idnits 2.17.1 draft-brigm-deterministicrp-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 1) being 435 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack an Authors' Addresses Section. ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 59 instances of too long lines in the document, the longest one being 12 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '4' is defined on line 413, but no explicit reference was found in the text ** Downref: Normative reference to an Experimental RFC: RFC 3973 (ref. '1') ** Obsolete normative reference: RFC 4601 (ref. '2') (Obsoleted by RFC 7761) ** Obsolete normative reference: RFC 6166 (ref. '4') (Obsoleted by RFC 8736) ** Downref: Normative reference to an Informational RFC: RFC 4609 (ref. '5') -- Duplicate reference: RFC4601, mentioned in '6', was also mentioned in '2'. ** Obsolete normative reference: RFC 4601 (ref. '6') (Obsoleted by RFC 7761) Summary: 9 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Michael Brig 2 Internet-Draft Aegis BMD Program Office 3 Intended status: Standard Track 17211 Avenue D, Suite 160 4 Expires: November 20, 2011 Dahlgren, VA 22448-5148 5 Phone: 540-663-1919 6 Email: michael.brig@mda.mil 8 Deterministic RP (D-RP) Specification 9 draft-brigm-deterministicrp-00.txt 11 Copyright (c) 2011 IETF Trust and the persons identified as the document 12 authors. All rights reserved. 14 This document is subject to BCP 78 and the IETF Trust's Legal Provisions 15 Relating to IETF Documents (http://trustee.ietf.org/license-info) in 16 effect on the date of publication of this document. Please review these 17 documents carefully, as they describe your rights and restrictions 18 with respect to this document. 20 This Internet-Draft is submitted in full conformance with the provisions 21 of BCP 78 and BCP 79. Internet-Drafts are working documents of the 22 Internet Engineering Task Force (IETF). Note that other groups may also 23 distribute working documents as Internet-Drafts. The list of current 24 Internet-Drafts is at http://datatracker.ietf.org/drafts/current. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any time. 28 It is inappropriate to use Internet-Drafts as reference material or to 29 cite them other than as "work in progress." 31 Comments are solicited and should be addressed to the working group's 32 mailing list and/or the author(s). 34 Abstract 36 This document specifies the Deterministic Rendezvous Point (D-RP) 37 mechanism for Protocol Independent Multicast (PIM) Sparse Mode (SM) 38 networks. It intends to provide a simple and robust RP service. 39 The mechanism is deterministic since it elects the highest priority 40 candidate to be the D-RP from those available for each IP address family. 41 If a D-RP fails, the election process begins again using the remaining C-RPs 42 for the IP address family. If no candidates are availabe, the network will 43 transition to PIM Dense Mode (DM) routing for that IP address family. 44 In the future if C-RPs emerge for the address family, the network will 45 elect a new D-RP and return to operations with PIM SM routing. 47 1. Introduction 49 From [2], a PIM SM multicast domain requires at least one Rendezvous Point 50 (RP) and each RP may service one or more multicast groups. Concurrently, 51 each multicast group can be serviced by one and only one RP. This protocol 52 mechanism is intended for high availability, moderately sized, well managed, 53 and tightly controlled multicast domains; therefore, only a single RP will 54 be needed to service all multicast groups of each IP address family. If IPv4 55 and IPv6 multicast are simultaneously operational in a PIM SM domain running 56 this protocol, one D-RP will service IPv4 multicast while another D-RP will 57 service IPv6 multicast. 59 This mechanism provides a simple and fault tolerant RP service for IP multicast 60 domains. For this protocol to operate effectively, all routers in the PIM domain 61 must utilize it and be configured either as candidate-RPs (C-RPs) or non-candidates. 63 The mechanism will support IPv4 multicast by itself, IPv6 multicast by itself, or 64 IPv4 and IPv6 multicast operating simultaneously on the same infrastructure but 65 distinct from one other. The C-RP sets for IPv4 and IPv6 should, therefore, be 66 distinct and not intersect. In the later case, there would be at most one D-RP for 67 each IP address family at any time. 69 This mechanism is built upon reference [1] and reference [2] for PIM ver.2. It is 70 specifically not intended to operate with PIM ver.1. 72 2. Protocol Specification 74 During the D-RP election process, C-RPs periodically flood the PIM domain with 75 PIM type 8 "Candidate-RP-Advertisement" messages declaring their candidacy for 76 D-RP of the IP address family. The protocol will elect the candidate with the 77 highest priority to D-RP from the available C-RPs and any existing D-RP 78 of the IP address family. After election, the D-RP will periodically flood 79 the network with a new PIM ver.2 type 11 "elected-RP" message for the 80 duration of its operation as D-RP. If the D-RP fails, the election process 81 begins again using the remaining C-RPs for the IP address family. If no 82 candidates are availabe, the network will transition to PIM Dense Mode (DM) 83 routing for that IP address family. In the future if C-RPs emerge for the 84 address family, the network will elect a new D-RP and return to PIM SM 85 routing. 87 Alternately, the PIM ver.2 type 8 "Candidate-RP-Advertisement" message 88 defined in [3] could be modified by using a single bit from its reserve field 89 as the "Elected" (E) bit. When E = 0, the Candidate/Elected-RP (C/E-RP) message 90 would be a candidate-RP advertisement for that IP address family. When 91 E = 1, the (C/E-RP) message would be an elected-RP advertisement for that 92 IP address family. 94 Each IP address family will have 10 integer priority values ranging from 1 to 95 10 for the network administrator to assign relative importance to C-RPs. 96 It is believed that 10 C-RPs per IP address family represents the largest 97 practical set of C-RPs which a PIM ver.2 network may require. The greater 98 the priority value of the C-RP, the greater its relative importance to 99 the network. These value shall fill the priority fields of 100 Candidate-RP-Advertisement, Elected-RP-Advertisement, and Candidate/Elected- 101 RP-Advertisement messages when transmitted in the multicast domain. 103 When a Elected-RP-Advertisement message has a Holdtime = 0 or a 104 Candidate/Elected-RP-Adevertisemen message with E = 1 has a Holdtime = 0, the 105 E-RP Valid Time and Timer shall be considered infinite. 107 2.1 State Transitions for PIM ver.2 Routers configured as Candidate RPs. 109 On startup, Candidates enter C-RP state after transmitting a C-RP message, 110 setting the C-RP Xmit Timer, C-RP Valid Timer, and RP Election Timer. 112 +---------------------------------------------------------------------+ 113 | When in Active C-RP state | 114 +------+---------------+---------------+--------------+---------------+ 115 |Event |RP Election |Rcvd E-RP |C-RP Valid |Rcvd C-RP | 116 | |Expires |Message with |Timer Timeout.|message with | 117 | | |lower priority | |higher priority| 118 | | |than candidate.| |than candidate.| 119 +------+---------------+---------------+--------------+---------------+ 120 | |-> |-> |-> |-> | 121 | |E-RP; |E-RP; |Standby C-RP; |Standby C-RP; | 122 |Action|Xmit E-RP |Xmit E-RP |Set RP Alive |Set RP Alive | 123 | |message, Set |message, Set |Timer. |Timer. | 124 | |E-RP Xmit |E-RP Xmit | | | 125 | |Timer, Set E-RP|Timer, Set E-RP| | | 126 | |valid Timer, |valid Timer. | | | 127 | |set RP Election|set RP Election| | | 128 | |Timer, set |Timer | | | 129 | |E-RP Valid | | | | 130 | |Timer | | | | 131 +------+---------------+---------------+--------------+---------------+ 133 +-------------------------------------+ 134 |When in Active C-RP state (continued)| 135 +------+----------------+-------------+ 136 |Event |Rcvd E-RP |C-RP Xmit | 137 | |message with |Timeout | 138 | |higher priority | | 139 | |than candidate. | | 140 +------+----------------+-------------+ 141 | |-> |-> | 142 | |Standby C-RP; |Active C-RP; | 143 |Action|Set RP Alive |Xmit C-RP | 144 | |Timer. |message; Set | 145 | | |C-RP Xmit | 146 | | |Timer. | 147 +------+----------------+-------------+ 149 +--------------------------------------------------------------------+ 150 | When in E-RP state | 151 +------+------------------+---------------------+--------------------+ 152 |Event |rcvd C-RP message |E-RP Valid Timer |E-RP Xmit | 153 | |is higher priority|Timeout |Timeout | 154 | |than the priority | | | 155 | |of the Elected RP | | | 156 +------+------------------+---------------------+--------------------+ 157 | |-> |-> |-> | 158 | |Standby C-RP; |Active C-RP; |E-RP; | 159 |Action|Set RP Alive |Xmit C-RP message, |Xmit E-RP message; | 160 | |Timer. |Set C-RP Xmit Timer. |Set E-RP Xmit Timer.| 161 | | |Set C-RP Valid Timer.| | 162 +------+------------------+---------------------+--------------------+ 164 +--------------------------------------+ 165 | When in Standby C-RP state | 166 +------+---------------+---------------+ 167 |Event |RP Alive Timer |rcvd Elected RP| 168 | |expires |message | 169 +------+---------------+---------------+ 170 | |-> |-> | 171 |Action|Active C-RP; |Standby C-RP; | 172 | |Xmit C-RP |Set RP Alive | 173 | |message, Set |Timer. | 174 | |C-RP Valid | | 175 | |Timer, Set C-RP| | 176 | |Xmit Timer, | | 177 | |set RP Election| | 178 | |Timer. | | 179 +------+---------------+---------------+ 181 2.2 State Transition Diagrams for PIM ver.2 Routers configured as 182 non-candidates. 184 On startup, non-Candidates enters PIM DM RTR state. 186 +------------------------+ 187 |When in PIM DM RTR state| 188 +------+-----------------+ 189 |Event | rcvd Elected RP | 190 | | message | 191 +------+-----------------+ 192 | | -> | 193 |Action| TRANSIENT; | 194 | | Set TRANSIENT | 195 | | Timer. | 196 +------+-----------------+ 198 +------------------------------------+ 199 | When in TRANSIENT state | 200 +------+-------------+---------------+ 201 |Event |transient |rcvd Elected RP| 202 | |timer Timeout|message | 203 +------+-------------+---------------+ 204 | |-> |-> | 205 |Action|PIM SM RTR |TRANSIENT; | 206 | |Set RP Alive | | 207 | |Timer. | | 208 +------+-------------+---------------+ 210 +-------------------------------------+ 211 | When in PIM SM RTR state | 212 +------+------------------------------+ 213 |Event |RP Alive Timer|rcvd Elected RP| 214 | |expires |message | 215 +------+--------------+---------------+ 216 | |-> |-> | 217 |Action|PIM DM RTR. |PIM SM RTR; | 218 | | |Set RP Alive | 219 | | |Timer. | 220 +------+--------------+---------------+ 222 3. PIM ver.2 Messages 224 3.1 Candidate-RP-Advertisement Message (Type=8) for IPv6. 226 This mechanism utilizes the PIM ver.2 type 8 "candidate-RP-Advertisement" 227 message as defined in [3]. This message will flood the PIM domain 228 periodically to announce the candidacy of a potential RP for 229 D-RP. Both IPv4 multicast and IPv6 multicast are supported by This 230 message but only IPv6 is illustrated for the sake of brevity. 232 PIM VER = 2 233 Type = 8 234 Prefix Count = 1 235 IPv6 Group Address is the entire IPv6 multicast address range. 237 0 1 2 3 238 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 239 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 240 |PIM Ver| Type | Reserved | Checksum | 241 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 242 | Prefix Count | Priority | Holdtime | 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 244 | C-RP IPv6 Address (Encoded-Unicast format) | 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 246 | | 247 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 248 | | 249 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 250 | | 251 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 252 | IPv6 Group Address (Encoded-Mulicast format) | 253 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 254 | | 255 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 256 | | 257 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 258 | | 259 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 261 3.2 Elected-RP-Advertisement Message (type = 11) proposed for IPv6. 263 This mechanism could utilize a new PIM ver.2 type 11 264 "elected-RP-Advertisement" message. It is a means of determining Group to 265 RP mappings. The message would be defined identically to the 266 "candidate-RP-Advertisement" defined in [3] with the exception that the 267 type field would be set to 11. This message would flood the PIM domain 268 periodically to announce the D-RP. Only the D-RP should utilize this 269 message at any time. Both IPv4 multicast and IPv6 multicast are supported 270 by This message but only IPv6 is illustrated for the sake of brevity. 272 PIM VER = 2 273 Type = 11 274 Prefix Count = 1 275 IPv6 Group Address is the entire IPv6 multicast address range. 277 0 1 2 3 278 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 279 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 280 |PIM Ver| Type | Reserved | Checksum | 281 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 282 | Prefix Count | Priority | Holdtime | 283 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 284 | E-RP IPv6 Address (Encoded-Unicast format) | 285 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 286 | | 287 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 288 | | 289 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 290 | | 291 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 292 | IPv6 Group Address (Encoded-Mulicast format) | 293 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 294 | | 295 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 296 | | 297 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 298 | | 299 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 301 3.3 Candidate/Elected-RP-Advertisement Message (type=8) proposed for IPv6. 303 As an alternative to the PIM type 11 "elected-RP-advertisement" message, this 304 mechanism could utilize a modified PIM ver.2 type 8 "candidate-RP-advertisement" 305 message renamed the "candidate/elected-RP-Advertisement" message. It is a means 306 of determining Group to RP mappings. This would be defined identically to the 307 "candidate-RP-Advertisement" defined in [3] with the exception of a new one bit 308 "elected" field taken from the reserve bits. This message would flood the PIM 309 domain periodically to announce the D-RP or candidate RPs. Only one PIM router, 310 the D-RP, should utilize this message with the "elected" bit set to 1 while many 311 PIM Routers could utilize this message with the "elected" bit set to 0. Both IPv4 312 multicast and IPv6 multicast are supported by This message but only IPv6 is 313 illustrated for the sake of brevity. 315 PIM VER = 2 316 Type = 8 317 Prefix Count = 1 318 E = 0; Candidate-RP Message 319 E = 1; Elected-RP Message 320 IPv6 Group Address is the entire IPv6 multicast address range. 322 0 1 2 3 323 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 324 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 325 |PIM Ver| Type |E| Reserved | Checksum | 326 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 327 | Prefix Count | Priority | Holdtime | 328 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 329 | C/E-RP IPv6 Address (Encoded-Unicast format) | 330 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 331 | | 332 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 333 | | 334 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 335 | | 336 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 337 | IPv6 Group Address (Encoded-Mulicast format) | 338 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 339 | | 340 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 341 | | 342 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 343 | | 344 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 346 5 State Information and Timers 348 5.1 RP Election Timer - default of 4 seconds. 350 5.2 C-RP Transmit Timer - default of 1 second. 352 5.3 C-RP Valid Timer - set to a configured value and transmitted in the 353 Candidate-RP-Advertisement message or the 354 Candidate/Elected-RP-Advertisement message. 356 5.4 E-RP Transmit Timer - default of 1 second. 358 5.5 E-RP Valid Timer - set to a configured value and transmitted in the 359 Elected-RP-Advertisement message or the 360 Candidate/Elected-RP-Advertisement message. 362 5.6 RP Alive Timer - default of 5 seconds. 364 5.7 Transcient Timer - default of 3 seconds. 366 6 Security Considerations 368 Since D-RP is specifically designed to provide a reliable and fault-tolerant RP 369 service for PIM SM multicast networks, it is vulnerable to the security 370 considerations and mitigations outlined in [5] and [6] while a D-RP is 371 operational. D-RP is vulnerable to routers mascarading as C-RPs and D-RPs with 372 and without high configured priority values. It is vulnerable to denial of 373 service if an attacker could sufficiently flood the IP multicast domain with data 374 and therefore prevent the majority of the PIM routers from receiving timely C-RP 375 and D-RP messages. 377 When an D-RP cannot be elected, this mechanism falls back to PIM DM 378 operations until a C-RP becomes available, and a new D-RP is elected. While in 379 DM, it is vulnerable to the security considerations and mitigations outlined in 380 [1]. 382 7 Contributors 384 LCDR Charles Schlice 385 AEGIS BMD B33 386 540-663-1763 387 charles.schlise@mda.mil 389 Jeff Chaney 390 AEGIS BMD B33C 391 540-663-1790 392 Jeff.chaney@mda.mil 394 Thomas Tharp 395 IO Technologies 396 540-663-1865 397 thomas.tharp.ctr@mda.mil 399 8 References 401 [1] Adams, A., Nicholas, J., Siadak, W., 402 "Protocol Independent Multicast - Dense Mode (PIM-DM): 403 Protocol Specification (Revised)", RFC 3973, January 2005 405 [2] Fenner, B., Handley, M., Holbrook, H., and I. Kouvelas, 406 "Protocol Independent Multicast - Sparse Mode (PIM-SM): 407 Protocol Specification (Revised)", RFC 4601, August 2006. 409 [3] Bhaskar, N., Gall, A., Lingard, J., and S. Venaas, 410 "Bootstrap Router (BSR) Mechanism for Protocol Independent 411 Multicast (PIM)", RFC 5059, January 2008. 413 [4] Venaas, S., 414 "A Registry for PIM Message Types", RFC 6166, April 2011 416 [5] Savola, P., Lehtonen, R., Meyer, D. 417 "Protocol Independent Multicast - Sparse Mode (PIM-SM) 418 Multicast Routing Security Issues and Enhancements", 419 RFC 4609, August 2006. 421 [6] Atwood, W., Islam, S., Siami, M.,"Authentication and 422 Confidentiality in Protocol Independent Multicast Sparse 423 Mode (PIM-SM) Link-Local Messages", RFC 4601, March 2010