RFC-8445InteractiveConnectivityEstablishment(ICE)资源-CSDN文库

需积分: 1 104 浏览量 2023-08-07 10:46:56 上传评论收藏 145KB PDF 举报

资源推荐

资源详情

资源评论

Internet Engineering Task Force (IETF) A. Keranen

Request for Comments: 8445 C. Holmberg

Obsoletes: 5245 Ericsson

Category: Standards Track J. Rosenberg

ISSN: 2070-1721 jdrosen.net

July 2018

Interactive Connectivity Establishment (ICE):

A Protocol for Network Address Translator (NAT) Traversal

Abstract

This document describes a protocol for Network Address Translator

(NAT) traversal for UDP-based communication. This protocol is called

Interactive Connectivity Establishment (ICE). ICE makes use of the

Session Traversal Utilities for NAT (STUN) protocol and its

extension, Traversal Using Relay NAT (TURN).

This document obsoletes RFC 5245.

Status of This Memo

This is an Internet Standards Track document.

This document is a product of the Internet Engineering Task Force

(IETF). It represents the consensus of the IETF community. It has

received public review and has been approved for publication by the

Internet Engineering Steering Group (IESG). Further information on

Internet Standards is available in Section 2 of RFC 7841.

Information about the current status of this document, any errata,

and how to provide feedback on it may be obtained at

https://www.rfc-editor.org/info/rfc8445.

Keranen, et al. Standards Track [Page 1]

RFC 8445 ICE July 2018

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5

2. Overview of ICE . . . . . . . . . . . . . . . . . . . . . . . 6

2.1. Gathering Candidates . . . . . . . . . . . . . . . . . . 8

2.2. Connectivity Checks . . . . . . . . . . . . . . . . . . . 10

2.3. Nominating Candidate Pairs and Concluding ICE . . . . . . 12

2.4. ICE Restart . . . . . . . . . . . . . . . . . . . . . . . 13

2.5. Lite Implementations . . . . . . . . . . . . . . . . . . 13

3. ICE Usage . . . . . . . . . . . . . . . . . . . . . . . . . . 13

4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 13

5. ICE Candidate Gathering and Exchange . . . . . . . . . . . . 17

5.1. Full Implementation . . . . . . . . . . . . . . . . . . . 17

5.1.1. Gathering Candidates . . . . . . . . . . . . . . . . 18

5.1.1.1. Host Candidates . . . . . . . . . . . . . . . . . 18

5.1.1.2. Server-Reflexive and Relayed Candidates . . . . . 20

5.1.1.3. Computing Foundations . . . . . . . . . . . . . . 21

5.1.1.4. Keeping Candidates Alive . . . . . . . . . . . . 21

5.1.2. Prioritizing Candidates . . . . . . . . . . . . . . . 22

5.1.2.1. Recommended Formula . . . . . . . . . . . . . . . 22

5.1.2.2. Guidelines for Choosing Type and Local

Preferences . . . . . . . . . . . . . . . . . . . 23

5.1.3. Eliminating Redundant Candidates . . . . . . . . . . 23

5.2. Lite Implementation Procedures . . . . . . . . . . . . . 23

5.3. Exchanging Candidate Information . . . . . . . . . . . . 24

5.4. ICE Mismatch . . . . . . . . . . . . . . . . . . . . . . 26

6. ICE Candidate Processing . . . . . . . . . . . . . . . . . . 26

6.1. Procedures for Full Implementation . . . . . . . . . . . 26

6.1.1. Determining Role . . . . . . . . . . . . . . . . . . 26

6.1.2. Forming the Checklists . . . . . . . . . . . . . . . 28

6.1.2.1. Checklist State . . . . . . . . . . . . . . . . . 28

6.1.2.2. Forming Candidate Pairs . . . . . . . . . . . . . 28

6.1.2.3. Computing Pair Priority and Ordering Pairs . . . 31

6.1.2.4. Pruning the Pairs . . . . . . . . . . . . . . . . 31

6.1.2.5. Removing Lower-Priority Pairs . . . . . . . . . . 31

6.1.2.6. Computing Candidate Pair States . . . . . . . . . 32

6.1.3. ICE State . . . . . . . . . . . . . . . . . . . . . . 36

6.1.4. Scheduling Checks . . . . . . . . . . . . . . . . . . 36

6.1.4.1. Triggered-Check Queue . . . . . . . . . . . . . . 36

6.1.4.2. Performing Connectivity Checks . . . . . . . . . 36

6.2. Lite Implementation Procedures . . . . . . . . . . . . . 38

7. Performing Connectivity Checks . . . . . . . . . . . . . . . 38

7.1. STUN Extensions . . . . . . . . . . . . . . . . . . . . . 38

7.1.1. PRIORITY . . . . . . . . . . . . . . . . . . . . . . 38

7.1.2. USE-CANDIDATE . . . . . . . . . . . . . . . . . . . . 38

7.1.3. ICE-CONTROLLED and ICE-CONTROLLING . . . . . . . . . 39

7.2. STUN Client Procedures . . . . . . . . . . . . . . . . . 39

7.2.1. Creating Permissions for Relayed Candidates . . . . . 39

Keranen, et al. Standards Track [Page 3]

RFC 8445 ICE July 2018

7.2.2. Forming Credentials . . . . . . . . . . . . . . . . . 39

7.2.3. Diffserv Treatment . . . . . . . . . . . . . . . . . 40

7.2.4. Sending the Request . . . . . . . . . . . . . . . . . 40

7.2.5. Processing the Response . . . . . . . . . . . . . . . 40

7.2.5.1. Role Conflict . . . . . . . . . . . . . . . . . . 40

7.2.5.2. Failure . . . . . . . . . . . . . . . . . . . . . 41

7.2.5.2.1. Non-Symmetric Transport Addresses . . . . . . 41

7.2.5.2.2. ICMP Error . . . . . . . . . . . . . . . . . 41

7.2.5.2.3. Timeout . . . . . . . . . . . . . . . . . . . 41

7.2.5.2.4. Unrecoverable STUN Response . . . . . . . . . 41

7.2.5.3. Success . . . . . . . . . . . . . . . . . . . . . 42

7.2.5.3.1. Discovering Peer-Reflexive Candidates . . . . 42

7.2.5.3.2. Constructing a Valid Pair . . . . . . . . . . 43

7.2.5.3.3. Updating Candidate Pair States . . . . . . . 44

7.2.5.3.4. Updating the Nominated Flag . . . . . . . . . 44

7.2.5.4. Checklist State Updates . . . . . . . . . . . . . 44

7.3. STUN Server Procedures . . . . . . . . . . . . . . . . . 45

7.3.1. Additional Procedures for Full Implementations . . . 45

7.3.1.1. Detecting and Repairing Role Conflicts . . . . . 46

7.3.1.2. Computing Mapped Addresses . . . . . . . . . . . 47

7.3.1.3. Learning Peer-Reflexive Candidates . . . . . . . 47

7.3.1.4. Triggered Checks . . . . . . . . . . . . . . . . 47

7.3.1.5. Updating the Nominated Flag . . . . . . . . . . . 49

7.3.2. Additional Procedures for Lite Implementations . . . 49

8. Concluding ICE Processing . . . . . . . . . . . . . . . . . . 50

8.1. Procedures for Full Implementations . . . . . . . . . . . 50

8.1.1. Nominating Pairs . . . . . . . . . . . . . . . . . . 50

8.1.2. Updating Checklist and ICE States . . . . . . . . . . 51

8.2. Procedures for Lite Implementations . . . . . . . . . . . 52

8.3. Freeing Candidates . . . . . . . . . . . . . . . . . . . 53

8.3.1. Full Implementation Procedures . . . . . . . . . . . 53

8.3.2. Lite Implementation Procedures . . . . . . . . . . . 53

9. ICE Restarts . . . . . . . . . . . . . . . . . . . . . . . . 53

10. ICE Option . . . . . . . . . . . . . . . . . . . . . . . . . 54

11. Keepalives . . . . . . . . . . . . . . . . . . . . . . . . . 54

12. Data Handling . . . . . . . . . . . . . . . . . . . . . . . . 55

12.1. Sending Data . . . . . . . . . . . . . . . . . . . . . . 55

12.1.1. Procedures for Lite Implementations . . . . . . . . 56

12.2. Receiving Data . . . . . . . . . . . . . . . . . . . . . 56

13. Extensibility Considerations . . . . . . . . . . . . . . . . 57

14. Setting Ta and RTO . . . . . . . . . . . . . . . . . . . . . 57

14.1. General . . . . . . . . . . . . . . . . . . . . . . . . 57

14.2. Ta . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

14.3. RTO . . . . . . . . . . . . . . . . . . . . . . . . . . 58

15. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 59

15.1. Example with IPv4 Addresses . . . . . . . . . . . . . . 60

15.2. Example with IPv6 Addresses . . . . . . . . . . . . . . 65

Keranen, et al. Standards Track [Page 4]

RFC 8445 ICE July 2018

16. STUN Extensions . . . . . . . . . . . . . . . . . . . . . . . 69

16.1. Attributes . . . . . . . . . . . . . . . . . . . . . . . 69

16.2. New Error-Response Codes . . . . . . . . . . . . . . . . 70

17. Operational Considerations . . . . . . . . . . . . . . . . . 70

17.1. NAT and Firewall Types . . . . . . . . . . . . . . . . . 70

17.2. Bandwidth Requirements . . . . . . . . . . . . . . . . . 70

17.2.1. STUN and TURN Server-Capacity Planning . . . . . . . 71

17.2.2. Gathering and Connectivity Checks . . . . . . . . . 71

17.2.3. Keepalives . . . . . . . . . . . . . . . . . . . . . 72

17.3. ICE and ICE-Lite . . . . . . . . . . . . . . . . . . . . 72

17.4. Troubleshooting and Performance Management . . . . . . . 72

17.5. Endpoint Configuration . . . . . . . . . . . . . . . . . 73

18. IAB Considerations . . . . . . . . . . . . . . . . . . . . . 73

18.1. Problem Definition . . . . . . . . . . . . . . . . . . . 73

18.2. Exit Strategy . . . . . . . . . . . . . . . . . . . . . 74

18.3. Brittleness Introduced by ICE . . . . . . . . . . . . . 74

18.4. Requirements for a Long-Term Solution . . . . . . . . . 75

18.5. Issues with Existing NAPT Boxes . . . . . . . . . . . . 75

19. Security Considerations . . . . . . . . . . . . . . . . . . . 76

19.1. IP Address Privacy . . . . . . . . . . . . . . . . . . . 76

19.2. Attacks on Connectivity Checks . . . . . . . . . . . . . 77

19.3. Attacks on Server-Reflexive Address Gathering . . . . . 80

19.4. Attacks on Relayed Candidate Gathering . . . . . . . . . 80

19.5. Insider Attacks . . . . . . . . . . . . . . . . . . . . 81

19.5.1. STUN Amplification Attack . . . . . . . . . . . . . 81

20. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 82

20.1. STUN Attributes . . . . . . . . . . . . . . . . . . . . 82

20.2. STUN Error Responses . . . . . . . . . . . . . . . . . . 82

20.3. ICE Options . . . . . . . . . . . . . . . . . . . . . . 82

21. Changes from RFC 5245 . . . . . . . . . . . . . . . . . . . . 83

22. References . . . . . . . . . . . . . . . . . . . . . . . . . 84

22.1. Normative References . . . . . . . . . . . . . . . . . . 84

22.2. Informative References . . . . . . . . . . . . . . . . . 85

Appendix A. Lite and Full Implementations . . . . . . . . . . . 89

Appendix B. Design Motivations . . . . . . . . . . . . . . . . . 90

B.1. Pacing of STUN Transactions . . . . . . . . . . . . . . . 90

B.2. Candidates with Multiple Bases . . . . . . . . . . . . . 92

B.3. Purpose of the Related-Address and Related-Port

Attributes . . . . . . . . . . . . . . . . . . . . . . . 94

B.4. Importance of the STUN Username . . . . . . . . . . . . . 95

B.5. The Candidate Pair Priority Formula . . . . . . . . . . . 96

B.6. Why Are Keepalives Needed? . . . . . . . . . . . . . . . 96

B.7. Why Prefer Peer-Reflexive Candidates? . . . . . . . . . . 97

B.8. Why Are Binding Indications Used for Keepalives? . . . . 97

B.9. Selecting Candidate Type Preference . . . . . . . . . . . 97

Appendix C. Connectivity-Check Bandwidth . . . . . . . . . . . . 99

Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 100

Authors’ Addresses . . . . . . . . . . . . . . . . . . . . . . . 100

Keranen, et al. Standards Track [Page 5]

剩余99页未读，继续阅读

评论收藏

内容反馈

毕加索解锁

粉丝: 2140
资源: 24

RFC-8445 Interactive Connectivity Establishment (ICE)

最新资源

RFC-8445 Interactive Connectivity Establishment (ICE)

Interactive Connectivity Establishment: ICE（思科）

Python库 | rfc-xmldiff-0.5.2.tar.gz

RFC-33A.rar_rfc-33a

rfc-index.zip_RFC_index_rfc-all

SAP PI RFC-to-Web Service Scenario

sapjco3-call RFC-code

RFC-2543---SIP Session Initiation Protocol.doc

sap-java-rfc-jco3

RFC10xx 内容,分析与详解

配套资料－FTP协议的RFC－rfc0959.txt

RFC-3550 RTP中英文版

RFC-3550-中文版.pdf

rfc-quic.7z

google-rfc-2445:自动从code.google.compgoogle-rfc-2445导出

saprfc-1.4.1.All.zip

ice-rfc5245.webarchive

RFC中文文档全集【RFC1-3093】

RFC-5340 OSPFv3 for IPv6 的中文翻译

这是rfc-2246的原文

Python库 | sf-rfc-validate-0.0.8.tar.gz

落雪音乐-六音音源 sixyin-music-source-v1.1.0.js

markdown配套文件，使用前先解压

喜马拉雅xm文件解密工具

OCPP协议解析 代码+代码含义详解

mpp_demo.rar

m3u8的下载转换工具

ubuntu下安装ffmpeg必备软件包合集

音频转码，无限制的享受音乐吧！

OPENCV函数手册（中文）.zip

最新资源

OCPP协议解析代码+代码含义详解