draft-ietf-pim-sm-bsr-02.txt   draft-ietf-pim-sm-bsr-03.txt 
Internet Engineering Task Force PIM WG Internet Engineering Task Force PIM WG
INTERNET-DRAFT Bill Fenner/AT&T INTERNET-DRAFT Bill Fenner/AT&T
draft-ietf-pim-sm-bsr-02.txt Mark Handley/ACIRI draft-ietf-pim-sm-bsr-03.txt Mark Handley/ICIR
Roger Kermode/Motorola Roger Kermode/Motorola
David Thaler/Microsoft David Thaler/Microsoft
21 November 2001 25 February 2003
Expires: May 2002 Expires: August 2003
Bootstrap Router (BSR) Mechanism for PIM Sparse Mode Bootstrap Router (BSR) Mechanism for PIM Sparse Mode
Status of this Document Status of this Document
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups Force (IETF), its areas, and its working groups. Note that other groups
skipping to change at page 3, line 15 skipping to change at page 3, line 15
Table of Contents Table of Contents
1. Introduction. . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction. . . . . . . . . . . . . . . . . . . . . . 4
1.1. General Overview and Background. . . . . . . . . . . 4 1.1. General Overview and Background. . . . . . . . . . . 4
1.2. Overview of Bootstrap and RP Discovery for 1.2. Overview of Bootstrap and RP Discovery for
Global Scope. . . . . . . . . . . . . . . . . . . . . . . 7 Global Scope. . . . . . . . . . . . . . . . . . . . . . . 7
1.3. Administratively Scoped Multicast and BSR. . . . . . 7 1.3. Administratively Scoped Multicast and BSR. . . . . . 7
2. BSR State and Timers. . . . . . . . . . . . . . . . . . 9 2. BSR State and Timers. . . . . . . . . . . . . . . . . . 9
3. Bootstrap Router Election and RP-Set 3. Bootstrap Router Election and RP-Set
Distribution . . . . . . . . . . . . . . . . . . . . . . . 10 Distribution . . . . . . . . . . . . . . . . . . . . . . . 10
3.1. Sending Candidate-RP-Advertisements. . . . . . . . . 17 3.1. Sending Candidate-RP-Advertisements. . . . . . . . . 18
3.2. Creating the RP-Set at the BSR . . . . . . . . . . . 18 3.2. Creating the RP-Set at the BSR . . . . . . . . . . . 19
3.3. Forwarding Bootstrap Messages. . . . . . . . . . . . 19 3.3. Forwarding Bootstrap Messages. . . . . . . . . . . . 20
3.4. Receiving and Using the RP-Set . . . . . . . . . . . 19 3.4. Receiving and Using the RP-Set . . . . . . . . . . . 21
4. Message Formats . . . . . . . . . . . . . . . . . . . . 20 4. Message Formats . . . . . . . . . . . . . . . . . . . . 21
4.1. Bootstrap Message Format . . . . . . . . . . . . . . 22 4.1. Bootstrap Message Format . . . . . . . . . . . . . . 23
4.1.1. Semantic Fragmentation of BSMs. . . . . . . . . . 25 4.1.1. Semantic Fragmentation of BSMs. . . . . . . . . . 26
4.2. Candidate-RP-Advertisement Format. . . . . . . . . . 27 4.2. Candidate-RP-Advertisement Format. . . . . . . . . . 28
5. Default Values for Timers . . . . . . . . . . . . . . . 28 5. Default Values for Timers . . . . . . . . . . . . . . . 29
6. Security Considerations . . . . . . . . . . . . . . . . 29 6. Security Considerations . . . . . . . . . . . . . . . . 30
6.1. Possible Threats . . . . . . . . . . . . . . . . . . 29 6.1. Possible Threats . . . . . . . . . . . . . . . . . . 30
6.2. Limiting Third-Party DoS Attacks . . . . . . . . . . 30 6.2. Limiting Third-Party DoS Attacks . . . . . . . . . . 31
6.3. BS Message Security. . . . . . . . . . . . . . . . . 30 6.3. BS Message Security. . . . . . . . . . . . . . . . . 31
6.4. C-RP-Advertisement Security. . . . . . . . . . . . . 32 6.4. C-RP-Advertisement Security. . . . . . . . . . . . . 33
6.5. Denial of Service using IPsec. . . . . . . . . . . . 32 6.5. Denial of Service using IPsec. . . . . . . . . . . . 33
7. Authors' Addresses. . . . . . . . . . . . . . . . . . . 33 7. Authors' Addresses. . . . . . . . . . . . . . . . . . . 34
8. References. . . . . . . . . . . . . . . . . . . . . . . 34 8. References. . . . . . . . . . . . . . . . . . . . . . . 35
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . 34 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . 35
List of Figures
Figure 1. Per-Scope-Zone State-machine for a candi-
date BSR . . . . . . . . . . . . . . . . . . . . . . . . . 10
Figure 2. Per-Scope-Zone State-machine for a router
not configured as C-BSR. . . . . . . . . . . . . . . . . . 12
1. Introduction 1. Introduction
Note: this document assumes familiarity with the workings of Protocol Note: this document assumes familiarity with the workings of Protocol
Independent Multicast - Sparse Mode, as defined in [3], and with Independent Multicast - Sparse Mode, as defined in [3], and with
Administratively Scoped Multicast, as described in [6]. Administratively Scoped Multicast, as described in [6].
For correct operation, every PIM Sparse-mode router within a PIM domain For correct operation, every PIM Sparse-mode router within a PIM domain
must be able to map a particular global-scope multicast group address to must be able to map a particular global-scope multicast group address to
the same RP. If this is not the case then black holes may appear, where the same RP. If this is not the case then black holes may appear, where
skipping to change at page 10, line 30 skipping to change at page 11, line 7
election and the RP-Set distribution mechanisms. election and the RP-Set distribution mechanisms.
The state-machine for bootstrap messages depends on whether or not a The state-machine for bootstrap messages depends on whether or not a
router has been configured to be a Candidate-BSR for a particular scope router has been configured to be a Candidate-BSR for a particular scope
zone. The per-scope-zone state-machine for a C-BSR is given below, zone. The per-scope-zone state-machine for a C-BSR is given below,
followed by the state-machine for a router that is not configured to be followed by the state-machine for a router that is not configured to be
a C-BSR. a C-BSR.
Per-Scope-Zone Candidate-BSR State Machine Per-Scope-Zone Candidate-BSR State Machine
+-----------------------------------+ Figure 1: Per-Scope-Zone State-machine for a candidate BSR in tabular form
| Figures omitted from text version |
+-----------------------------------+
Figure 1: Per-Scope-Zone State-machine for a candidate BSR
In tabular form this state machine is:
+-----------------------------------------------------------------------+ +-----------------------------------------------------------------------+
| When in C-BSR state | | When in C-BSR state |
+------------+-------------------+-------------------+------------------+ +------------+-------------------+-------------------+------------------+
| Event | Receive | BS Timer | Receive non- | | Event | Receive | BS Timer | Receive non- |
| | Preferred BSM | Expires | preferred BSM | | | Preferred BSM | Expires | preferred BSM |
| | | | from Elected | | | | | from Elected |
| | | | BSR | | | | | BSR |
+------------+-------------------+-------------------+------------------+ +------------+-------------------+-------------------+------------------+
| | -> C-BSR state | -> P-BSR state | -> P-BSR state | | | -> C-BSR state | -> P-BSR state | -> P-BSR state |
skipping to change at page 12, line 27 skipping to change at page 13, line 7
"Pending-BSR"; the BS Timer is initialized to the BS Timeout value. "Pending-BSR"; the BS Timer is initialized to the BS Timeout value.
In addition to the three states, there is one timer: In addition to the three states, there is one timer:
o The bootstrap timer (BS Timer) - that is used to time out old o The bootstrap timer (BS Timer) - that is used to time out old
bootstrap router information, and used in the election process to bootstrap router information, and used in the election process to
terminate P-BSR state. terminate P-BSR state.
Per-Scope-Zone State-machine for Non-Candidate-BSR Routers Per-Scope-Zone State-machine for Non-Candidate-BSR Routers
+-----------------------------------+ Figure 2: Per-Scope-Zone State-machine for a router not configured as C-
| Figures omitted from text version | BSR in tabular form
+-----------------------------------+
Figure 2: Per-Scope-Zone State-machine for a router not configured as C-BSR
In tabular form this state machine is:
+-----------------------------------------------------------------------+ +-----------------------------------------------------------------------+
| When in No Info state | | When in No Info state |
+--------------------+--------------------------------------------------+ +--------------------+--------------------------------------------------+
| Event | Receive BSM for unknown Admin Scope | | Event | Receive BSM for unknown Admin Scope |
+--------------------+--------------------------------------------------+ +--------------------+--------------------------------------------------+
| | -> AP State | | | -> AP State |
| Action | Forward BSM; Store RP-Set; | | Action | Forward BSM; Store RP-Set; |
| | Set BS Timer to BS Timeout; | | | Set BS Timer to BS Timeout; |
| | Set SZ Timer to SZ Timeout | | | Set SZ Timer to SZ Timeout |
skipping to change at page 16, line 21 skipping to change at page 16, line 47
"randomized" value: "randomized" value:
Delay = 5 + 2 * log_2(1 + bestPriority - myPriority) Delay = 5 + 2 * log_2(1 + bestPriority - myPriority)
+ AddrDelay + AddrDelay
where myPriority is the Candidate-BSR's configured priority, where myPriority is the Candidate-BSR's configured priority,
and bestPriority equals: and bestPriority equals:
bestPriority = Max(storedPriority, myPriority) bestPriority = Max(storedPriority, myPriority)
and AddrDelay is given by the following: and AddrDelay is given by the following for IPv4:
if ( bestPriority == myPriority) { if ( bestPriority == myPriority) {
AddrDelay = log_2(storedAddr - myAddr) / 16 AddrDelay = log_2(storedAddr - myAddr) / 16
} else { } else {
AddrDelay = 2 - (myAddr / 2^31) AddrDelay = 2 - (myAddr / 2^31)
} }
and AddrDelay is given by the following for IPv6:
if ( bestPriority == myPriority) {
AddrDelay = log_2(storedAddr - myAddr) / 64
} else {
AddrDelay = 2 - (myAddr / 2^127)
}
where myAddr is the Candidate-BSR's address, storedAddr is the where myAddr is the Candidate-BSR's address, storedAddr is the
stored BSR's address, and storedPriority is the stored BSR's stored BSR's address, and storedPriority is the stored BSR's
priority. priority.
SZ Period SZ Timeout
The interval after which a router will time out an Admin Scope The interval after which a router will time out an Admin Scope
zone that it has dynamically learned. The interval MUST be zone that it has dynamically learned. The interval MUST be
larger than the BS Timeout. The default value is ten times larger than the BS Timeout. The default value is ten times
the BS Timeout, which is 1500 seconds. the BS Timeout, which is 1300 seconds.
In addition to setting the timers, the following actions may be In addition to setting the timers, the following actions may be
triggered by state-changes in the state-machines: triggered by state-changes in the state-machines:
Forward BSM Forward BSM
The bootstrap message is forwarded out of all multicast- A bootstrap message that passes the Bootstrap Message
capable interfaces, except the interface it was received on, Processing Checks is forwarded out of all interfaces with PIM
or where this would cause the BSM to cross an admin-scope neighbors (including the interface it is received on), except
where this would cause the BSM to cross an admin-scope
boundary for the scope zone indicated in the message. The boundary for the scope zone indicated in the message. The
source IP address of the message is the forwarding router's IP source IP address of the message is the forwarding router's IP
address on the interface the message is being forwarded from, address on the interface the message is being forwarded from,
the destination address is ALL-PIM-ROUTERS, and the TTL of the the destination address is ALL-PIM-ROUTERS, and the TTL of the
message is set to 1. message is set to 1.
As an optimation, a router MAY choose not to forward a BSM out
of the interface the message was received on if that interface
is a point-to-point interface. On interfaces with multiple
PIM neighbors, a router MUST forward an accepted BSM onto the
interface that BSM was received on, but if the number of PIM
neighbors on that interface is large, it MAY delay forwarding
a BSM onto that interface by a small randomized interval to
prevent message implosion.
Rationale: A BSM needs to be forwarded onto the interface the
message was received on (in addition to the other interfaces)
because the routers on a LAN may not have consistent routing
information. If three routers on a LAN and A, B, and C, and
at router B RPF(BSR)==A and at router C RPF(BSR)==B, then
router A originally forwards the BSM onto the LAN, but router
C will only accept it when router B re-forwards the message
onto the LAN.
Originate BSM Originate BSM
A new bootstrap message is constructed by the BSR, giving the A new bootstrap message is constructed by the BSR, giving the
BSR's address and BSR priority, and containing the BSR's BSR's address and BSR priority, and containing the BSR's
chosen RP-Set. The message is forwarded out of all multicast- chosen RP-Set. The message is forwarded out of all multicast-
capable interfaces, except where this would cause the BSM to capable interfaces, except where this would cause the BSM to
cross an admin-scope boundary for the scope zone indicated in cross an admin-scope boundary for the scope zone indicated in
the message. The IP source address of the message is the the message. The IP source address of the message is the
originating router's IP address on the interface the message originating router's IP address on the interface the message
is being forwarded from, the destination address is ALL-PIM- is being forwarded from, the destination address is ALL-PIM-
ROUTERS, and the TTL of the message is set to 1. ROUTERS, and the TTL of the message is set to 1.
skipping to change at page 24, line 13 skipping to change at page 25, line 13
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RP Address m (Encoded-Unicast format) | | RP Address m (Encoded-Unicast format) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RPm Holdtime | RPm Priority | Reserved | | RPm Holdtime | RPm Priority | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
PIM Version, Reserved, Checksum PIM Version, Reserved, Checksum
Described in [3]. Described in [3].
Type PIM Message Type. Value is 8 for a Bootstrap Message. Type PIM Message Type. Value is 4 for a Bootstrap Message.
Fragment Tag Fragment Tag
A randomly generated number, acts to distinguish the fragments A randomly generated number, acts to distinguish the fragments
belonging to different Bootstrap messages; fragments belonging to belonging to different Bootstrap messages; fragments belonging to
same Bootstrap message carry the same `Fragment Tag'. same Bootstrap message carry the same `Fragment Tag'.
Hash Mask len Hash Mask len
The length (in bits) of the mask to use in the hash function. For The length (in bits) of the mask to use in the hash function. For
IPv4 we recommend a value of 30. For IPv6 we recommend a value of IPv4 we recommend a value of 30. For IPv6 we recommend a value of
126. 126.
skipping to change at page 27, line 31 skipping to change at page 28, line 31
| . | | . |
| . | | . |
| . | | . |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Group Address n (Encoded-Group format) | | Group Address n (Encoded-Group format) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
PIM Version, Reserved, Checksum PIM Version, Reserved, Checksum
Described in [3]. Described in [3].
Type PIM Message Type. Value is 4 for a Candidate-RP-Advertisement Type PIM Message Type. Value is 8 for a Candidate-RP-Advertisement
Message. Message.
Prefix Cnt Prefix Cnt
The number of encoded group addresses included in the message; The number of encoded group addresses included in the message;
indicating the group prefixes for which the C-RP is advertising. A indicating the group prefixes for which the C-RP is advertising. A
Prefix Cnt of `0' implies all multicast groups, e.g. for IPv4 a Prefix Cnt of `0' implies all multicast groups, e.g. for IPv4 a
prefix of 224.0.0.0 with mask length of 4. If the C-RP is not prefix of 224.0.0.0 with mask length of 4. If the C-RP is not
configured with Group-prefix information, the C-RP puts a default configured with Group-prefix information, the C-RP puts a default
value of `0' in this field. value of `0' in this field.
skipping to change at page 29, line 23 skipping to change at page 30, line 23
| | | periodic C-RP | | | | periodic C-RP |
| | | Advertisements are | | | | Advertisements are |
| | | sent to BSR | | | | sent to BSR |
+--------------------+--------------------------+-----------------------+ +--------------------+--------------------------+-----------------------+
Timer Name: Scope Zone Expiry Timer (SZT(Z)) Timer Name: Scope Zone Expiry Timer (SZT(Z))
+------------------------------------+--------------+--------------------+ +------------------------------------+--------------+--------------------+
|Value Name Value Explanation | | | |Value Name Value Explanation | | |
+------------------------------------+--------------+--------------------+ +------------------------------------+--------------+--------------------+
|SZ Timeout | 1500 seconds | Interval after | |SZ Timeout | 1300 seconds | Interval after |
| | | which a scope zone | | | | which a scope zone |
| | | will be timed out | | | | will be timed out |
| | | if the state is | | | | if the state is |
| | | not refreshed | | | | not refreshed |
+------------------------------------+--------------+--------------------+ +------------------------------------+--------------+--------------------+
6. Security Considerations 6. Security Considerations
6.1. Possible Threats 6.1. Possible Threats
skipping to change at page 30, line 25 skipping to change at page 31, line 25
The third party DoS attack above can be greatly reduced if PIM routers The third party DoS attack above can be greatly reduced if PIM routers
acting as DR do not continue to forward Register traffic to the RP in acting as DR do not continue to forward Register traffic to the RP in
the presence of ICMP Protocol Unreachable or ICMP Host Unreachable the presence of ICMP Protocol Unreachable or ICMP Host Unreachable
responses. If a PIM router sending Register packets to an RP receives responses. If a PIM router sending Register packets to an RP receives
one of these responses to a data packet it has sent, it should rate- one of these responses to a data packet it has sent, it should rate-
limit the transmission of future Register packets to that RP for a short limit the transmission of future Register packets to that RP for a short
period of time. period of time.
As this does not affect interoperability, the precise details are left As this does not affect interoperability, the precise details are left
to the implementator to decide. However we note that a router to the implementor to decide. However we note that a router
implementing such rate limiting must only do so if the ICMP packet implementing such rate limiting must only do so if the ICMP packet
correctly echoes part of a Register packet that was sent to the RP. If correctly echoes part of a Register packet that was sent to the RP. If
this check were not made, then simply sending ICMP Unreachable packets this check were not made, then simply sending ICMP Unreachable packets
to the DR with the source address of the RP spoofed would be sufficient to the DR with the source address of the RP spoofed would be sufficient
to cause a denial-of-service attack on the multicast traffic originating to cause a denial-of-service attack on the multicast traffic originating
from that DR. from that DR.
6.3. BS Message Security 6.3. BS Message Security
If a legitimate PIM router is compromised, there is little any security If a legitimate PIM router is compromised, there is little any security
skipping to change at page 33, line 29 skipping to change at page 34, line 29
7. Authors' Addresses 7. Authors' Addresses
Bill Fenner Bill Fenner
AT&T Labs - Research AT&T Labs - Research
75 Willow Road 75 Willow Road
Menlo Park, CA 94025 Menlo Park, CA 94025
fenner@research.att.com fenner@research.att.com
Mark Handley Mark Handley
ACIRI/ICSI ICIR/ICSI
1947 Center St, Suite 600 1947 Center St, Suite 600
Berkeley, CA 94708 Berkeley, CA 94708
mjh@aciri.org mjh@icir.org
Roger Kermode Roger Kermode
Motorola Australian Research Centre Motorola Australian Research Centre
Locked Bag 5028 Locked Bag 5028
Botany NSW 1455, Botany NSW 1455,
Australia Australia
Roger.Kermode@motorola.com Roger.Kermode@motorola.com
David Thaler David Thaler
Microsoft Corporation Microsoft Corporation
skipping to change at page 34, line 17 skipping to change at page 35, line 17
[1] S. Deering , W. Fenner , B. Haberman, "Multicast Listener Discovery [1] S. Deering , W. Fenner , B. Haberman, "Multicast Listener Discovery
(MLD) for IPv6", RFC 2710, Oct 1999. (MLD) for IPv6", RFC 2710, Oct 1999.
[2] D. Estrin et al., "Protocol Independent Multicast - Sparse Mode [2] D. Estrin et al., "Protocol Independent Multicast - Sparse Mode
(PIM-SM): Protocol Specification", RFC 2362, June 1998 (now (PIM-SM): Protocol Specification", RFC 2362, June 1998 (now
obsolete). obsolete).
[3] W. Fenner, M. Handley, H. Holbrook, I. Kouvelas, "Protocol [3] W. Fenner, M. Handley, H. Holbrook, I. Kouvelas, "Protocol
Independent Multicast - Sparse Mode (PIM-SM): Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol
Specification (Revised)", Internet Draft draft-ietf-pim-sm- Specification (Revised)", Internet Draft draft-ietf-pim-sm-
v2-new-03.ps v2-new-05.ps
[4] W. Fenner, "Internet Group Management Protocol, Version 2", RFC [4] W. Fenner, "Internet Group Management Protocol, Version 2", RFC
2236, Nov 1997. 2236, Nov 1997.
[5] IANA, "Address Family Numbers", linked from [5] IANA, "Address Family Numbers", linked from
http://www.iana.org/numbers.html http://www.iana.org/numbers.html
[6] D. Meyer, "Administratively Scoped IP Multicast", RFC 2365, Jul [6] D. Meyer, "Administratively Scoped IP Multicast", RFC 2365, Jul
1998. 1998.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/