Session Description
Protocol (SDP) Alternate Connectivity (ALTC) AttributeFrance TelecomRennes35000Francemohamed.boucadair@orange.comAcme Packet71 Third Ave.BurlingtonMA01803USAhkaplan@acmepacket.comIndependentbob_gilman@comcast.netNokiaSimo.Veikkolainen@nokia.comThis document proposes a mechanism which allows to carry multiple IP
addresses, of different address families (e.g., IPv4, IPv6), in the same
SDP offer. The proposed attribute solves the backward compatibility
problem which plagued ANAT, due to its syntax.The proposed solution is applicable to scenarios where connectivity
checks are not required. If connectivity checks are required, ICE (RFC
5245) provides such a solution.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.Due to the IPv4 address exhaustion problem, IPv6 deployment is
becoming an urgent need, along with the need to properly handle IPv6
and IPv4 co-existence. The reality of IPv4-IPv6 co-existence
introduces heterogeneous scenarios with combinations of IPv4 and IPv6
nodes, some of which are capable of supporting both IPv4 and IPv6
dual-stack (DS) and some of which are capable of supporting only IPv4
or only IPv6. In this context, Session Initiation Protocol (SIP ) User Agents (UAs) need to be able to
indicate their available IP capabilities in order to increase the
ability to establish successful SIP sessions, and also to avoid
invocation of adaptation functions such as Application Layer Gateways
(ALGs) and IPv4-IPv6 interconnection functions (e.g., NAT64 ), and to avoid using private IPv4 addresses
through consumer NATs or Carrier Grade NATs (CGN, ).In the meantime, service providers are investigating scenarios to
upgrade their service offering to be IPv6-capable. The current
strategies involve either offering IPv6 only, for example to mobile
devices, or providing both IPv4 and IPv6 but with private IPv4
addresses which are NAT'ed by CGNs. In the latter case the end device
may be using "normal" IPv4 and IPv6 stacks and interfaces, or it may
tunnel the IPv4 packets though a DS-Lite stack integrated into the
host ; in either case the device has
both address families available from a SIP and media perspective.Regardless of the IPv6 transition strategy being used, it is
obvious that there will be a need for dual-stack SIP devices to
communicate with IPv4-only legacy UAs, and IPv6-only UAs, and other
dual-stack UAs. It may not, for example, be possible for a dual-stack
UA to communicate with an IPv6-only UA unless the dual-stack UA had a
means of providing the IPv6-only UA with its IPv6 local address for
media, while clearly it needs to provide a legacy IPv4-only device its
local IPv4 address. The communication must be possible in a
backwards-compatible fashion, such that IPv4-only SIP devices need not
support the new mechanism to communicate with dual-stack UAs.The current means by which multiple address families can be
communicated are through ANAT or ICE
. ANAT has serious
backwards-compatibility problems as described in , which effectively make it unusable, and it
is deprecated by the IETF . ICE at least
allows interoperability with legacy devices, by not doing ICE in such
cases, but it is a complicated and processing intensive mechanism, and
has seen limited deployment and implementation in SIP
applications.ALTC has been implemented as reported in ; no issue has
been reported in that document.This document proposes a new alternative: a backwards-compatible
syntax for indicating multiple media connection addresses and ports in
an SDP offer, which can immediately be selected from and used in an
SDP answer.The proposed mechanism is independent of the model described in
and does not require implementation of
sdp-capabilities-negotiations (a.k.a., SDPCapNeg) to function.It should be noted that "backwards-compatible" in this document
generally refers to working with legacy IPv4-only devices. The choice
has to be made, one way or the other, because to interoperate with
legacy devices requires constructing SDP bodies which they would
understand and support, such that they detect their local address
family in the SDP connection line. It is not possible to support
interworking with both legacy IPv4-only and legacy IPv6-only devices
with the same SDP offer. Clearly, there are far more legacy IPv4-only
devices in existence, and thus those are the ones assumed in this
document. However, the syntax allows for a UA to choose which address
family to be backwards-compatible with, in case it has some means of
determining it.Furthermore, even for cases where both sides support the same
address family, there should be a means by which the "best" address
family transport is used, based on what the UAs decide. The address
family which is "best" for a particular session cannot always be known
a priori. For example, in some cases the IPv4 transport may be better,
even if both UAs support IPv6.The proposed solution provides the following benefits:Allows a UA to signal more than one IP address (type) in the
same SDP offer/answer;Is backwards compatible. No parsing or semantic errors will be
experienced by a legacy UA or intermediary SIP nodes which do not
understand this new mechanism;Is as lightweight as possible to achieve the goal, while still
allowing and interoperating with nodes which support other similar
or related mechanisms;Is easily deployable in managed networks;Requires minimal increase of the length of the SDP offer (I.e.,
minimizes fragmentation risks).ALTC may also be useful for the multicast context (e.g., Section 3.4 of or
Section 3.3 of ).More detailed information about ALTC use cases is provided in .This document proposes an alternative scheme, as replacement to the
ANAT procedure , to carry several IP
address types in the same SDP offer/answer while preserving backward
compatibility.While clearly two UAs communicating directly at a SIP layer need to
be able to support the same address family for SIP itself, current SIP
deployments almost always have Proxy Servers or B2BUA's in the SIP
signaling path, which can provide the necessary interworking of the IP
address family at the SIP layer (e.g., ). SIP-layer address family interworking is
out of scope of this document. Instead, this document focuses on the
problem of communicating media address family capabilities in a
backwards-compatible fashion. Since media can go directly between two
UAs, without a priori knowledge by the UAC of which address family the
far-end UAS supports, it has to offer both, in a backwards-compatible
fashion.The ALTC mechanism defined in this document is primary meant for
managed networks. In particular, the following use cases were explicitly
considered:A dual-stack UAC initiating a SIP session without knowing the
address family of the ultimate target UAS.A UA receiving a SIP session request with SDP offer and wishes to
avoid using IPv4, or to avoid IPv6.An IPv6-only UA wishes to avoid using a NAT64 .A SIP UA behind a Dual-Stack Lite CGN .A SIP Service Provider or Enterprise domain of IPv4-only and/or
IPv6-only UA, which provides interworking by invoking IPv4-IPv6
media relays, wishes to avoid invoking such functions and let media
go end-to-end as much as possible.A SIP Service Provider or Enterprise domain of a UA, which
communicates with other domains and wishes to either avoid invoking
IPv4-IPv6 interworking or let media go end-to-end as much as
possible.A SIP Service Provider providing transit peering services for SIP
sessions, which may need to modify SDP in order to provide IPv4-IPv6
interworking, but would prefer to avoid such interworking or avoid
relaying media in general, as much as possible.SIP sessions using the new mechanism crossing legacy SDP-aware
middleboxes which may not understand this new mechanism.The ALTC mechanism relies solely on the SDP offer/answer mechanism,
with specific syntax to indicate alternative connection addresses. The
basic concept is to use a new SDP attribute "altc", to indicate the IP
addresses for potential alternative connection addresses. The address
which is most likely to get chosen for the session is in the normal
'c=' line. Typically in current operational networks this would be an
IPv4 address. The “a=altc” lines contain, in preference
order, the alternative addresses offered for this session. This way, a
dual-stack UA might encode its IPv4 address in the “c=”
line, while possibly preferring to use an IPv6 address by indicating
this by the “a=altc” attribute line ordering. One of the
“a=altc” lines duplicates the address contained in the
“c=” line, for reasons explained in ). The SDP answerer would indicate its chosen
address, by simply using that address family in the “c=”
line of its response.An example of an SDP offer using this mechanism is as follows when
IPv4 is considered most likely to be used for the session, but IPv6 is
preferred:If IPv6 was considered most likely to be used for the session, the
SDP offer would be as follows:Since an alternative address is likely to require an alternative
TCP/ UDP port number as well, the new “altc” attribute
includes both an IP address and a receive transport port number (or
multiple port numbers). The ALTC mechanism does not itself support
offering a different transport type (i.e., UDP vs. TCP), codec, nor
any other attribute. It is only intended for offering an alternative
IP address and port number.The use of an 'a=' attribute line is, according to , the primary means for extending SDP and
tailoring it to particular applications or media. A compliant SDP
parser will ignore the unsupported attribute lines.The rationale for encoding the same address and port in the
“a=altc” line as in the “m=” and
“c=” lines is to provide detection of legacy SDP-changing
middleboxes. Such systems may change the connection address and media
transport port numbers, but not support this new mechanism, and thus
two UAs supporting this mechanism would try to connect to the wrong
addresses. Therefore, the rules detailed in this document require the
SDP processor to check for matching altc and connection line addresses
and media ports, before choosing one of the alternatives.The altc attribute adheres to the
"attribute" production. The ABNF syntax
of altc is provided below:The meaning of the fields are listed hereafter:addrtype: the addrtype field as defined in for connection data.connection-address: a network address as defined in corresponding to the address type
specified by addrtype.port: the port number to be used, as defined in . Distinct port numbers may be used per IP
address type. If the specified address type does not require a
port number, a value defined for that address type should be
used.rtcp-port: Including an RTCP port is optional. An RTCP port may
be indicated in the alternative "c=" line when the RTCP port can
not be derived from the RTP port.The “altc” attribute is only applicable in an SDP
offer. The “altc” attribute is a media-level-only
attribute, and MUST NOT appear at the SDP session level (since it
defines a port number, it is inherently tied to the media level).
There MUST NOT be more than one “altc” attribute per
addrtype within each media description. This restriction is necessary
in order that the addrtype of the reply may be used by the offerer to
determine which alternative was accepted.The <addrtype>'s of the altc MUST correspond to the
<nettype> of the current connection (c=) line.A media description MUST contain two “altc” attributes:
the alternative address and an alternative port as well as an address
and port which "duplicates" the address/port information from the
current 'c=' and 'm=' lines. Each media level MUST contain at least
one such duplicate altc attribute, of the same IP address family,
address, and transport port number as those in the SDP connection and
media lines of its level. In particular, if a 'c=' line appears within
a media description, the addr-type and connection-address from that
'c=' line MUST be used in the duplicate “altc” attribute
for that media description. If a 'c=' line appears only at the session
level and a given media description does not have its own connection
line, then the duplicate “altc” attribute for that media
description MUST be the same as the session-level address
information.The “altc” attributes appearing within a media
description MUST be prioritized in order of appearance, with the first
altc given highest priority and the following altc attributes
prioritized in decending order. Given this rule, and the requirement
that the address information provided in the “m=” line and
“o=” line must be provided in an “altc”
attribute as well, it is possible that the address in the
“m=” line and “o=” line are not the preferred
choice.If the addrtype of an “altc” attribute is not
compatible with the transport protocol or media format specified in
the media description, that altc attribute MUST be ignored.Note that “a=altc” lines describe alternative
connection addresses, NOT addresses for parallel connections. When
several altc lines are present, multiple sessions establishment MUST
be avoided. Only one session is to be maintained with the remote party
for the associated media description.If no port number is indicated for the alternative address, the
same port number is used for all address families.In an SDP offer/answer model, the SDP offer includes
“altc” attributes to indicate alternative connection
information (i.e., address type, address and port number(s)),
including the "duplicate" connection information already identified
in the 'c=' and 'm=' lines.Additional, subsequent offers MAY include “altc”
attributes again, and may change the IP address, port numbers, and
order of preference; but they MUST include a duplicate
“altc” attribute for the connection and media lines in
that specific subsequent offer. In other words, every offered SDP
media description with an alternative address offer with an
“altc” attribute has two of them:- one duplicating the 'c=' and 'm=' line information for that
media description, and- one for the alternative,even though these need not be the same as the original SDP
offer.The purpose of encoding a duplicate “altc” attribute
is to allow receivers of the SDP offer to detect if a legacy
SDP-changing middle box has modified the 'c=' and/or 'm=' line
address/port information. If the SDP answerer does not find a
duplicate “altc” attribute value for which the address
and port match exactly those in the 'c=' line and 'm=' line, the SDP
answerer MUST ignore the “altc” attributes and use the
'c=' and 'm=' offered address/ports for the entire SDP instead, as
if no “altc” attributes were present. The rationale for
this is that many SDP-changing middleboxes will end the media
sessions if they do not detect media flowing through them; if a
middlebox modified the SDP addresses, media MUST be sent using the
modified information.Note that for RTCP, if applicable for the given media types, each
side would act as if the chosen “altc” attribute's port
number was in the 'm=' media line. Typically, this would mean RTCP
is sent to the odd +1 of the port number, unless some other
attribute determines otherwise. For example the RTP/RTCP
multiplexing mechanism defined in can
still be used with ALTC, such that if both sides support
multiplexing they will indicate so using the 'a=rtcp-mux' attribute
as defined in ; but the IP connection
address and port they use may be chosen using the ALTC
mechanism.If the SDP offerer wishes to use the RTCP attribute defined in
, a complication can arise since it
may not be clear which address choice the 'a=rtcp' attribute applies
to, relative the choices offered by ALTC. Technically RFC 3605
allows indicating the address for RTCP explicitly in the 'a=rtcp'
attribute itself, but this is optional and rarely used. For this
reason, this document recommends using 'a=rtcp' attribute to be for
the address choice encoded in the "m=" line, and include an
alternate RTCP port in the 'a=altc' attribute corresponding to the
alternative address. In other words, if the 'a=rtcp' attribute
explicitly encodes an address in its attribute, then that applies
for ALTC as per ; if it does not, then
ALTC assumes the 'a=rtcp' attribute is for the address in the "m="
line, and the alternative "altc" attribute include an RTCP alternate
port number.The SDP answer SHOULD NOT contain “altc” attributes,
as the answer's 'c=' line implicitly and definitively chooses the
address family from the offer and includes it in “c=”
and “m=” lines of the answer. Furthermore, this avoids
establishing several sessions simultaneously between the
participating peers.Any solution requiring the use of ALTC in SDP answer SHOULD
document its usage, in particular how sessions are established
between the participating peers.Since ICE also includes address
and port number information in its candidate attributes, a potential
problem arises: which one wins. Since ICE also includes specific ICE
attributes in the SDP answer, the problem is easily avoided: if the
SDP offerer supports both ALTC and ICE, it may include both sets of
attributes in the same SDP offer. A legacy ICE-only answerer will
simply ignore the ALTC attributes, and use ICE. An ALTC-only
answerer will ignore the ICE attributes and reply without them. An
answerer which supports both MUST choose one and only one of the
mechanisms to use: either ICE or ALTC (unless the 'm=' or 'c=' lines
were changed by a middlebox, in which case the rules for both ALTC
and ICE would make the answerer revert to basic SDP semantics).The ALTC mechanism is orthogonal to SDPCapNeg . If the offerer supports both ALTC and
SDPCapNeg, it may offer both.This document requests the following new SDP attribute:The contact person for this registration is Mohamed Boucadair (email:
mohamed.boucadair@orange.com; phone: +33 2 99 12 43 71).The security implications for ALTC are effectively the same as they
are for SDP in general .Many thanks to T. Taylor, F. Andreasen and G. Camarillo for their
review and comments. The following terms are used:SBE (Signaling Path Border Element) denotes a functional
element, located at the boundaries of an ITAD (IP Telephony
Administrative Domain, ), which is
responsible for intercepting signaling flows received from User
Agents and relay them to the core service platform. A SBE may be
located at the access segment (i.e., be the service contact point
for User Agents) or be located at the interconnection with
adjacent domains (). A SBE controls
one or more DBEs. SBE and DBE may be located in the same device
(e.g., SBC ) or be separated.DBE (Data Path Border Element) denotes a functional element,
located at the boundaries of an ITAD, which is responsible for
intercepting media/data flows received from User Agents and relay
them to another DBE (or media servers, e.g., announcement server
or IVR). An example of DBE is a media gateway intercepting RTP
flows. SBE may be located at the access segment (i.e., be the
service contact point for User Agents) or be located at the
interconnection with adjacent domains ().Core service platform is a macro functional block including
session routing, interfaces to advanced services and access
control. provides an overview
of the overall architecture including SBE, DBE and Core service
platform.Recently, a significant effort has been undertaken within IETF to
specify new mechanisms to interconnect IPv6-only hosts to IPv4-only
servers (e.g., ). This effort covered
exclusively unicast transfer mode. An ongoing initiative, called
multrans, has been launched to cover multicast issues to be
encountered during IPv6 transition. The overall problem statement is
documented in .A particular issue encountered in the context of IPv4/IPv6
co-existence and IPv6 transition of multicast services is the
discovery of multicast group and source (refer to Section 3.4 of ):An IPv6-only receiver requesting multicast content generated by
an IPv4-only source: An ALG is required to help an IPv6 receiver to select the
appropriate IP address when only the IPv4 address is
advertised (e.g., using SDP); otherwise the access to the IPv4
multicast content can not be offered to the IPv6 receiver. The
ALG may be located downstream the receiver. As such, the ALG
does not know in advance whether the receiver is dual-stack or
IPv6-only. The ALG may be tuned to insert both the original
IPv4 address and corresponding IPv6 multicast address using
for instance the ALTC SDP attribute.In order to avoid involving an ALG in the path, an
IPv4-only source can advertise both its IPv4 address and
IPv4-embedded IPv6 multicast address
using for instance the ALTC SDP attribute.A dual-stack source sending its multicast content over IPv4 and
IPv6: both IPv4 and IPv6 addresses need to be inserted in the SDP
part. A means (e.g, ALTC) is needed for this purpose.Some service providers are in the process of enabling DS-Lite
as a means to continue delivering
IPv4 services to their customers. To avoiding crossing four levels
of NAT when placing a media session (2 NAT in DS-Lite AFTR + 2 NAT
in the DBE), it is recommended to enable IPv6 functions in some
SBEs/DBEs. Therefore DS-Lite AFTRs won't be crossed for DS-Lite
serviced customers if their UA is IPv6-enabled:For SIP UA embedded in the CPE, this is easy to implement
since the SIP UA can be tuned to
behave as IPv6-only UA when DS-Lite is enabled. No ALTC is
required for that use case.But for SIP User Agents located behind the CPE, a solution to
indicate both IPv4 and IPv6 (e.g., ALTC) is required in order to
avoid crossing the DS-Lite CGN.A basic solution to deliver SIP-based services using IPv4-only
core service platform to IPv6-enabled UA is to enabled IPv4/IPv6
interworking function in SBE/DBE. Signaling and media between two
SBEs and DBEs is maintained over IPv4. IPv6 is used between an
IPv6-enabled UA and a SBE/DBE. shows the results of session
establishment between UAs. In this scenario, IPv4/IPv6 interworking
function is invoked even when both involved UAs are
IPv6-enabled.Solutions to avoid redundant IPv4/IPv6 NAT and involving several
DBEs may be valuable to consider by service providers.For services providers wanting:Means to promote the invocation of IPv6 transfer capabilities
can be enabled while no parsing error is to be experienced by
core service nodes legacy nodesOptimize cost related to IPv4-IPv6 translation licensesReduce the dual-stack lifetimeMaintain an IPv4-only coreOnly a set of SBE/DBE are IPv6-enabledA solution to indicate both IPv4 and IPv6 addresses is required.
This section provides an overview of this procedure:When a SBE receives an INVITE, it instantiates in its DBE an
IPv6-IPv6 context and an IPv6-IPv4 context. Both an IPv6 address and
an IPv4 address are returned together with other information such as
port numbers. SBE builds an SDP offer including both IPv4 and
IPv6-related information using ALTC attribute. IPv6 is indicated as
preferred connectivity type.The request is then forwarded to the core SPF which in its turn
forwards the requests to the terminating SBE.If this SBE is a legacy one, then it will ignore ALTC
attributes and use "c" line.If the terminating SBE is IPv6-enabled: If the called UA is IPv4-only, then an IPv6-IPv4 context
is created in the corresponding DBE.If the called UA is IPv6-enabled, then an IPv6-IPv6
context is created in the corresponding DBE. shows the result of the procedure
when placing a session between an IPv4 and IPv6 UAs while shows the results of establishing a session
between two IPv6-enabled UAs. The result is still not optima since
redundant NAT66 is required ().For service providers wanting to involve only one DBE in the
media path, when not all SBE/DBE and UAs are IPv6-enabled, a means
to indicate both IPv4 and IPv6 addresses without inducing session
failures is required. Below is proposed an example of a proposed
procedure using ALTC attribute.When the originating SBE receives an INVITE from an IPv6-enabled
UA, it instantiates in its DBE an IPv6-IPv6 context and an IPv6-IPv4
context. Both an IPv6 address and an IPv4 address are returned
together with other information such as port numbers. SBE builds an
SDP offer including both IPv4 and IPv6-related information using
ALTC attribute (). IPv6 is
indicated as preferred connectivity type.The request is then forwarded to the core SPF which in its turn
forwards the requests to the terminating SBE:If the destination UA is IPv6 or reachable with a public IPv4
address, the SBEs only forwards the request without altering the
SDP offer. No parsing error is experienced by core service nodes
since ALTC is backward compatible.If the terminating SBE does not support ALTC, it will ignore
this attribute an uses the legacy procedure.As a consequence, only one DBE is
maintained in the path when one of the involved parties is
IPv6-enabled. shows the overall
procedure when involved UAs are IPv6-enabled.The main advantages of such solutions are as follows:DBE resources are optimizedNo redundant NAT is maintained in the path when IPv6-enabled
UAs are involvedEnd-to-end delay is optimizedThe robustness of the service is optimized since the delivery
of the service relies on fewer nodesThe signaling path is also optimized since no communication
between the SBE (through SPDF in TISPAN/IMS context) and DBE at
the terminating side is required for some sessions.For service providers wanting to allow direct IPv6 communications
between IPv6-enabled UAs, when not all SBE/DBE and UA are
IPv6-enabled, a means to indicate both IPv4 and IPv6 addresses
without inducing session failures is required. Below is proposed an
example of a proposed procedure using ALTC attribute.At the SBE originating side, when the SBE receives an INVITE from
the calling IPv6 UA (), it
updates uses the ALTC to indicate two IP addresses:An IPv4 address belonging to its controlled DBEThe same IPv6 address and port as received in the initial
offer made by the calling IPv6 shows an excerpt example of
the SDP offer generated by the originating SBE.The INVITE message will be routed appropriately to the
destination SBE:If the SBE is a legacy device (i.e., IPv4-only); it will
ignore IPv6 addresses and contacts its DBE to instantiate an
IPv4-IPv4 context.If the SBE is IPv6-enabled, it will only forwards the INVITE
to the address of contact of the called party:If the called party is IPv6-enabled, the communication
will be placed using IPv6. As such no DBE is involved in the
data path as illustrated in .If not, IPv4 will be used between the originating DBE and
called UA.