[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01

Internet Engineering Task Force                                MMUSIC WG
Internet Draft                                 J.Rosenberg,H.Schulzrinne
draft-ietf-mmusic-sip-100rel-01.txt        Bell Laboratories,Columbia U.
May 20, 1999
Expires: November 20, 1999


              Reliability of Provisional Responses in SIP

STATUS OF THIS MEMO

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet- Drafts as reference
   material or to cite them other than as work in progress.

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.


Abstract

   This document specifies an extension to the Session Initiation
   Protocol (SIP) providing reliable provisional response messages.


1 Introduction

   The Session Initiation Protocol (SIP) [1] is a request-response
   protocol for initiating, maintaining, and terminating multimedia
   sessions. Each SIP request is followed by one or more provisional
   responses, followed by a one or more definitive responses. These
   provisional responses, also called informational responses, have
   status codes within the 100-199 range. They are most commonly used
   for responses to an INVITE request. They provide information on call
   progress, such as trying (100), alerting (180), and queueing (182).
   However, when run over UDP, SIP does not guarantee that these



J.Rosenberg,H.Schulzrinne                                     [Page 1]


Internet Draft              100 Reliability                 May 20, 1999


   messages are delivered reliably, or in order.

   However, a number of applications require reliability and in-order
   delivery of provisional responses to INVITE. These include gateway
   applications, wireless phones, ACD servers, and call queueing
   systems. Generally, these applications make use of the provisional
   responses to drive state machinery. This is especially true for the
   180 Ringing provisional response, which maps to the Q.931 ALERTING
   message.

   This document provides a simple extension to SIP for ensuring that
   provisional responses to INVITEs are delivered reliably, independent
   of the underlying transport mechanism. The extension applies only to
   the INVITE method. Reliability of provisional responses for other
   methods is not provided. The extension is simple, requiring two new
   header fields, and no new methods. It fits well within the generic
   framework of SIP reliability. It is partly backwards compatible, so
   that a Require header is not needed (it can be included if the UAC
   insists on the feature, of course), although a Proxy-Require header
   is needed.

2 Terminology

   In this document, the key words "MUST", "MUST NOT", "REQUIRED",
   "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
   and "OPTIONAL" are to be interpreted as described in RFC 2119 [2] and
   indicate requirement levels for compliant implementations.

3 Overview

   The reliability mechanism is based on the standard windowed
   acknowledgement technique. When a server generates a provisional
   response which is to be delivered reliably, it places a sequence
   number (via the RSeq header field) in the provisional response. These
   sequence numbers always start at zero, since they are defined only
   within the context of a transaction. This elimiates the need for SYN
   handshakes as in TCP. The provisional response is then retransmitted
   with an exponential backoff.

   The UAC maintains a variable, sn, which is the highest sequence
   number seen in a reliable response. When the client receives a
   provisional response that has been sent reliably, and this response
   has a sequence number one higher than sn, sn is incremented, and the
   request is retransmitted. Otherwise, if the response has a sequence
   number greater than one higher, sn is not incremented. Either way,
   the request is retransmitted, and the value of sn is placed in the
   RAck header in the request.




J.Rosenberg,H.Schulzrinne                                     [Page 2]


Internet Draft              100 Reliability                 May 20, 1999


   When the server sees a request retransmission with an RAck header
   with a value equalling the sequence number in the last reliably
   transmitted response, it stops retransmitting that response, and is
   free to send the next provisional response, with a higher sequence
   number.

   The mechanism is similar to TCP, but with a constant window of one.
   The use of a fixed size window comes at the penalty of reduced
   response throughput. The througput of responses is fairly low (1 per
   RTT without loss, lower with loss). However, as the provisional
   responses are used to signal changes in phone call states, which
   generally occur on timescales on the order of hundreds of
   milliseconds to seconds, such a limited throughput appears
   acceptable. The mechanism can be extended to support larger window
   sizes, if necessary.

   The server can still generate unreliable provisional responses by
   sending them without an RSeq header. A UAC which receives a
   provisional response without a RSeq does not retransmit the request.
   This allows for backwards compatibility; a UAS which doesn't know how
   to transmit reliable responses will never place an RSeq header in a
   response, and so the SIP transaction will proceed normally.

   Similarly, the initial INVITE from the client contains an RAck
   header. This serves as an indicator to the server than the client
   supports the reliability mechanism. A UAS which doesn't see this
   header in a request knows it cannot provide reliable provisional
   responses.

4 Detailed Protocol Semantics

   A transaction begins when the client sends a request. The client
   sends the INVITE request as per RFC2543 [1]. The RAck header MUST be
   placed in the request, with a value of zero, if the client
   understands and is willing to support this extension for the
   transaction.

   When the initial INVITE is received by the server, it MAY send a 100
   response (depending on whether it is a proxy or not). A 100 response
   is normally sent reliably according to the current SIP specification.
   This is because the client retransmits its request until a response
   (i.e., 100) is received, and the server retransmits the 100 response
   upon request retransmission. As a result, no additional means is
   needed to reliably send a 100 response over a single hop.
   Furthermore, the SIP specification mandates that the 100 response is
   not forwarded through a proxy. For these reasons, 100 responses MUST
   NOT contain an RSeq header.




J.Rosenberg,H.Schulzrinne                                     [Page 3]


Internet Draft              100 Reliability                 May 20, 1999


   The server maintains a window of size 1, which is effectively the
   value of the highest unacknowledged provisional response that has
   been transmitted; call this rn. The client maintains a single
   variable, sn, which represents the highest in order provisional
   response received so far. Both sn and rn MUST be initialized to 0.

   The server MAY send a reliable response if the initial INVITE request
   from the client contained a RAck header with a value of 0. If the
   request contained a Require header, and the server is a UAS, the UAS
   SHOULD send all non-100 provisional responses reliably. If the
   request contained a Proxy-Require header, and the server is a proxy,
   the server SHOULD send all locally generated non-100 provisional
   responses reliably. It also SHOULD reliably send upstream any
   responses received reliably from a downstream server. The server MUST
   NOT send a reliable response if the initial INVITE request did not
   contain an RAck header with a value of zero. When the server decides
   to send a provisional response reliably, it MUST increment rn, and
   MUST place this incremented value in the RSeq header in the response.
   The provisional response SHOULD be retransmitted at intervals with an
   exponential backoff, starting at T1 (default of 500ms), and doubling
   after each retransmission.

   When a client receives a provisional response, it checks for the
   presence of the RSeq header. If it is not present, the response was
   an unreliable provisional response. The client MUST NOT retransmit
   the request. As per [1], the client also ceases exponentially backing
   off request retransmissions when any response (with or without the
   RSeq header) is received.


        If the server does not understand this extension, it will
        behave according to the base SIP specification, and
        retransmit responses upon request retransmissions. A client
        which retransmits requests upon response retransmissions
        would cause a feedback loop of constant request and
        response retransmissions. By checking for the RSeq header,
        the client can determine whether the server is supporting
        this extension for this response.

   If, however, the provisional response contains an RSeq header, the
   value is compared against sn. If it is one higher than the current
   value of sn, sn is incremented, otherwise sn is unchanged. The client
   SHOULD then resend the original request (independently of whether the
   value of sn has changed), and MUST include the sequence number sn in
   the request in the header field RAck.

   When a request is received at a server, it checks for the presence of
   the RAck header. If it is not present, the server retransmits the



J.Rosenberg,H.Schulzrinne                                     [Page 4]


Internet Draft              100 Reliability                 May 20, 1999


   last response that was sent. If the RAck header is present, and the
   value is lower than the value of rn, the last reliable response is
   retransmitted. If the RAck header was present in the request, and the
   value is equal to the current value of rn, the exponentially backing
   off response retransmissions cease.  Additional copies of the request
   with the same or lower value of RAck that are received by the server
   SHOULD NOT cause the server to retransmit any response (as they would
   in the above case if RAck were lower), unless rn is zero. The server
   always retransmits the last response sent (provisional, reliable
   provisional, or otherwise) when a request is received with both RAck
   and rn equal to 0.


        This handles the case where a proxy server doesn't send a
        100 response, but transmits a reliable response as the
        first response. To make sure the initial request is
        transmitted reliably, the server has to retransmit the
        first response upon request retransmissions.

   Once a request has arrived with RAck equal to rn, the server is free
   to increment rn and transmit another provisional response. The server
   MUST NOT ever generate an additional reliable response until it has
   received a request with an RAck header with a value equal to rn.

   When the server is ready to send a final response, it does so
   according to [1]. An ACK request causes retransmissions of the final
   response to cease. The server SHOULD NOT continue to retransmit any
   reliable provisional responses once a final response has been sent.

5 Header Syntax

   Two new header fields are defined, RSeq and RAck. The BNF for these
   are:



        RSeq  =  "RSeq" ":" 1*DIGIT
        RAck  =  "RAck" ":" 1*DIGIT


   RSeq is a response header field. RAck is a request header field.

   If a client insists that all provisional responses (those generated
   by proxies and UAS's) be sent reliably, it MUST include both the
   Require and Proxy-Require headers in all requests. A UAC MAY
   alternately send requests only with the Proxy-Require header. This
   will cause all non-100 provisional responses generated by proxies to
   be sent reliably. Responses sent by UAS's may, or may not be sent



J.Rosenberg,H.Schulzrinne                                     [Page 5]


Internet Draft              100 Reliability                 May 20, 1999


   reliably, at the discretion of the UAS.

   This document specifies the named extension org.ietf.sip.reliable-
   100.

6 Operation with Proxies

   A SIP request may pass through any number of proxies, some of which
   may fork the request. The reliability mechanism defined here requires
   proxies to be aware of the extension. Consider what would happen if a
   proxy receives a request with a RSeq header, but no Proxy-Require
   header, and the proxy does not know the extension. As per normal SIP
   rules, the proxy would forward the request, with the RSeq header in
   tact, to the downstream proxy. If that proxy did understand the
   extension, it might try and send a reliable response to the first
   proxy. The first proxy would see the provisional response
   retransmissions, but never resend the request. This would cause an
   excess of network traffic, and block transmission of other
   provisional responses at the downstream proxy.

   The situation would be even more catastrophic for a forking proxy.
   Consider the case where the first proxy forks the request to
   downstream proxies A and B. Both A and B understand the extension,
   and each try to send a reliable response. The first proxy forwards
   both responses upstream. But, since it does not understand the
   extension, it does not remove or change the value of the RSeq header
   in either response. Thus, the client receiving these requests will
   think they are retransmissions, rather than being two separate
   responses.

   Implementation of this extension in a stateless proxy is not done
   according to the rules in section 4. A stateless proxy implementing
   this extension MUST forward all requests it receives downstream, and
   MUST forward all responses it receives upstream, including
   provisional responses. Actual reliability is achieved between the
   first pair of stateful proxies.

   A stateful proxy implementing this extension MUST act as a virtual
   UAS-UAC in the algorithm described in the previous section. When any
   non-100 provisional response is received reliably at a proxy, the
   proxy MUST reliably transmit it upstream towards the next stateful
   proxy. When any non-100 provisional response is received unreliably
   at the proxy, the proxy MUST send the response unreliably upstream.
   Any provisional responses generated by the proxy itself (excepting
   100) MUST be sent reliably upstream.

   Since a proxy may be receiving reliable provisional responses from
   several branches of a forked request, it will need to merge the



J.Rosenberg,H.Schulzrinne                                     [Page 6]


Internet Draft              100 Reliability                 May 20, 1999


   provisional response streams together. There are no requirements
   about the ordering of provisional responses across branches. However,
   all provisional responses from a given branch MUST be transmitted
   reliably upstream in the same order they were received along a
   branch. For example, consider a forking proxy A which sends a request
   to UAS's B and C. B sends provisional response 0 towards A, and once
   it has been received, sends response 1. Similarly, B sends
   provisional response 2, and once received and acknowledged by A,
   sends provisional response 3. Proxy A may forward the provisional
   responses towards the UAS in any one of the following orders:



   0,1,2,3
   0,2,1,3
   2,3,0,1
   2,0,3,1
   0,2,3,1
   2,0,1,3




   Since responses from several branches may be merged at a forking
   proxy, a proxy MUST renumber the provisional responses (always
   starting at zero, however) when forwarding them upstream. As this
   requires changing the RSeq value, the RSeq header field cannot be
   protected by either end-to-end encryption or authentication.
   Similarly, a stateful proxy will need to remove the RAck header from
   all requests it receives, and insert its own value into proxied
   requests.

7 Examples

7.1 Message Formatting

   In this example, a UAC wishes to send an INVITE message and receive
   reliable 100-class responses. Such an INVITE might look like:


   C->S: INVITE sip:watson@bell-tel.com SIP/2.0
         Via: SIP/2.0/UDP saturn.bell-tel.com
         RAck: 0
         From: sip:alexander@bell-tel.com
         To: sip:watson@bell-tel.com
         Call-ID: 70710@saturn.bell-tel.com
         CSeq: 1 INVITE
         Subject: Come here Watson



J.Rosenberg,H.Schulzrinne                                     [Page 7]


Internet Draft              100 Reliability                 May 20, 1999


         Require: org.ietf.sip.reliable-100
         Proxy-Require: org.ietf.sip.reliable-100



   The server wishes to send a 180 Ringing provisional response
   reliably. The response will look like:


   S->C: SIP/2.0 180 Ringing
         Via: SIP/2.0/UDP saturn.bell-tel.com
         RSeq: 1
         From: sip:alexander@bell-tel.com
         To: sip:watson@bell-tel.com
         Call-ID: 70710@saturn.bell-tel.com
         CSeq: 1 INVITE



   This response is retransmitted with an exponential backoff. When the
   UAC receives the response, it retransmits the request, but adds the
   RAck header field:


   C->S: INVITE sip:watson@bell-tel.com SIP/2.0
         RAck: 1
         Via: SIP/2.0/UDP saturn.bell-tel.com
         From: sip:alexander@bell-tel.com
         To: sip:watson@bell-tel.com
         Call-ID: 70710@saturn.bell-tel.com
         CSeq: 1 INVITE
         Subject: Come here Watson
         Require: org.ietf.sip.reliable-100
         Proxy-Require: org.ietf.sip.reliable-100



7.2 Message Flows

   This section illustrates a number of message flows using this
   extension. We abbreviate an INVITE request with a RAck header value
   of N as "INV N", and a provisional response with a RSeq header value
   of M as "1xx M". Packets which are lost are shown with an "X" in
   front of them.

7.2.1 UAC to UAS, with Require

   In this case, the UAC sends a request directly to a UAS, and includes



J.Rosenberg,H.Schulzrinne                                     [Page 8]


Internet Draft              100 Reliability                 May 20, 1999


   the Require header, naming this extension. The extension is supported
   by the UAS. The UAS sends a 100 response first, and then a 180
   reliably.



                 UAC                       UAS

                  -------INV 0-------------->
                        X<.......100.........
                  -------INV 0--->X
                  -------INV 0-------------->
   (request       <..........100.............
   retransmissions
   cease)
                       X<...180 1............ (180 retransmits start, sn=1)

   (rn inc to 1)  <.........180 1............
                  -------INV 1---->

                  <.........180 1............
                  -------INV 1--------------> (180 retransmits cease)


                    X<....300............... (300 class retransmits start)
                 <........300...............
                 -----------ACK------------>




7.2.2 UAC to UAS, without Require, UAS doesn't understand

   In this case, a UAC sends a request directly to the UAS, and doesn't
   include the Require header in the request. The UAS doesn't support
   the extension. The UAS sends a single 180 before sending a final
   response.


                 UAC                       UAS

                  -------INV 0-------------->
                        X<.......100.........
                  -------INV 0--->X
                  -------INV 0-------------->
   (request       <..........100.............
   retransmissions
   cease)



J.Rosenberg,H.Schulzrinne                                     [Page 9]


Internet Draft              100 Reliability                 May 20, 1999


                  <..........180 ............

                    X<....300............... (300 class retransmits start)
                 <........300...............
                 -----------ACK------------>



   Note that after reception of the 180, the request is not
   retransmitted, since the response did not contain an RSeq header.

7.2.3 UAC to proxy to UAS

   In this case, a UAC sends a request to a proxy, which forwards it to
   the final UAS. Both the Require and Proxy-Require headers are present
   in the request. The local proxy generates its own provisional
   response (188), and the UAS generates a 180:



       UAC                    PROXY                   UAS

        -----INV 0-------------> ----INV 0-->X
        -----INV 0-------------> ----INV 0------------->
                                       X<....100........
               X<....100........ <....100...............
        <........100............

            X<......188 1.......
        <...........188 1.......
        ---------INV 1-->X
        <...........188 1.......
        --------INV 1---------->
                                        X<....180 1.....
                               <......180 1.............
                               -------INV 1--->X
              X<....180 2..... <......180 1.............
                                -------INV 1------------>
        <...........180 2.....
        -----INV 2------------>



   Note that the proxy renumbers the two provisional responses before
   sending them upstream.

8 Open Issues




J.Rosenberg,H.Schulzrinne                                    [Page 10]


Internet Draft              100 Reliability                 May 20, 1999


   There are a number of open issues:

        1.   Currently, SIP requests with the same values of the To,
             From, Call-ID and CSeq fields are isomorphic. It is
             possible that certain implementations may discard non-
             isomorphic requests with identical values for these header
             fields. By adding the RAck header into a request
             retransmission, we break the isomorphism of retransmitted
             requests. Is this a problem?

        2.   The mechanism currently requires proxies to understand it
             to work. It is possible to hack a solution without this
             constraint, by placing the RAck value as a parameter in the
             Via header, rather than its own header. The result would be
             those pairs of proxies which both understand provisional
             reliability would provide it, those that don't, would not.
             Is this useful?

9 Security Considerations

   Since the RSeq value cannot be encrypted or authenticated end-to-end,
   nor can the RAck, man in the middle attacks are possible which can
   cause the provisional responses to be reordered at the UAC. This can
   be alleviated by the use of hop-by-hop encryption and authentication
   mechanisms, such as IPSEC [3,3].

10 Acknowledgements

   The authors would like to thank Jonathan Lennox and Adam Roach for
   the comments on this document.

11 Author's Addresses


   Jonathan Rosenberg
   Lucent Technologies, Bell Laboratories
   101 Crawfords Corner Rd.
   Holmdel, NJ 07733
   Rm. 4C-526
   email: jdrosen@bell-labs.com

   Henning Schulzrinne
   Columbia University
   M/S 0401
   1214 Amsterdam Ave.
   New York, NY 10027-7003
   email: schulzrinne@cs.columbia.edu




J.Rosenberg,H.Schulzrinne                                    [Page 11]


Internet Draft              100 Reliability                 May 20, 1999


12 Bibliography

   [1] M. Handley, H. Schulzrinne, E. Schooler, and J. Rosenberg, "SIP:
   session initiation protocol," Request for Comments (Proposed
   Standard) 2543, Internet Engineering Task Force, Mar. 1999.

   [2] S. Bradner, "Key words for use in RFCs to indicate requirement
   levels," Request for Comments (Best Current Practice) 2119, Internet
   Engineering Task Force, Mar. 1997.

   [3] R. Atkinson, "IP encapsulating security payload (ESP)," Request
   for Comments (Proposed Standard) 1827, Internet Engineering Task
   Force, Aug.  1995.






































J.Rosenberg,H.Schulzrinne                                    [Page 12]


Html markup produced by rfcmarkup 1.122, available from https://tools.ietf.org/tools/rfcmarkup/