Interactive Connectivity Establishment : ICE speaker:Wenping Zhang date:2008.05.01
Outline Introduction What is NAT What is the Problem What is STUN What is TURN IETFs Answer:ICE Conclusion Reference
Introduction SIP has seen widespread usage and deployment in both the public Internet and private IP networks. However, its success has not come without difficulties. Perhaps most significant among them has been the proliferation of network address translator and firewall devices. The IETF responded to this need by the creation of a new specification that augments SIP with robust and low-cost NAT traversal. This specification, Interactive Connectivity Establishment, was produced by the mmusic working group.
What is NAT
What is the Problem In the Contact of a REGISTER as the target for incoming INVITE
Cont. In the SDP as the target for receipt of media
What is STUN
What is TURN
IETFs Answer:ICE ICE provides NAT and firewall traversal capabilities for any type of session-oriented protocol, though it has been designed to work with SIP and its companion protocol, the Session Description Protocol (SDP). ICE makes use of STUN and TURN and provides a unifying framework around them. Even though ICE has not yet reached RFC status, there are already several large-scale deployments supporting hundreds of thousands of users.
Cont. A client will obtain IP addresses and ports by using both techniques, including both addresses - in addition to ports allocated from local interfaces - into the SIP call-setup messages. Each of these is called a candidate and represents a potential point of communications for the agent. At that point, the agents begin a process of connectivity checks. These are STUN messages sent from one agent to the other, probing to find a particular pair of addresses that work. Once a pair is found, the probes cease, and media can begin to flow.
Cont. The detailed operation of ICE can be broken into six steps: Gathering Prioritizing Encoding Offering and Answering Checking Completing
Step 1:Gathering Prior to making a call, the caller begins gathering IP addresses and ports, each of which is a potential candidate for communications. Three different types of candidates Host Candidates Server Reflexive Candidates Relayed Candidates
Step 2:Prioritizing Once the agent has gathered its candidates, it assigns each of them a priority value. Priorities are from 0 to 2 to the power of 31 minus 1, with larger numbers denoting higher priority. Typically, the lowest priority is given to the relayed candidates, since sending media through a relay is expensive and increases voice latency.
Cont. The type preference MUST be an integer from 0 to 126 inclusive, and represents the preference for the type of the candidate . The local preference MUST be an integer from 0 to 65535 inclusive. The component ID is the component ID for the candidate, and MUST be between 1 and 256 inclusive.
Step 3:Encoding Each candidate is placed into an a=candidate attribute of the offer Each candidate line has IP address and port Component ID Foundation Transport Protocol Priority Type “Related Address”
Step 4:Offering and Answering Once the calling agent has constructed its SIP INVITE request with the SDP payload, it sends the request to the called party. Assuming the called party also supports ICE, the called party holds off on ringing the phone. it performs the same gathering, prioritizing, and encoding that the caller performed. The called party then generates a provisional SIP response.
Step 5:Checking Each agent pairs up its candidates with its peers to form candidate pairs Each agent sends a connectivity check every 20ms, in pair priority order Upon receipt of the request the peer agent generates a response If the response is received the check has succeeded
Step 6:Completing Once a check is completed, the agent knows it has found a pair that will work for media traffic. By avoiding ringing the phone until the ICE checks have been completed, ICE can guarantee that when the called party does answer, media will successfully flow in each direction Once the phone rings, the called party answers. This generates an SIP 200 OK final response, confirming acceptance of the call. If ICE negotiation results in the selection of a candidate pair that differs from the default IP address and port carried in the SDP, the caller performs an SIP re-INVITE to update the default.
Cont.
Conclusion ICE is one of the most important extensions produced to date for SIP. Indeed, it is considered one of its few core extensions - those expected to be used by every SIP client for every SIP call. Though designed for SIP, ICE is applicable to any session-oriented protocol. ICE’s importance goes beyond just robust NAT traversal. ICE adds significant security to SIP overall, eliminating a key DoS attack , which can be launched by using SIP networks as amplifiers.
Reference IETF Journal, “Interactive Connectivity Establishment”, By Jonathan Rosenberg, Cisco Systems ICE Tutorial J. Rosenberg. “Interactive Connectivity Establishment (ICE): A Methodology for Network Address Translator (NAT) Traversal for Offer/Answer Protocols.” IETF Internet Draft draft-ietf-mmusic-ice-19, October 2006. Rosenberg, "Interactive Connectivity Establishment (ICE): Methodology for Network Address Translator (NAT) Traversal for the Session Initiation Protocol (SIP)", Internet draft http://www.ietf.org/internet-drafts/draft-rosenberg-sipping-ice- 01.txt, February 2003