynchronously, at their own
discretion, receive the content and leave the session. In this case, data
content is typically sent continuously, in loops (also known as “carousels”).
FLUTE/ALC also supports the
transfer of an object stream, with loose real-time constraints. This is
particularly useful to carry 3GPP DASH when scalability is a requirement and
unicast transmissions over HTTP cannot be used (<xref target="MBMS"/>, section 5.6). In
this case, packets are sent in sequence using push mode. FLUTE/ALC is
not well adapted to byte- and message-streaming and other solutions could be
preferred (e.g., FECFRAME <xref target="RFC6363"/> with real-time flows).</t>
<t>The FLUTE file delivery instantiation of ALC provides a metadata delivery
service. Each object of the FLUTE/ALC session is described in a dedicated
entry of a File Delivery Table (FDT), using an XML format (see <xref target="RFC6726"/>,
section 3.2). This metadata can include, but is not restricted to, a URI
attribute (to identify and locate the object), a media type attribute, a size
attribute, an encoding attribute, or a message digest attribute. Since the
set of objects sent within a session can be dynamic, with new objects being
added and old ones removed, several instances of the FDT can be sent and a
mechanism is provided to identify a new FDT Instance.</t>
<t>To provide robustness against packet loss and improve the
efficiency of the on-demand mode, FLUTE/ALC relies on packet erasure
coding (AL-FEC). AL-FEC encoding is proactive (since
there is no feedback and therefore no (N)ACK-based retransmission) and ALC
packets containing repair data are sent along with ALC packets containing
source data. Several FEC Schemes have been standardized; FLUTE/ALC does
not mandate the use of any particular one. Several strategies concerning the
transmission order of ALC source and repair packets are possible, in
particular in on-demand mode where it can deeply impact the service provided
(e.g., to favor the recovery of objects in sequence, or at the other extreme,
to favor the recovery of all objects in parallel), and FLUTE/ALC does not
mandate nor recommend the use of any particular one.</t>
<t>A FLUTE/ALC session is composed of one or more channels, associated to
different destination unicast and/or multicast IP addresses. ALC packets are
sent in those channels at a certain transmission rate, with a rate that often
differs depending on the channel. FLUTE/ALC does not mandate nor recommend
any strategy to select which ALC packet to send on which channel. FLUTE/ALC
can use a multiple rate congestion control building block (e.g., WEBRC) to
provide congestion control that is feedback free, where receivers adjust their
reception rates individually by joining and leaving channels associated with
the session. To that purpose, the ALC header provides a specific field to
carry congestion control specific information. However FLUTE/ALC does not
mandate the use of a particular congestion control mechanism although WEBRC is
mandatory to support in case of Internet (<xref target="RFC6726"/>, section 1.1.4).
FLUTE/ALC is often used over a network path with pre-provisoned capacity
<xref target="RFC5404"/> whete theres are no flows competing for capacity. In this
case, a sender-based rate control mechanism and a single channel is
sufficient.</t>
<t><xref target="RFC6584"/> provides per-packet authentication, integrity, and anti-replay
protection in the context of the ALC and NORM protocols. Several mechanisms are
proposed that seamlessly integrate into these protocols using the ALC and
NORM header extension mechanisms.</t>
</section>
<section anchor="interface-description-9" title="Interface Description">
<t>The FLUTE/ALC specification does not describe a specific application
programming interface (API) to control protocol operation.<vspace />
Open source reference implementations of FLUTE/ALC are available at
http://planete-bcast.inrialpes.fr/ (no longer maintained) and
http://mad.cs.tut.fi/ (no longer maintained), and these implementations
specify and document their own APIs. Commercial versions are also available,
some derived from the above implementations, with their own API.</t>
</section>
<section anchor="transport-features-9" title="Transport Features">
<t>The transport features provided by FLUTE/ALC are:</t>
<t><list style="symbols">
<t>unicast</t>
<t>multicast, anycast or IPv4 broadcast.</t>
<t>per-object dynamic meta-data delivery.</t>
<t>push delivery or on-demand delivery service.</t>
<t>fully reliable or partially reliable delivery (of file or in-memory objects).</t>
<t>ordered or unordered delivery (of file or in-memory objects).</t>
<t>per-packet authentication, integrity, and anti-replay services.</t>
<t>proactive packet erasure coding (AL-FEC) to recover from packet erasures and improve the on-demand delivery service,</t>
<t>error detection (through UDP and lower level checksums).</t>
<t>congestion control for layered flows (e.g., with WEBRC).</t>
<t>rate control transmission in a given channel.</t>
</list></t>
</section>
</section>
<section anchor="nack-oriented-reliable-multicast-norm" title="NACK-Oriented Reliable Multicast (NORM)">
<t>NORM is an IETF standards track protocol specified in <xref target="RFC5740"/>. The protocol was designed to support reliable bulk data dissemination to receiver groups using IP Multicast but also provides for point-to-point unicast operation. Its support for bulk data dissemination includes discrete file or computer memory-based “objects” as well as byte- and message-streaming. NORM is designed to incorporate packet erasure coding as an inherent part of its selective ARQ in response to receiver negative acknowledgements. The packet erasure coding can also be proactively applied for forward protection from packet loss. NORM transmissions are governed by the TCP-friendly congestion control. NORM’s reliability, congestion control, and flow control mechanism are distinct components and can be separately controlled to meet different application needs.</t>
<section anchor="protocol-description-10" title="Protocol Description">
<t>[EDITOR’S NOTE: needs to be more clear about the application of FEC and packet erasure coding; expand ARQ.]</t>
<t>The NORM protocol is encapsulated in UDP datagrams and thus provides multiplexing for multiple sockets on hosts using port numbers. For purposes of loosely coordinated IP Multicast, NORM is not strictly connection-oriented although per-sender state is maintained by receivers for protocol operation. <xref target="RFC5740"/> does not specify a handshake protocol for connection establishment and separate session initiation can be used to coordinate port numbers. However, in-band “client-server” style connection establishment can be accomplished with the NORM congestion control signaling messages using port binding techniques like those for TCP client-server connections.</t>
<t>NORM supports bulk “objects” such as file or in-memory content but also can treat a stream of data as a logical bulk object for purposes of packet erasure coding. In the case of stream transport, NORM can support either byte streams or message streams where application-defined message boundary information is carried in the NORM protocol messages. This allows the receiver(s) to join/re-join and recover message boundaries mid-stream as needed. Application content is carried and identified by the NORM protocol with encoding symbol identifiers depending upon the Forward Error Correction (FEC) Scheme <xref target="RFC3452"/> configured. NORM uses NACK-based selective ARQ to reliably deliver the application content to the receiver(s). NORM proactively measures round-trip timing information to scale ARQ timers appropriately and to support congestion control. For multicast operation, timer-based feedback suppression is uses to achieve group size scaling with low feedback traffic levels. The feedback suppression is not applied for unicast operation.</t>
<t>NORM uses rate-based congestion control based upon the TCP-Friendly Rate Control (TFRC) <xref target="RFC4324"/> principles that are also used in DCCP <xref target="RFC4340"/>. NORM uses control messages to measure RTT and collect congestion event (e..g, loss event, ECN event, etc) information from the receiver(s) to support dynamic rate control adjustment. The TCP-Friendly Multicast Congestion Control (TFMCC) <xref target="RFC4654"/> used provides some extra features to support multicast but is functionally equivalent to TFRC in the unicast case.</t>
<t>NORM’s reliability mechanism is decoupled from congestion control. This allows alternative arrangements of transport services to be invoked. For example, fixed-rate reliable delivery can be supported or unreliable (but optionally “better than best effort” via packet erasure coding) delivery with rate-control per TFRC can be achieved. Additionally, alternative congestion control techniques may be applied. For example, TFRC rate control with congestion event detection based on ECN for links with high packet loss (e.g., wireless) has been implemented and demonstrated with NORM.</t>
<t>While NORM is NACK-based for reliability transfer, it also supports a positive acknowledgment (ACK) mechanism that can be used for receiver flow control. Again, since this mechanism is decoupled from the reliability and congestion control, applications that have different needs in this aspect can use the protocol differently. One example is the use of NORM for quasi-reliable delivery where timely delivery of newer content may be favored over completely reliable delivery of older content within buffering and RTT constraints.</t>
</section>
<section anchor="interface-description-10" title="Interface Description">
<t>The NORM specification does not describe a specific application programming interface (API) to control protocol operation. A freely-available, open source reference implementation of NORM is available at https://www.nrl.navy.mil/itd/ncs/products/norm, and a documented API is provided for this implementation. While a sockets-like API is not currently documented, the existing API supports the necessary functions for that to be implemented.</t>
</section>
<section anchor="transport-features-10" title="Transport Features">
<t>The transport features provided by NORM are:</t>
<t><list style="symbols">
<t>unicast or multicast.</t>
<t>stream-oriented delivery in a single stream.</t>
<t>object-oriented delivery of discrete data or file items.</t>
<t>reliable delivery.</t>
<t>unordered unidirectional delivery (of in-memory data or file bulk content objects).</t>
<t>error detection (UDP checksum).</t>
<t>segmentation.</t>
<t>data bundling (Nagle’s algorithm).</t>
<t>flow control (timer-based and/or ack-based).</t>
<t>congestion control.</t>
<t>packet erasure coding (both proactively and as part of ARQ).</t>
</list></t>
</section>
</section>
<section anchor="transport-layer-security-tls-and-datagram-tls-dtls-as-a-pseudotransport" title="Transport Layer Security (TLS) and Datagram TLS (DTLS) as a pseudotransport">
<t>Transport Layer Security (TLS) and Datagram TLS (DTLS) are IETF protocols that provide
several security-related features to applications. TLS is designed to run on top
of a reliable streaming transport protocol (usually TCP), while DTLS
is designed to run on top of a best-effort datagram protocol (UDP or DCCP <xref target="RFC5238"/>).
At the time of writing, the
current version of TLS is 1.2; it is defined in <xref target="RFC5246"/>. DTLS provides
nearly identical functionality to applications; it is defined in <xref target="RFC6347"/>
and its current version is also 1.2. The TLS protocol evolved from
the Secure Sockets Layer (SSL) protocols developed in the mid 90s to support
protection of HTTP traffic.</t>
<t>While older versions of TLS and DTLS are still in use, they provide weaker
security guarantees. <xref target="RFC7457"/> outlines important attacks on TLS and DTLS.
<xref target="RFC7525"/> is a Best Current Practices (BCP) document that describes secure
configurations for TLS and DTLS to counter these attacks. The recommendations
are applicable for the vast majority of use cases.</t>
<t>[NOTE: The Logjam authors (weakdh.org) give (inconclusive) evidence that one of
the recommendations of <xref target="RFC7525"/>, namely the use of DHE-1024 as a fallback, may
not be sufficient in all cases to counter an attacker with the resources of a
nation-state. It is unclear at this time if the RFC is going to be updated as a
result, or whether there will be an RFC7525bis.]</t>
<section anchor="protocol-description-11" title="Protocol Description">
<t>Both TLS and DTLS provide the same security features and can thus be discussed
together. The features they provide are:</t>
<t><list style="symbols">
<t>Confidentiality</t>
<t>Data integrity</t>
<t>Peer authentication (optional)</t>
<t>Perfect forward secrecy (optional)</t>
</list></t>
<t>The authentication of the peer entity can be omitted; a common web use
case is where the server is authenticated and the client is not.
TLS also provides a completely anonymous operation mode in which neither
peer’s identity is authenticated.
It is important to note that TLS itself does not specify how a peering entity’s identity
should be interpreted. For example, in the common use case of
authentication by means of an X.509 certificate, it is the application’s
decision whether the certificate of the peering entity is acceptable for authorization decisions.
Perfect forward secrecy, if enabled and supported by the selected algorithms,
ensures that traffic encrypted and captured during a session at time t0 cannot be
later decrypted at time t1 (t1 > t0), even if the long-term secrets of the
communicating peers are later compromised.</t>
<t>As DTLS is generally used over an unreliable datagram transport such as UDP, applications
will need to tolerate loss, re-ordered, or duplicated datagrams.
Like TLS, DTLS conveys application data in a sequence of independent records.
However, because records are mapped to unreliable datagrams, there are several
features unique to DTLS that are not applicable to TLS:</t>
<t><list style="symbols">
<t>Record replay detection (optional).</t>
<t>Record size negotiation (estimates of PMTU and record size expansion factor).</t>
<t>Coveyance of IP don’t fragment (DF) bit settings by application.</t>
<t>An anti-DoS stateless cookie mechanism (optional).</t>
</list></t>
<t>Generally, DTLS follows the TLS design as closely as possible.
To operate over datagrams, DTLS includes a sequence number and limited forms
of retransmission and fragmentation for its internal operations.
The sequence number may be used for detecting replayed information, according
to the windowing procedure described in Section 4.1.2.6 of <xref target="RFC6347"/>.
Note also that DTLS forbids the use of stream ciphers, which are essentially incompatible
when operating on independent encrypted records.</t>
</section>
<section anchor="interface-description-11" title="Interface Description">
<t>TLS is commonly invoked using an API provided by packages such as OpenSSL, wolfSSL, or GnuTLS.
Using such APIs entails the manipulation of several important abstractions, which
fall into the following categories:
long-term keys and algorithms, session state, and communications/connections.
There may also be special APIs required to deal with time and/or random numbers, both of which
are needed by a variety of encryption algorithms and protocols.</t>
<t>Considerable care is required in the use of TLS APIs in order to create a secure
application. The programmer should have at least a basic understanding of encryption
and digital signature algorithms and their strengths, public key infrastructure (including
X.509 certificates and certificate revocation), and the sockets API.
See <xref target="RFC7525"/> and <xref target="RFC7457"/>, as mentioned above.</t>
<t>As an example, in the case of OpenSSL,
the primary abstractions are the library itself and method (protocol),
session, context, cipher and connection.
After initializing the library and setting the method, a cipher suite
is chosen and used to configure a context object.
Session objects may then be minted according to the parameters present
in a context object and associated with individual connections.
Depending on how precisely the programmer wishes to select different
algorithmic or protocol options, various levels of details may be required.</t>
</section>
<section anchor="transport-features-11" title="Transport Features">
<t>Both TLS and DTLS employ a layered architecture. The lower layer is commonly
called the record protocol. It is responsible for:</t>
<t><list style="symbols">
<t>message fragmentation</t>
<t>authentication and integrity via message authentication codes (MAC)</t>
<t>data encryption</t>
<t>scheduling transmission using the underlying transport protocol</t>
</list></t>
<t>DTLS augments the TLS record protocol with:</t>
<t><list style="symbols">
<t>ordering and replay protection, implemented using sequence numbers.</t>
</list></t>
<t>Several protocols are layered on top of the record protocol. These include
the handshake, alert, and change cipher spec protocols. There is also the
data protocol, used to carry application traffic. The handshake protocol is
used to establish cryptographic and compression parameters when a connection
is first set up. In DTLS, this protocol also has a basic fragmentation and
retransmission capability and a cookie-like mechanism to resist DoS attacks.
(TLS compression is not recommended at present). The alert protocol is used to
inform the peer of various conditions, most of which are terminal for the
connection. The change cipher spec protocol is used to synchronize changes in
cryptographic parameters for each peer.</t>
</section>
</section>
<section anchor="hypertext-transport-protocol-http-over-tcp-as-a-pseudotransport" title="Hypertext Transport Protocol (HTTP) over TCP as a pseudotransport">
<t>Hypertext Transfer Protocol (HTTP) is an application-level protocol widely used on the Internet. Version 1.1 of the protocol is specified in <xref target="RFC7230"/> <xref target="RFC7231"/> <xref target="RFC7232"/> <xref target="RFC7233"/> <xref target="RFC7234"/> <xref target="RFC7235"/>, and version 2 in <xref target="RFC7540"/>. Furthermore, HTTP is used as a substrate for other application-layer protocols. There are various reasons for this practice listed in <xref target="RFC3205"/>; these include being a well-known and well-understood protocol, reusability of existing servers and client libraries, easy use of existing security mechanisms such as HTTP digest authentication <xref target="RFC2617"/> and TLS <xref target="RFC5246"/>, the ability of HTTP to traverse firewalls which makes it work with a lot of infrastructure, and cases where a application server often needs to support HTTP anyway.</t>
<t>Depending on application’s needs, the use of HTTP as a substrate protocol may add complexity and overhead in comparison to a special-purpose protocol (e.g. HTTP headers, suitability of the HTTP security model etc.). <xref target="RFC3205"/> address this issues and provides some guidelines and concerns about the use of HTTP standard port 80 and 443, the use of HTTP URL scheme and interaction with existing firewalls, proxies and NATs.</t>
<t>Though not strictly bound to TCP, HTTP is almost exclusively run over TCP, and therefore inherits its properties when used in this way.</t>
<section anchor="protocol-description-12" title="Protocol Description">
<t>Hypertext Transfer Protocol (HTTP) is a request/response protocol. A client sends a request containing a request method, URI and protocol version followed by a MIME-like message (see <xref target="RFC7231"/> for the differences between an HTTP object and a MIME message), containing information about the client and request modifiers. The message can contain a message body carrying application data as well. The server responds with a status or error code followed by a MIME-like message containing information about the server and information about carried data and it can include a message body. It is possible to specify a data format for the message body using MIME media types <xref target="RFC2045"/>. Furthermore, the protocol has numerous additional features; features relevant to pseudotransport are described below.</t>
<t>Content negotiation, specified in <xref target="RFC7231"/>, is a mechanism provided by HTTP for selecting a representation on a requested resource. The client and server negotiate acceptable data formats, charsets, data encoding (e.g. data can be transferred compressed, gzip), etc. HTTP can accommodate exchange of messages as well as data streaming (using chunked transfer encoding <xref target="RFC7230"/>). It is also possible to request a part of a resource using range requests specified in <xref target="RFC7233"/>. The protocol provides powerful cache control signalling defined in <xref target="RFC7234"/>.</t>
<t>HTTP 1.1’s and HTTP 2.0’s persistent connections can be use to perform multiple request-response transactions during the life-time of a single HTTP connection. Moreover, HTTP 2.0 connections can multiplex many request/response pairs in parallel on a single connection. This reduces connection establishment overhead and the effect of TCP slow-start on each transaction, important for HTTP’s primary use case.</t>
<t>It is possible to combine HTTP with security mechanisms, like TLS (denoted by HTTPS), which adds protocol properties provided by such a mechanism (e.g. authentication, encryption, etc.). TLS’s Application-Layer Protocol Negotiation (ALPN) extension <xref target="RFC7301"/> can be used for HTTP version negotiation within TLS handshake which eliminates addition round-trip. Arbitrary cookie strings, included as part of the MIME headers, are often used as bearer tokens in HTTP.</t>
<t>Application layer protocols using HTTP as substrate may use existing method and data formats, or specify new methods and data formats. Furthermore some protocols may not fit a request/response paradigm and instead rely on HTTP to send messages (e.g. <xref target="RFC6546"/>). Because HTTP is working in many restricted infrastructures, it is also used to tunnel other application-layer protocols.</t>
</section>
<section anchor="interface-description-12" title="Interface Description">
<t>There are many HTTP libraries available exposing different APIs. The APIs provide a way to specify a request by providing a URI, a method, request modifiers and optionally a request body. For the response, callbacks can be registered that will be invoked when the response is received. If TLS is used, API expose a registration of callbacks in case a server requests client authentication and when certificate verification is needed.</t>
<t>World Wide Web Consortium (W3C) standardized the XMLHttpRequest API <xref target="XHR"/>, an API that can be use for sending HTTP/HTTPS requests and receiving server responses. Besides XML data format, request and response data format can also be JSON, HTML and plain text. Specifically JavaScript and XMLHttpRequest are a ubiquitous programming model for websites, and more general applications, where native code is less attractive.</t>
<t>Representational State Transfer (REST) <xref target="REST"/> is another example how applications can use HTTP as transport protocol. REST is an architecture style for building application on the Internet. It uses HTTP as a communication protocol.</t>
</section>
<section anchor="transport-features-12" title="Transport features">
<t>The transport features provided by HTTP, when used as a pseudotransport, are:</t>
<t><list style="symbols">
<t>unicast.</t>
<t>message and stream-oriented transfer.</t>
<t>bi- or unidirectional transmission.</t>
<t>ordered delivery.</t>
<t>fully reliable delivery.</t>
<t>object range request.</t>
<t>message content type negotiation.</t>
<t>flow control.</t>
</list></t>
<t>HTTPS (HTTP over TLS) additionally provides the following components:</t>
<t><list style="symbols">
<t>authentication (of one or both ends of a connection).</t>
<t>confidentiality.</t>
<t>integrity protection.</t>
</list></t>
</section>
</section>
</section>
<section anchor="transport-service-features" title="Transport Service Features">
<t>[EDITOR’S NOTE: This section is still work-in-progress. This list is probably not complete and/or too detailed.]</t>
<t>The transport protocol components analyzed in this document which can be used as a basis for defining common transport service features, normalized and separated into categories, are as follows:</t>
<t><list style="symbols">
<t>Control Functions
<list style="symbols">
<t>Addressing
<list style="symbols">
<t>unicast</t>
<t>multicast, anycast and IPv4 broadcast</t>
<t>use of NAPT-compatible port numbers</t>
</list></t>
<t>Multihoming support
<list style="symbols">
<t>multihoming for resilience</t>
<t>multihoming for mobility
<list style="symbols">
<t>specify handover latency?</t>
</list></t>
<t>multihoming for load-balancing
<list style="symbols">
<t>specify interleaving delay?</t>
</list></t>
</list></t>
<t>Multiplexing
<list style="symbols">
<t>application to port mapping</t>
<t>single vs. multiple streaming</t>
</list></t>
</list></t>
<t>Delivery
<list style="symbols">
<t>reliability
<list style="symbols">
<t>fully reliable delivery</t>
<t>partially reliable delivery
<list style="symbols">
<t>packet erasure coding</t>
</list></t>
<t>unreliable delivery
<list style="symbols">
<t>drop notification</t>
<t>Integrity protection
<list style="symbols">
<t>checksum for error detection</t>
<t>partial payload checksum protection</t>
<t>checksum optional</t>
</list></t>
</list></t>
</list></t>
<t>ordering
<list style="symbols">
<t>ordered delivery</t>
<t>unordered delivery
<list style="symbols">
<t>unordered delivery of in-memory data</t>
</list></t>
</list></t>
<t>type/framing
<list style="symbols">
<t>stream-oriented delivery</t>
<t>message-oriented delivery</t>
<t>object-oriented delivery of discrete data or file items
<list style="symbols">
<t>object content type negotiation</t>
</list></t>
<t>range-based partical object transmission</t>
<t>file bulk content objects</t>
</list></t>
</list></t>
<t>Transmission control
<list style="symbols">
<t>rate control
<list style="symbols">
<t>timer-based</t>
<t>ACK-based</t>
</list></t>
<t>congestion control</t>
<t>flow control</t>
<t>segmentation</t>
<t>data/message bundling (Nagle’s algorithm)</t>
<t>stream scheduling prioritization</t>
</list></t>
<t>Security
<list style="symbols">
<t>authentication of one end of a connection</t>
<t>authentication of both ends of a connection</t>
<t>confidentiality</t>
<t>cryptographic integrity protection</t>
</list></t>
</list></t>
<t>A future revision of this document will define transport service features based upon this list.</t>
<t>[EDITOR’S NOTE: this section will drawn from the candidate features provided by protocol components in the
previous section – please discuss on taps@ietf.org list]</t>
<section anchor="complete-protocol-feature-matrix" title="Complete Protocol Feature Matrix">
<t>[EDITOR’S NOTE: Dave Thaler has signed up as a contributor for this section. Michael Welzl also has a beginning of a matrix which could be useful here.]</t>
<t>[EDITOR’S NOTE: The below is a strawman proposal below by Gorry Fairhurst for initial discussion]</t>
<t>The table below summarises protocol mechanisms that have been standardised. It does not make an assessment on whether specific implementations are fully compliant to these specifications.</t>
<texttable>
<ttcol align='left'>Mechanism</ttcol>
<ttcol align='left'>UDP</ttcol>
<ttcol align='left'>UDP-L</ttcol>
<ttcol align='left'>DCCP</ttcol>
<ttcol align='left'>SCTP</ttcol>
<ttcol align='left'>TCP</ttcol>
<c>Unicast</c>
<c>Yes</c>
<c>Yes</c>
<c>Yes</c>
<c>Yes</c>
<c>Yes</c>
<c>Mcast/IPv4Bcast</c>
<c>Yes(2)</c>
<c>Yes</c>
<c>No</c>
<c>No</c>
<c>No</c>
<c>Port Mux</c>
<c>Yes</c>
<c>Yes</c>
<c>Yes</c>
<c>Yes</c>
<c>Yes</c>
<c>Mode</c>
<c>Dgram</c>
<c>Dgram</c>
<c>Dgram</c>
<c>Dgram</c>
<c>Stream</c>
<c>Connected</c>
<c>No</c>
<c>No</c>
<c>Yes</c>
<c>Yes</c>
<c>Yes</c>
<c>Data bundling</c>
<c>No</c>
<c>No</c>
<c>No</c>
<c>Yes</c>
<c>Yes</c>
<c>Feature Nego</c>
<c>No</c>
<c>No</c>
<c>Yes</c>
<c>Yes</c>
<c>Yes</c>
<c>Options</c>
<c>No</c>
<c>No</c>
<c>Support</c>
<c>Support</c>
<c>Support</c>
<c>Data priority</c>
<c>*</c>
<c>*</c>
<c>*</c>
<c>Yes</c>
<c>No</c>
<c>Data bundling</c>
<c>No</c>
<c>No</c>
<c>No</c>
<c>Yes</c>
<c>Yes</c>
<c>Reliability</c>
<c>None</c>
<c>None</c>
<c>None</c>
<c>Select</c>
<c>Full</c>
<c>Ordered deliv</c>
<c>No</c>
<c>No</c>
<c>No</c>
<c>Stream</c>
<c>Yes</c>
<c>Corruption Tol.</c>
<c>No</c>
<c>Support</c>
<c>Support</c>
<c>No</c>
<c>No</c>
<c>Flow Control</c>
<c>No</c>
<c>No</c>
<c>Support</c>
<c>Yes</c>
<c>Yes</c>
<c>PMTU/PLPMTU</c>
<c>(1)</c>
<c>(1)</c>
<c>Yes</c>
<c>Yes</c>
<c>Yes</c>
<c>Cong Control</c>
<c>(1)</c>
<c>(1)</c>
<c>Yes</c>
<c>Yes</c>
<c>Yes</c>
<c>ECN Support</c>
<c>(1)</c>
<c>(1)</c>
<c>Yes</c>
<c>TBD</c>
<c>Yes</c>
<c>NAT support</c>
<c>Limited</c>
<c>Limited</c>
<c>Support</c>
<c>TBD</c>
<c>Support</c>
<c>Security</c>
<c>DTLS</c>
<c>DTLS</c>
<c>DTLS</c>
<c>DTLS</c>
<c>TLS, AO</c>
<c>UDP encaps</c>
<c>N/A</c>
<c>None</c>
<c>Yes</c>
<c>Yes</c>
<c>None</c>
<c>RTP support</c>
<c>Support</c>
<c>Support</c>
<c>Support</c>
<c>?</c>
<c>Support</c>
</texttable>
<t>Note (1): this feature requires support in an upper layer protocol.</t>
<t>Note (2): this feature requires support in an upper layer protocol when used with IPv6.</t>
</section>
</section>
<section anchor="iana-considerations" title="IANA Considerations">
<t>This document has no considerations for IANA.</t>
</section>
<section anchor="security-considerations" title="Security Considerations">
<t>This document surveys existing transport protocols and protocols providing transport-like services. Confidentiality, integrity, and authenticity are among the features provided by those services. This document does not specify any new components or mechanisms for providing these features. Each RFC listed in this document discusses the security considerations of the specification it contains.</t>
</section>
<section anchor="contributors" title="Contributors">
<t>[Editor’s Note: turn this into a real contributors section with addresses once we figure out how to trick the toolchain into doing so]</t>
<!--
-
ins: K. Fall
name: Kevin Fall
email: kfall@kfall.com
-
ins: M. Tuexen
name: Michael Tuexen
org: Muenster University of Applied Sciences
street: Stegerwaldstrasse 39
city: 48565 Steinfurt
country: Germany
email: tuexen@fh-muenster.de
-->
<t><list style="symbols">
<t><xref target="multipath-tcp-mptcp"/> on MPTCP was contributed by Simone Ferlin-Oliviera (ferlin@simula.no) and Olivier Mehani (olivier.mehani@nicta.com.au)</t>
<t><xref target="user-datagram-protocol-udp"/> on UDP was contributed by Kevin Fall (kfall@kfall.com)</t>
<t><xref target="stream-control-transmission-protocol-sctp"/> on SCTP was contributed by Michael Tuexen (tuexen@fh-muenster.de)</t>
<t><xref target="file-delivery-over-unidirectional-transportasynchronous-layered-coding-reliable-multicast-flutealc"/> on FLUTE/ALC was contributed by Vincent Roca (vincent.roca@inria.fr)</t>
<t><xref target="nack-oriented-reliable-multicast-norm"/> on NORM was contributed by Brian Adamson (brian.adamson@nrl.navy.mil)</t>
<t><xref target="transport-layer-security-tls-and-datagram-tls-dtls-as-a-pseudotransport"/> on TLS and DTLS was contributed by Ralph Holz (ralph.holz@nicta.com.au) and Olivier Mehani (olivier.mehani@nicta.com.au)</t>
<t><xref target="hypertext-transport-protocol-http-over-tcp-as-a-pseudotransport"/> on HTTP was contributed by Dragana Damjanovic (ddamjanovic@mozilla.com)</t>
</list></t>
</section>
<section anchor="acknowledgments" title="Acknowledgments">
<t>Thanks to Karen Nielsen, Joe Touch, and Michael Welzl for the comments,
feedback, and discussion. This work is partially supported by the European
Commission under grant agreements FP7-ICT-318627 mPlane and from the Horizon 2020
research and innovation program under grant agreement No. 644334 (NEAT); support does not imply
endorsement.</t>
</section>
</middle>
<back>
<references title='Informative References'>
&RFC0768;
&RFC0792;
&RFC0793;
&RFC0896;
&RFC1122;
&RFC1191;
&RFC1716;
&RFC1981;
&RFC2018;
&RFC2045;
&RFC2460;
&RFC2461;
&RFC2617;
&RFC2710;
&RFC3168;
&RFC3205;
&RFC3436;
&RFC3450;
&RFC3452;
&RFC3550;
&RFC3738;
&RFC3758;
&RFC3828;
&RFC3926;
&RFC3971;
&RFC4324;
&RFC4336;
&RFC4340;
&RFC4341;
&RFC4342;
&RFC4433;
&RFC4614;
&RFC4654;
&RFC4820;
&RFC4821;
&RFC4895;
&RFC4960;
&RFC5061;
&RFC5097;
&RFC5246;
&RFC5238;
&RFC5404;
&RFC5461;
&RFC5595;
&RFC5596;
&RFC5651;
&RFC5662;
&RFC5672;
&RFC5740;
&RFC5775;
&RFC5681;
&RFC6056;
&RFC6083;
&RFC6093;
&RFC6525;
&RFC6546;
&RFC6347;
&RFC6356;
&RFC6363;
&RFC6455;
&RFC6458;
&RFC6584;
&RFC6726;
&RFC6773;
&RFC6824;
&RFC6897;
&RFC6935;
&RFC6936;
&RFC6951;
&RFC7053;
&RFC7230;
&RFC7231;
&RFC7232;
&RFC7233;
&RFC7234;
&RFC7235;
&RFC7301;
&RFC7323;
&RFC7457;
&RFC7496;
&RFC7525;
&RFC7540;
&I-D.ietf-tsvwg-rfc5405bis;
&I-D.ietf-aqm-ecn-benefits;
&I-D.ietf-tsvwg-sctp-dtls-encaps;
&I-D.ietf-tsvwg-sctp-ndata;
&I-D.ietf-tsvwg-natsupp;
<reference anchor="XHR" >
<front>
<title>XMLHttpRequest working draft (http://www.w3.org/TR/XMLHttpRequest/)</title>
<author initials="A." surname="van Kesteren">
<organization></organization>
</author>
<author initials="J." surname="Aubourg">
<organization></organization>
</author>
<author initials="J." surname="Song">
<organization></organization>
</author>
<author initials="H.R.M." surname="Steen">
<organization></organization>
</author>
<date year="2000"/>
</front>
</reference>
<reference anchor="REST" >
<front>
<title>Architectural Styles and the Design of Network-based Software Architectures, Ph. D. (UC Irvine), Chapter 5: Representational State Transfer</title>
<author initials="R.T." surname="Fielding">
<organization></organization>
</author>
<date year="2000"/>
</front>
</reference>
<reference anchor="POSIX" >
<front>
<title>IEEE Standard for Information Technology -- Portable Operating System Interface (POSIX) Base Specifications, Issue 7</title>
<author initials="IEEE Std.1003." surname="1-2008">
<organization></organization>
</author>
<date year="n.d."/>
</front>
</reference>
<reference anchor="MBMS" >
<front>
<title>3GPP TS 26.346: Multimedia Broadcast/Multicast Service (MBMS); Protocols and codecs, release 13 (http://www.3gpp.org/DynaReport/26346.htm).</title>
<author initials="." surname="3GPP TSG WS S4">
<organization></organization>
</author>
<date year="2015"/>
</front>
</reference>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 05:58:36 |