1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
|
Internet Engineering Task Force (IETF) J. Goldberg
Request for Comments: 7825 Cisco
Category: Standards Track M. Westerlund
ISSN: 2070-1721 Ericsson
T. Zeng
Nextwave Wireless, Inc.
December 2016
A Network Address Translator (NAT) Traversal Mechanism for Media
Controlled by the Real-Time Streaming Protocol (RTSP)
Abstract
This document defines a solution for Network Address Translation
(NAT) traversal for datagram-based media streams set up and
controlled with the Real-Time Streaming Protocol version 2 (RTSP
2.0). It uses Interactive Connectivity Establishment (ICE) adapted
to use RTSP as a signaling channel, defining the necessary RTSP
extensions and procedures.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7825.
Goldberg, et al. Standards Track [Page 1]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction ....................................................3
2. Key Words .......................................................4
3. Solution Overview ...............................................4
4. RTSP Extensions .................................................6
4.1. ICE Transport Lower Layer ..................................6
4.2. ICE Candidate Transport Header Parameter ...................8
4.3. ICE Password and Username Transport Header Parameters .....11
4.4. ICE Feature Tag ...........................................11
4.5. Status Codes ..............................................12
4.5.1. 150 Server still working on ICE
connectivity checks ................................12
4.5.2. 480 ICE Connectivity check failure .................12
4.6. New Reason for PLAY_NOTIFY ................................12
4.7. Server-Side SDP Attribute for ICE Support .................13
5. ICE-RTSP .......................................................13
5.1. ICE Features Not Required .................................13
5.1.1. ICE-Lite ...........................................13
5.1.2. ICE-Mismatch .......................................13
5.1.3. ICE Remote Candidate Transport Header Parameter ....14
5.2. High-Reachability Configuration ...........................14
6. Detailed Solution ..............................................14
6.1. Session Description and RTSP DESCRIBE (Optional) ..........14
6.2. Setting Up the Media Streams ..............................15
6.3. RTSP SETUP Request ........................................16
6.4. Gathering Candidates ......................................16
6.5. RTSP Server Response ......................................17
6.6. Server-to-Client ICE Connectivity Checks ..................18
6.7. Client-to-Server ICE Connectivity Check ...................19
6.8. Client Connectivity Checks Complete .......................20
6.9. Server Connectivity Checks Complete .......................20
6.10. Freeing Candidates .......................................20
Goldberg, et al. Standards Track [Page 2]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
6.11. Steady State .............................................21
6.12. Re-SETUP .................................................21
6.13. Server-Side Changes after Steady State ...................22
7. ICE and Proxies ................................................24
7.1. Media-Handling Proxies ....................................24
7.2. Signaling-Only Proxies ....................................25
7.3. Non-supporting Proxies ....................................25
8. RTP and RTCP Multiplexing ......................................26
9. Fallback and Using Partial ICE Functionality to Improve
NAT/Firewall Traversal .........................................27
10. IANA Considerations ...........................................28
10.1. RTSP Feature Tags ........................................28
10.2. Transport Protocol Identifiers ...........................28
10.3. RTSP Transport Parameters ................................29
10.4. RTSP Status Codes ........................................29
10.5. Notify-Reason Value ......................................29
10.6. SDP Attribute ............................................29
11. Security Considerations .......................................30
11.1. ICE and RTSP .............................................30
11.2. Logging ..................................................30
12. References ....................................................31
12.1. Normative References .....................................31
12.2. Informative References ...................................32
Acknowledgments ...................................................33
Authors' Addresses ................................................33
1. Introduction
"Real Time Streaming Protocol (RTSP)" [RFC2326] and RTSP 2.0
[RFC7826] are protocols used to set up and control one or more media
streams delivering media to receivers. It is RTSP's functionality of
setting up media streams that causes serious issues with Network
Address Translators (NATs) [RFC3022] unless extra provisions are made
by the protocol. Thus, there is a need for a NAT traversal mechanism
for the media setup using RTSP.
RTSP 1.0 [RFC2326] has suffered from the lack of a standardized NAT
traversal mechanism for a long time; however, due to quality of the
RTSP 1.0 specification, the work was difficult to specify in an
interoperable fashion. This document is therefore built on the
specification of RTSP 2.0 [RFC7826]. RTSP 2.0 is similar to RTSP 1.0
in many respects, but, significantly for this work, it contains a
well-defined extension mechanism that allows a NAT traversal
extension to be defined that is backwards compatible with RTSP 2.0
peers not supporting the extension. This extension mechanism was not
possible in RTSP 1.0 as it would break RTSP 1.0 syntax and cause
compatibility issues.
Goldberg, et al. Standards Track [Page 3]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
There have been a number of suggested ways of resolving the NAT
traversal of media for RTSP, most of which are already used in
implementations. The evaluation of these NAT-traversal solutions in
[RFC7604] has shown that there are many issues to consider. After
extensive evaluation, a mechanism based on Interactive Connectivity
Establishment (ICE) [RFC5245] was selected. There were mainly two
reasons: the mechanism supports RTSP servers behind NATs and the
mechanism mitigates the security threat of using RTSP servers as
Distributed Denial-of-Service (DDoS) attack tools.
This document specifies an ICE-based solution that is optimized for
media delivery from server to client. If future extensions are
specified for other delivery modes than "PLAY", then the
optimizations in regard to when PLAY requests are sent needs to be
reconsidered.
The NAT problem for RTSP signaling traffic is a less prevalent
problem than the NAT problem for RTSP media streams. Consequently,
the former is left for future study.
The ICE usage defined in this specification is called "ICE-RTSP" and
does not match the full ICE for SIP/SDP (Session Description
Protocol) or ICE-Lite as defined in the ICE specification [RFC5245].
ICE-RTSP is tailored to the needs of RTSP and is slightly simpler
than ICE-Full for both clients and servers.
2. Key Words
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in RFC
2119 [RFC2119].
3. Solution Overview
This overview assumes that the reader has some familiarity with how
ICE [RFC5245] in the context of "SIP: Session Initiation Protocol"
[RFC3261] and "An Offer/Answer Model with the Session Description
Protocol (SDP)" [RFC3264] works, as it primarily points out how the
different ICE steps are accomplished in RTSP.
1. The RTSP server should indicate it has support for ICE via a new
SDP [RFC4566] attribute ("a=rtsp-ice-d-m") in, for example, the
SDP returned in the RTSP DESCRIBE message. This allows RTSP
clients to only perform the new ICE exchanges with servers that
support ICE. If RTSP DESCRIBE is used, the normal capability
determination mechanism should also be used, i.e., Supported
Goldberg, et al. Standards Track [Page 4]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
header with a new ICE feature tag. Note: both mechanisms should
be supported, as there are various use cases where only one of
them is used.
2. The RTSP client reviews the session description returned, for
example by an RTSP DESCRIBE message, to determine what media
streams need to be set up. For each of these media streams
where the transport protocol supports connectivity checks based
on Session Traversal Utilities for (NAT) (STUN) [RFC5389], the
client gathers candidate addresses. See Section 4.1.1 in ICE
[RFC5245]. The client then runs a STUN server on each of the
local candidate's transport addresses it has gathered.
3. The RTSP client sends SETUP requests containing a transport
specification with a lower layer indicating ICE and a new RTSP
Transport header parameter "candidates" listing the ICE
candidates for each media stream.
4. After receiving the list of candidates from a client, the RTSP
server gathers its own candidates. If the server is not behind
a NAT, then a single candidate per address family (e.g., IPv4
and IPv6), media stream, and media component tuple can be
included to reduce the number of combinations and speed up the
completion.
5. The server sets up the media and, if successful, responds to the
SETUP request with a 200 OK response. In that response, the
server selects the transport specification using ICE and
includes its candidates in the candidates parameter.
6. The server starts the connectivity checks following the
procedures described in Sections 5.7 and 5.8 of ICE [RFC5245].
If the server is not behind a NAT and uses a public IP address
with a single candidate per (media stream, component, address
family) tuple, then the server may be configured to not initiate
connectivity checks.
7. The client receives the SETUP response and learns the candidate
addresses to use for the connectivity checks and then initiates
its connectivity check, following the procedures in Section 6 of
ICE [RFC5245].
8. When a connectivity check from the client reaches the server, it
will result in a triggered check from the server. This is why
servers not behind a NAT can wait until this triggered check to
send out any checks for itself, so saving resources and
mitigating the DDoS potential from server-initiated connectivity
checks.
Goldberg, et al. Standards Track [Page 5]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
9. When the client has concluded its connectivity checks, including
nominating candidates, and has correspondingly received the
server connectivity checks on the nominated candidates for all
mandatory components of all media streams, it can issue a PLAY
request. If the connectivity checks have not concluded
successfully, then the client may send a new SETUP request if it
has any new information or believes the server may be able to do
more that can result in successful checks.
10. When the RTSP server receives a PLAY request, it checks to see
that the connectivity checks have concluded successfully, and
only then can it play the stream. If there is a problem with
the checks, then the server sends either a 150 (Server still
working on ICE connectivity checks) response to show that it is
still working on the connectivity checks, or a 480 (ICE
Connectivity check failure) response to indicate a failure of
the checks. If the checks are successful, then the server sends
a 200 OK response and starts delivering media.
The client and server may release unused candidates when the ICE
processing has concluded, a single candidate per component has been
nominated, and a PLAY response has been received (client) or sent
(server).
The client needs to continue to use STUN as a keep-alive mechanism
for the used candidate pairs to keep their NAT bindings current.
RTSP servers behind NATs will also need to send keep-alive messages
when not sending media. This is important since RTSP media sessions
often contain only media traffic from the server to the client so the
bindings in the NAT need to be refreshed by client-to-server traffic
provided by the STUN keep-alive.
4. RTSP Extensions
This section defines the necessary RTSP extensions for performing ICE
with RTSP. Note that these extensions are based on the SDP
attributes in the ICE specification unless expressly indicated
otherwise.
4.1. ICE Transport Lower Layer
A new lower layer "D-ICE" for transport specifications is defined.
This lower layer is datagram clean except that the protocol used must
be possible to demultiplex from STUN messages (see STUN [RFC5389]).
By "datagram clean" we mean that it has to be capable of describing
the length of the datagram, transport that datagram (as a binary
chunk of data), and provide it at the receiving side as one single
item. This lower layer can be any transport type defined for ICE
Goldberg, et al. Standards Track [Page 6]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
that does provide datagram transport capabilities. UDP-based
transport candidates are defined in ICE [RFC5245] and MUST be
supported. It is OPTIONAL to also support TCP-based candidates as
defined by "TCP Candidates with Interactive Connectivity
Establishment (ICE)" [RFC6544]. The TCP-based candidate fulfills the
requirements on providing datagram transport and can thus be used in
combination with RTP. Additional transport types for candidates may
be defined in the future.
This lower layer uses ICE to determine which of the different
candidates shall be used and then, when the ICE processing has
concluded, uses the selected candidate to transport the datagrams
over this transport.
This lower-layer transport can be combined with all upper-layer media
transport protocols that are possible to demultiplex with STUN and
that use datagrams. This specification defines the following
combinations:
o RTP/AVP/D-ICE
o RTP/AVPF/D-ICE
o RTP/SAVP/D-ICE
o RTP/SAVPF/D-ICE
This list can be extended with more transport specifications after
having performed the evaluation that they are compatible with D-ICE
as lower layer. The registration is required to follow the registry
rules for the Transport Protocol Identifier (see Section 22.13.1 of
[RFC7826]).
The lower-layer "D-ICE" has the following rules for the inclusion of
the RTSP Transport header (Section 18.54 of RTSP 2.0 [RFC7826])
parameters:
unicast: ICE only supports unicast operations; thus, it is REQUIRED
that one include the unicast indicator parameter (see
Section 18.54 in RTSP 2.0 [RFC7826]).
candidates: The "candidates" parameter SHALL be included as it
specifies at least one candidate with which to try to establish a
working transport path.
dest_addr: This parameter MUST NOT be included since "candidates" is
used instead to provide the necessary address information.
Goldberg, et al. Standards Track [Page 7]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
ICE-Password: This parameter SHALL be included (see Section 4.2).
ICE-ufrag: This parameter SHALL be included (see Section 4.2).
4.2. ICE Candidate Transport Header Parameter
This section defines a new RTSP transport parameter for carrying ICE
candidates related to the transport specification they appear within,
which may then be validated with an end-to-end connectivity check
using STUN [RFC5389]. Transport parameters may only occur once in
each transport specification. For transport specifications using
"D-ICE" as lower layer, this parameter MUST be present. The
parameter can contain one or more ICE candidates. In the SETUP
response, there is only a single transport specification; if that
uses the "D-ICE" lower layer, this parameter MUST be present and
include the server-side candidates.
The ABNF [RFC5234] for these transport header parameters are:
trns-parameter = <Defined in Section 20.2.3 of [RFC7826]>
trns-parameter =/ SEMI ice-trn-par
ice-trn-par = "candidates" EQUAL DQUOTE SWS ice-candidate
*(SEMI ice-candidate) SWS DQUOTE
ice-candidate = foundation SP
component-id SP
transport SP
priority SP
connection-address SP
port SP
cand-type
[SP rel-addr]
[SP rel-port]
[SP tcp-type-ext] ; Mandatory if transport = TCP
*(SP extension-att-name SP extension-att-value)
foundation = <See Section 15.1 of [RFC5245]>
component-id = <See Section 15.1 of [RFC5245]>
transport = <See Section 15.1 of [RFC5245]>
priority = <See Section 15.1 of [RFC5245]>
cand-type = <See Section 15.1 of [RFC5245]>
rel-addr = <See Section 15.1 of [RFC5245]>
rel-port = <See Section 15.1 of [RFC5245]>
tcp-type-ext = <See Section 4.5 of [RFC6544]>
extension-att-name = <See Section 15.1 of [RFC5245]>
extension-att-value = <See Section 15.1 of [RFC5245]>
connection-address = <See [RFC4566]>
port = <See [RFC4566]>
EQUAL = <Defined in [RFC7826]>
Goldberg, et al. Standards Track [Page 8]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
DQUOTE = <Defined in [RFC7826]>
SWS = <Defined in [RFC7826]>
SEMI = <Defined in [RFC7826]>
SP = <Defined in [RFC7826]>
<connection-address>: is the unicast IP address of the candidate,
allowing for IPv4 addresses, IPv6 addresses, and Fully Qualified
Domain Names (FQDNs), taken from SDP [RFC4566]. Note, this
context MUST have a unicast address for this parameter, even
though a multicast address would be syntactically valid. The
connection address SHOULD use the same format (explicit IP or
FQDN) as in the dest_addr parameter used in the transport
specification that express any fallback. An IP address is
preferred for simplicity, but both an IP Address and FQDN can be
used. In the FQDN case, when receiving a SETUP request or
response containing an FQDN in an ice-candidate parameter, the
FQDN is looked up in the DNS first using a AAAA record (assuming
the agent supports IPv6), and if no result is found or the agent
only supports IPv4, using an A record. If the DNS query returns
more than one IP address, one is chosen, and then used for the
remainder of ICE processing, which in RTSP is subsequent RTSP
SETUPs for the same RTSP session.
<port>: is the port of the candidate; the syntax is defined by SDP
[RFC4566].
<transport>: indicates the transport protocol for the candidate.
The ICE specification defines UDP. "TCP Candidates with
Interactive Connectivity Establishment (ICE)" [RFC6544] defines
how TCP is used as candidates. Additional extensibility is
provided to allow for future transport protocols to be used with
ICE, such as the Datagram Congestion Control Protocol (DCCP)
[RFC4340].
<foundation>: is an identifier that is equivalent for two
candidates that are of the same type, share the same base IP
address, and come from the same STUN server. It is composed of
one to thirty two <ice-char>. The foundation is used to optimize
ICE performance in the Frozen algorithm (as described in
[RFC5245]).
<component-id>: identifies the specific component of the media
stream for which this is a candidate and is a positive integer
belonging to the range 1-256. It MUST start at 1 and MUST
increment by 1 for each component of a particular media stream.
For media streams based on RTP, candidates for the actual RTP
media MUST have a component ID of 1, and candidates for RTCP MUST
have a component ID of 2 unless RTP and RTCP Multiplexing
Goldberg, et al. Standards Track [Page 9]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
(Section 8) is used, in which case the second component is omitted
and RTP and RTCP are both transported over the first component.
Other types of media streams that require multiple components MUST
develop specifications that define the mapping of components to
component IDs. See Section 14 in [RFC5245] for additional
discussion on extending ICE to new media streams.
<priority>: is a positive integer in the range 1 to (2**31 - 1).
<cand-type>: encodes the type of candidate. The ICE specification
defines the values "host", "srflx", "prflx", and "relay" for host,
server-reflexive, peer-reflexive, and relayed candidates,
respectively. The set of candidate types is extensible for the
future.
<rel-addr> and <rel-port>: convey transport addresses related to the
candidate, useful for diagnostics and other purposes. <rel-addr>
and <rel-port> MUST be present for server-reflexive, peer-
reflexive, and relayed candidates. If a candidate is server- or
peer-reflexive, <rel-addr> and <rel-port> are equal to the base
for that server- or peer-reflexive candidate. If the candidate is
relayed, <rel-addr> and <rel-port> are equal to the mapped address
in the TURN Allocate Response that provided the client with that
relayed candidate (see Appendix B.3 of ICE [RFC5245] for a
discussion of its purpose). If the candidate is a host candidate,
<rel-addr> and <rel-port> MUST be omitted.
<tcp-type-ext>: conveys the candidate's connection type (active,
passive, or simultaneous-open (S-O)) for TCP-based candidates.
This MUST be included for candidates that have <transport> set to
TCP and MUST NOT be included for other transport types, including
UDP.
<extension-att-name> and <extension-att-value>: These are prototypes
for future extensions of the candidate line. The ABNF for these
allows any 8-bit value except NUL, CR, or LF. However, the
extensions will occur within a structured line that uses the
DQUOTE, SEMI, SWS, and SP ABNF constructs as delimiters; thus,
those delimiter characters MUST be escaped if they would occur
within an extension-att-name or extension-att-value. The escape
mechanism that MUST be used is the Percent-Encoding defined in
Section 2.1 of [RFC3986]. This mechanism is selected as it needs
to be supported in an RTSP implementation to deal with URIs
anyway. The byte values (in hex) that MUST be escaped are the
following: 0x09, 0x20, 0x22, 0x25, and 0x3B.
Goldberg, et al. Standards Track [Page 10]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
4.3. ICE Password and Username Transport Header Parameters
The ICE password and username for each agent need to be transported
using RTSP. For that purpose, new Transport header parameters are
defined (see Section 18.54 of [RFC7826].
There MUST be an "ICE-Password" and "ICE-ufrag" parameter for each
media stream. The ICE-ufrag and ICE-Password parameter values MUST
be chosen randomly at the beginning of a session. The ICE-ufrag
value MUST contain at least 24 bits of randomness, and the ICE-
Password value MUST contain at least 128 bits of randomness. This
means that the ICE-ufrag value will be at least 4 characters long,
and the ICE-Password value at least 22 characters long, since the
grammar for these attributes allows for 6 bits of randomness per
character. The values MAY be longer than 4 and 22 characters
respectively, of course, up to 256 characters. The upper limit
allows for buffer sizing in implementations. Its large upper limit
allows for increased amounts of randomness to be added over time.
The ABNF [RFC5234] for these parameters is:
trns-parameter =/ SEMI ice-password-par
trns-parameter =/ SEMI ice-ufrag-par
ice-password-par = "ICE-Password" EQUAL DQUOTE password DQUOTE
ice-ufrag-par = "ICE-ufrag" EQUAL DQUOTE ufrag DQUOTE
password = <Defined in [RFC5245], Section 15.4>
ufrag = <Defined in [RFC5245], Section 15.4>
EQUAL = <Defined in [RFC7826]>
SEMI = <Defined in [RFC7826]>
DQUOTE = <Defined in [RFC7826]>
4.4. ICE Feature Tag
A feature tag is defined for use in the RTSP capabilities mechanism
for ICE support of media transport using datagrams: "setup.ice-d-m".
This feature tag indicates that one supports all the mandatory
functions of this specification. It is applicable to all types of
RTSP agents: clients, servers, and proxies.
The RTSP client SHOULD send the feature tag "setup.ice-d-m" in the
Supported header in all SETUP requests that contain the "D-ICE"
lower-layer transport. Note, this is not a "MUST" as an RTSP client
can always attempt to perform a SETUP using ICE to see if it
functions or fails. However, including the feature tag in the
Supported header ensures that proxies supporting this specification
explicitly indicate such support; see Section 7.
Goldberg, et al. Standards Track [Page 11]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
4.5. Status Codes
For ICE, there are two new RTSP response codes to indicate progress
and errors.
+------+----------------------------------------------+-------------+
| Code | Description | Method |
+------+----------------------------------------------+-------------+
| 150 | Server still working on ICE connectivity | PLAY |
| | checks | |
| | | |
| 480 | ICE Connectivity check failure | PLAY, SETUP |
+------+----------------------------------------------+-------------+
Table 1: New Status Codes and Their Usage with RTSP Methods
4.5.1. 150 Server still working on ICE connectivity checks
The 150 response code indicates that ICE connectivity checks are
still in progress and haven't concluded. This response SHALL be sent
within 200 milliseconds of receiving a PLAY request that currently
can't be fulfilled because ICE connectivity checks are still running.
A client can expect network delays between the server and client
resulting in a response longer than 200 milliseconds. Subsequently,
every 3 seconds after the previous one was sent, a 150 reply SHALL be
sent until the ICE connectivity checks conclude either successfully
or in failure, and a final response for the request can be provided.
4.5.2. 480 ICE Connectivity check failure
The 480 client error response code is used in cases when the request
can't be fulfilled due to a failure in the ICE processing, such as
all the connectivity checks have timed out. This error message can
appear either in response to a SETUP request to indicate that no
candidate pair can be constructed or in response to a PLAY request to
indicate that the server's connectivity checks resulted in failure.
4.6. New Reason for PLAY_NOTIFY
A new value used in the PLAY_NOTIFY methods Notify-Reason header is
defined: "ice-restart". This reason indicates that an ICE restart
needs to happen on the identified resource and session.
Notify-Reas-val =/ "ice-restart"
Goldberg, et al. Standards Track [Page 12]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
4.7. Server-Side SDP Attribute for ICE Support
If the server supports the media NAT traversal for RTSP-controlled
sessions as described in this RFC, then the server SHOULD include the
"a=rtsp-ice-d-m" SDP attribute in any SDP (if used) describing
content served by the server. This is a session-level-only
attribute; see [RFC4566].
The ABNF [RFC5234] for the "rtsp-ice-d-m" attribute is:
rtsp-ice-d-m-attr = "a=" "rtsp-ice-d-m"
5. ICE-RTSP
This section discusses differences between the regular ICE usage
defined in [RFC5245] and ICE-RTSP. The reasons for the differences
relate to the clearer client/server roles that RTSP provides and how
the RTSP session establishment signaling occurs within RTSP compared
to SIP/SDP offer/answer.
5.1. ICE Features Not Required
A number of ICE signaling features are not needed with RTSP and are
discussed below.
5.1.1. ICE-Lite
The ICE-Lite attribute SHALL NOT be used in the context of RTSP. The
ICE specification describes two implementations of ICE: Full and
Lite, where hosts that are not behind a NAT are allowed to implement
only Lite. For RTSP, the Lite implementation is insufficient because
it does not cause the media server to send a connectivity check,
which is used to protect against making the RTSP server a denial-of-
service tool.
5.1.2. ICE-Mismatch
The ice-mismatch parameter indicates that the offer arrived with a
default destination for a media component that didn't have a
corresponding candidate attribute. This is not needed for RTSP as
the ICE-based lower-layer transport specification either is supported
or another alternative transport is used. This is always explicitly
indicated in the SETUP request and response.
Goldberg, et al. Standards Track [Page 13]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
5.1.3. ICE Remote Candidate Transport Header Parameter
The Remote candidate attribute is not needed for RTSP for the
following reasons. Each SETUP request results in an independent ICE
processing chain that either fails or results in nominating a single
candidate pair to use. If a new SETUP request for the same media is
sent, it needs to use a new username fragment and password to avoid
any race conditions or uncertainty about to which round of processing
the STUN requests relate.
5.2. High-Reachability Configuration
ICE-RTSP contains a high-reachability configuration when the RTSP
servers are not behind NATs. Please note that "not behind NATs" may
apply in some special cases also for RTSP servers behind NATs given
that they are in an address space that has reachability for all the
RTSP clients intended to able to reach the server. The high-
reachability configuration is similar to ICE-Lite as it allows for
some reduction in the server's burden. However, due to the need to
still verify that the client is actually present and wants to receive
the media stream, the server must also initiate binding requests and
await binding responses. The reduction for the high-reachability
configuration of ICE-RTSP is that they don't need to initiate their
own checks and instead rely on triggered checks for verification.
This also removes a denial-of-service threat where an RTSP SETUP
request will trigger large amount of STUN connectivity checks towards
provided candidate addresses.
6. Detailed Solution
This section describes, in detail, how the interaction and flow of
ICE works with RTSP messages.
6.1. Session Description and RTSP DESCRIBE (Optional)
The RTSP server is RECOMMENDED to indicate it has support for ICE by
sending the "a=rtsp-ice-d-m" SDP attribute in the response to the
RTSP DESCRIBE message if SDP is used. This allows RTSP clients to
only send the new ICE exchanges with servers that support ICE thereby
limiting the overhead on current non-ICE supporting RTSP servers.
When not using RTSP DESCRIBE, it is still RECOMMENDED to use the SDP
attribute for the session description.
A client can also use the DESCRIBE request to determine explicitly if
both server and any proxies support ICE. The client includes the
Supported header with its supported feature tags, including
"setup.ice-d-m". Upon seeing the Supported header, any proxy will
include the Proxy-Supported header with the feature tags it supports.
Goldberg, et al. Standards Track [Page 14]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
The server will echo back the Proxy-Supported header and its own
version of the Supported header so enabling a client to determine
whether or not all involved parties support ICE. Note that even if a
proxy is present in the chain that doesn't indicate support for ICE,
it may still work (see Section 7).
For example:
C->S: DESCRIBE rtsp://server.example.com/fizzle/foo RTSP/2.0
CSeq: 312
User-Agent: PhonyClient 1.2
Accept: application/sdp, application/example
Supported: setup.ice-d-m, setup.rtp.rtcp.mux
S->C: RTSP/2.0 200 OK
CSeq: 312
Date: 23 Jan 1997 15:35:06 GMT
Server: PhonyServer 1.1
Content-Type: application/sdp
Content-Length: 367
Supported: setup.ice-d-m, setup.rtp.rtcp.mux
v=0
o=mhandley 2890844526 2890842807 IN IP4 192.0.2.46
s=SDP Seminar
i=A Seminar on the session description protocol
u=http://www.example.com/lectures/sdp.ps
e=seminar@example.com (Seminar Management)
t=2873397496 2873404696
a=recvonly
a=rtsp-ice-d-m
a=control: *
m=audio 3456 RTP/AVP 0
a=control: /audio
m=video 2232 RTP/AVP 31
a=control: /video
6.2. Setting Up the Media Streams
The RTSP client reviews the session description returned, for
example, by an RTSP DESCRIBE message, to determine what media
resources need to be set up. For each of these media streams where
the transport protocol supports ICE connectivity checks, the client
SHALL gather candidate addresses for UDP transport as described in
Section 4.1.1 in ICE [RFC5245] according to standard ICE rather than
the ICE-Lite implementation and according to Section 5 of ICE TCP
[RFC6544] for TCP-based candidates.
Goldberg, et al. Standards Track [Page 15]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
6.3. RTSP SETUP Request
The RTSP client will then send at least one SETUP request per media
stream to establish the media streams required for the desired
session. For each media stream where it desires to use ICE, it MUST
include a transport specification with "D-ICE" as the lower layer,
and each media stream SHALL have its own unique combination of ICE
candidates and ICE-ufrag. This transport specification SHOULD be
placed first in the list to give it highest priority. It is
RECOMMENDED that additional transport specifications be provided as a
fallback in case of proxies that do not support ICE. The RTSP client
will be initiating and thus the controlling party in the ICE
processing. For example (note that some lines are broken in
contradiction with the defined syntax due to space restrictions in
the documenting format):
C->S: SETUP rtsp://server.example.com/fizzle/foo/audio RTSP/2.0
CSeq: 313
Transport: RTP/AVP/D-ICE; unicast; ICE-ufrag=8hhY;
ICE-Password=asd88fgpdd777uzjYhagZg; candidates="
1 1 UDP 2130706431 10.0.1.17 8998 typ host;
2 1 UDP 1694498815 192.0.2.3 45664 typ srflx
raddr 10.0.1.17 rport 8998"; RTCP-mux,
RTP/AVP/UDP; unicast; dest_addr=":6970"/":6971",
RTP/AVP/TCP; unicast;interleaved=0-1
Accept-Ranges: NPT, UTC
User-Agent: PhonyClient/1.2
Supported: setup.ice-d-m, setup.rtp.rtcp.mux
6.4. Gathering Candidates
Upon receiving a SETUP request, the server can determine what media
resource should be delivered and which transport alternatives the
client supports. If one based on D-ICE is on the list of supported
transports and preferred among the supported, the below applies.
The transport specification will indicate which media protocol is to
be used and, based on this and the client's candidates, the server
determines the protocol and if it supports ICE with that protocol.
The server SHALL then gather its UDP candidates according to
Section 4.1.1 in ICE [RFC5245] and any TCP-based ones according to
Section 5 of ICE TCP [RFC6544].
Servers that have an address that is generally reachable by any
client within the address scope the server intends to serve MAY be
specially configured (high-reachability configuration). This special
configuration has the goal of reducing the server-side candidate to
preferably a single one per (address family, media stream, media
Goldberg, et al. Standards Track [Page 16]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
component) tuple. Instead of gathering all possible addresses
including relayed and server-reflexive addresses, the server uses a
single address per address family that the server knows should be
reachable by a client behind one or more NATs. The reason for this
special configuration is twofold: Firstly, it reduces the load on the
server in address gathering and in ICE processing during the
connectivity checks. Secondly, it will reduce the number of
permutations for candidate pairs significantly thus potentially
speeding up the conclusion of the ICE processing. However, note that
using this option on a server that doesn't fulfill the requirement of
being reachable is counterproductive, and it is important that this
is correctly configured.
The above general consideration for servers applies also for TCP-
based candidates. A general implementation should support several
candidate collection techniques and connection types. For TCP-based
candidates, a high-reachability configured server is recommended to
only offer Host candidates. In addition to passive connection types,
the server can select to provide active or S-O connection types to
match the client's candidates.
6.5. RTSP Server Response
The server determines if the SETUP request is successful and, if so,
returns a 200 OK response; otherwise, it returns an error code. At
that point, the server, having selected a transport specification
using the "D-ICE" lower layer, will need to include that transport
specification in the response message. The transport specification
SHALL include the candidates gathered in Section 6.4 in the
"candidates" transport header parameter as well as the server's ICE
username fragment and password. In the case that there are no valid
candidate pairs with the combination of the client and server
candidates, a 480 (ICE Connectivity check failure) error response
SHALL be returned, which MUST include the server's candidates. The
return of a 480 error may allow both the server and client to release
their candidates; see Section 6.10.
Goldberg, et al. Standards Track [Page 17]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
Below is an example of a successful response to the request in
Section 6.3.
S->C: RTSP/2.0 200 OK
CSeq: 313
Session: 12345678
Transport: RTP/AVP/D-ICE; unicast; RTCP-mux; ICE-ufrag=MkQ3;
ICE-Password=pos12Dgp9FcAjpq82ppaF; candidates="
1 1 UDP 2130706431 192.0.2.56 50234 typ host"
Accept-Ranges: NPT
Date: 23 Jan 1997 15:35:06 GMT
Server: PhonyServer 1.1
Supported: setup.ice-d-m, setup.rtp.rtcp.mux
6.6. Server-to-Client ICE Connectivity Checks
The server SHALL start the connectivity checks following the
procedures described in Sections 5.7 and 5.8 of ICE [RFC5245] unless
it is configured to use the high-reachability option. If it is, then
it MAY suppress its own checks until the server's checks are
triggered by the client's connectivity checks.
Please note that Section 5.8 of ICE [RFC5245] does specify that the
initiation of the checks are paced and new ones are only started
every Ta milliseconds. The motivation for this is documented in
Appendix B.1 of ICE [RFC5245] as for SIP/SDP all media streams within
an offer/answer dialog are running using the same queue. To ensure
the same behavior with RTSP, the server SHALL use a single pacer
queue for all media streams within each RTSP session.
The values for the pacing of STUN and TURN transactions Ta and RTO
can be configured but have the same minimum values defined in the ICE
specification.
When a connectivity check from the client reaches the server, it will
result in a triggered check from the server as specified in
Section 7.2.1.4 of ICE [RFC5245]. This is why servers with a high-
reachability address can wait until this triggered check to send out
any checks for itself, so saving resources and mitigating the DDoS
potential.
Goldberg, et al. Standards Track [Page 18]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
6.7. Client-to-Server ICE Connectivity Check
The client receives the SETUP response and learns the candidate
addresses to use for the connectivity checks. The client SHALL
initiate its connectivity check(s), following the procedures in
Section 6 of ICE [RFC5245]. The pacing of STUN transactions
(Appendix B.1 of [RFC5245]) SHALL be used across all media streams
that are part of the same RTSP session.
Aggressive nomination SHOULD be used with RTSP during initial SETUP
for a resource. This doesn't have all the negative impact that it
has in offer/answer as media playing only starts after issuing a PLAY
request. Thus, the issue with a change of the media path being used
for delivery can be avoided by not issuing a PLAY request while STUN
connectivity checks are still outstanding. Aggressive nomination can
result in multiple candidate pairs having their nominated flag set,
but according to Section 8.1.1.2 of ICE [RFC5245], when the PLAY
request is sent, the media will arrive on the pair with the highest
priority. Note, different media resources may still end up with
different foundations.
The above does not change ICE and its handling of aggressive
nomination. When using aggressive nomination, a higher-priority
candidate pair with an outstanding connectivity check message can
move into the Succeeded state and the candidate pair will have its
Nominated flag set. This results in the higher-priority candidate
pair being used instead of the previous pair, which is also in the
Succeeded state.
To avoid this occurring during actual media transport, the RTSP
client can add additional logic when the ICE processing overall is
completed to indicate if there are still higher-priority connectivity
checks outstanding. If some check is still outstanding, the
implementation can choose to wait until some additional timeout is
triggered or the outstanding checks complete before progressing with
a PLAY request. An alternative is to accept the risk for a path
change during media delivery and start playing immediately.
RTSP clients that want to ensure that each media resource uses the
same path can use regular nomination where both 1) the ICE processing
completion criteria and 2) which media streams are nominated for use
can be controlled. This does not affect the RTSP server, as its role
is the one of being controlled.
Goldberg, et al. Standards Track [Page 19]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
6.8. Client Connectivity Checks Complete
When the client has concluded all of its connectivity checks and has
nominated its desired candidate pair for a particular media stream,
it MAY issue a PLAY request for that stream. Note that due to the
aggressive nomination, there is a risk that any outstanding check may
nominate another pair than what was already nominated. The candidate
pair with the highest priority will be used for the media. If the
client has locally determined that its checks have failed, it may try
providing an extended set of candidates and update the server
candidate list by issuing a new SETUP request for the media stream.
If the client concluded its connectivity checks successfully and
therefore sent a PLAY request but the server cannot conclude
successfully, the server will respond with a 480 (ICE Connectivity
check failure) error response. Upon receiving the 480 (ICE
Connectivity check failure) response, the client may send a new SETUP
request assuming it has any new information that can be included in
the candidate list. If the server is still performing the checks
when receiving the PLAY request, it will respond with a 150 (Server
still working on ICE connectivity checks) response to indicate this.
6.9. Server Connectivity Checks Complete
When the RTSP server receives a PLAY request, it checks to see that
the connectivity checks have concluded successfully and only then
will it play the stream. If the PLAY request is for a particular
media stream, the server only needs to check that the connectivity
checks for that stream completed successfully. If the server has not
concluded its connectivity checks, the server indicates that by
sending the 150 (Server still working on ICE connectivity checks)
(Section 4.5.1). If there is a problem with the checks, then the
server sends a 480 response to indicate a failure of the checks. If
the checks are successful, then the server sends a 200 OK response
and starts delivering media.
6.10. Freeing Candidates
Both server and client MAY free their non-selected candidates as soon
as a 200 OK response has been issued/received for the PLAY request
and no outstanding connectivity checks exist.
Clients and servers MAY free all their gathered candidates after
having received or sent, respectively, a 480 response to a SETUP
request. Clients will likely free their candidates first after
having tried any additional actions that may resolve the issue, e.g.,
verifying the address gathering, or use additional STUN or TURN
Goldberg, et al. Standards Track [Page 20]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
servers. Thus, a server will have to weigh the cost of doing address
gathering versus maintaining the gathered address for some time to
allow any new SETUP request to be issued by the client.
If the 480 response is sent in response to a PLAY request, the server
MUST NOT free its gathered candidates. Instead, it will have to wait
for additional actions from the client or terminate the RTSP session
due to inactivity.
6.11. Steady State
The client and server SHALL use STUN to send keep-alive messages for
the nominated candidate pair(s) following the rules of Section 10 of
ICE [RFC5245]. This is important, as normally RTSP play mode
sessions only contain traffic from the server to the client so the
bindings in the NAT need to be refreshed by the client-to-server
traffic provided by the STUN keep-alive.
6.12. Re-SETUP
A client that decides to change any parameters related to the media
stream setup will send a new SETUP request. In this new SETUP
request, the client MAY include a new different ICE username fragment
and password to use in the ICE processing. The new ICE username and
password SHALL cause the ICE processing to start from the beginning
again, i.e., an ICE restart (Section 9.1.1.1 of [RFC5245]). The
client SHALL in case of ICE restart, gather candidates and include
the candidates in the transport specification for D-ICE.
ICE restarts may be triggered due to changes of client or server
attachment to the network, such as changes to the media streams
destination or source address or port. Most RTSP parameter changes
would not require an ICE restart, but would use existing mechanisms
in RTSP to indicate from what point in the RTP stream they apply.
These include the following: performing a pause prior to the
parameter change and then resume; assuming the server supports using
SETUP during the PLAY state; or using the RTP-Info header
(Section 18.45 of [RFC7826]) to indicate from where in the media
stream the change shall apply.
Even if the server does not normally support SETUP during PLAY state,
it SHALL support SETUP requests in PLAY state for the purpose of
changing only the ICE parameters, which are ICE-Password, ICE-ufrag,
and the content of ICE candidates.
If the RTSP session is in playing state at the time of sending the
SETUP request requiring ICE restart, then the ICE connectivity checks
SHALL use Regular nomination. Any ongoing media delivery continues
Goldberg, et al. Standards Track [Page 21]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
on the previously nominated candidate pairs until the new pairs have
been nominated for the individual media stream. Once the nomination
of the new candidate pair has completed, all unused candidates may be
released. If the ICE processing fails and no new candidate pairs are
nominated for use, then the media stream MAY continue to use the
previously nominated candidate pairs while they still function. If
they appear to fail to transport media packets anymore, then the
client can select between two actions: attempting any actions that
might make ICE work or terminating the RTSP session. Firstly, it can
attempt any actions available that might make ICE work, like trying
another STUN/TURN server or changing the transport parameters. In
that case, the client modifies the RTSP session, and if ICE is still
to be used, the client restarts ICE once more. Secondly, if the
client is unable to modify the transport or ICE parameters, it MUST
NOT restart the ICE processing, and it SHOULD terminate the RTSP
session.
6.13. Server-Side Changes after Steady State
A server may require an ICE restart because of server-side load
balancing or a failure resulting in an IP address and a port number
change. In that case, the server SHALL use the PLAY_NOTIFY method to
inform the client (Section 13.5 [RFC7826]) with a new Notify-Reason
header: ice-restart. The server will identify if the change is for a
single media or for the complete session by including the
corresponding URI in the PLAY_NOTIFY request.
Upon receiving and responding to this PLAY_NOTIFY with an ice-restart
reason, the client SHALL gather new ICE candidates and send SETUP
requests for each media stream part of the session. The server
provides its candidates in the SETUP response the same way as for the
first time ICE processing. Both server and client SHALL provide new
ICE usernames and passwords. The client MAY issue the SETUP request
while the session is in PLAYING state.
If the RTSP session is in PLAYING state when the client issues the
SETUP request, the client SHALL use Regular nomination. If not, the
client will use the same procedures as for when first creating the
session.
Note that for each media stream keep-alive messages on the previous
set of candidate pairs SHOULD continue until new candidate pairs have
been nominated. After having nominated a new set of candidate pairs,
the client may continue to receive media for some additional time.
Even if the server stops delivering media over that candidate pair at
the time of nomination, media may arrive for up to one maximum
segment lifetime as defined in TCP (2 minutes). Unfortunately, if
the RTSP server is divided into a separate controller and media
Goldberg, et al. Standards Track [Page 22]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
stream, a failure may result in continued media delivery for a longer
time than the maximum segment lifetime, thus source filtering is
RECOMMENDED.
For example:
S->C: PLAY_NOTIFY rtsp://example.com/fizzle/foo RTSP/2.0
CSeq: 854
Notify-Reason: ice-restart
Session: uZ3ci0K+Ld
Server: PhonyServer 1.1
C->S: RTSP/2.0 200 OK
CSeq: 854
User-Agent: PhonyClient/1.2
C->S: SETUP rtsp://server.example.com/fizzle/foo/audio RTSP/2.0
CSeq: 314
Session: uZ3ci0K+Ld
Transport: RTP/AVP/D-ICE; unicast; ICE-ufrag=Kl1C;
ICE-Password=H4sICGjBsEcCA3Rlc3RzLX; candidates="
1 1 UDP 2130706431 10.0.1.17 8998 typ host;
2 1 UDP 1694498815 192.0.2.3 51456 typ srflx
raddr 10.0.1.17 rport 9002"; RTCP-mux,
RTP/AVP/UDP; unicast; dest_addr=":6970"/":6971",
RTP/AVP/TCP; unicast;interleaved=0-1
Accept-Ranges: NPT, UTC
Supported: setup.ice-d-m, setup.rtp.rtcp.mux
User-Agent: PhonyClient/1.2
C->S: SETUP rtsp://server.example.com/fizzle/foo/video RTSP/2.0
CSeq: 315
Session: uZ3ci0K+Ld
Transport: RTP/AVP/D-ICE; unicast; ICE-ufrag=hZv9;
ICE-Password=JAhA9myMHETTFNCrPtg+kJ; candidates="
1 1 UDP 2130706431 10.0.1.17 9000 typ host;
2 1 UDP 1694498815 192.0.2.3 51576 typ srflx
raddr 10.0.1.17 rport 9000"; RTCP-mux,
RTP/AVP/UDP; unicast; dest_addr=":6972"/":6973",
RTP/AVP/TCP; unicast;interleaved=0-1
Accept-Ranges: NPT, UTC
Supported: setup.ice-d-m, setup.rtp.rtcp.mux
User-Agent: PhonyClient/1.2
S->C: RTSP/2.0 200 OK
CSeq: 314
Session: uZ3ci0K+Ld
Goldberg, et al. Standards Track [Page 23]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
Transport: RTP/AVP/D-ICE; unicast; RTCP-mux; ICE-ufrag=CbDm;
ICE-Password=OfdXHws9XX0eBr6j2zz9Ak; candidates="
1 1 UDP 2130706431 192.0.2.56 50234 typ host"
Accept-Ranges: NPT
Date: 11 March 2011 13:17:46 GMT
Server: PhonyServer 1.1
Supported: setup.ice-d-m, setup.rtp.rtcp.mux
S->C: RTSP/2.0 200 OK
CSeq: 315
Session: uZ3ci0K+Ld
Transport: RTP/AVP/D-ICE; unicast; RTCP-mux; ICE-ufrag=jigs;
ICE-Password=Dgx6fPj2lsa2WI8b7oJ7+s; candidates="
1 1 UDP 2130706431 192.0.2.56 47233 typ host"
Accept-Ranges: NPT
Date: 11 March 2011 13:17:47 GMT
Server: PhonyServer 1.1
Supported: setup.ice-d-m, setup.rtp.rtcp.mux
7. ICE and Proxies
RTSP allows for proxies that can be of two fundamental types
depending on whether or not they relay and potentially cache the
media. Their differing impact on the RTSP NAT traversal solution,
including backwards compatibility, is explained below.
7.1. Media-Handling Proxies
An RTSP proxy that relays or caches the media stream for a particular
media session can be considered to split the media transport into two
parts: firstly, a media transport between the server and the proxy
according to the proxy's need, and, secondly, delivery from the proxy
to the client. This split means that the NAT traversal solution will
be run on each individual media leg according to need.
It is RECOMMENDED that any media-handling proxy support the media NAT
traversal defined within this specification. This is for two
reasons: firstly, to enable clients to perform NAT traversal for the
media between the proxy and itself and secondly to allow the proxy to
be topology independent to support performing NAT traversal (to the
server) for clients not capable of NAT traversal present in the same
address domain as the proxy.
For a proxy to support the media NAT traversal defined in this
specification, a proxy will need to implement the solution fully and
be able to act as both a controlling and a controlled ICE peer. The
proxy also SHALL include the "setup.ice-d-m" feature tag in any
applicable capability negotiation headers, such as Proxy-Supported.
Goldberg, et al. Standards Track [Page 24]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
7.2. Signaling-Only Proxies
A signaling-only proxy handles only the RTSP signaling and does not
have the media relayed through proxy functions. This type of proxy
is not likely to work unless the media NAT traversal solution is in
place between the client and the server, because the DoS protection
measures, as discussed in Section 21.2.1 of RTSP 2.0 [RFC7826],
usually prevent media delivery to addresses other than from where the
RTSP signaling arrives at the server.
The solution for the signaling-only proxy is that it must forward the
RTSP SETUP requests including any transport specification with the
"D-ICE" lower layer and the related transport parameters. A proxy
supporting this functionality SHALL indicate its capability by always
including the "setup.ice-d-m" feature tag in the Proxy-Supported
header in any SETUP request or response.
7.3. Non-supporting Proxies
A media-handling proxy that doesn't support the ICE media NAT
traversal specified here is assumed to remove the transport
specification and use any of the lower prioritized transport
specifications if provided by the requester. The specification of
such a non-ICE transport enables the negotiation to complete,
although with a less preferred method since a NAT between the proxy
and the client may result in failure of the media path.
A non-media-handling proxy is expected to ignore and simply forward
all unknown transport specifications. However, this can only be
guaranteed for proxies following the RTSP 2.0 specification
[RFC7826].
The usage of the "setup.ice-d-m" feature tag in the Proxy-Require
header is NOT RECOMMENDED because it can have contradictory results.
For a proxy that does not support ICE but is media handling, the
inclusion of the feature tag will result in aborting the setup and
indicating that it isn't supported, which is desirable if providing
other fallbacks or other transport configurations to handle the
situation is wanted. For non-ICE-supporting non-media-handling
proxies, the result will be aborting the setup. However, the setup
might have worked if the feature tag wasn't present in the Proxy-
Require header. This variance in results is the reason we don't
recommend the usage of the Proxy-Require header. Instead, we
recommend the usage of the Supported header to force proxies to
include the feature tags for the intersection of what the proxy chain
supports in the Proxy-Supported header. This will provide a positive
indication when all proxies in the chain between the client and
server support the functionality.
Goldberg, et al. Standards Track [Page 25]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
If a proxy doesn't support the "setup.ice-d-m" feature, but that
proxy is not a media-handling proxy, the ICE-based setup could still
work, since such a proxy may do pass through on any transport
parameters. Unfortunately ,the Proxy-Require and Proxy-Supported
RTSP headers failed to provide that information. The only way of
finding whether or not this is the case is to try perform a SETUP
including a Transport header with transport specifications using ICE.
8. RTP and RTCP Multiplexing
"Multiplexing RTP Data and Control Packets on a Single Port"
[RFC5761] specifies how and when RTP and RTCP can be multiplexed on
the same port. This multiplexing is beneficial when combined with
ICE for RTSP as it makes RTP and RTCP need only a single component
per media stream instead of two, so reducing the load on the
connectivity checks. For details on how to negotiate RTP and RTCP
multiplexing, see Appendix C of RTSP 2.0 [RFC7826].
Multiplexing RTP and RTCP has the benefit that it avoids the need for
handling two components per media stream when RTP is used as the
media transport protocol. This eliminates at least one STUN check
per media stream and will also reduce the time needed to complete the
ICE processing by at least the time it takes to pace out the
additional STUN checks of up to one complete round-trip time for a
single media stream. In addition to the protocol performance
improvements, the server and client-side complexities are reduced as
multiplexing halves the total number of STUN instances and holding
the associated state. Multiplexing will also reduce the combinations
and length of the list of possible candidates.
The implementation of RTP and RTCP multiplexing is additional work
required for this solution. However, when implementing the ICE
solution, a server or client will need to implement a demultiplexer
between the STUN and RTP or RTCP packets below the RTP/RTCP
implementation anyway, so the additional work of one new
demultiplexing point directly connected to the STUN and RTP/RTCP
seems small relative to the benefits provided.
Due to the benefits mentioned above, RTSP servers and clients that
support "D-ICE" lower-layer transport in combination with RTP SHALL
also implement and use RTP and RTCP multiplexing as specified in
Appendix C.1.6.4 of [RFC7826] and [RFC5761].
Goldberg, et al. Standards Track [Page 26]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
9. Fallback and Using Partial ICE Functionality to Improve NAT/Firewall
Traversal
The need for fallback from ICE in RTSP should be less than for SIP
using ICE in SDP offer/answer where a default destination candidate
is very important to enable interworking with non-ICE capable
endpoints. In RTSP, capability determination for ICE can happen
prior to the RTSP SETUP request. This means a client should normally
not need to include fallback alternatives when offering ICE, as the
capability for ICE will already be determined. However, as described
in this section, clients may wish to use part of the ICE
functionality to improve NAT/firewall traversal where the server is
not ICE capable.
Section 4.1.4 of the ICE [RFC5245] specification does recommend that
the default destination, i.e., what is used as fallback if the peer
isn't ICE capable, is a candidate of relayed type to maximize the
likelihood of successful transport of media. This is based on the
peer in SIP using SDP offer/answer is almost as likely as the RTSP
client to be behind a NAT. For RTSP, the deployment of servers is
much more heavily weighted towards deployment with public
reachability. In fact, since publicly reachable servers behind NAT
either need to support ICE or have static configurations that allow
traversal, one can assume that the server will have a public address
or support ICE. Thus, the selection of the default destination
address for RTSP can be differently prioritized.
As an ICE-enabled client behind a NAT needs to be configured with a
STUN server address to be able to gather candidates successfully,
this can be used to derive a server reflexive candidate for the
client's port. How useful this is for a NATed RTSP client as a
default candidate depends on the properties of the NAT. As long as
the NAT uses an address-independent mapping, then using a STUN-
derived reflexive candidate is likely to be successful. However,
this is brittle in several ways, and the main reason why the original
specification of STUN [RFC3489] and direct usage for NAT traversal
was obsoleted. First, if the NAT's behavior is attempted to be
determined using STUN as described in [RFC3489], the determined
behavior might not be representative of the behavior encountered in
another mapping. Secondly, filter state towards the ports used by
the server needs to be established. This requires that the server
actually includes both address and ports in its response to the SETUP
request. Thirdly, messages need to be sent to these ports for keep-
alive at a regular interval. How a server reacts to such unsolicited
traffic is unknown. This brittleness may be accepted in fallback due
to lack of support on the server side.
Goldberg, et al. Standards Track [Page 27]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
To maximize the likelihood that an RTSP client is capable of
receiving media, a relay-based address should be chosen as the
default fallback address. However, for RTSP clients lacking a relay
server, such as a TURN server, or where usage of such a server has
significant cost associated with it, the usage of a STUN-derived
server reflexive address as client default has a reasonable
likelihood of functioning and may be used as an alternative.
Fallback addresses need to be provided in their own transport
specification using a specifier that does not include the D-ICE
lower-layer transport. Instead, the selected protocol, e.g., UDP,
needs to be explicitly or implicitly indicated. Secondly, the
selected default candidate needs to be included in the SETUP request.
If this candidate is server reflexive or relayed, the aspect of keep-
alive needs to be ensured.
10. IANA Considerations
Per this document, registrations have been made in a number of
registries, both for RTSP and SDP. For all the below registrations,
the contact person on behalf of the IETF WG MMUSIC is Magnus
Westerlund <magnus.westerlund@ericsson.com>.
10.1. RTSP Feature Tags
Per this document, one RTSP 2.0 feature tag has been registered in
the "RTSP 2.0 Feature-tags" registry.
setup.ice-d-m: A feature tag representing the support of the ICE-
based establishment of datagram media transport that is capable of
transport establishment through NAT and firewalls. This feature
tag applies to clients, servers, and proxies and indicates support
of all the mandatory functions of this specification.
10.2. Transport Protocol Identifiers
Per this document, a number of transport protocol combinations have
been registered in the RTSP 2.0 "Transport Protocol Identifiers"
registry:
RTP/AVP/D-ICE: RTP using the AVP profile over an ICE-established
datagram flow.
RTP/AVPF/D-ICE: RTP using the AVPF profile over an ICE-established
datagram flow.
RTP/SAVP/D-ICE: RTP using the SAVP profile over an ICE-established
datagram flow.
Goldberg, et al. Standards Track [Page 28]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
RTP/SAVPF/D-ICE: RTP using the SAVPF profile over an ICE-established
datagram flow.
10.3. RTSP Transport Parameters
Per this document, three transport parameters have been registered in
the RTSP 2.0's "Transport Parameters" registry.
candidates: Listing the properties of one or more ICE candidates.
See Section 4.2.
ICE-Password: The ICE password used to authenticate the STUN binding
request in the ICE connectivity checks. See Section 4.3.
ICE-ufrag: The ICE username fragment used to authenticate the STUN
binding requests in the ICE connectivity checks. See Section 4.3.
10.4. RTSP Status Codes
Per this document, two assignments have been made in the "RTSP 2.0
Status Codes" registry. See Section 4.5.
10.5. Notify-Reason Value
Per this document, one assignment has been made in the RTSP 2.0
Notify-Reason header value registry. The defined value is:
ice-restart: This Notify-Reason value allows the server to notify
the client about the need for an ICE restart. See Section 4.6.
10.6. SDP Attribute
One SDP attribute has been registered:
SDP Attribute ("att-field"):
Attribute name: rtsp-ice-d-m
Long form: ICE for RTSP datagram media NAT traversal
Type of attribute: Session-level only
Subject to charset: No
Purpose: RFC 7825, Section 4.7
Values: No values defined
Contact: Magnus Westerlund
Email: magnus.westerlund@ericsson.com
Phone: +46 10 714 82 87
Goldberg, et al. Standards Track [Page 29]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
11. Security Considerations
ICE [RFC5245] and ICE TCP [RFC6544] provide an extensive discussion
on security considerations that apply here as well.
11.1. ICE and RTSP
A long-standing risk with transmitting a packet stream over UDP is
that the host may not be interested in receiving the stream. On
today's Internet, many hosts are behind NATs or operate host
firewalls that do not respond to unsolicited packets with an ICMP
port unreachable error. Thus, an attacker can construct RTSP SETUP
requests with a victim's IP address and cause a flood of media
packets to be sent to a victim. The addition of ICE, as described in
this document, provides protection from the attack described above.
By performing the ICE connectivity check, the media server receives
confirmation that the RTSP client wants the media. While this
protection could also be implemented by requiring the IP addresses in
the SDP match the IP address of the RTSP signaling packet, such a
mechanism does not protect other hosts with the same IP address (such
as behind the same NAT), and such a mechanism would prohibit
separating the RTSP controller from the media play-out device (e.g.,
an IP-enabled remote control and an IP-enabled television); it also
forces RTSP proxies to relay the media streams through them, even if
they would otherwise be only signaling proxies.
To protect against attacks on ICE based on signaling information,
RTSP signaling SHOULD be protected using TLS to prevent eavesdropping
and modification of information.
The STUN amplification attack described in Section 18.5.2 in ICE
[RFC5245] needs consideration. Servers that are able to run
according to the high-reachability option have good mitigation of
this attack as they only send connectivity checks towards an address
and port pair from which they have received an incoming connectivity
check. This means an attacker requires both the capability to spoof
source addresses and to signal the RTSP server a set of ICE
candidates. Independently, an ICE agent needs to implement the
mitigation to reduce the volume of the amplification attack as
described in the ICE specification.
11.2. Logging
The logging of NAT translations is helpful to analysts, particularly
in enterprises, who need to be able to map sessions when
investigating possible issues where the NAT happens. When using
logging on the public Internet, it is possible that the logs are
large and privacy invasive, so procedures for log flushing and
Goldberg, et al. Standards Track [Page 30]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
privacy protection SHALL be in place. Care should be taken in the
protection of these logs and consideration taken to log integrity,
privacy protection, and purging logs (retention policies, etc.).
Also, logging of connection errors and other messages established by
this document can be important.
12. References
12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005,
<http://www.rfc-editor.org/info/rfc3986>.
[RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session
Description Protocol", RFC 4566, DOI 10.17487/RFC4566,
July 2006, <http://www.rfc-editor.org/info/rfc4566>.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008,
<http://www.rfc-editor.org/info/rfc5234>.
[RFC5245] Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", RFC 5245,
DOI 10.17487/RFC5245, April 2010,
<http://www.rfc-editor.org/info/rfc5245>.
[RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing,
"Session Traversal Utilities for NAT (STUN)", RFC 5389,
DOI 10.17487/RFC5389, October 2008,
<http://www.rfc-editor.org/info/rfc5389>.
[RFC5761] Perkins, C. and M. Westerlund, "Multiplexing RTP Data and
Control Packets on a Single Port", RFC 5761,
DOI 10.17487/RFC5761, April 2010,
<http://www.rfc-editor.org/info/rfc5761>.
Goldberg, et al. Standards Track [Page 31]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
[RFC6544] Rosenberg, J., Keranen, A., Lowekamp, B., and A. Roach,
"TCP Candidates with Interactive Connectivity
Establishment (ICE)", RFC 6544, DOI 10.17487/RFC6544,
March 2012, <http://www.rfc-editor.org/info/rfc6544>.
[RFC7826] Schulzrinne, H., Rao, A., Lanphier, R., Westerlund, M.,
and M. Stiemerling, Ed., "Real-Time Streaming Protocol
Version 2.0", RFC 7826, DOI 10.17487/RFC7826, December
2016, <http://www.rfc-editor.org/info/rfc7826>.
12.2. Informative References
[RFC2326] Schulzrinne, H., Rao, A., and R. Lanphier, "Real Time
Streaming Protocol (RTSP)", RFC 2326,
DOI 10.17487/RFC2326, April 1998,
<http://www.rfc-editor.org/info/rfc2326>.
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022,
DOI 10.17487/RFC3022, January 2001,
<http://www.rfc-editor.org/info/rfc3022>.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261,
DOI 10.17487/RFC3261, June 2002,
<http://www.rfc-editor.org/info/rfc3261>.
[RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model
with Session Description Protocol (SDP)", RFC 3264,
DOI 10.17487/RFC3264, June 2002,
<http://www.rfc-editor.org/info/rfc3264>.
[RFC3489] Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy,
"STUN - Simple Traversal of User Datagram Protocol (UDP)
Through Network Address Translators (NATs)", RFC 3489,
DOI 10.17487/RFC3489, March 2003,
<http://www.rfc-editor.org/info/rfc3489>.
[RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram
Congestion Control Protocol (DCCP)", RFC 4340,
DOI 10.17487/RFC4340, March 2006,
<http://www.rfc-editor.org/info/rfc4340>.
Goldberg, et al. Standards Track [Page 32]
^L
RFC 7825 A Media NAT Traversal Mechanism for RTSP December 2016
[RFC7604] Westerlund, M. and T. Zeng, "Comparison of Different NAT
Traversal Techniques for Media Controlled by the Real-Time
Streaming Protocol (RTSP)", RFC 7604,
DOI 10.17487/RFC7604, September 2015,
<http://www.rfc-editor.org/info/rfc7604>.
Acknowledgments
The authors would like to thank: Remi Denis-Courmont for suggesting
the method of integrating ICE in RTSP signaling, Dan Wing for help
with the security section and numerous other issues, Ari Keranen for
review of the document and its ICE details, and Flemming Andreasen
and Alissa Cooper for a thorough review. In addition, Bill Atwood
has provided comments and suggestions for improvements.
Authors' Addresses
Jeff Goldberg
Cisco
32 Hamelacha St.
South Netanya 42504
Israel
Phone: +972 9 8927222
Email: jgoldber@cisco.com
Magnus Westerlund
Ericsson
Farogatan 6
Stockholm SE-164 80
Sweden
Phone: +46 8 719 0000
Email: magnus.westerlund@ericsson.com
Thomas Zeng
Nextwave Wireless, Inc.
12670 High Bluff Drive
San Diego, CA 92130
United States of America
Phone: +1 858 480 3100
Email: thomas.zeng@gmail.com
Goldberg, et al. Standards Track [Page 33]
^L
|