Go Ice Introduction (RFC 5245)

Go Ice Introduction (RFC 5245)

http://blog.csdn.net/dxpqxb/article/details/22040017

1 10 Facts about ice

1 Ice uses stun and turn

2 Ice is a one-way NAT traversal

3 ice only requires network to provide stun or turn servers

4 ice allows streaming of media in a very complex network environment

5 Ice rings The phone only when it is determined that the media stream is reachable

6 ice dynamically discovers the shortest path to media streaming between endpoints

7 Ice can be included to eliminate Dos attacks

8 ice can work with almost any type of NAT and firewall device

9 ice does not require a terminal to discover NAT types and their presence

Ice only relays in the worst case (after symmetric NAT on both sides)

2 Steps of Ice

ICE is an exploration, learning and updating solution. At the beginning of the ice algorithm, 2 agents of communication did not know their topology deployment-after NAT or not.
2.1 Sending of the initial request
To explore the local topology, Agent A performs the following operations to collect 3 class candidate addresses (candidates):

(1) A host candidate address is obtained from the local interface (hostname candidates) 192.168.1.22:8484;

(2) Send stun bind request to stun server to obtain server Reflection candidate address (server reflexive candidates) 202.199.112.102:61866;

(3) Send turn allocation request to the turn server to obtain the relay candidate address (Relay candidates) 202.199.112.105:5006, but also obtained the server reflection candidate address 202.199.112.102:62072.

These candidate addresses are the addresses that can then be used to receive media streams.

Calculates the priority of the candidate. Set the host candidate's type precedence parameter to the highest value 126, the server reflection candidate's type precedence parameter is 100, the relay candidate's type precedence parameter is the lowest value 0. The local parameter is set to 65 535 and the group ID is 1. It is calculated that the priority of the host candidate is 2 130 706 431, the server reflection candidate has a priority of 1 694 498 815, and the priority of the relay candidate is 16 777 215. Sort by high or low candidate priority. The base (Foundation) attribute of the allocation host candidate is 1, the server reflection candidate has a base attribute of 2, and the base attribute of the relay candidate is 3.

Select the default candidate by relay candidate, server reflection candidate, host candidate sequence (which contains the address and port that is used by default to receive the media stream), and because a obtains the relay candidate, it is preferred to select the trunk candidate 202.199.112.105:5006 with the larger connectivity probability as the default candidate.

The default candidate IP addresses and ports are edited into line C and M of the SDP, and the 3 candidate addresses collected are added to the a attribute to form a send request offer, passed to B via the signaling channel, the request message content is shown below, the modified parameters and the added attribute values are shown in bold.

V=0
O=usera 2890844526 2890842807 in IP4 192.168.1.22
s=
C=in IP4 202.199.112.105
T=0 0
A=ice-pwd:asd88fgpdd777uzjyhagzg
A=ice-ufrag:8hhy
M=audio 5006 RTP/AVP 0
b=rs:0
b=rr:0
a=rtpmap:0 pcmu/8000
A=candidate:1 1 UDP 2130706431 192.168.1.22 8484 Typ host
A=candidate:2 1 UDP 1694498815 202.199.112.102 61866 Typ
SRFLX raddr 192.168.1.22 Rport 8484
A=candidate:3 1 UDP 16777215 202.199.112.105 5006 typ relay
Raddr 202.199.112.102 Rport 62072

2.2 Sending of a reply

When B receives the request, it knows the topology environment in which A is located (the reflection candidate and host candidate address are different, stating that A is behind NAT). B performs the same operations as a, collects candidates, calculates candidate priorities, sets the base (foundation) attributes, selects the default candidate, performs SDP encoding, and sends a reply message answer to a. In this way, a also knows the topological environment where B is located, and the reflection candidate and host candidate address are different, stating that B is also behind Nat. The contents of the reply message are as follows:
V=0
O=userb 2808849004 2808849004 in IP4 172.16.10.102
s=
C=in IP4 202.199.112.105
T=0 0
A=ice-pwd:yh75fviy6338vbrhrlp8yh
A=ice-ufrag:9ub6
M=audio 49152 RTP/AVP 0
b=rs:0
b=rr:0
a=rtpmap:0 pcmu/8000
A=candidate:1 1 UDP 2130706431 172.16.10.102 8484 Typ host
A=candidate:2 1 UDP 1694498815 202.199.112.87 63756 Typ srflx
Raddr 172.16.10.102 Rport 8484
A=candidate:3 1 UDP 16777215 202.199.112.105 49152 typ relay
Raddr 202.199.112.87 Rport 63768

Determines the agent role. Since both A and B are full-agent, and A is the initiator of the request, a acts as the control agent (controlling agent) and B is the control agent (controlled agent). A and B begin pairing the candidates. A, b each has 3 candidates, A, B selected 1 candidate composition pairs, a total of 9 pairs. Since it is not possible to select and relay candidates from the server, the redundancy pair, A, B is left with only 3 pairs, that is, the host candidate from the host to the peer, the server reflection candidate, the relay candidate.

Calculates the priority of the candidate pair and sorts the candidate pairs. For control agent A, the candidate pairs are sorted by priority, as shown in the checklist.

For the controlled Agent B, it also calculates the priority of the candidate pair and sorts it by priority to form its own check list.

The order of the check lists determines the order in which future connectivity checks are made. Sets the state of the highest priority pair in the check list to be the waiting state, and the remaining pair to be frozen.

2.3 Connectivity Check

B start its connectivity check. B moves from the check list to the highest priority pair in turn, the state of the pair is migrated from the waiting state to the in-state (this also triggers the secondary high priority pair to the highest priority pair, the state from frozen state to the waiting state), and the connectivity check begins. The stun bind request ([RFC5389]) is sent to the 1th pair from the local candidate 172.16.10.102:8484 to the remote candidate 192.168.1.22:8484, because the remote candidate is private after NAT, cannot be routed, and the check fails. The 2nd pair performs a connectivity check, and when the packet arrives at Nat A, Nat discovers that the transport address 202.199.112.102:61866 already mapped 202.199.112.108:3478. At this point the source address of the stun request is not 202.199.112.108:3478, so the packet is bound to be discarded by Nat A.

Performs a connectivity check on the 3rd pair. Because the remote candidate equals the relay candidate, the channel binding request should be sent from the local candidate 172.16.10.102:8484 to the remote candidate 202.199.112.105:5006 in order to effectively utilize the bandwidth [5]. The request indicates the channel number 0x4001 and the address of the communication to end a, the request arrives at the turn server, the binding succeeds. The success of the binding, which motivates its learning-to-end reflection candidate 202.199.112.102:62072, arrives at the peer a by the reflection candidate, and then produces a successful response, a check finally succeeds. B generates a new pair (202.199.112.105:49152,202.199.112.105:5006), the pair is added to the active list, the media stream is grouped by the ice processing migration to the completed state. At this point B can use the channel 0x4001 send media stream to group A.

When A receives an answer, it also starts its own connectivity check in the priority order of the candidate pairs. Similar to B, also failed. When a receives a message that the B check succeeds, it immediately starts triggering the check, specifying the channel number 0x4002 and the address of the peer B in the channel binding request. Because a is a control agent, the Use-candidate attribute can be included in the check to perform a mandatory nomination algorithm, and the result check is successful. Agent a generates a new pair (202.199.112.105:5006, 202.199.112.105:49152), which is added to the active list, and sets the nomination flag (nominated flag) to True, the media stream is grouped by the ice Handle the migration to completion state. A can send media stream through channel 0x4002 to B.

At this point, the algorithm finally finds the effective candidate pair of the media stream transmission, and the corresponding optimal path is determined accordingly. Because the valid candidate is a public address, the media stream through the path can traverse NAT smoothly.

Reference documents

[1] Weili and so on. Design and implementation of a media stream traversal NAT algorithm, "Computer Engineering", December 2009

[2]      rfc5245:interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) traversal for Offer/answer protocols, April

Go Ice Introduction (RFC 5245)