RFC 9143 | Bundled Media | February 2022 |
Holmberg, et al. | Standards Track | [Page] |
This specification defines a new Session Description Protocol (SDP) Grouping Framework extension called 'BUNDLE'. The extension can be used with the SDP offer/answer mechanism to negotiate the usage of a single transport (5-tuple) for sending and receiving media described by multiple SDP media descriptions ("m=" sections). Such transport is referred to as a "BUNDLE transport", and the media is referred to as "bundled media". The "m=" sections that use the BUNDLE transport form a BUNDLE group.¶
This specification defines a new RTP Control Protocol (RTCP) Source Description (SDES) item and a new RTP header extension.¶
This specification updates RFCs 3264, 5888, and 7941.¶
This specification obsoletes RFC 8843.¶
This is an Internet Standards Track document.¶
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.¶
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc9143.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.¶
When the SDP offer/answer mechanism [RFC3264] is used to negotiate the establishment of multimedia communication sessions, if separate transports (5-tuples) are negotiated for each individual media stream, each transport consumes additional resources (especially when Interactive Connectivity Establishment (ICE) [RFC8445] is used). For this reason, it is attractive to use a single transport for multiple media streams.¶
This specification defines a way to use a single transport (BUNDLE transport) for sending and receiving media (bundled media) described by multiple SDP media descriptions ("m=" sections). The address:port combination used by an endpoint for sending and receiving bundled media is referred to as the "BUNDLE address:port". The set of SDP attributes that are applied to each "m=" section within a BUNDLE group is referred to as "BUNDLE attributes". The same BUNDLE transport is used for sending and receiving bundled media, which means that the symmetric Real-time Transport Protocol (RTP) mechanism [RFC4961] is always used for RTP-based bundled media.¶
This specification defines a new SDP Grouping Framework [RFC5888] extension called 'BUNDLE'. The extension can be used with the Session Description Protocol (SDP) offer/answer mechanism [RFC3264] to negotiate which "m=" sections will become part of a BUNDLE group. In addition, the offerer and answerer [RFC3264] use the BUNDLE extension to negotiate the BUNDLE addresses:ports (offerer BUNDLE address:port and answerer BUNDLE address:port) and the set of BUNDLE attributes (offerer BUNDLE attributes and answerer BUNDLE attributes) that will be applied to each "m=" section within the BUNDLE group.¶
The use of a BUNDLE transport allows the usage of a single set of ICE candidates [RFC8445] for the whole BUNDLE group.¶
A given BUNDLE address:port MUST only be associated with a single BUNDLE group. If an SDP offer or SDP answer (hereafter referred to as "offer" and "answer") contains multiple BUNDLE groups, the procedures in this specification apply to each group independently. All RTP-based bundled media associated with a given BUNDLE group belong to a single RTP session [RFC3550].¶
The BUNDLE extension is backward compatible. Endpoints that do not support the extension are expected to generate offers and answers without an SDP 'group:BUNDLE' attribute and assign a unique address:port to each "m=" section within an offer and answer, according to the procedures in [RFC3264] and [RFC4566].¶
In addition to defining the new SDP Grouping Framework extension, this specification defines the following protocol extensions and makes the following updates to RFCs. This specification:¶
When [RFC8843] and [RFC8829] were published, an inconsistency between the specifications was identified. The procedures regarding assigning the port value to a bundled "m=" section in an answer (initial or subsequent) and a subsequent offer were inconsistent. This specification removes the inconsistency by aligning the port value assignment procedure with the procedure in [RFC8829].¶
In addition, this document implements changes from the following errata reports: [Err6431], [Err6437].¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The mechanism in this specification only applies to SDP [RFC4566], when used together with the SDP offer/answer mechanism [RFC3264]. Declarative usage of SDP is out of scope of this document and is thus undefined.¶
This section defines a new SDP Grouping Framework [RFC5888] extension, 'BUNDLE'. The BUNDLE extension can be used with the SDP offer/answer mechanism to negotiate a set of "m=" sections that will become part of a BUNDLE group. Within a BUNDLE group, each "m=" section uses a BUNDLE transport for sending and receiving bundled media. Each endpoint uses a single address:port combination for sending and receiving the bundled media.¶
The BUNDLE extension is indicated using an SDP 'group' attribute with a semantics value [RFC5888] of "BUNDLE". An identification-tag is assigned to each bundled "m=" section, and each identification-tag is listed in the SDP 'group:BUNDLE' attribute identification-tag list. Each "m=" section whose identification-tag is listed in the identification-tag list is associated with a given BUNDLE group.¶
SDP bodies can contain multiple BUNDLE groups. Any given bundled "m=" section MUST NOT be associated with more than one BUNDLE group at any given time.¶
NOTE: The order of the "m=" sections listed in the SDP 'group:BUNDLE' attribute identification-tag list does not have to be the same as the order in which the "m=" sections occur in the SDP.¶
The multiplexing category [RFC8859] for the 'group:BUNDLE' attribute is 'NORMAL'.¶
Section 7 defines the detailed SDP offer/answer procedures for the BUNDLE extension.¶
This section defines a new SDP media-level attribute [RFC4566], 'bundle-only'. 'bundle-only' is a property attribute [RFC4566]; hence, it has no value.¶
In order to ensure that an answerer that does not support the BUNDLE extension always rejects a bundled "m=" section in an offer, the offerer can assign a zero port value to the "m=" section. According to [RFC3264], an answerer will reject such an "m=" section. By including an SDP 'bundle-only' attribute in a bundled "m=" section, the offerer can request that the answerer accept the "m=" section only if the answerer supports the BUNDLE extension and if the answerer keeps the "m=" section within the associated BUNDLE group.¶
The usage of the 'bundle-only' attribute is only defined for a bundled "m=" section with a zero port value. Other usage is unspecified. If an offerer or answerer receives a 'bundle-only' attribute in a non-bundled "m=" section, the offerer or answerer MUST discard the attribute.¶
Section 7 defines the detailed SDP offer/answer procedures for the 'bundle-only' attribute.¶
This section describes the SDP offer/answer [RFC3264] procedures for:¶
The generic rules and procedures defined in [RFC3264] and [RFC5888] also apply to the BUNDLE extension. For example, if an offer is rejected by the answerer, the previously negotiated addresses:ports, SDP parameters, and characteristics (including those associated with a BUNDLE group) apply. Hence, if an offerer generates an offer in order to negotiate a BUNDLE group and the answerer rejects the offer, the BUNDLE group is not created.¶
The procedures in this section are independent of the media type or "m=" line proto value assigned to a bundled "m=" section. Section 6 defines additional considerations for the usage of the SDP 'bundle-only' attribute. Section 9 defines additional considerations for RTP-based media. Section 10 defines additional considerations for the usage of the ICE mechanism [RFC8445].¶
Offers and answers can contain multiple BUNDLE groups. The procedures in this section apply independently to a given BUNDLE group.¶
This section describes generic restrictions associated with the usage of SDP parameters within a BUNDLE group. It also describes how to calculate a value for the whole BUNDLE group, when parameter and attribute values have been assigned to each bundled "m=" section.¶
The "c=" line nettype value [RFC4566] associated with a bundled "m=" section MUST be 'IN'.¶
The "c=" line addrtype value [RFC4566] associated with a bundled "m=" section MUST be 'IP4' or 'IP6'. The same value MUST be associated with each "m=" section.¶
NOTE: Extensions to this specification can specify usage of the BUNDLE mechanism for other nettype and addrtype values than the ones listed above.¶
An offerer and answerer MUST use the rules and restrictions defined in [RFC8859] for associating the SDP bandwidth ("b=") line with bundled "m=" sections.¶
An offerer and answerer MUST include SDP attributes in every bundled "m=" section where applicable, following the normal offer/answer procedures for each attribute, with the following exceptions:¶
NOTE: A consequence of the rules above is that media-specific IDENTICAL and TRANSPORT multiplexing category SDP attributes that are applicable only to some of the bundled "m=" sections within the BUNDLE group might appear in the tagged "m=" section for which they are not applicable. For instance, the tagged "m=" section might contain an SDP 'rtcp-mux' attribute even if the tagged "m=" section does not describe RTP-based media (but another bundled "m=" section within the BUNDLE group does describe RTP-based media).¶
The procedures in this section apply to the first offer within an SDP session (e.g., a SIP dialog when SIP [RFC3261] is used to carry SDP) in which the offerer indicates that it wants to negotiate a given BUNDLE group. This could occur in the initial offer, or in a subsequent offer, of the SDP session.¶
When an offerer generates an initial BUNDLE offer, in order to negotiate a BUNDLE group, it MUST:¶
NOTE: When the offerer assigns unique addresses:ports to multiple bundled "m=" sections, the offerer needs to be prepared to receive bundled media on each unique address:port until it receives the associated answer and finds out which bundled "m=" section (and associated address:port combination) the answerer has selected as the offerer-tagged "m=" section.¶
If the offerer wants to request that the answerer accept a given bundled "m=" section only if the answerer keeps the "m=" section within the negotiated BUNDLE group, the offerer MUST:¶
NOTE: If the offerer assigns a zero port value to a bundled "m=" section but does not include an SDP 'bundle-only' attribute in the "m=" section, it is an indication that the offerer wants to disable the "m=" section (Section 7.5.3).¶
Sections 7.2.2 and 18.1 show an example of an initial BUNDLE offer.¶
In the initial BUNDLE offer, the bundled "m=" section indicated by the offerer BUNDLE-tag is the suggested offerer-tagged "m=" section. The address:port combination associated with the "m=" section will be used by the offerer for sending and receiving bundled media if the answerer selects the "m=" section as the offerer-tagged "m=" section (Section 7.3.1). In addition, if the answerer selects the "m=" section as the offerer-tagged "m=" section, the BUNDLE attributes included in the "m=" section will be applied to each "m=" section within the negotiated BUNDLE group.¶
The offerer MUST NOT suggest a bundle-only "m=" section as the offerer-tagged "m=" section.¶
It is RECOMMENDED that the suggested offerer-tagged "m=" section be a bundled "m=" section which the offerer believes is unlikely to be rejected or moved out of the BUNDLE group by the answerer. How such an assumption is made is outside the scope of this document.¶
The following example shows an initial BUNDLE offer. The offer includes two "m=" sections in the offer and suggests that both "m=" sections be included in a BUNDLE group. The audio "m=" section is the suggested offerer-tagged "m=" section, indicated by placing the identification-tag associated with the "m=" section (offerer BUNDLE-tag) first in the SDP 'group:BUNDLE' attribute identification-id list.¶
SDP Offer¶
v=0 o=alice 2890844526 2890844526 IN IP6 2001:db8::3 s= c=IN IP6 2001:db8::3 t=0 0 a=group:BUNDLE foo bar m=audio 10000 RTP/AVP 0 8 97 b=AS:200 a=mid:foo a=rtcp-mux a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:97 iLBC/8000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 10002 RTP/AVP 31 32 b=AS:1000 a=mid:bar a=rtcp-mux a=rtpmap:31 H261/90000 a=rtpmap:32 MPV/90000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid¶
The following example shows an initial BUNDLE offer. The offer includes two "m=" sections in the offer and suggests that both "m=" sections are included in a BUNDLE group. The offerer includes an SDP 'bundle-only' attribute in the video "m=" section to request that the answerer accept the "m=" section only if the answerer supports the BUNDLE extension and if the answerer keeps the "m=" section within the associated BUNDLE group. The audio "m=" section is the suggested offerer-tagged "m=" section, indicated by placing the identification-tag associated with the "m=" section (offerer BUNDLE-tag) first in the SDP 'group:BUNDLE' attribute identification-id list.¶
SDP Offer¶
v=0 o=alice 2890844526 2890844526 IN IP6 2001:db8::3 s= c=IN IP6 2001:db8::3 t=0 0 a=group:BUNDLE foo bar m=audio 10000 RTP/AVP 0 8 97 b=AS:200 a=mid:foo a=rtcp-mux a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:97 iLBC/8000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 0 RTP/AVP 31 32 b=AS:1000 a=mid:bar a=bundle-only a=rtpmap:31 H261/90000 a=rtpmap:32 MPV/90000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid¶
When an answerer generates an answer (initial BUNDLE answer or subsequent) that contains a BUNDLE group, the following general SDP Grouping Framework restrictions, defined in [RFC5888], also apply to the BUNDLE group:¶
In addition, when an answerer generates an answer (initial BUNDLE answer or subsequent) that contains a BUNDLE group, the answerer MUST:¶
If the answerer does not want to keep an "m=" section within a BUNDLE group, it MUST:¶
The answerer can modify the answerer BUNDLE address:port, add and remove SDP attributes, or modify SDP attribute values in a subsequent answer. Changes to the answerer BUNDLE address:port and the answerer BUNDLE attributes will be applied to each bundled "m=" section within the BUNDLE group.¶
NOTE: If a bundled "m=" section in an offer contains a zero port value, but the "m=" section does not contain an SDP 'bundle-only' attribute, it is an indication that the offerer wants to disable the "m=" section (Section 7.5.3).¶
When selecting the offerer-tagged "m=" section, the answerer MUST first check whether the "m=" section fulfills the following criteria (Section 7.2.1):¶
If all of the criteria above are fulfilled, the answerer MUST select the "m=" section as the offerer-tagged "m=" section and MUST also mark the corresponding "m=" section in the answer as the answerer-tagged "m=" section. In the answer, the answerer BUNDLE-tag indicates the answerer-tagged "m=" section.¶
If one or more of the criteria are not fulfilled, the answerer MUST pick the next identification-tag in the identification-tag list in the offer and perform the same criteria check for the "m=" section indicated by that identification-tag. If there are no more identification-tags in the identification-tag list, the answerer MUST NOT create the BUNDLE group. In addition, unless the answerer rejects the whole offer, the answerer MUST apply the answerer procedures for moving an "m=" section out of a BUNDLE group (Section 7.3.2) or rejecting an "m=" section within a BUNDLE group (Section 7.3.3) to every bundled "m=" section in the offer when creating the answer.¶
Section 18.1 shows an example of an offerer BUNDLE address:port selection.¶
Sections 7.3.4 and 18.1 show an example of an answerer-tagged "m=" section selection.¶
When an answerer generates the answer, the answerer MUST first check the following criteria if it wants to move a bundled "m=" section out of the negotiated BUNDLE group:¶
If either criterion above is fulfilled, the answerer cannot move the "m=" section out of the BUNDLE group in the answer. The answerer can reject the whole offer, reject each bundled "m=" section within the BUNDLE group (Section 7.3.3), or keep the "m=" section within the BUNDLE group in the answer and later create an offer where the "m=" section is moved out of the BUNDLE group (Section 7.5.2).¶
NOTE: One consequence of the rules above is that, once a BUNDLE group has been negotiated, a bundled "m=" section cannot be moved out of the BUNDLE group in an answer. Instead, an offer is needed.¶
When the answerer generates an answer in which it moves a bundled "m=" section out of a BUNDLE group, the answerer:¶
Because an answerer is not allowed to move an "m=" section from one BUNDLE group to another within an answer (Section 7.3), if the answerer wants to move an "m=" section from one BUNDLE group to another, it MUST first move the "m=" section out of the current BUNDLE group and then generate an offer where the "m=" section is added to another BUNDLE group (Section 7.5.1).¶
When an answerer wants to reject a bundled "m=" section in an answer, it MUST first check the following criterion:¶
If the criterion above is fulfilled, the answerer cannot reject the "m=" section in the answer. The answerer can reject the whole offer, reject each bundled "m=" section within the BUNDLE group, or keep the "m=" section within the BUNDLE group in the answer and later create an offer where the "m=" section is disabled within the BUNDLE group (Section 7.5.3).¶
When an answerer generates an answer in which it rejects a bundled "m=" section, the answerer:¶
The example below shows an answer based on the corresponding offer in Section 7.2.2. The answerer accepts both bundled "m=" sections within the created BUNDLE group. The audio "m=" section is the answerer-tagged "m=" section, indicated by placing the identification-tag associated with the "m=" section (answerer BUNDLE-tag) first in the SDP 'group:BUNDLE' attribute identification-id list.¶
SDP Answer¶
v=0 o=bob 2808844564 2808844564 IN IP6 2001:db8::1 s= c=IN IP6 2001:db8::1 t=0 0 a=group:BUNDLE foo bar m=audio 20000 RTP/AVP 0 b=AS:200 a=mid:foo a=rtcp-mux a=rtpmap:0 PCMU/8000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 20000 RTP/AVP 32 b=AS:1000 a=mid:bar a=rtpmap:32 MPV/90000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid¶
In [RFC8843], instead of assigning the offerer BUNDLE address:port to each "m=" section within the BUNDLE group when modifying the session (Section 7.5), the offerer only assigned the offerer BUNDLE address:port to the offerer-tagged "m=" section. For every other "m=" section within the BUNDLE group, the offerer included an SDP 'bundle-only' attribute in, and assigned a zero port value to, the "m=" section. The way an answerer compliant with this specification processes such offer is considered an implementation issue (e.g., based on whether the answerer needs to be backward compatible with offerers compliant with [RFC8843]) and is outside the scope of this specification. The example below shows such an SDP Offer:¶
SDP Offer¶
v=0 o=alice 2890844526 2890844526 IN IP6 2001:db8::3 s= c=IN IP6 2001:db8::3 t=0 0 a=group:BUNDLE foo bar m=audio 10000 RTP/AVP 0 8 97 b=AS:200 a=mid:foo a=rtcp-mux a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:97 iLBC/8000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 0 RTP/AVP 31 32 b=AS:1000 a=mid:bar a=bundle-only a=rtpmap:31 H261/90000 a=rtpmap:32 MPV/90000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid¶
When an offerer receives an answer, if the answer contains a BUNDLE group, the offerer MUST check that any bundled "m=" section in the answer was indicated as bundled in the corresponding offer (for the same BUNDLE group). If there is no mismatch, the offerer MUST apply the properties (BUNDLE address:port, BUNDLE attributes, etc.) of the offerer-tagged "m=" section (selected by the answerer; see Section 7.3.1) to each bundled "m=" section within the BUNDLE group.¶
NOTE: As the answerer might reject one or more bundled "m=" sections in an initial BUNDLE offer or move a bundled "m=" section out of a BUNDLE group, a given bundled "m=" section in the offer might not be indicated as bundled in the corresponding answer.¶
If the answer does not contain a BUNDLE group, the offerer MUST process the answer as a normal answer.¶
In [RFC8843], instead of assigning the answerer BUNDLE address:port to each "m=" section within the BUNDLE group when generating the SDP Answer (Section 7.3), the answerer only assigned the answerer BUNDLE address:port to the answerer-tagged "m=" section. For every other "m=" section within the BUNDLE group, the answerer included an SDP 'bundle-only' attribute in, and assigned a zero port value to, the "m=" section. The way an offerer compliant with this specification processes such an SDP Answer is considered an implementation issue (e.g., based on whether the answerer needs to be backward compatible with offerers compliant with [RFC8843]) and is outside the scope of this specification. The example below shows such an SDP Answer:¶
SDP Answer¶
v=0 o=bob 2808844564 2808844564 IN IP6 2001:db8::1 s= c=IN IP6 2001:db8::1 t=0 0 a=group:BUNDLE foo bar m=audio 20000 RTP/AVP 0 b=AS:200 a=mid:foo a=rtcp-mux a=rtpmap:0 PCMU/8000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 0 RTP/AVP 32 b=AS:1000 a=mid:bar a=bundle-only a=rtpmap:32 MPV/90000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid¶
When a BUNDLE group has been previously negotiated and an offerer generates a subsequent offer, the offerer MUST:¶
The offerer MUST NOT pick a given bundled "m=" section as the offerer-tagged "m=" section if:¶
The offerer can modify the offerer BUNDLE address:port, add and remove SDP attributes, or modify SDP attribute values in the subsequent offer. Changes to the offerer BUNDLE address:port and the offerer BUNDLE attributes will (if the offer is accepted by the answerer) be applied to each bundled "m=" section within the BUNDLE group.¶
When an offerer generates a subsequent offer in which it wants to add a bundled "m=" section to a previously negotiated BUNDLE group, the offerer follows the procedures in Section 7.5. The offerer picks either the added "m=" section or an "m=" section previously added to the BUNDLE group as the offerer-tagged "m=" section.¶
NOTE: As described in Section 7.3.2, the answerer cannot move the added "m=" section out of the BUNDLE group in its answer. If the answerer wants to move the "m=" section out of the BUNDLE group, it will have to first accept it into the BUNDLE group in the answer and then send a subsequent offer where the "m=" section is moved out of the BUNDLE group (Section 7.5.2).¶
When an offerer generates a subsequent offer in which it wants to remove a bundled "m=" section from a BUNDLE group, the offerer:¶
For the other bundled "m=" sections within the BUNDLE group, the offerer follows the procedures in Section 7.5.¶
An offerer MUST NOT move an "m=" section from one BUNDLE group to another within a single offer. If the offerer wants to move an "m=" section from one BUNDLE group to another, it MUST first move the BUNDLE group out of the current BUNDLE group and then generate a second offer where the "m=" section is added to another BUNDLE group (Section 7.5.1).¶
Section 18.4 shows an example of an offer for moving an "m=" section out of a BUNDLE group.¶
When an offerer generates a subsequent offer in which it wants to disable a bundled "m=" section from a BUNDLE group, the offerer:¶
For the other bundled "m=" sections within the BUNDLE group, the offerer follows the procedures in Section 7.5.¶
Section 18.5 shows an example of an offer and answer for disabling an "m=" section within a BUNDLE group.¶
In some third-party call control (3PCC) scenarios, a new session will be established between an endpoint that is currently part of an ongoing session and an endpoint that is not currently part of an ongoing session. In this situation, the endpoint that is not part of a session, while expecting an initial offer, can receive an SDP offer created as a subsequent offer. The text below describes how this can occur with the Session Initiation Protocol (SIP) [RFC3261].¶
SIP [RFC3261] allows a User Agent Client (UAC) to send a re-INVITE request without an SDP body (sometimes referred to as an "empty re-INVITE"). In such cases, the User Agent Server (UAS) will include an SDP Offer in the associated 200 (OK) response; when the UAS is a part of an ongoing SIP session, this offer will be a subsequent offer. This offer will be received by the 3PCC controller (UAC) and then forwarded to another User Agent (UA). When that UA is not part of an ongoing SIP session, as noted above, it will process the offer as an initial SDP offer.¶
When the BUNDLE mechanism is used, an initial BUNDLE offer is constructed using different rules than subsequent BUNDLE offers, and it cannot be assumed that a UA is able to correctly process a subsequent BUNDLE offer as an initial BUNDLE offer. Therefore, the 3PCC controller SHOULD take action to mitigate this problem, e.g., rewrite the subsequent BUNDLE offer into a valid initial BUNDLE offer (Section 7.2), before it forwards the BUNDLE offer to a UA.¶
Each "m=" section within a BUNDLE group MUST use the same transport- layer protocol. If bundled "m=" sections use different upper-layer protocols on top of the transport-layer protocol, there MUST exist a publicly available specification that describes how a mechanism associates received data with the correct protocol for this particular protocol combination.¶
In addition, if received data can be associated with more than one bundled "m=" section, there MUST exist a publicly available specification that describes a mechanism for associating the received data with the correct "m=" section.¶
This document describes a mechanism to identify the protocol of received data among the Session Traversal Utilities for NAT (STUN), Datagram Transport Layer Security (DTLS), and the Secure Real-time Transport Protocol (SRTP) (in any combination) when UDP is used as a transport-layer protocol, but it does not describe how to identify different protocols transported on DTLS. While the mechanism is generally applicable to other protocols and transport-layer protocols, any such use requires further specification that encompasses how to multiplex multiple protocols on a given transport-layer protocol and how to associate received data with the correct protocols.¶
Section 5.1.2 of [RFC5764] describes a mechanism to identify the protocol of a received packet among the STUN, DTLS, and SRTP protocols (in any combination). If an offer or answer includes a bundled "m=" section that represents these protocols, the offerer or answerer MUST support the mechanism described in [RFC5764], and no explicit negotiation is required in order to indicate support and usage of the mechanism.¶
[RFC5764] does not describe how to identify different protocols transported on DTLS, only how to identify the DTLS protocol itself. If multiple protocols are transported on DTLS, there MUST exist a specification describing a mechanism for identifying each individual protocol. In addition, if a received DTLS packet can be associated with more than one "m=" section, there MUST exist a specification that describes a mechanism for associating the received DTLS packets with the correct "m=" section.¶
Section 9.2 describes how to associate the packets in a received SRTP stream with the correct "m=" section.¶
All RTP-based media within a single BUNDLE group belong to a single RTP session [RFC3550].¶
Since a single BUNDLE transport is used for sending and receiving bundled media, the symmetric RTP mechanism [RFC4961] MUST be used for RTP-based bundled media.¶
Since a single RTP session is used for each BUNDLE group, all "m=" sections representing RTP-based media within a BUNDLE group will share a single synchronization source (SSRC) numbering space [RFC3550].¶
The following rules and restrictions apply for a single RTP session:¶
NOTE: The last bullet above is to avoid sending multiple media types from the same SSRC. If transmission of multiple media types is done with time overlap, RTP and RTCP fail to function. Even if done in the proper sequence, this causes RTP timestamp rate switching issues [RFC7160]. However, once an SSRC has left the RTP session (by sending an RTCP BYE packet), that SSRC can be reused by another source (possibly associated with a different bundled "m=" section) after a delay of 5 RTCP reporting intervals (the delay is to ensure the SSRC has timed out in case the RTCP BYE packet was lost [RFC3550]).¶
[RFC7657] defines Differentiated Services (Diffserv) considerations for RTP-based bundled media sent using a mixture of Diffserv Codepoints.¶
Multiple bundled "m=" sections might describe RTP-based media. As all RTP-based media associated with a BUNDLE group belong to the same RTP session, in order for a given payload type value to be used inside more than one bundled "m=" section, all codecs associated with the payload type number MUST share an identical codec configuration. This means that the codecs MUST share the same media type, encoding name, clock rate, and any parameter that can affect the codec configuration and packetization. [RFC8859] lists SDP attributes whose attribute values are required to be identical for all codecs that use the same payload type value.¶
As described in [RFC3550], RTP packets are associated with RTP streams [RFC7656]. Each RTP stream is identified by an SSRC value, and each RTP packet includes an SSRC field that is used to associate the packet with the correct RTP stream. RTCP packets also use SSRCs to identify which RTP streams the packet relates to. However, an RTCP packet can contain multiple SSRC fields in the course of providing feedback or reports on different RTP streams; therefore, they can be associated with multiple such streams.¶
In order to be able to process received RTP/RTCP packets correctly, it MUST be possible to associate an RTP stream with the correct "m=" section, as the "m=" section and SDP attributes associated with the "m=" section contain information needed to process the packets.¶
As all RTP streams associated with a BUNDLE group use the same transport for sending and receiving RTP/RTCP packets, the local address:port combination part of the transport cannot be used to associate an RTP stream with the correct "m=" section. In addition, multiple RTP streams might be associated with the same "m=" section.¶
An offerer and answerer can inform each other which SSRC values they will use for an RTP stream by using the SDP 'ssrc' attribute [RFC5576]. However, an offerer will not know which SSRC values the answerer will use until the offerer has received the answer providing that information. Due to this, before the offerer has received the answer, the offerer will not be able to associate an RTP stream with the correct "m=" section using the SSRC value associated with the RTP stream. In addition, the offerer and answerer may start using new SSRC values mid-session, without informing each other about using the SDP 'ssrc' attribute.¶
In order for an offerer and answerer to always be able to associate an RTP stream with the correct "m=" section, the offerer and answerer using the BUNDLE extension MUST support the mechanism defined in Section 15, where the offerer and answerer insert the identification-tag associated with an "m=" section (provided by the remote peer) into RTP and RTCP packets associated with a BUNDLE group.¶
When using this mechanism, the mapping from an SSRC to an identification-tag is carried in RTP header extensions or RTCP SDES packets, as specified in Section 15. Since a compound RTCP packet can contain multiple RTCP SDES packets and each RTCP SDES packet can contain multiple chunks, a single RTCP packet can contain several mappings of SSRC to identification-tag. The offerer and answerer maintain tables used for routing that are updated each time an RTP/RTCP packet contains new information that affects how packets are to be routed.¶
However, some legacy implementations may not include this identification-tag in their RTP and RTCP traffic when using the BUNDLE mechanism and instead use a mechanism based on the payload type to associate RTP streams with SDP "m=" sections. In this situation, each "m=" section needs to use unique payload type values in order for the payload type to be a reliable indicator of the relevant "m=" section for the RTP stream. If an implementation fails to ensure unique payload type values, it will be impossible to associate the RTP stream using that payload type value to a particular "m=" section. Note that when using the payload type to associate RTP streams with "m=" sections, an RTP stream, identified by its SSRC, will be mapped to an "m=" section when the first packet of that RTP stream is received, and the mapping will not be changed even if the payload type used by that RTP stream changes. In other words, the SSRC cannot "move" to a different "m=" section simply by changing the payload type.¶
Applications can implement RTP stacks in different ways. The algorithm below details one way that RTP streams can be associated with "m=" sections, but it is not meant to be prescriptive about exactly how an RTP stack needs to be implemented. Applications MAY use any algorithm that achieves equivalent results to those described in the algorithm below.¶
To prepare to associate RTP streams with the correct "m=" section, the following steps MUST be followed for each BUNDLE group:¶
As "m=" sections are added or removed from the BUNDLE groups or their configurations are changed, the tables above MUST also be updated.¶
When an RTP packet is received, it MUST be delivered to the RTP stream corresponding to its SSRC. That RTP stream MUST then be associated with the correct "m=" section within a BUNDLE group for additional processing, according to the following steps:¶
If the RTP packet contains one or more contributing source (CSRC) identifiers, then each CSRC is looked up in the incoming SSRC table, and a copy of the RTP packet is associated with the corresponding "m=" section for additional processing.¶
For each RTCP packet received (including each RTCP packet that is part of a compound RTCP packet), the packet is processed as usual by the RTP layer, then associated with the appropriate "m=" sections and processed for the RTP streams represented by those "m=" sections. This routing is type dependent, as each kind of RTCP packet has its own mechanism for associating it with the relevant RTP streams.¶
RTCP packets that cannot be associated with an appropriate "m=" section MUST still be processed as usual by the RTP layer, which updates the metadata associated with the corresponding RTP streams. This situation can occur with certain multiparty RTP topologies or when RTCP packets are sent containing a subset of the SDES information.¶
Additional rules for processing various types of RTCP packets are explained below.¶
If the RTCP packet is a feedback packet that does not include target SSRCs in its FCI section, and the media source SSRC is found in the outgoing SSRC table, deliver the feedback packet to the "m=" section associated with that SSRC. RTPFB and PSFB types that are handled in this way include:¶
If the RTCP packet is a feedback request that includes a target SSRC(s), for each target SSRC that is found in the outgoing SSRC table, deliver a copy of the RTCP packet to the "m=" section associated with that SSRC. PSFB and RTPFB types that are handled in this way include:¶
If the RTCP packet is a feedback notification that includes a target SSRC(s), for each target SSRC that is found in the incoming SSRC table, deliver a copy of the RTCP packet to the "m=" section associated with the RTP stream with a matching SSRC. PSFB and RTPFB types that are handled in this way include:¶
Within a BUNDLE group, the offerer and answerer MUST enable RTP/RTCP multiplexing [RFC5761] for the RTP-based bundled media (i.e., the same transport will be used for both RTP packets and RTCP packets). In addition, the offerer and answerer MUST support the SDP 'rtcp-mux-only' attribute [RFC8858].¶
This section describes how an offerer and answerer use the SDP 'rtcp-mux' [RFC5761] and SDP 'rtcp-mux-only' attributes [RFC8858] to negotiate usage of RTP/RTCP multiplexing for RTP-based bundled media.¶
RTP/RTCP multiplexing only applies to RTP-based media. However, as described in Section 7.1.3, within an offer or answer, the SDP 'rtcp-mux' and SDP 'rtcp-mux-only' attributes might be included in a bundled "m=" section for non-RTP-based media (if such an "m=" section is the offerer-tagged "m=" section or answerer-tagged "m=" section).¶
When an offerer generates an initial BUNDLE offer, if the offer contains one or more bundled "m=" sections for RTP-based media (or if there is a chance that "m=" sections for RTP-based media will later be added to the BUNDLE group), the offerer MUST include an SDP 'rtcp-mux' attribute [RFC5761] in each bundled "m=" section (excluding any bundle-only "m=" sections). In addition, the offerer MAY include an SDP 'rtcp-mux-only' attribute [RFC8858] in one or more bundled "m=" sections for RTP-based media.¶
NOTE: Whether the offerer includes the SDP 'rtcp-mux-only' attribute depends on whether the offerer supports fallback to usage of a separate port for RTCP in case the answerer moves one or more "m=" sections for RTP-based media out of the BUNDLE group in the answer.¶
NOTE: If the offerer includes an SDP 'rtcp-mux' attribute in the bundled "m=" sections but does not include an SDP 'rtcp-mux-only' attribute, the offerer can also include an SDP 'rtcp' attribute [RFC3605] in one or more RTP-based bundled "m=" sections in order to provide a fallback port for RTCP, as described in [RFC5761]. However, the fallback port will only be applied to "m=" sections for RTP-based media that are moved out of the BUNDLE group by the answerer.¶
In the initial BUNDLE offer, the address:port combination for RTCP MUST be unique in each bundled "m=" section for RTP-based media (excluding a bundle-only "m=" section), similar to RTP.¶
When an answerer generates an answer, if the answerer supports RTP-based media and if a bundled "m=" section in the corresponding offer contained an SDP 'rtcp-mux' attribute, the answerer MUST enable usage of RTP/RTCP multiplexing, even if there currently are no bundled "m=" sections for RTP-based media within the BUNDLE group. The answerer MUST include an SDP 'rtcp-mux' attribute in the answerer-tagged "m=" section, following the procedures for BUNDLE attributes (Section 7.1.3). In addition, if the "m=" section that is selected as the offerer-tagged "m=" section contained an SDP 'rtcp-mux-only' attribute, the answerer MUST include an SDP 'rtcp-mux-only' attribute in the answerer-tagged "m=" section.¶
In an initial BUNDLE offer, if the suggested offerer-tagged "m=" section contained an SDP 'rtcp-mux-only' attribute, the "m=" section was for RTP-based media. If the answerer does not accept the "m=" section in the created BUNDLE group and moves the "m=" section out of the BUNDLE group (Section 7.3.2), the answerer MUST include the attribute in the moved "m=" section and enable RTP/RTCP multiplexing for the media associated with the "m=" section. If the answerer rejects the "m=" section (Section 7.3.3), the answerer MUST NOT include the attribute.¶
The answerer MUST NOT include an SDP 'rtcp' attribute in any bundled "m=" section in the answer. The answerer will use the port value of the offerer-tagged "m=" section sending RTP and RTCP packets associated with RTP-based bundled media towards the offerer.¶
If the usage of RTP/RTCP multiplexing within a BUNDLE group has been negotiated in a previous offer/answer exchange, the answerer MUST include an SDP 'rtcp-mux' attribute in the answerer-tagged "m=" section. It is not possible to disable RTP/RTCP multiplexing within a BUNDLE group.¶
When an offerer receives an answer, if the answerer has accepted the usage of RTP/RTCP multiplexing (Section 9.3.1.2), the answerer follows the procedures for RTP/RTCP multiplexing defined in [RFC5761]. The offerer will use the port value of the answerer-tagged "m=" section for sending RTP and RTCP packets associated with RTP-based bundled media towards the answerer.¶
NOTE: It is considered a protocol error if the answerer has not accepted the usage of RTP/RTCP multiplexing for RTP-based "m=" sections that the answerer included in the BUNDLE group.¶
When an offerer generates a subsequent offer, the offerer MUST include an SDP 'rtcp-mux' attribute in the offerer-tagged "m=" section, following the procedures for IDENTICAL multiplexing category attributes in Section 7.1.3.¶
This section describes how to use the BUNDLE grouping extension together with the ICE mechanism [RFC8445].¶
The generic procedures for negotiating the usage of ICE using SDP, defined in [RFC8839], also apply to the usage of ICE with BUNDLE, with the following exceptions:¶
NOTE: Most ICE-related media-level SDP attributes belong to the TRANSPORT multiplexing category [RFC8859], and the generic SDP attribute offer/answer considerations for the TRANSPORT multiplexing category apply to the attributes. However, in the case of ICE-related attributes, the same considerations also apply to ICE-related media-level attributes that belong to other multiplexing categories.¶
NOTE: The following ICE-related media-level SDP attributes are defined in [RFC8839]: 'candidate', 'remote-candidates', 'ice-mismatch', 'ice-ufrag', 'ice-pwd', and 'ice-pacing'.¶
Initially, before ICE has produced selected candidate pairs that will be used for media, there might be multiple transports established (if multiple candidate pairs are tested). Once ICE has selected candidate pairs, they form the BUNDLE transport.¶
Support and usage of the ICE mechanism together with the BUNDLE extension is OPTIONAL, and the procedures in this section only apply when the ICE mechanism is used. Note that applications might mandate usage of the ICE mechanism even if the BUNDLE extension is not used.¶
NOTE: If the Trickle ICE mechanism [RFC8840] is used, an offerer and answerer might assign a port value of '9' and an IPv4 address of '0.0.0.0' (or, the IPv6 equivalent '::') to multiple bundled "m=" sections in the initial BUNDLE offer. The offerer and answerer will follow the normal procedures for generating the offers and answers, including picking a bundled "m=" section as the suggested offerer-tagged "m=" section, selecting the tagged "m=" sections, etc. The only difference is that media cannot be sent until one or more candidates have been provided. Once a BUNDLE group has been negotiated, trickled candidates associated with a bundled "m=" section will be applied to all bundled "m=" sections within the BUNDLE group.¶
One or more media streams within a BUNDLE group might use the DTLS protocol [RFC6347] in order to encrypt the data or negotiate encryption keys if another encryption mechanism is used to encrypt media.¶
When DTLS is used within a BUNDLE group, the following rules apply:¶
NOTE: The inclusion of the 'use_srtp' extension during the initial DTLS handshake ensures that a DTLS renegotiation will not be required in order to include the extension in case DTLS-SRTP encrypted media is added to the BUNDLE group later during the multimedia session.¶
When RTP header extensions [RFC8285] are used in the context of this specification, the identifier used for a given extension MUST identify the same extension across all the bundled media descriptions.¶
This section updates [RFC3264] in order to allow extensions to define the usage of a zero port value in offers and answers for purposes other than removing or disabling media streams. The following sections are being updated:¶
For recvonly and sendrecv streams, the port number and address in the offer indicate where the offerer would like to receive the media stream. For sendonly RTP streams, the address and port number indirectly indicate where the offerer wants to receive RTCP reports. Unless there is an explicit indication otherwise, reports are sent to the port number one higher than the number indicated. The IP address and port present in the offer indicate nothing about the source IP address and source port of RTP and RTCP packets that will be sent by the offerer. A port number of zero in the offer indicates that the stream is offered but MUST NOT be used. This has no useful semantics in an initial offer, but is allowed for reasons of completeness, since the answer can contain a zero port indicating a rejected stream (Section 6). Furthermore, existing streams can be terminated by setting the port to zero (Section 8). In general, a port number of zero indicates that the media stream is not wanted.¶
For recvonly and sendrecv streams, the port number and address in the offer indicate where the offerer would like to receive the media stream. For sendonly RTP streams, the address and port number indirectly indicate where the offerer wants to receive RTCP reports. Unless there is an explicit indication otherwise, reports are sent to the port number one higher than the number indicated. The IP address and port present in the offer indicate nothing about the source IP address and source port of the RTP and RTCP packets that will be sent by the offerer. By default, a port number of zero in the offer indicates that the stream is offered but MUST NOT be used, but an extension mechanism might specify different semantics for the usage of a zero port value. Furthermore, existing streams can be terminated by setting the port to zero (Section 8). In general, a port number of zero by default indicates that the media stream is not wanted.¶
RFC 2543 [10] specified that placing a user on hold was accomplished by setting the connection address to 0.0.0.0. Its usage for putting a call on hold is no longer recommended, since it doesn't allow for RTCP to be used with held streams, doesn't work with IPv6, and breaks with connection oriented media. However, it can be useful in an initial offer when the offerer knows it wants to use a particular set of media streams and formats, but doesn't know the addresses and ports at the time of the offer. Of course, when used, the port number MUST NOT be zero, which would specify that the stream has been disabled. An agent MUST be capable of receiving SDP with a connection address of 0.0.0.0, in which case it means that neither RTP nor RTCP should be sent to the peer.¶
RFC 2543 [RFC2543] specifies that placing a user on hold was accomplished by setting the connection address to 0.0.0.0. Its usage for putting a call on hold is no longer recommended, since it doesn't allow for RTCP to be used with held streams, doesn't work with IPv6, and breaks with connection oriented media. However, it can be useful in an initial offer when the offerer knows it wants to use a particular set of media streams and formats, but doesn't know the addresses and ports at the time of the offer. Of course, when used, the port number MUST NOT be zero, if it would specify that the stream has been disabled. However, an extension mechanism might specify different semantics of the zero port number usage. An agent MUST be capable of receiving SDP with a connection address of 0.0.0.0, in which case it means that neither RTP nor RTCP is to be sent to the peer.¶
This section updates RFC 5888 [RFC5888] in order for extensions to allow an SDP 'group' attribute containing an identification-tag that identifies an "m=" section with the port set to zero. "Group Value in Answers" (Section 9.2 of [RFC5888]) is updated.¶
SIP entities refuse media streams by setting the port to zero in the corresponding "m" line. "a=group" lines MUST NOT contain identification-tags that correspond to "m" lines with the port set to zero.¶
SIP entities refuse media streams by setting the port to zero in the corresponding "m" line. "a=group" lines MUST NOT contain identification-tags that correspond to "m" lines with the port set to zero, but an extension mechanism might specify different semantics for including identification-tags that correspond to such "m=" lines.¶
Offerers and answerers [RFC3264] can associate identification-tags with "m=" sections within offers and answers using the procedures in [RFC5888]. Each identification-tag uniquely represents an "m=" section.¶
This section defines a new RTCP SDES item [RFC3550], 'MID', which is used to carry identification-tags within RTCP SDES packets. This section also defines a new RTP SDES header extension [RFC7941], which is used to carry the 'MID' RTCP SDES item in RTP packets.¶
The SDES item and RTP SDES header extension make it possible for a receiver to associate each RTP stream with a specific "m=" section with which the receiver has associated an identification-tag, even if those "m=" sections are part of the same RTP session. The RTP SDES header extension also ensures that the media recipient gets the identification-tag upon receipt of the first decodable media and is able to associate the media with the correct application.¶
A media recipient informs the media sender about the identification-tag associated with an "m=" section through the use of a 'mid' attribute [RFC5888]. The media sender then inserts the identification-tag in RTCP and RTP packets sent to the media recipient.¶
NOTE: The text above defines how identification-tags are carried in offers and answers. The usage of other signaling protocols for carrying identification-tags is not prevented, but the usage of such protocols is outside the scope of this document.¶
[RFC3550] defines general procedures regarding the RTCP transmission interval. The RTCP MID SDES item SHOULD be sent in the first few RTCP packets after joining the session and SHOULD be sent regularly thereafter. The exact number of RTCP packets in which this SDES item is sent is intentionally not specified here, as it will depend on the expected packet-loss rate, the RTCP reporting interval, and the allowable overhead.¶
The RTP SDES header extension for carrying the 'MID' RTCP SDES SHOULD be included in some RTP packets at the start of the session and whenever the SSRC changes. It might also be useful to include the header extension in RTP packets that comprise access points in the media (e.g., with video I-frames). The exact number of RTP packets in which this header extension is sent is intentionally not specified here, as it will depend on expected packet-loss rate and loss patterns, the overhead the application can tolerate, and the importance of immediate receipt of the identification-tag.¶
For robustness, endpoints need to be prepared for situations where the reception of the identification-tag is delayed and SHOULD NOT terminate sessions in such cases, as the identification-tag is likely to arrive soon.¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MID=15 | length | identification-tag ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+¶
The identification-tag payload is UTF-8 encoded [RFC3629], as in SDP.¶
The identification-tag is not zero terminated.¶
The payload, containing the identification-tag, of the RTP SDES header extension element can be encoded using either the 1-byte or the 2-byte header [RFC7941]. The identification-tag payload is UTF-8 encoded, as in SDP.¶
The identification-tag is not zero terminated. Note that the set of header extensions included in the packet needs to be padded to the next 32-bit boundary using zero bytes [RFC8285].¶
As the identification-tag is included in an RTCP SDES item, an RTP SDES header extension, or both, there needs to be some consideration about the packet expansion caused by the identification-tag. To avoid Maximum Transmission Unit (MTU) issues for the RTP packets, the header extension's size needs to be taken into account when encoding the media.¶
It is recommended that the identification-tag be kept short. Due to the properties of the RTP header extension mechanism, when using the 1-byte header, a tag that is 1-3 bytes will result in a minimal number of 32-bit words used for the RTP SDES header extension, in case no other header extensions are included at the same time. Note: do take into account that some single characters when UTF-8 encoded will result in multiple octets. The identification-tag MUST NOT contain any user information, and applications SHALL avoid generating the identification-tag using a pattern that enables user or application identification.¶
NOTE: Apart from the references, the IANA considerations in this section are identical to those in [RFC8843].¶
This document updates the MID SDES entry in the "RTP SDES Item Types" registry as follows:¶
This document updates the extension URI in the "RTP SDES Compact Header Extensions" subregistry of the "RTP Compact Header Extensions" sub-registry, according to the following data:¶
The SDES item does not reveal privacy information about the users. It is simply used to associate RTP-based media with the correct SDP media description ("m=" section) in the SDP used to negotiate the media.¶
The purpose of the extension is for the offerer to be able to associate received multiplexed RTP-based media before the offerer receives the associated answer.¶
This document updates the SDP media-level attribute, 'bundle-only', in the "attribute-name (formerly 'att-field')" subregistry of the "Session Description Protocol (SDP) Parameters" registry according to the following data:¶
This document updates the following semantics in the "Semantics for the 'group' SDP Attribute" subregistry (under the "Session Description Protocol (SDP) Parameters" registry):¶
Semantics | Token | Mux Category | Reference |
---|---|---|---|
Media bundling | BUNDLE | NORMAL | RFC 9143 |
The security considerations defined in [RFC3264] and [RFC5888] apply to the BUNDLE extension. BUNDLE does not change which information, e.g., RTP streams, flows over the network, except for the usage of the MID SDES item as discussed below. Primarily, it changes which addresses and ports, and thus in which (RTP) sessions, the information flows to. This affects the security contexts being used and can cause previously separated information flows to share the same security context. This has very little impact on the performance of the security mechanism of the RTP sessions. In cases where one would have applied different security policies on the different RTP streams being bundled or where the parties having access to the security contexts would have differed between the RTP streams, additional analysis of the implications is needed before selecting to apply BUNDLE.¶
The identification-tag, independent of transport, RTCP SDES packet, or RTP header extension, can expose the value to parties beyond the signaling chain. Therefore, the identification-tag values MUST be generated in a fashion that does not leak user information, e.g., randomly or using a per-bundle group counter, and SHOULD be 3 bytes or fewer to allow them to efficiently fit into the MID RTP header extension. Note that if implementations use different methods for generating identification-tags, this could enable fingerprinting of the implementation, making it vulnerable to targeted attacks. The identification-tag is exposed on the RTP stream level when included in the RTP header extensions; however, what it reveals of the RTP media stream structure of the endpoint and application was already possible to deduce from the RTP streams without the MID SDES header extensions. As the identification-tag is also used to route the media stream to the right application functionality, it is important that the value received is the one intended by the sender; thus, integrity and the authenticity of the source are important to prevent denial of service on the application. Existing SRTP configurations and other security mechanisms protecting the whole RTP/RTCP packets will provide the necessary protection.¶
When the BUNDLE extension is used, the set of configurations of the security mechanism used in all the bundled media descriptions will need to be compatible so that they can be used simultaneously, at least per direction or endpoint. When using SRTP, this will be the case, at least for the IETF-defined key-management solutions due to their SDP attributes ("a=crypto", "a=fingerprint", "a=mikey") and their classification in [RFC8859].¶
The security considerations of "RTP Header Extension for the RTP Control Protocol (RTCP) Source Description Items" [RFC7941] require that when RTCP is confidentiality protected, any SDES RTP header extension carrying an SDES item, such as the MID RTP header extension, is also protected using commensurate strength algorithms. However, assuming the above requirements and recommendations are followed, there are no known significant security risks with leaving the MID RTP header extension without confidentiality protection. Therefore, this specification updates [RFC7941] by adding the exception that this requirement MAY be ignored for the MID RTP header extension. Security mechanisms for RTP/RTCP are discussed in "Options for Securing RTP Sessions" [RFC7201]; for example, SRTP [RFC3711] can provide the necessary security functions of ensuring the integrity and source authenticity.¶
The example below shows:¶
SDP Offer (1)¶
v=0 o=alice 2890844526 2890844526 IN IP6 2001:db8::3 s= c=IN IP6 2001:db8::3 t=0 0 a=group:BUNDLE foo bar m=audio 10000 RTP/AVP 0 8 97 b=AS:200 a=mid:foo a=rtcp-mux a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:97 iLBC/8000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 10002 RTP/AVP 31 32 b=AS:1000 a=mid:bar a=rtcp-mux a=rtpmap:31 H261/90000 a=rtpmap:32 MPV/90000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid¶
SDP Answer (2)¶
v=0 o=bob 2808844564 2808844564 IN IP6 2001:db8::1 s= c=IN IP6 2001:db8::1 t=0 0 a=group:BUNDLE foo bar m=audio 20000 RTP/AVP 0 b=AS:200 a=mid:foo a=rtcp-mux a=rtpmap:0 PCMU/8000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 20000 RTP/AVP 32 b=AS:1000 a=mid:bar a=rtpmap:32 MPV/90000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid¶
The example below shows:¶
SDP Offer (1)¶
v=0 o=alice 2890844526 2890844526 IN IP6 2001:db8::3 s= c=IN IP6 2001:db8::3 t=0 0 a=group:BUNDLE foo bar m=audio 10000 RTP/AVP 0 8 97 b=AS:200 a=mid:foo a=rtcp-mux a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:97 iLBC/8000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 10002 RTP/AVP 31 32 b=AS:1000 a=mid:bar a=rtcp-mux a=rtpmap:31 H261/90000 a=rtpmap:32 MPV/90000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid¶
SDP Answer (2)¶
v=0 o=bob 2808844564 2808844564 IN IP6 2001:db8::1 s= c=IN IP6 2001:db8::1 t=0 0 m=audio 20000 RTP/AVP 0 b=AS:200 a=rtcp-mux a=rtpmap:0 PCMU/8000 m=video 30000 RTP/AVP 32 b=AS:1000 a=rtcp-mux a=rtpmap:32 MPV/90000¶
The example below shows:¶
SDP Offer (1)¶
v=0 o=alice 2890844526 2890844526 IN IP6 2001:db8::3 s= c=IN IP6 2001:db8::3 t=0 0 a=group:BUNDLE zen foo bar m=audio 10000 RTP/AVP 0 8 97 b=AS:200 a=mid:foo a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:97 iLBC/8000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 10000 RTP/AVP 31 32 b=AS:1000 a=mid:bar a=rtpmap:31 H261/90000 a=rtpmap:32 MPV/90000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 10000 RTP/AVP 66 b=AS:1000 a=mid:zen a=rtcp-mux a=rtpmap:66 H261/90000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid¶
SDP Answer (2)¶
v=0 o=bob 2808844564 2808844564 IN IP6 2001:db8::1 s= c=IN IP6 2001:db8::1 t=0 0 a=group:BUNDLE zen foo bar m=audio 20000 RTP/AVP 0 b=AS:200 a=mid:foo a=rtpmap:0 PCMU/8000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 20000 RTP/AVP 32 b=AS:1000 a=mid:bar a=rtpmap:32 MPV/90000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 20000 RTP/AVP 66 b=AS:1000 a=mid:zen a=rtcp-mux a=rtpmap:66 H261/90000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid¶
The example below shows:¶
SDP Offer (1)¶
v=0 o=alice 2890844526 2890844526 IN IP6 2001:db8::3 s= c=IN IP6 2001:db8::3 t=0 0 a=group:BUNDLE foo bar m=audio 10000 RTP/AVP 0 8 97 b=AS:200 a=mid:foo a=rtcp-mux a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:97 iLBC/8000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 10000 RTP/AVP 31 32 b=AS:1000 a=mid:bar a=rtpmap:31 H261/90000 a=rtpmap:32 MPV/90000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 50000 RTP/AVP 66 b=AS:1000 a=mid:zen a=rtcp-mux a=rtpmap:66 H261/90000¶
SDP Answer (2)¶
v=0 o=bob 2808844564 2808844564 IN IP6 2001:db8::1 s= c=IN IP6 2001:db8::1 t=0 0 a=group:BUNDLE foo bar m=audio 20000 RTP/AVP 0 b=AS:200 a=mid:foo a=rtcp-mux a=rtpmap:0 PCMU/8000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 20000 RTP/AVP 32 b=AS:1000 a=mid:bar a=rtpmap:32 MPV/90000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 60000 RTP/AVP 66 b=AS:1000 a=mid:zen a=rtcp-mux a=rtpmap:66 H261/90000¶
The example below shows:¶
SDP Offer (1)¶
v=0 o=alice 2890844526 2890844526 IN IP6 2001:db8::3 s= t=0 0 a=group:BUNDLE foo bar m=audio 10000 RTP/AVP 0 8 97 c=IN IP6 2001:db8::3 b=AS:200 a=mid:foo a=rtcp-mux a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:97 iLBC/8000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 10000 RTP/AVP 31 32 c=IN IP6 2001:db8::3 b=AS:1000 a=mid:bar a=rtpmap:31 H261/90000 a=rtpmap:32 MPV/90000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 0 RTP/AVP 66 a=mid:zen a=rtpmap:66 H261/90000¶
SDP Answer (2)¶
v=0 o=bob 2808844564 2808844564 IN IP6 2001:db8::1 s= t=0 0 a=group:BUNDLE foo bar m=audio 20000 RTP/AVP 0 c=IN IP6 2001:db8::1 b=AS:200 a=mid:foo a=rtcp-mux a=rtpmap:0 PCMU/8000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 20000 RTP/AVP 32 c=IN IP6 2001:db8::1 b=AS:1000 a=mid:bar a=rtpmap:32 MPV/90000 a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 0 RTP/AVP 66 a=mid:zen a=rtpmap:66 H261/90000¶
One of the main issues regarding the BUNDLE grouping extensions has been whether, in offers and answers, the same port value can be inserted in "m=" lines associated with a BUNDLE group, as the purpose of the extension is to negotiate the usage of a single transport for media specified by the "m=" sections. Issues with both approaches, discussed in Appendix A, have been raised. The outcome was to specify a mechanism that uses offers with both different and identical port values.¶
Below are the primary issues that have been considered when defining the "BUNDLE" grouping extension:¶
Consider the following SDP offer/answer exchange, where Alice sends an offer to Bob:¶
SDP Offer¶
v=0 o=alice 2890844526 2890844526 IN IP4 atlanta.example.com s= c=IN IP4 atlanta.example.com t=0 0 m=audio 10000 RTP/AVP 97 a=rtpmap:97 iLBC/8000 m=video 10002 RTP/AVP 97 a=rtpmap:97 H261/90000¶
SDP Answer¶
v=0 o=bob 2808844564 2808844564 IN IP4 biloxi.example.com s= c=IN IP4 biloxi.example.com t=0 0 m=audio 20000 RTP/AVP 97 a=rtpmap:97 iLBC/8000 m=video 20002 RTP/AVP 97 a=rtpmap:97 H261/90000¶
[RFC4961] specifies a way of doing symmetric RTP, but that is a later extension to RTP, and Bob cannot assume that Alice supports [RFC4961]. This means that Alice may be sending RTP from a different port than 10000 or 10002 -- some implementations simply send the RTP from an ephemeral port. When Bob's endpoint receives an RTP packet, the only way that Bob knows if the packet is to be passed to the video or audio codec is by looking at the port it was received on. This prompted some SDP implementations to use a port number as an index to find the correct "m=" line in the SDP, since each "m"= section contains a different port number. As a result, some implementations that do support symmetric RTP and ICE still use an SDP data structure where SDP with "m=" sections with the same port such as:¶
SDP Offer¶
v=0 o=alice 2890844526 2890844526 IN IP4 atlanta.example.com s= c=IN IP4 atlanta.example.com t=0 0 m=audio 10000 RTP/AVP 97 a=rtpmap:97 iLBC/8000 m=video 10000 RTP/AVP 98 a=rtpmap:98 H261/90000¶
will result in the second "m=" section being considered an SDP error because it has the same port as the first line.¶
In an offer or answer, the media specified by an "m=" section can be disabled/rejected by setting the port number value to zero. This is different from, e.g., using the SDP direction attributes, where RTCP traffic will continue even if the SDP 'inactive' attribute is indicated for the associated "m=" section.¶
If each "m=" section associated with a BUNDLE group were to contain different port values and one of those port values were used for a BUNDLE address:port associated with the BUNDLE group, problems would occur if an endpoint wants to disable/reject the "m=" section associated with that port by setting the port value to zero. After that, no "m=" section would contain the port value that is used for the BUNDLE address:port. In addition, it is unclear what would happen to the ICE candidates associated with the "m=" section, as they are also used for the BUNDLE address:port.¶
Some back-to-back user agents may be configured in a mode where if the incoming call leg contains an SDP attribute the B2BUA does not understand, the B2BUA still generates that SDP attribute in the Offer for the outgoing call leg. Consider a B2BUA that did not understand the SDP 'rtcp' attribute, defined in [RFC3605], yet acted this way. Further, assume that the B2BUA was configured to tear down any call where it did not see any RTCP for 5 minutes. In this case, if the B2BUA received an Offer like:¶
SDP Offer¶
v=0 o=alice 2890844526 2890844526 IN IP4 atlanta.example.com s= c=IN IP4 atlanta.example.com t=0 0 m=audio 49170 RTP/AVP 0 a=rtcp:53020¶
it would be looking for RTCP on port 49171 but would not see any because the RTCP would be on port 53020, and after five minutes, it would tear down the call. Similarly, a B2BUA that did not understand BUNDLE yet put it in its offer may be looking for media on the wrong port and tear down the call. It is worth noting that a B2BUA that generated an Offer with capabilities it does not understand is not compliant with the specifications.¶
Sometimes intermediaries do not act as B2BUAs, in the sense that they don't modify SDP bodies nor do they terminate SIP dialogs. However, they may still use SDP information (e.g., IP address and port) in order to control traffic gating functions and to set traffic policing rules. There might be rules that will trigger a session to be terminated in case media is not sent or received on the ports retrieved from the SDP. This typically occurs once the session is already established and ongoing.¶
Sometimes, intermediaries do not act as B2BUAs, in the sense that they don't modify SDP bodies nor do they terminate SIP dialogs. However, they may still use SDP information (e.g., codecs and media types) in order to control bandwidth allocation functions. The bandwidth allocation is done per "m=" section, which means that it might not be enough if media specified by all "m=" sections try to use that bandwidth. That may simply lead to either a bad user experience or termination of the call.¶
When using ICE, a candidate needs to be gathered for each port. This takes approximately 20 ms extra for each extra "m=" section due to the NAT pacing requirements. All of this gathering can be overlapped with other things while, e.g., a web page is loading to minimize the impact. If the client only wants to generate Traversal Using Relays around NAT (TURN) or STUN ICE candidates for one of the "m=" lines and then use Trickle ICE [RFC8838] to get the non-host ICE candidates for the rest of the "m=" sections, it MAY do that and will not need any additional gathering time.¶
Some people have suggested a TURN extension to get a bunch of TURN allocations at once. This would only provide a single STUN result, so in cases where the other end did not support BUNDLE, it may cause more use of the TURN server, but it would be quick in the cases where both sides supported BUNDLE and would fall back to a successful call in the other cases.¶
The usage of the SDP grouping extension for negotiating bundled media is based on similar alternatives proposed by Harald Alvestrand and Cullen Jennings. The BUNDLE extension described in this document is based on the different alternative proposals, and text (e.g., SDP examples) has been borrowed (and, in some cases, modified) from those alternative proposals.¶
The SDP examples are also modified versions from the ones in the Alvestrand proposal.¶
Thanks to Paul Kyzivat, Martin Thomson, Flemming Andreasen, Thomas Stach, Ari Keränen, Adam Roach, Christian Groves, Roman Shpount, Suhas Nandakumar, Nils Ohlmeier, Jens Guballa, Raju Makaraju, Justin Uberti, Taylor Brandstetter, Byron Campen, and Eric Rescorla for reading the text and providing useful feedback.¶
Thanks to Bernard Aboba, Peter Thatcher, Justin Uberti, and Magnus Westerlund for providing the text for the section on RTP/RTCP stream association.¶
Thanks to Magnus Westerlund, Colin Perkins, and Jonathan Lennox for providing help and text on the RTP/RTCP procedures.¶
Thanks to Charlie Kaufman for performing the Sec-Dir review.¶
Thanks to Linda Dunbar for performing the Gen-ART review.¶
Thanks to Spotify for providing music for the countless hours of document editing.¶