idnits 2.17.1 draft-ietf-idmr-igmp-v3-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 2 instances of too long lines in the document, the longest one being 2 characters in excess of 72. ** The abstract seems to contain references ([RFC-2119]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 4 instances of lines with multicast IPv4 addresses in the document. If these are generic example addresses, they should be changed to use the 233.252.0.x range defined in RFC 5771 Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 25 has weird spacing: '...The list of ...' == Line 298 has weird spacing: '...change of soc...' == Line 502 has weird spacing: '... to the multi...' == Line 503 has weird spacing: '...ept and proce...' == Line 710 has weird spacing: '...ed from the l...' == (2 more instances...) == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (January 2002) is 8130 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC1112' is mentioned on line 244, but not defined -- Looks like a reference, but probably isn't: '1' on line 551 -- Looks like a reference, but probably isn't: '2' on line 553 == Missing Reference: 'N' is mentioned on line 559, but not defined == Missing Reference: 'M' is mentioned on line 539, but not defined == Outdated reference: A later version (-03) exists of draft-ietf-idmr-msf-api-00 -- Possible downref: Normative reference to a draft: ref. 'FILTER-API' ** Obsolete normative reference: RFC 2402 (ref. 'AH') (Obsoleted by RFC 4302, RFC 4305) Summary: 7 errors (**), 0 flaws (~~), 13 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT Brad Cain, Cereva Networks 2 Steve Deering, Cisco Systems 3 Bill Fenner, AT&T Labs - Research 4 Isidor Kouvelas, Cisco Systems 5 Ajit Thyagarajan, Ericsson 6 Expires July 2002 January 2002 8 Internet Group Management Protocol, Version 3 9 11 STATUS OF THIS MEMO 13 This document is an Internet-Draft and is in full conformance with all 14 provisions of Section 10 of RFC2026. 16 Internet-Drafts are working documents of the Internet Engineering Task 17 Force (IETF), its areas, and its working groups. Note that other 18 groups may also distribute working documents as Internet- Drafts. 20 Internet-Drafts are draft documents valid for a maximum of six months 21 and may be updated, replaced, or obsoleted by other documents at any 22 time. It is inappropriate to use Internet-Drafts as reference material 23 or to cite them other than as work in progress. 25 The list of current Internet-Drafts can be accessed at 26 http://www.ietf.org/ietf/1id-abstracts.txt 28 The list of Internet-Draft Shadow Directories can be accessed at 29 http://www.ietf.org/shadow.html. 31 Abstract 33 This document specifies Version 3 of the Internet Group Management 34 Protocol, IGMPv3. IGMP is the protocol used by IPv4 systems to report 35 their IP multicast group memberships to neighboring multicast routers. 36 Version 3 of IGMP adds support for "source filtering", that is, the 37 ability for a system to report interest in receiving packets *only* from 38 specific source addresses, or from *all but* specific source addresses, 39 sent to a particular multicast address. That information may be used by 40 multicast routing protocols to avoid delivering multicast packets from 41 specific sources to networks where there are no interested receivers. 43 This document is a product of the Inter-Domain Multicast Routing working 44 group within the Internet Engineering Task Force. Comments are 45 solicited and should be addressed to the working group's mailing list at 46 idmr@cs.ucl.ac.uk and/or the authors. 48 The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL", 49 "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and 50 "OPTIONAL" in this document are to be interpreted as described in 51 [RFC-2119]. Due to the lack of italics, emphasis is indicated herein by 52 bracketing a word or phrase in "*" characters. 54 Table of Contents 56 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 2. The API for Requesting IP Multicast Reception . . . . . . . . . . 4 58 3. Multicast Reception State Maintained by Systems . . . . . . . . . 6 59 4. Message Formats . . . . . . . . . . . . . . . . . . . . . . . . . 9 60 5. Description of the Protocol for Group Members . . . . . . . . . . 20 61 6. Description of the Protocol for Multicast 62 Routers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 63 7. Interoperation with Older Versions of IGMP. . . . . . . . . . . . 37 64 8. List of Timers, Counters, and their Default 65 Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 66 9. Security Considerations . . . . . . . . . . . . . . . . . . . . . 45 67 10. Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . . 48 68 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 69 Appendix A. Design Rationale . . . . . . . . . . . . . . . . . . . . 49 70 1. INTRODUCTION 72 The Internet Group Management Protocol (IGMP) is used by IPv4 systems 73 (hosts and routers) to report their IP multicast group memberships to 74 any neighboring multicast routers. Note that an IP multicast router may 75 itself be a member of one or more multicast groups, in which case it 76 performs both the "multicast router part" of the protocol (to collect 77 the membership information needed by its multicast routing protocol) and 78 the "group member part" of the protocol (to inform itself and other, 79 neighboring multicast routers of its memberships). 81 IGMP is also used for other IP multicast management functions, using 82 message types other than those used for group membership reporting. 83 This document specifies only the group membership reporting functions 84 and messages. 86 This document specifies Version 3 of IGMP. Version 1, specified in 87 [RFC-1112], was the first widely-deployed version and the first version 88 to become an Internet Standard. Version 2, specified in [RFC-2236], 89 added support for "low leave latency", that is, a reduction in the time 90 it takes for a multicast router to learn that there are no longer any 91 members of a particular group present on an attached network. Version 3 92 adds support for "source filtering", that is, the ability for a system 93 to report interest in receiving packets *only* from specific source 94 addresses, or from *all but* specific source addresses, sent to a 95 particular multicast address. Version 3 is designed to be interoperable 96 with Versions 1 and 2. 98 2. THE API FOR REQUESTING IP MULTICAST RECEPTION 100 Within an IP system, there is (at least conceptually) an Application 101 Programming Interface or API used by upper-layer protocols or 102 application programs to ask the IP layer to enable and disable reception 103 of packets sent to specific IP multicast addresses. In order to take 104 full advantage of the capabilities of IGMPv3, a system's IP API must 105 support the following operation (or any logical equivalent; for example, 106 see [FILTER-API]): 108 IPMulticastListen ( socket, interface, multicast-address, 109 filter-mode, source-list ) 111 where: 113 "socket" is an implementation-specific parameter used to distinguish 114 among different requesting entities (e.g., programs or processes) 115 within the system; the socket parameter of BSD Unix system calls is a 116 specific example. 118 "interface" is a local identifier of the network interface on which 119 reception of the specified multicast address is to be enabled or 120 disabled. Interfaces may be physical (e.g., an Ethernet interface) or 121 virtual (e.g., the endpoint of a Frame Relay virtual circuit or the 122 endpoint of an IP-in-IP "tunnel"). An implementation may allow a 123 special "unspecified" value to be passed as the interface parameter, 124 in which case the request would apply to the "primary" or "default" 125 interface of the system (perhaps established by system configuration). 126 If reception of the same multicast address is desired on more than one 127 interface, IPMulticastListen is invoked separately for each desired 128 interface. 130 "multicast-address" is the IP multicast address to which the request 131 pertains. If reception of more than one multicast address on a given 132 interface is desired, IPMulticastListen is invoked separately for each 133 desired multicast address. 135 "filter-mode" may be either INCLUDE or EXCLUDE. In INCLUDE mode, 136 reception of packets sent to the specified multicast address is 137 requested *only* from those IP source addresses listed in the source- 138 list parameter. In EXCLUDE mode, reception of packets sent to the 139 given multicast address is requested from all IP source addresses 140 *except* those listed in the source-list parameter. 142 "source-list" is an unordered list of zero or more IP unicast 143 addresses from which multicast reception is desired or not desired, 144 depending on the filter mode. An implementation MAY impose a limit on 145 the size of source lists, but that limit MUST NOT be less than 64 146 addresses per list. When an operation causes the source list size 147 limit to be exceeded, the API MUST return an error. 149 For a given combination of socket, interface, and multicast address, 150 only a single filter mode and source list can be in effect at any one 151 time. However, either the filter mode or the source list, or both, may 152 be changed by subsequent IPMulticastListen requests that specify the 153 same socket, interface, and multicast address. 155 Previous versions of IGMP did not support source filters and had a 156 simpler API consisting of Join and Leave operations to enable and 157 disable reception of a given multicast address (from *all* sources) on 158 a given interface. Those Join and Leave operations are supported by the 159 new API as follows: 161 The Join operation is equivalent to 163 IPMulticastListen ( socket, interface, multicast-address, 164 EXCLUDE, {} ) 166 and the Leave operation is equivalent to: 168 IPMulticastListen ( socket, interface, multicast-address, 169 INCLUDE, {} ) 171 where {} is an empty source list. 173 It is recommended that implementations continue to support the old API, 174 (perhaps as calls on the new API) for compatibility with pre-existing IP 175 multicast applications. 177 3. MULTICAST RECEPTION STATE MAINTAINED BY SYSTEMS 179 3.1. Socket State 181 For each socket on which IPMulticastListen has been invoked, the system 182 records the desired multicast reception state for that socket. That 183 state conceptually consists of a set of records of the form: 185 (interface, multicast-address, filter-mode, source-list) 187 The socket state evolves in response to each invocation of 188 IPMulticastListen on the socket, as follows: 190 o If the requested filter mode is INCLUDE *and* the requested source 191 list is empty, then the entry corresponding to the requested 192 interface and multicast address is deleted if present. If no such 193 entry is present, the request is ignored. 195 o If the requested filter mode is EXCLUDE *or* the requested source list 196 is non-empty, then the entry corresponding to the requested interface 197 and multicast address, if present, is changed to contain the requested 198 filter mode and source list. If no such entry is present, a new entry 199 is created, using the parameters specified in the request. 201 3.2. Interface State 203 In addition to the per-socket multicast reception state, a system must 204 also maintain or compute multicast reception state for each of its 205 interfaces. That state conceptually consists of a set of records of the 206 form: 208 (multicast-address, filter-mode, source-list) 210 This per-interface state is derived from the per-socket state, but may 211 differ from the per-socket state when different sockets have differing 212 filter modes and/or source lists for the same multicast address and 213 interface. For example, suppose one application or process invokes the 214 following operation on socket s1: 216 IPMulticastListen ( s1, i, m, INCLUDE, {a, b, c} ) 218 requesting reception on interface i of packets sent to multicast address 219 m, *only* if they come from source a, b, or c. 220 Suppose another application or process invokes the following operation 221 on socket s2: 223 IPMulticastListen ( s2, i, m, INCLUDE, {b, c, d} ) 225 requesting reception on the same interface i of packets sent to the same 226 multicast address m, *only* if they come from sources b, c, or d. 227 In order to satisfy the reception requirements of both sockets, it is 228 necessary for interface i to receive packets sent to m from any one of 229 the sources a, b, c, or d. Thus, in this example, the reception state 230 of interface i for multicast address m has filter mode INCLUDE and 231 source list {a, b, c, d}. 233 After a multicast packet has been accepted from an interface by the IP 234 layer, its subsequent delivery to the application or process listening 235 on a particular socket depends on the multicast reception state of that 236 socket [and possibly also on other conditions, such as what transport- 237 layer port the socket is bound to]. So, in the above example, if a 238 packet arrives on interface i, destined to multicast address m, with 239 source address a, it will be delivered on socket s1 but not on socket 240 s2. Note that IGMP Queries and Reports are not subject to source 241 filtering and must always be processed by hosts and routers. 243 Filtering of packets based upon a socket's multicast reception state 244 state is a new feature of this API. The previous API [RFC1112] 245 described no filtering based upon multicast join state; rather, a join 246 on a socket simply caused the host to join a group on the given 247 interface, and packets destined for that group could be delivered to all 248 sockets whether they had joined or not. 250 The general rules for deriving the per-interface state from the per- 251 socket state are as follows: For each distinct (interface, multicast- 252 address) pair that appears in any socket state, a per-interface record 253 is created for that multicast address on that interface. Considering 254 all socket records containing the same (interface, multicast-address) 255 pair, 256 o if *any* such record has a filter mode of EXCLUDE, then the filter 257 mode of the interface record is EXCLUDE, and the source list of the 258 interface record is the intersection of the source lists of all socket 259 records in EXCLUDE mode, minus those source addresses that appear in 260 any socket record in INCLUDE mode. For example, if the socket records 261 for multicast address m on interface i are: 263 from socket s1: ( i, m, EXCLUDE, {a, b, c, d} ) 264 from socket s2: ( i, m, EXCLUDE, {b, c, d, e} ) 265 from socket s3: ( i, m, INCLUDE, {d, e, f} ) 267 then the corresponding interface record on interface i is: 269 ( m, EXCLUDE, {b, c} ) 271 o if *all* such records have a filter mode of INCLUDE, then the filter 272 mode of the interface record is INCLUDE, and the source list of the 273 interface record is the union of the source lists of all the socket 274 records. For example, if the socket records for multicast address m 275 on interface i are: 277 from socket s1: ( i, m, INCLUDE, {a, b, c} ) 278 from socket s2: ( i, m, INCLUDE, {b, c, d} ) 279 from socket s3: ( i, m, INCLUDE, {e, f} ) 281 then the corresponding interface record on interface i is: 283 ( m, INCLUDE, {a, b, c, d, e, f} ) 285 Be aware that earlier versions of this document allowed a system to 286 convert an INCLUDE interface state record with a large source list to 287 an EXCLUDE record with an empty source list when resource limits were 288 exhausted. This behavior is no longer allowed. An implementation MUST 289 NOT use an EXCLUDE interface record to represent a group when all 290 sockets for this group are in INCLUDE state. If system resource limits 291 are reached when an interface state source list is calculated, an 292 error MUST be returned to the application which requested the 293 operation. 295 The above rules for deriving the interface state are (re-)evaluated 296 whenever an IPMulticastListen invocation modifies the socket state by 297 adding, deleting, or modifying a per-socket state record. Note that a 298 change of socket state does not necessarily result in a change of 299 interface state. 301 4. MESSAGE FORMATS 303 IGMP messages are encapsulated in IPv4 datagrams, with an IP protocol 304 number of 2. Every IGMP message described in this document is sent with 305 an IP Time-to-Live of 1, and carries an IP Router Alert option 306 [RFC-2113] in its IP header. 308 There are two IGMP message types of concern to the IGMPv3 protocol 309 described in this document: 311 Type Number (hex) Message Name 312 ----------------- ------------ 314 0x11 Membership Query 316 0x22 Version 3 Membership Report 318 An implementation of IGMPv3 MUST also support the following three 319 message types, for interoperation with previous versions of IGMP (see 320 section 7): 322 0x12 Version 1 Membership Report [RFC-1112] 324 0x16 Version 2 Membership Report [RFC-2236] 326 0x17 Version 2 Leave Group [RFC-2236] 328 Unrecognized message types MUST be silently ignored. Other message 329 types may be used by newer versions or extensions of IGMP, by multicast 330 routing protocols, or for other uses. 332 In this document, unless otherwise qualified, the capitalized words 333 "Query" and "Report" refer to IGMP Membership Queries and IGMP Version 3 334 Membership Reports, respectively. 336 4.1. Membership Query Message 338 Membership Queries are sent by IP multicast routers to query the 339 multicast reception state of neighboring interfaces. Queries have the 340 following format: 342 0 1 2 3 343 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 344 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 345 | Type = 0x11 | Max Resp Code | Checksum | 346 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 347 | Group Address | 348 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 349 | Resv |S| QRV | QQIC | Number of Sources (N) | 350 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 351 | Source Address [1] | 352 +- -+ 353 | Source Address [2] | 354 +- . -+ 355 . . . 356 . . . 357 +- -+ 358 | Source Address [N] | 359 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 361 4.1.1. Max Resp Code 363 The Max Resp Code field specifies the maximum time allowed before 364 sending a responding report. The actual time allowed, called the Max 365 Resp Time, is represented in units of 1/10 second and is derived from 366 the Max Resp Code as follows: 368 If Max Resp Code < 128, Max Resp Time = Max Resp Code 370 If Max Resp Code >= 128, Max Resp Code represents a floating-point value 371 as follows: 373 0 1 2 3 4 5 6 7 374 +-+-+-+-+-+-+-+-+ 375 |1| exp | mant | 376 +-+-+-+-+-+-+-+-+ 378 Max Resp Time = (mant | 0x10) << (exp + 3) 380 Small values of Max Resp Time allow IGMPv3 routers to tune the "leave 381 latency" (the time between the moment the last host leaves a group and 382 the moment the routing protocol is notified that there are no more 383 members). Larger values, especially in the exponential range, allow 384 tuning of the burstiness of IGMP traffic on a network. 386 4.1.2. Checksum 388 The Checksum is the 16-bit one's complement of the one's complement sum 389 of the whole IGMP message (the entire IP payload). For computing the 390 checksum, the Checksum field is set to zero. When receiving packets, 391 the checksum MUST be verified before processing a packet. 393 4.1.3. Group Address 395 The Group Address field is set to zero when sending a General Query, and 396 set to the IP multicast address being queried when sending a Group- 397 Specific Query or Group-and-Source-Specific Query (see section 4.1.9, 398 below). 400 4.1.4. Resv (Reserved) 402 The Resv field is set to zero on transmission, and ignored on reception. 404 4.1.5. S Flag (Suppress Router-Side Processing) 406 When set to one, the S Flag indicates to any receiving multicast routers 407 that they are to suppress the normal timer updates they perform upon 408 hearing a Query. It does not, however, suppress the querier election or 409 the normal "host-side" processing of a Query that a router may be 410 required to perform as a consequence of itself being a group member. 412 4.1.6. QRV (Querier's Robustness Variable) 414 If non-zero, the QRV field contains the [Robustness Variable] value used 415 by the querier, i.e., the sender of the Query. If the querier's 416 [Robustness Variable] exceeds 7, the maximum value of the QRV field, the 417 QRV is set to zero. Routers adopt the QRV value from the most recently 418 received Query as their own [Robustness Variable] value, unless that 419 most recently received QRV was zero, in which case the receivers use the 420 default [Robustness Variable] value specified in section 8.1 or a 421 statically configured value. 423 4.1.7. QQIC (Querier's Query Interval Code) 425 The Querier's Query Interval Code field specifies the [Query Interval] 426 used by the querier. The actual interval, called the Querier's Query 427 Interval (QQI), is represented in units of seconds and is derived from 428 the Querier's Query Interval Code as follows: 430 If QQIC < 128, QQI = QQIC 432 If QQIC >= 128, QQIC represents a floating-point value as follows: 434 0 1 2 3 4 5 6 7 435 +-+-+-+-+-+-+-+-+ 436 |1| exp | mant | 437 +-+-+-+-+-+-+-+-+ 439 QQI = (mant | 0x10) << (exp + 3) 441 Multicast routers that are not the current querier adopt the QQI value 442 from the most recently received Query as their own [Query Interval] 443 value, unless that most recently received QQI was zero, in which case 444 the receiving routers use the default [Query Interval] value specified 445 in section 8.2. 447 4.1.8. Number of Sources (N) 449 The Number of Sources (N) field specifies how many source addresses are 450 present in the Query. This number is zero in a General Query or a 451 Group-Specific Query, and non-zero in a Group-and-Source- Specific 452 Query. This number is limited by the MTU of the network over which the 453 Query is transmitted. For example, on an Ethernet with an MTU of 1500 454 octets, the IP header including the Router Alert option consumes 24 455 octets, and the IGMP fields up to including the Number of Sources (N) 456 field consume 12 octets, leaving 1464 octets for source addresses, which 457 limits the number of source addresses to 366 (1464/4). 459 4.1.9. Source Address [i] 461 The Source Address [i] fields are a vector of n IP unicast addresses, 462 where n is the value in the Number of Sources (N) field. 464 4.1.10. Additional Data 466 If the Packet Length field in the IP header of a received Query 467 indicates that there are additional octets of data present, beyond the 468 fields described here, IGMPv3 implementations MUST include those octets 469 in the computation to verify the received IGMP Checksum, but MUST 470 otherwise ignore those additional octets. When sending a Query, an 471 IGMPv3 implementation MUST NOT include additional octets beyond the 472 fields described here. 474 4.1.11. Query Variants 476 There are three variants of the Query message: 478 1. A "General Query" is sent by a multicast router to learn the complete 479 multicast reception state of the neighboring interfaces 480 (that is, the interfaces attached to the network on which the Query 481 is transmitted). In a General Query, both the Group Address field 482 and the Number of Sources (N) field are zero. 484 2. A "Group-Specific Query" is sent by a multicast router to learn the 485 reception state, with respect to a *single* multicast address, of the 486 neighboring interfaces. In a Group-Specific Query, the Group Address 487 field contains the multicast address of interest, and the Number of 488 Sources (N) field contains zero. 490 3. A "Group-and-Source-Specific Query" is sent by a multicast router to 491 learn if any neighboring interface desires reception of packets sent 492 to a specified multicast address, from any of a specified list of 493 sources. In a Group-and-Source-Specific Query, the Group Address 494 field contains the multicast address of interest, and the Source 495 Address [i] fields contain the source address(es) of interest. 497 4.1.12. IP Destination Addresses for Queries 499 In IGMPv3, General Queries are sent with an IP destination address of 500 224.0.0.1, the all-systems multicast address. Group-Specific and Group- 501 and-Source-Specific Queries are sent with an IP destination address 502 equal to the multicast address of interest. *However*, a system MUST 503 accept and process any Query whose IP Destination Address field 504 contains *any* of the addresses (unicast or multicast) assigned to the 505 interface on which the Query arrives. 507 4.2. Version 3 Membership Report Message 509 Version 3 Membership Reports are sent by IP systems to report (to 510 neighboring routers) the current multicast reception state, or changes 511 in the multicast reception state, of their interfaces. Reports have the 512 following format: 514 0 1 2 3 515 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 516 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 517 | Type = 0x22 | Reserved | Checksum | 518 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 519 | Reserved | Number of Group Records (M) | 520 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 521 | | 522 . . 523 . Group Record [1] . 524 . . 525 | | 526 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 527 | | 528 . . 529 . Group Record [2] . 530 . . 531 | | 532 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 533 | . | 534 . . . 535 | . | 536 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 537 | | 538 . . 539 . Group Record [M] . 540 . . 541 | | 542 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 544 where each Group Record has the following internal format: 546 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 547 | Record Type | Aux Data Len | Number of Sources (N) | 548 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 549 | Multicast Address | 550 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 551 | Source Address [1] | 552 +- -+ 553 | Source Address [2] | 554 +- -+ 555 . . . 556 . . . 557 . . . 558 +- -+ 559 | Source Address [N] | 560 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 561 | | 562 . . 563 . Auxiliary Data . 564 . . 565 | | 566 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 568 4.2.1. Reserved 570 The Reserved fields are set to zero on transmission, and ignored on 571 reception. 573 4.2.2. Checksum 575 The Checksum is the 16-bit one's complement of the one's complement sum 576 of the whole IGMP message (the entire IP payload). For computing the 577 checksum, the Checksum field is set to zero. When receiving packets, 578 the checksum MUST be verified before processing a message. 580 4.2.3. Number of Group Records (M) 582 The Number of Group Records (M) field specifies how many Group Records 583 are present in this Report. 585 4.2.4. Group Record 587 Each Group Record is a block of fields containing information pertaining 588 to the sender's membership in a single multicast group on the interface 589 from which the Report is sent. 591 4.2.5. Record Type 593 See section 4.2.12, below. 595 4.2.6. Aux Data Len 597 The Aux Data Len field contains the length of the Auxiliary Data field 598 in this Group Record, in units of 32-bit words. It may contain zero, to 599 indicate the absence of any auxiliary data. 601 4.2.7. Number of Sources (N) 603 The Number of Sources (N) field specifies how many source addresses are 604 present in this Group Record. 606 4.2.8. Multicast Address 608 The Multicast Address field contains the IP multicast address to which 609 this Group Record pertains. 611 4.2.9. Source Address [i] 613 The Source Address [i] fields are a vector of n IP unicast addresses, 614 where n is the value in this record's Number of Sources (N) field. 616 4.2.10. Auxiliary Data 618 The Auxiliary Data field, if present, contains additional information 619 pertaining to this Group Record. The protocol specified in this 620 document, IGMPv3, does not define any auxiliary data. Therefore, 621 implementations of IGMPv3 MUST NOT include any auxiliary data (i.e., 622 MUST set the Aux Data Len field to zero) in any transmitted Group 623 Record, and MUST ignore any auxiliary data present in any received Group 624 Record. The semantics and internal encoding of the Auxiliary Data field 625 are to be defined by any future version or extension of IGMP that uses 626 this field. 628 4.2.11. Additional Data 630 If the Packet Length field in the IP header of a received Report 631 indicates that there are additional octets of data present, beyond the 632 last Group Record, IGMPv3 implementations MUST include those octets in 633 the computation to verify the received IGMP Checksum, but MUST otherwise 634 ignore those additional octets. When sending a Report, an IGMPv3 635 implementation MUST NOT include additional octets beyond the last Group 636 Record. 638 4.2.12. Group Record Types 640 There are a number of different types of Group Records that may be 641 included in a Report message: 643 o A "Current-State Record" is sent by a system in response to a Query 644 received on an interface. It reports the current reception state of 645 that interface, with respect to a single multicast address. The 646 Record Type of a Current-State Record may be one of the following two 647 values: 649 Value Name and Meaning 650 ----- ---------------- 652 1 MODE_IS_INCLUDE - indicates that the interface has a 653 filter mode of INCLUDE for the specified multicast 654 address. The Source Address [i] fields in this Group 655 Record contain the interface's source list for the 656 specified multicast address, if it is non-empty. 658 2 MODE_IS_EXCLUDE - indicates that the interface has a 659 filter mode of EXCLUDE for the specified multicast 660 address. The Source Address [i] fields in this Group 661 Record contain the interface's source list for the 662 specified multicast address, if it is non-empty. 664 o A "Filter-Mode-Change Record" is sent by a system whenever a local 665 invocation of IPMulticastListen causes a change of the filter mode 666 (i.e., a change from INCLUDE to EXCLUDE, or from EXCLUDE to INCLUDE), 667 of the interface-level state entry for a particular multicast address. 668 The Record is included in a Report sent from the interface on which 669 the change occurred. The Record Type of a Filter-Mode-Change Record 670 may be one of the following two values: 672 3 CHANGE_TO_INCLUDE_MODE - indicates that the interface 673 has changed to INCLUDE filter mode for the specified 674 multicast address. The Source Address [i] fields 675 in this Group Record contain the interface's new 676 source list for the specified multicast address, 677 if it is non-empty. 679 4 CHANGE_TO_EXCLUDE_MODE - indicates that the interface 680 has changed to EXCLUDE filter mode for the specified 681 multicast address. The Source Address [i] fields 682 in this Group Record contain the interface's new 683 source list for the specified multicast address, 684 if it is non-empty. 686 o A "Source-List-Change Record" is sent by a system whenever a local 687 invocation of IPMulticastListen causes a change of source list that is 688 *not* coincident with a change of filter mode, of the interface-level 689 state entry for a particular multicast address. The Record is 690 included in a Report sent from the interface on which the change 691 occurred. The Record Type of a Source-List-Change Record may be one 692 of the following two values: 694 5 ALLOW_NEW_SOURCES - indicates that the Source Address 695 [i] fields in this Group Record contain a list of the 696 additional sources that the system wishes to 697 hear from, for packets sent to the specified 698 multicast address. If the change was to an INCLUDE 699 source list, these are the addresses that were added 700 to the list; if the change was to an EXCLUDE source 701 list, these are the addresses that were deleted from 702 the list. 704 6 BLOCK_OLD_SOURCES - indicates that the Source Address 705 [i] fields in this Group Record contain a list of the 706 sources that the system no longer wishes to 707 hear from, for packets sent to the specified 708 multicast address. If the change was to an INCLUDE 709 source list, these are the addresses that were 710 deleted from the list; if the change was to an 711 EXCLUDE source list, these are the addresses that 712 were added to the list. 714 If a change of source list results in both allowing new sources and 715 blocking old sources, then two Group Records are sent for the same 716 multicast address, one of type ALLOW_NEW_SOURCES and one of type 717 BLOCK_OLD_SOURCES. 719 We use the term "State-Change Record" to refer to either a Filter- Mode- 720 Change Record or a Source-List-Change Record. 722 Unrecognized Record Type values MUST be silently ignored. 724 4.2.13. IP Source Addresses for Reports 726 An IGMP report is sent with a valid IP source address for the 727 destination subnet. The 0.0.0.0 source address may be used by a system 728 that has not yet acquired an IP address. Note that the 0.0.0.0 source 729 address may simultaneously be used by multiple systems on a LAN. 730 Routers MUST accept a report with a source address of 0.0.0.0. 732 4.2.14. IP Destination Addresses for Reports 734 Version 3 Reports are sent with an IP destination address of 224.0.0.22, 735 to which all IGMPv3-capable multicast routers listen. A system that is 736 operating in version 1 or version 2 compatibility modes sends version 1 737 or version 2 Reports to the multicast group specified in the Group 738 Address field of the Report. In addition, a system MUST accept and 739 process any version 1 or version 2 Report whose IP Destination Address 740 field contains *any* of the addresses (unicast or multicast) assigned to 741 the interface on which the Report arrives. 743 4.2.15. Notation for Group Records 745 In the rest of this document, we use the following notation to describe 746 the contents of a Group Record pertaining to a particular multicast 747 address: 749 IS_IN ( x ) - Type MODE_IS_INCLUDE, source addresses x 750 IS_EX ( x ) - Type MODE_IS_EXCLUDE, source addresses x 751 TO_IN ( x ) - Type CHANGE_TO_INCLUDE_MODE, source addresses x 752 TO_EX ( x ) - Type CHANGE_TO_EXCLUDE_MODE, source addresses x 753 ALLOW ( x ) - Type ALLOW_NEW_SOURCES, source addresses x 754 BLOCK ( x ) - Type BLOCK_OLD_SOURCES, source addresses x 756 where x is either: 758 o a capital letter (e.g., "A") to represent the set of source addresses, 759 or 761 o a set expression (e.g., "A+B"), where "A+B" means the union of sets A 762 and B, "A*B" means the intersection of sets A and B, and "A-B" means 763 the removal of all elements of set B from set A. 765 4.2.16. Membership Report Size 767 If the set of Group Records required in a Report does not fit within the 768 size limit of a single Report message (as determined by the MTU of the 769 network on which it will be sent), the Group Records are sent in as many 770 Report messages as needed to report the entire set. 772 If a single Group Record contains so many source addresses that it does 773 not fit within the size limit of a single Report message, if its Type is 774 not MODE_IS_EXCLUDE or CHANGE_TO_EXCLUDE_MODE, it is split into multiple 775 Group Records, each containing a different subset of the source 776 addresses and each sent in a separate Report message. If its Type is 777 MODE_IS_EXCLUDE or CHANGE_TO_EXCLUDE_MODE, a single Group Record is 778 sent, containing as many source addresses as can fit, and the remaining 779 source addresses are not reported; though the choice of which sources to 780 report is arbitrary, it is preferable to report the same set of sources 781 in each subsequent report, rather than reporting different sources each 782 time. 784 5. DESCRIPTION OF THE PROTOCOL FOR GROUP MEMBERS 786 IGMP is an asymmetric protocol, specifying separate behaviors for group 787 members -- that is, hosts or routers that wish to receive multicast 788 packets -- and multicast routers. This section describes the part of 789 IGMPv3 that applies to all group members. (Note that a multicast router 790 that is also a group member performs both parts of IGMPv3, receiving and 791 responding to its own IGMP message transmissions as well as those of its 792 neighbors. The multicast router part of IGMPv3 is described in section 793 6.) 795 A system performs the protocol described in this section over all 796 interfaces on which multicast reception is supported, even if more than 797 one of those interfaces is connected to the same network. 799 For interoperability with multicast routers running older versions of 800 IGMP, systems maintain a MulticastRouterVersion variable for each 801 interface on which multicast reception is supported. This section 802 describes the behavior of group member systems on interfaces for which 803 MulticastRouterVersion = 3. The algorithm for determining 804 MulticastRouterVersion, and the behavior for versions other than 3, are 805 described in section 7. 807 The all-systems multicast address, 224.0.0.1, is handled as a special 808 case. On all systems -- that is all hosts and routers, including 809 multicast routers -- reception of packets destined to the all-systems 810 multicast address, from all sources, is permanently enabled on all 811 interfaces on which multicast reception is supported. No IGMP messages 812 are ever sent regarding the all-systems multicast address. 814 There are two types of events that trigger IGMPv3 protocol actions on an 815 interface: 817 o a change of the interface reception state, caused by a local 818 invocation of IPMulticastListen. 820 o reception of a Query. 822 (Received IGMP messages of types other than Query are silently ignored, 823 except as required for interoperation with earlier versions of IGMP.) 824 The following subsections describe the actions to be taken for each of 825 these two cases. In those descriptions, timer and counter names appear 826 in square brackets. The default values for those timers and counters 827 are specified in section 8. 829 5.1. Action on Change of Interface State 831 An invocation of IPMulticastListen may cause the multicast reception 832 state of an interface to change, according to the rules in section 3.2. 833 Each such change affects the per-interface entry for a single multicast 834 address. 836 A change of interface state causes the system to immediately transmit a 837 State-Change Report from that interface. The type and contents of the 838 Group Record(s) in that Report are determined by comparing the filter 839 mode and source list for the affected multicast address before and after 840 the change, according to the table below. If no interface state existed 841 for that multicast address before the change (i.e., the change consisted 842 of creating a new per-interface record), or if no state exists after the 843 change (i.e., the change consisted of deleting a per-interface record), 844 then the "non-existent" state is considered to have a filter mode of 845 INCLUDE and an empty source list. 847 Old State New State State-Change Record Sent 848 --------- --------- ------------------------ 850 INCLUDE (A) INCLUDE (B) ALLOW (B-A), BLOCK (A-B) 852 EXCLUDE (A) EXCLUDE (B) ALLOW (A-B), BLOCK (B-A) 854 INCLUDE (A) EXCLUDE (B) TO_EX (B) 856 EXCLUDE (A) INCLUDE (B) TO_IN (B) 858 If the computed source list for either an ALLOW or a BLOCK State-Change 859 Record is empty, that record is omitted from the Report message. 861 To cover the possibility of the State-Change Report being missed by one 862 or more multicast routers, it is retransmitted [Robustness Variable] - 1 863 more times, at intervals chosen at random from the range (0, 864 [Unsolicited Report Interval]). 866 If more changes to the same interface state entry occur before all the 867 retransmissions of the State-Change Report for the first change have 868 been completed, each such additional change triggers the immediate 869 transmission of a new State-Change Report. 871 The contents of the new transmitted report are calculated as follows. 872 As was done with the first report, the interface state for the affected 873 group before and after the latest change is compared. The report records 874 expressing the difference are built according to the table above. 875 However these records are not transmitted in a message but instead 876 merged with the contents of the pending report, to create the new State- 877 Change report. The rules for merging the difference report resulting 878 from the state change and the pending report are described below. 880 The transmission of the merged State-Change Report terminates 881 retransmissions of the earlier State-Change Reports for the same 882 multicast address, and becomes the first of [Robustness Variable] 883 transmissions of State-Change Reports. 885 Each time a source is included in the difference report calculated 886 above, retransmission state for that source needs to be maintained until 887 [Robustness Variable] State-Change reports have been sent by the host. 888 This is done in order to ensure that a series of successive state 889 changes do not break the protocol robustness. 891 If the interface reception-state change that triggers the new report is 892 a filter-mode change, then the next [Robustness Variable] State-Change 893 Reports will include a Filter-Mode-Change record. This applies even if 894 any number of source-list changes occur in that period. The host has to 895 maintain retransmission state for the group until the [Robustness 896 Variable] State-Change reports have been sent. When [Robustness 897 Variable] State-Change reports with Filter-Mode-Change records have been 898 transmitted after the last filter-mode change, and if source-list 899 changes to the interface reception have scheduled additional reports, 900 then the next State-Change report will include Source-List-Change 901 records. 903 Each time a State-Change Report is transmitted, the contents are 904 determined as follows. If the report should contain a Filter-Mode-Change 905 record, then if the current filter-mode of the interface is INCLUDE, a 906 TO_IN record is included in the report, otherwise a TO_EX record is 907 included. If instead the report should contain Source-List-Change 908 records, an ALLOW and a BLOCK record are included. The contents of 909 these records are built according to the table below. 911 Record Sources included 912 ------ ---------------- 913 TO_IN All in the current interface state that must be forwarded 914 TO_EX All in the current interface state that must be blocked 915 ALLOW All with retransmission state that must be forwarded 916 BLOCK All with retransmission state that must be blocked 918 If the computed source list for either an ALLOW or a BLOCK record is 919 empty, that record is omitted from the State-Change report. 921 Note: When the first State-Change report is sent, the non-existent 922 pending report to merge with, can be treated as a source-change report 923 with empty ALLOW and BLOCK records (no sources have retransmission 924 state). 926 5.2. Action on Reception of a Query 928 When a system receives a Query, it does not respond immediately. 929 Instead, it delays its response by a random amount of time, bounded by 930 the Max Resp Time value derived from the Max Resp Code in the received 931 Query message. A system may receive a variety of Queries on different 932 interfaces and of different kinds (e.g., General Queries, Group-Specific 933 Queries, and Group-and- Source-Specific Queries), each of which may 934 require its own delayed response. 936 Before scheduling a response to a Query, the system must first consider 937 previously scheduled pending responses and in many cases schedule a 938 combined response. Therefore, the system must be able to maintain the 939 following state: 941 o A timer per interface for scheduling responses to General Queries. 943 o A per-group and interface timer for scheduling responses to Group- 944 Specific and Group-and-Source-Specific Queries. 946 o A per-group and interface list of sources to be reported in the 947 response to a Group-and-Source-Specific Query. 949 When a new Query with the Router-Alert option arrives on an interface, 950 provided the system has state to report, a delay for a response is 951 randomly selected in the range (0, [Max Resp Time]) where Max Resp Time 952 is derived from Max Resp Code in the received Query message. The 953 following rules are then used to determine if a Report needs to be 954 scheduled and the type of Report to schedule: 956 1. If there is a pending response to a previous General Query scheduled 957 sooner than the selected delay, no additional response needs to be 958 scheduled. 960 2. If the received Query is a General Query, the interface timer is used 961 to schedule a response to the General Query after the selected delay. 962 Any previously pending response to a General Query is canceled. 964 3. If the received Query is a Group-Specific Query or a Group-and- 965 Source-Specific Query and there is no pending response to a previous 966 Query for this group, then the group timer is used to schedule a 967 report. If the received Query is a Group-and-Source-Specific Query, 968 the list of queried sources is recorded to be used when generating a 969 response. 971 4. If there already is a pending response to a previous Query scheduled 972 for this group, and either the new Query is a Group-Specific Query or 973 the recorded source-list associated with the group is empty, then the 974 group source-list is cleared and a single response is scheduled using 975 the group timer. The new response is scheduled to be sent at the 976 earliest of the remaining time for the pending report and the 977 selected delay. 979 5. If the received Query is a Group-and-Source-Specific Query and there 980 is a pending response for this group with a non-empty source-list, 981 then the group source list is augmented to contain the list of 982 sources in the new Query and a single response is scheduled using the 983 group timer. The new response is scheduled to be sent at the earliest 984 of the remaining time for the pending report and the selected delay. 986 When the timer in a pending response record expires, the system 987 transmits, on the associated interface, one or more Report messages 988 carrying one or more Current-State Records (see section 4.2.12), as 989 follows: 991 1. If the expired timer is the interface timer (i.e., it is a pending 992 response to a General Query), then one Current-State Record is sent 993 for each multicast address for which the specified interface has 994 reception state, as described in section 3.2. The Current-State 995 Record carries the multicast address and its associated filter mode 996 (MODE_IS_INCLUDE or MODE_IS_EXCLUDE) and source list. Multiple 997 Current-State Records are packed into individual Report messages, to 998 the extent possible. 1000 2. If the expired timer is a group timer and the list of recorded 1001 sources for the that group is empty (i.e., it is a pending response 1002 to a Group-Specific Query), then if and only if the interface has 1003 reception state for that group address, a single Current-State Record 1004 is sent for that address. The Current-State Record carries the 1005 multicast address and its associated filter mode (MODE_IS_INCLUDE or 1006 MODE_IS_EXCLUDE) and source list. 1008 3. If the expired timer is a group timer and the list of recorded 1009 sources for that group is non-empty (i.e., it is a pending response 1010 to a Group-and-Source-Specific Query), then if and only if the 1011 interface has reception state for that group address, the contents of 1012 the responding Current-State Record is determined from the interface 1013 state and the pending response record, as specified in the following 1014 table: 1016 set of sources in the 1017 interface state pending response record Current-State Record 1018 --------------- ----------------------- -------------------- 1020 INCLUDE (A) B IS_IN (A*B) 1022 EXCLUDE (A) B IS_IN (B-A) 1024 If the resulting Current-State Record has an empty set of source 1025 addresses, then no response is sent. 1027 Finally, after any required Report messages have been generated, the 1028 source lists associated with any reported groups are cleared. 1030 6. DESCRIPTION OF THE PROTOCOL FOR MULTICAST ROUTERS 1032 The purpose of IGMP is to enable each multicast router to learn, for 1033 each of its directly attached networks, which multicast addresses are of 1034 interest to the systems attached to those networks. IGMP version 3 adds 1035 the capability for a multicast router to also learn which *sources* are 1036 of interest to neighboring systems, for packets sent to any particular 1037 multicast address. The information gathered by IGMP is provided to 1038 whichever multicast routing protocol is being used by the router, in 1039 order to ensure that multicast packets are delivered to all networks 1040 where there are interested receivers. 1042 This section describes the part of IGMPv3 that is performed by multicast 1043 routers. Multicast routers may also themselves become members of 1044 multicast groups, and therefore also perform the group member part of 1045 IGMPv3, described in section 5. 1047 A multicast router performs the protocol described in this section over 1048 each of its directly-attached networks. If a multicast router has more 1049 than one interface to the same network, it only needs to operate this 1050 protocol over one of those interfaces. On each interface over which 1051 this protocol is being run, the router MUST enable reception of 1052 multicast address 224.0.0.22, from all sources (and MUST perform the 1053 group member part of IGMPv3 for that address on that interface). 1055 Multicast routers need to know only that *at least one* system on an 1056 attached network is interested in packets to a particular multicast 1057 address from a particular source; a multicast router is not required to 1058 keep track of the interests of each individual neighboring system. 1060 IGMPv3 is backward compatible with previous versions of the IGMP 1061 protocol. In order to remain backward compatible with older IGMP 1062 systems, IGMPv3 multicast routers MUST also implement versions 1 and 2 1063 of the protocol (see section 7). 1065 6.1. Conditions for IGMP Queries 1067 Multicast routers send General Queries periodically to request group 1068 membership information from an attached network. These queries are used 1069 to build and refresh the group membership state of systems on attached 1070 networks. Systems respond to these queries by reporting their group 1071 membership state (and their desired set of sources) with Current-State 1072 Group Records in IGMPv3 Membership Reports. 1074 As a member of a multicast group, a system may express interest in 1075 receiving or not receiving traffic from particular sources. As the 1076 desired reception state of a system changes, it reports these changes 1077 using Filter-Mode-Change Records or Source-List-Change Records. These 1078 records indicate an explicit state change in a group at a system in 1079 either the group record's source list or its filter-mode. When a group 1080 membership is terminated at a system or traffic from a particular source 1081 is no longer desired, a multicast router must query for other members of 1082 the group or listeners of the source before deleting the group (or 1083 source) and pruning its traffic. 1085 To enable all systems on a network to respond to changes in group 1086 membership, multicast routers send specific queries. A Group- Specific 1087 Query is sent to verify there are no systems that desire reception of 1088 the specified group or to "rebuild" the desired reception state for a 1089 particular group. Group-Specific Queries are sent when a router 1090 receives a State-Change record indicating a system is leaving a group. 1092 A Group-and-Source Specific Query is used to verify there are no systems 1093 on a network which desire to receive traffic from a set of sources. 1094 Group-and-Source Specific Queries list sources for a particular group 1095 which have been requested to no longer be forwarded. This query is sent 1096 by a multicast router to learn if any systems desire reception of 1097 packets to the specified group address from the specified source 1098 addresses. Group-and-Source Specific Queries are only sent in response 1099 to State-Change Records and never in response to Current-State Records. 1100 Section 4.1.11 describes each query in more detail. 1102 6.2. IGMP State Maintained by Multicast Routers 1104 Multicast routers implementing IGMPv3 keep state per group per attached 1105 network. This group state consists of a filter-mode, a list of sources, 1106 and various timers. For each attached network running IGMP, a multicast 1107 router records the desired reception state for that network. 1108 That state conceptually consists of a set of records of the form: 1110 (multicast address, group timer, filter-mode, (source records)) 1112 Each source record is of the form: 1114 (source address, source timer) 1116 If all sources within a given group are desired, an empty source record 1117 list is kept with filter-mode set to EXCLUDE. This means hosts on this 1118 network want all sources for this group to be forwarded. This is the 1119 IGMPv3 equivalent to a IGMPv1 or IGMPv2 group join. 1121 6.2.1. Definition of Router Filter-Mode 1123 To reduce internal state, IGMPv3 routers keep a filter-mode per group 1124 per attached network. This filter-mode is used to condense the total 1125 desired reception state of a group to a minimum set such that all 1126 systems' memberships are satisfied. This filter-mode may change in 1127 response to the reception of particular types of group records or when 1128 certain timer conditions occur. In the following sections, we use the 1129 term "router filter-mode" to refer to the filter-mode of a particular 1130 group within a router. Section 6.4 describes the changes of a router 1131 filter-mode per group record received. 1133 Conceptually, when a group record is received, the router filter-mode 1134 for that group is updated to cover all the requested sources using the 1135 least amount of state. As a rule, once a group record with a filter- 1136 mode of EXCLUDE is received, the router filter-mode for that group will 1137 be EXCLUDE. 1139 When a router filter-mode for a group is EXCLUDE, the source record list 1140 contains two types of sources. The first type is the set which 1141 represents conflicts in the desired reception state; this set must be 1142 forwarded by some router on the network. The second type is the set of 1143 sources which hosts have requested to not be forwarded. Appendix A 1144 describes the reasons for keeping this second set when in EXCLUDE mode. 1146 When a router filter-mode for a group is INCLUDE, the source record list 1147 is the list of sources desired for the group. This is the total desired 1148 set of sources for that group. Each source in the source record list 1149 must be forwarded by some router on the network. 1151 Because a reported group record with a filter-mode of EXCLUDE will cause 1152 a router to transition its filter-mode for that group to EXCLUDE, a 1153 mechanism for transitioning a router's filter-mode back to INCLUDE must 1154 exist. If all systems with a group record in EXCLUDE filter-mode cease 1155 reporting, it is desirable for the router filter-mode for that group to 1156 transition back to INCLUDE mode. This transition occurs when the group 1157 timer expires and is explained in detail in section 6.5. 1159 6.2.2. Definition of Group Timers 1161 The group timer is only used when a group is in EXCLUDE mode and it 1162 represents the time for the *filter-mode* of the group to expire and 1163 switch to INCLUDE mode. We define a group timer as a decrementing timer 1164 with a lower bound of zero kept per group per attached network. Group 1165 timers are updated according to the types of group records received. 1167 A group timer expiring when a router filter-mode for the group is 1168 EXCLUDE means there are no listeners on the attached network in EXCLUDE 1169 mode. At this point, a router will transition to INCLUDE filter-mode. 1170 Section 6.5 describes the actions taken when a group timer expires while 1171 in EXCLUDE mode. 1173 The following table summarizes the role of the group timer. Section 6.4 1174 describes the details of setting the group timer per type of group 1175 record received. 1177 Group 1178 Filter-Mode Group Timer Value Actions/Comments 1179 ----------- ----------------- ---------------- 1181 INCLUDE Timer >= 0 All members in INCLUDE 1182 mode. 1184 EXCLUDE Timer > 0 At least one member in 1185 EXCLUDE mode. 1187 EXCLUDE Timer == 0 No more listeners to 1188 group. If all source 1189 timers have expired then 1190 delete Group Record. 1191 If there are still 1192 source record timers 1193 running, switch to 1194 INCLUDE filter-mode 1195 using those source records 1196 with running timers as the 1197 INCLUDE source record 1198 state. 1200 6.2.3. Definition of Source Timers 1202 A source timer is kept per source record and is a decrementing timer 1203 with a lower bound of zero. Source timers are updated according to the 1204 type and filter-mode of the group record received. Source timers are 1205 always updated (for a particular group) whenever the source is present 1206 in a received record for that group. Section 6.4 describes the setting 1207 of source timers per type of group records received. 1209 A source record with a running timer with a router filter-mode for the 1210 group of INCLUDE means that there is currently one or more systems (in 1211 INCLUDE filter-mode) which desire to receive that source. If a source 1212 timer expires with a router filter-mode for the group of INCLUDE, the 1213 router concludes that traffic from this particular source is no longer 1214 desired on the attached network, and deletes the associated source 1215 record. 1217 Source timers are treated differently when a router filter-mode for a 1218 group is EXCLUDE. If a source record has a running timer with a router 1219 filter-mode for the group of EXCLUDE, it means that at least one system 1220 desires the source. It should therefore be forwarded by a router on the 1221 network. Appendix A describes the reasons for keeping state for sources 1222 that have been requested to be forwarded while in EXCLUDE state. 1224 If a source timer expires with a router filter-mode for the group of 1225 EXCLUDE, the router informs the routing protocol that there is no longer 1226 a receiver on the network interested in traffic from this source. 1228 When a router filter-mode for a group is EXCLUDE, source records are 1229 only deleted when the group timer expires. Section 6.3 describes the 1230 actions that should be taken dependent upon the value of a source timer. 1232 6.3. IGMPv3 Source-Specific Forwarding Rules 1234 When a multicast router receives a datagram from a source destined to a 1235 particular group, a decision has to be made whether to forward the 1236 datagram onto an attached network or not. The multicast routing 1237 protocol in use is in charge of this decision, and should use the IGMPv3 1238 information to ensure that all sources/groups desired on a subnetwork 1239 are forwarded to that subnetwork. IGMPv3 information does not override 1240 multicast routing information; for example, if the IGMPv3 filter-mode 1241 group for G is EXCLUDE, a router may still forward packets for excluded 1242 sources to a transit subnet. 1244 To summarize, the following table describes the forwarding suggestions 1245 made by IGMP to the routing protocol for traffic originating from a 1246 source destined to a group. It also summarizes the actions taken upon 1247 the expiration of a source timer based on the router filter-mode of the 1248 group. 1250 Group 1251 Filter-Mode Source Timer Value Action 1252 ----------- ------------------ ------ 1254 INCLUDE TIMER > 0 Suggest to forward traffic 1255 from source 1257 INCLUDE TIMER == 0 Suggest to stop forwarding 1258 traffic from source and remove 1259 source record. If there are no 1260 more source records for the 1261 group, delete group record. 1263 INCLUDE No Source Elements Suggest to not forward source 1265 EXCLUDE TIMER > 0 Suggest to forward traffic from 1266 source 1268 EXCLUDE TIMER == 0 Suggest to not forward traffic 1269 from source 1270 (DO NOT remove record) 1272 EXCLUDE No Source Elements Suggest to forward traffic from 1273 source 1275 6.4. Action on Reception of Reports 1277 6.4.1. Reception of Current-State Records 1279 When receiving Current-State Records, a router updates both its group 1280 and source timers. In some circumstances, the reception of a type of 1281 group record will cause the router filter-mode for that group to change. 1282 The table below describes the actions, with respect to state and timers 1283 that occur to a router's state upon reception of Current-State Records. 1285 The following notation is used to describe the updating of source 1286 timers. The notation ( A, B ) will be used to represent the total 1287 number of sources for a particular group, where 1288 A = set of source records whose source timers > 0 1289 (Sources that at least one host has requested to be forwarded) 1290 B = set of source records whose source timers = 0 1291 (Sources that IGMP will suggest to the routing protocol not to 1292 forward) 1294 Note that there will only be two sets when a router's filter-mode for a 1295 group is EXCLUDE. When a router's filter-mode for a group is INCLUDE, a 1296 single set is used to describe the set of sources requested to be 1297 forwarded (e.g. simply (A)). 1299 In the following tables, abbreviations are used for several variables 1300 (all of which are described in detail in section 8). The variable GMI 1301 is an abbreviation for the Group Membership Interval, which is the time 1302 in which group memberships will time out. The variable LMQT is an 1303 abbreviation for the Last Member Query Time, which is the total time 1304 spent after Last Member Query Count retransmissions. LMQT represents 1305 the "leave latency", or the difference between the tranmsission of a 1306 membership change and the change in the information given to the routing 1307 protocol. 1309 Within the "Actions" section of the router state tables, we use the 1310 notation 'A=J', which means that the set A of source records should have 1311 their source timers set to value J. 'Delete A' means that the set A of 1312 source records should be deleted. 'Group Timer=J' means that the Group 1313 Timer for the group should be set to value J. 1315 Router State Report Rec'd New Router State Actions 1316 ------------ ------------ ---------------- ------- 1318 INCLUDE (A) IS_IN (B) INCLUDE (A+B) (B)=GMI 1320 INCLUDE (A) IS_EX (B) EXCLUDE (A*B,B-A) (B-A)=0 1321 Delete (A-B) 1322 Group Timer=GMI 1324 EXCLUDE (X,Y) IS_IN (A) EXCLUDE (X+A,Y-A) (A)=GMI 1326 EXCLUDE (X,Y) IS_EX (A) EXCLUDE (A-Y,Y*A) (A-X-Y)=GMI 1327 Delete (X-A) 1328 Delete (Y-A) 1329 Group Timer=GMI 1331 6.4.2. Reception of Filter-Mode-Change and Source-List-Change Records 1333 When a change in the global state of a group occurs in a system, the 1334 system sends either a Source-List-Change Record or a Filter-Mode-Change 1335 Record for that group. As with Current-State Records, routers must act 1336 upon these records and possibly change their own state to reflect the 1337 new desired membership state of the network. 1339 Routers must query sources that are requested to be no longer forwarded 1340 to a group. When a router queries or receives a query for a specific 1341 set of sources, it lowers its source timers for those sources to a small 1342 interval of Last Member Query Time seconds. If group records are 1343 received in response to the queries which express interest in receiving 1344 traffic from the queried sources, the corresponding timers are updated. 1346 Similarly, when a router queries a specific group, it lowers its group 1347 timer for that group to a small interval of Last Member Query Time 1348 seconds. If any group records expressing EXCLUDE mode interest in the 1349 group are received within the interval, the group timer for the group is 1350 updated and the suggestion to the routing protocol to forward the group 1351 stands without any interruption. 1353 During a query period (i.e. Last Member Query Time seconds), the IGMP 1354 component in the router continues to suggest to the routing protocol 1355 that it forwards traffic from the groups or sources that it is querying. 1356 It is not until after Last Member Query Time seconds without receiving a 1357 record expressing interest in the queried group or sources that the 1358 router may prune the group or sources from the network. 1360 The following table describes the changes in group state and the 1361 action(s) taken when receiving either Filter-Mode-Change or Source-List- 1362 Change Records. This table also describes the queries which are sent by 1363 the querier when a particular report is received. 1365 We use the following notation for describing the queries which are sent. 1366 We use the notation 'Q(G)' to describe a Group-Specific Query to G. We 1367 use the notation 'Q(G,A)' to describe a Group-and-Source Specific Query 1368 to G with source-list A. If source-list A is null as a result of the 1369 action (e.g. A*B) then no query is sent as a result of the operation. 1371 In order to maintain protocol robustness, queries sent by actions in the 1372 table below need to be transmitted [Last Member Query Count] times, once 1373 every [Last Member Query Interval]. 1375 If while scheduling new queries, there are already pending queries to be 1376 retransmitted for the same group, the new and pending queries have to be 1377 merged. In addition, received host reports for a group with pending 1378 queries may affect the contents of those queries. Section 6.6.3 1379 describes the process of building and maintaining the state of pending 1380 queries. 1382 Router State Report Rec'd New Router State Actions 1383 ------------ ------------ ---------------- ------- 1385 INCLUDE (A) ALLOW (B) INCLUDE (A+B) (B)=GMI 1387 INCLUDE (A) BLOCK (B) INCLUDE (A) Send Q(G,A*B) 1389 INCLUDE (A) TO_EX (B) EXCLUDE (A*B,B-A) (B-A)=0 1390 Delete (A-B) 1391 Send Q(G,A*B) 1392 Group Timer=GMI 1394 INCLUDE (A) TO_IN (B) INCLUDE (A+B) (B)=GMI 1395 Send Q(G,A-B) 1397 EXCLUDE (X,Y) ALLOW (A) EXCLUDE (X+A,Y-A) (A)=GMI 1399 EXCLUDE (X,Y) BLOCK (A) EXCLUDE (X+(A-Y),Y) (A-X-Y)=Group 1400 Timer 1401 Send Q(G,A-Y) 1403 EXCLUDE (X,Y) TO_EX (A) EXCLUDE (A-Y,Y*A) (A-X-Y)=Group 1404 Timer 1405 Delete (X-A) 1406 Delete (Y-A) 1407 Send Q(G,A-Y) 1408 Group Timer=GMI 1410 EXCLUDE (X,Y) TO_IN (A) EXCLUDE (X+A,Y-A) (A)=GMI 1411 Send Q(G,X-A) 1412 Send Q(G) 1414 6.5. Switching Router Filter-Modes 1416 The group timer is used as a mechanism for transitioning the router 1417 filter-mode from EXCLUDE to INCLUDE. 1419 When a group timer expires with a router filter-mode of EXCLUDE, a 1420 router assumes that there are no systems with a *filter-mode* of EXCLUDE 1421 present on the attached network. When a router's filter-mode for a 1422 group is EXCLUDE and the group timer expires, the router filter-mode for 1423 the group transitions to INCLUDE. 1425 A router uses source records with running source timers as its state for 1426 the switch to a filter-mode of INCLUDE. If there are any source records 1427 with source timers greater than zero (i.e. requested to be forwarded), a 1428 router switches to filter-mode of INCLUDE using those source records. 1429 Source records whose timers are zero (from the previous EXCLUDE mode) 1430 are deleted. 1432 For example, if a router's state for a group is EXCLUDE(X,Y) and the 1433 group timer expires for that group, the router switches to filter-mode 1434 of INCLUDE with state INCLUDE(X). 1436 6.6. Action on Reception of Queries 1438 6.6.1. Timer Updates 1440 When a router sends or receives a query with a clear Suppress Router- 1441 Side Processing flag, it must update its timers to reflect the correct 1442 timeout values for the group or sources being queried. The following 1443 table describes the timer actions when sending or receiving a Group- 1444 Specific or Group-and-Source Specific Query with the Suppress Router- 1445 Side Processing flag not set. 1447 Query Action 1448 ----- ------ 1449 Q(G,A) Source Timer for sources in A are lowered to LMQT 1450 Q(G) Group Timer is lowered to LMQT 1452 When a router sends or receives a query with the Suppress Router-Side 1453 Processing flag set, it will not update its timers. 1455 6.6.2. Querier Election 1457 IGMPv3 elects a single querier per subnet using the same querier 1458 election mechanism as IGMPv2, namely by IP address. When a router 1459 receives a query with a lower IP address, it sets the Other-Querier- 1460 Present timer to Other Querier Present Interval and ceases to send 1461 queries on the network if it was the previously elected querier. After 1462 its Other-Querier Present timer expires, it should begin sending General 1463 Queries. 1465 If a router receives an older version query, it MUST use the oldest 1466 version of IGMP on the network. For a detailed description of 1467 compatibility issues between IGMP versions see section 7. 1469 6.6.3. Building and Sending Specific Queries 1471 6.6.3.1. Building and Sending Group Specific Queries 1473 When a table action "Send Q(G)" is encountered, then the group timer 1474 must be lowered to LMQT. The router must then immediately send a group 1475 specific query as well as schedule [Last Member Query Count - 1] query 1476 retransmissions to be sent every [Last Member Query Interval] over [Last 1477 Member Query Time]. 1479 When transmitting a group specific query, if the group timer is larger 1480 than LMQT, the "Suppress Router-Side Processing" bit is set in the query 1481 message. 1483 6.6.3.2. Building and Sending Group and Source Specific Queries 1485 When a table action "Send Q(G,X)" is encountered by a querier in the 1486 table in section 6.4.2, the following actions must be performed for each 1487 of the sources in X of group G, with source timer larger than LMQT: 1489 o Set number of retransmissions for each source to [Last Member Query 1490 Count]. 1492 o Lower source timer to LMQT. 1494 The router must then immediately send a group and source specific query 1495 as well as schedule [Last Member Query Count - 1] query retransmissions 1496 to be sent every [Last Member Query Interval] over [Last Member Query 1497 Time]. The contents of these queries are calculated as follows. 1499 When building a group and source specific query for a group G, two 1500 separate query messages are sent for the group. The first one has the 1501 "Suppress Router-Side Processing" bit set and contains all the sources 1502 with retransmission state and timers greater than LMQT. The second has 1503 the "Suppress Router-Side Processing" bit clear and contains all the 1504 sources with retransmission state and timers lower or equal to LMQT. If 1505 either of the two calculated messages does not contain any sources, then 1506 its transmission is suppressed. 1508 Note: If a group specific query is scheduled to be transmitted at the 1509 same time as a group and source specific query for the same group, then 1510 transmission of the group and source specific message with the "Suppress 1511 Router-Side Processing" bit set may be suppressed. 1513 7. INTEROPERATION WITH OLDER VERSIONS OF IGMP 1515 IGMP version 3 hosts and routers interoperate with hosts and routers 1516 that have not yet been upgraded to IGMPv3. This compatibility is 1517 maintained by hosts and routers taking appropriate actions depending on 1518 the versions of IGMP operating on hosts and routers within a network. 1520 7.1. Query Version Distinctions 1522 The IGMP version of a Membership Query message is determined as follows: 1524 IGMPv1 Query: length = 8 octets AND Max Resp Code field is zero 1526 IGMPv2 Query: length = 8 octets AND Max Resp Code field is 1527 non-zero 1529 IGMPv3 Query: length >= 12 octets 1531 Query messages that do not match any of the above conditions (e.g., a 1532 Query of length 10 octets) MUST be silently ignored. 1534 7.2. Group Member Behavior 1536 7.2.1. In the Presence of Older Version Queriers 1538 In order to be compatible with older version routers, IGMPv3 hosts MUST 1539 operate in version 1 and version 2 compatibility modes. IGMPv3 hosts 1540 MUST keep state per local interface regarding the compatibility mode of 1541 each attached network. A host's compatibility mode is determined from 1542 the Host Compatibility Mode variable which can be in one of three 1543 states: IGMPv1, IGMPv2 or IGMPv3. This variable is kept per interface 1544 and is dependent on the version of General Queries heard on that 1545 interface as well as the Older Version Querier Present timers for the 1546 interface. 1548 In order to switch gracefully between versions of IGMP, hosts keep both 1549 an IGMPv1 Querier Present timer and an IGMPv2 Querier Present timer per 1550 interface. IGMPv1 Querier Present is set to Older Version Querier 1551 Present Timeout seconds whenever an IGMPv1 Membership Query is received. 1552 IGMPv2 Querier Present is set to Older Version Querier Present Timeout 1553 seconds whenever an IGMPv2 Membership Query is received. 1555 The Host Compatibility Mode of an interface changes whenever an older 1556 version query (than the current compatibility mode) is heard or when 1557 certain timer conditions occur. When the IGMPv1 Querier Present timer 1558 expires, a host switches to Host Compatibility mode of IGMPv2 if it has 1559 a running IGMPv2 Querier Present timer. If it does not have a running 1560 IGMPv2 Querier Present timer then it switches to Host Compatibility of 1561 IGMPv3. When the IGMPv2 Querier Present timer expires, a host switches 1562 to Host Compatibility mode of IGMPv3. 1564 The Host Compatibility Mode variable is based on whether an older 1565 version query was heard in the last Older Version Querier Present 1566 Timeout seconds. The Host Compatibility Mode is set depending on the 1567 following: 1569 Host Compatibility Mode Timer State 1570 ----------------------- ----------- 1572 IGMPv3 (default) IGMPv2 Querier Present not running 1573 and IGMPv1 Querier Present not running 1575 IGMPv2 IGMPv2 Querier Present running 1576 and IGMPv1 Querier Present not running 1578 IGMPv1 IGMPv1 Querier Present running 1580 If a host receives a query which causes its Querier Present timers to be 1581 updated and correspondingly its compatibility mode, it should switch 1582 compatibility modes immediately. 1584 When Host Compatibility Mode is IGMPv3, a host acts using the IGMPv3 1585 protocol on that interface. When Host Compatibility Mode is IGMPv2, a 1586 host acts in IGMPv2 compatibility mode, using only the IGMPv2 protocol, 1587 on that interface. When Host Compatibility Mode is IGMPv1, a host acts 1588 in IGMPv1 compatibility mode, using only the IGMPv1 protocol on that 1589 interface. 1591 An IGMPv1 router will send General Queries with the Max Resp Code set to 1592 0. This MUST be interpreted as a value of 100 (10 seconds). 1594 An IGMPv2 router will send General Queries with the Max Resp Code set to 1595 the desired Max Resp Time, i.e. the full range of this field is linear 1596 and the exponential algorithm described in section 4.1.1 is not used. 1598 Whenever a host changes its compatibility mode, it cancels all its 1599 pending response and retransmission timers. 1601 7.2.2. In the Presence of Older Version Group Members 1603 An IGMPv3 host may be placed on a network where there are hosts that 1604 have not yet been upgraded to IGMPv3. A host MAY allow its IGMPv3 1605 Membership Record to be suppressed by either a Version 1 Membership 1606 Report, or a Version 2 Membership Report. 1608 7.3. Multicast Router Behavior 1610 7.3.1. In the Presence of Older Version Queriers 1612 IGMPv3 routers may be placed on a network where at least one router on 1613 the network has not yet been upgraded to IGMPv3. The following 1614 requirements apply: 1616 o If any older versions of IGMP are present on routers, the querier MUST 1617 use the lowest version of IGMP present on the network. 1618 This must be administratively assured; routers that desire to be 1619 compatible with IGMPv1 and IGMPv2 MUST have a configuration option to 1620 act in IGMPv1 or IGMPv2 compatibility modes. When in IGMPv1 mode, 1621 routers MUST send Periodic Queries with a Max Resp Code of 0 and 1622 truncated at the Group Address field (i.e. 8 bytes long), and MUST 1623 ignore Leave Group messages. They SHOULD also warn about receiving an 1624 IGMPv2 or IGMPv3 query, although such warnings MUST be rate-limited. 1625 When in IGMPv2 mode, routers MUST send Periodic Queries truncated at 1626 the Group Address field (i.e. 8 bytes long), and SHOULD also warn 1627 about receiving an IGMPv3 query (such warnings MUST be rate-limited). 1628 They also MUST fill in the Max Resp Time in the Max Resp Code field, 1629 i.e. the exponential algorithm described in section 4.1.1 is not used. 1631 o If a router is not explicitly configured to use IGMPv1 or IGMPv2 and 1632 hears an IGMPv1 Query or IGMPv2 Query, it SHOULD log a warning. These 1633 warnings MUST be rate-limited. 1635 7.3.2. In the Presence of Older Version Group Members 1637 IGMPv3 routers may be placed on a network where there are hosts that 1638 have not yet been upgraded to IGMPv3. In order to be compatible with 1639 older version hosts, IGMPv3 routers MUST operate in version 1 and 1640 version 2 compatibility modes. IGMPv3 routers keep a compatibility mode 1641 per group record. A group's compatibility mode is determined from the 1642 Group Compatibility Mode variable which can be in one of three states: 1643 IGMPv1, IGMPv2 or IGMPv3. This variable is kept per group record and 1644 is dependent on the version of Membership Reports heard for that group 1645 as well as the Older Version Host Present timer for the group. 1647 In order to switch gracefully between versions of IGMP, routers keep an 1648 IGMPv1 Host Present timer and an IGMPv2 Host Present timer per group 1649 record. The IGMPv1 Host Present timer is set to Older Version Host 1650 Present Timeout seconds whenever an IGMPv1 Membership Report is 1651 received. The IGMPv2 Host Present timer is set to Older Version Host 1652 Present Timeout seconds whenever an IGMPv2 Membership Report is 1653 received. 1655 The Group Compatibility Mode of a group record changes whenever an older 1656 version report (than the current compatibility mode) is heard or when 1657 certain timer conditions occur. When the IGMPv1 Host Present timer 1658 expires, a router switches to Group Compatibility mode of IGMPv2 if it 1659 has a running IGMPv2 Host Present timer. If it does not have a running 1660 IGMPv2 Host Present timer then it switches to Group Compatibility of 1661 IGMPv3. When the IGMPv2 Host Present timer expires and the IGMPv1 Host 1662 Present timer is not running, a router switches to Group Compatibility 1663 mode of IGMPv3. Note that when a group switches back to IGMPv3 mode, it 1664 takes some time to regain source-specific state information. Source- 1665 specific information will be learned during the next General Query, but 1666 sources that should be blocked will not be blocked until [Group 1667 Membership Interval] after that. 1669 The Group Compatibility Mode variable is based on whether an older 1670 version report was heard in the last Older Version Host Present Timeout 1671 seconds. The Group Compatibility Mode is set depending on the 1672 following: 1674 Group Compatibility Mode Timer State 1675 ------------------------ ----------- 1677 IGMPv3 (default) IGMPv2 Host Present not running 1678 and IGMPv1 Host Present not running 1680 IGMPv2 IGMPv2 Host Present running 1681 and IGMPv1 Host Present not running 1683 IGMPv1 IGMPv1 Host Present running 1685 If a router receives a report which causes its older Host Present timers 1686 to be updated and correspondingly its compatibility mode, it SHOULD 1687 switch compatibility modes immediately. 1689 When Group Compatibility Mode is IGMPv3, a router acts using the IGMPv3 1690 protocol for that group. 1692 When Group Compatibility Mode is IGMPv2, a router internally translates 1693 the following IGMPv2 messages for that group to their IGMPv3 1694 equivalents: 1696 IGMPv2 Message IGMPv3 Equivalent 1697 -------------- ----------------- 1699 Report IS_EX( {} ) 1701 Leave TO_IN( {} ) 1703 IGMPv3 BLOCK messages are ignored, as are source-lists in TO_EX() 1704 messages (i.e. any TO_EX() message is treated as TO_EX( {} )). 1706 When Group Compatability Mode is IGMPv1, a router internally translates 1707 the following IGMPv1 and IGMPv2 messages for that group to their IGMPv3 1708 equivalents: 1710 IGMP Message IGMPv3 Equivalent 1711 ------------ ----------------- 1713 v1 Report IS_EX( {} ) 1715 v2 Report IS_EX( {} ) 1717 In addition to ignoring IGMPv3 BLOCK messages and source-lists in 1718 TO_EX() messages as in IGMPv2 Group Compatability Mode, IGMPv2 Leave 1719 messages and IGMPv3 TO_IN() messages are also ignored. 1721 8. LIST OF TIMERS, COUNTERS, AND THEIR DEFAULT VALUES 1723 Most of these timers are configurable. If non-default settings are 1724 used, they MUST be consistent among all systems on a single link. Note 1725 that parentheses are used to group expressions to make the algebra 1726 clear. 1728 8.1. Robustness Variable 1730 The Robustness Variable allows tuning for the expected packet loss on a 1731 network. If a network is expected to be lossy, the Robustness Variable 1732 may be increased. IGMP is robust to (Robustness Variable - 1) packet 1733 losses. The Robustness Variable MUST NOT be zero, and SHOULD NOT be 1734 one. Default: 2 1735 8.2. Query Interval 1737 The Query Interval is the interval between General Queries sent by the 1738 Querier. Default: 125 seconds. 1740 By varying the [Query Interval], an administrator may tune the number of 1741 IGMP messages on the network; larger values cause IGMP Queries to be 1742 sent less often. 1744 8.3. Query Response Interval 1746 The Max Response Time used to calculate the Max Resp Code inserted into 1747 the periodic General Queries. Default: 100 (10 seconds) 1749 By varying the [Query Response Interval], an administrator may tune the 1750 burstiness of IGMP messages on the network; larger values make the 1751 traffic less bursty, as host responses are spread out over a larger 1752 interval. The number of seconds represented by the [Query Response 1753 Interval] must be less than the [Query Interval]. 1755 8.4. Group Membership Interval 1757 The Group Membership Interval is the amount of time that must pass 1758 before a multicast router decides there are no more members of a group 1759 or a particular source on a network. 1761 This value MUST be ((the Robustness Variable) times (the Query 1762 Interval)) plus (one Query Response Interval). 1764 8.5. Other Querier Present Interval 1766 The Other Querier Present Interval is the length of time that must pass 1767 before a multicast router decides that there is no longer another 1768 multicast router which should be the querier. This value MUST be ((the 1769 Robustness Variable) times (the Query Interval)) plus (one half of one 1770 Query Response Interval). 1772 8.6. Startup Query Interval 1774 The Startup Query Interval is the interval between General Queries sent 1775 by a Querier on startup. Default: 1/4 the Query Interval. 1777 8.7. Startup Query Count 1779 The Startup Query Count is the number of Queries sent out on startup, 1780 separated by the Startup Query Interval. Default: the Robustness 1781 Variable. 1783 8.8. Last Member Query Interval 1785 The Last Member Query Interval is the Max Response Time used to 1786 calculate the Max Resp Code inserted into Group-Specific Queries sent in 1787 response to Leave Group messages. It is also the Max Response Time used 1788 in calculating the Max Resp Code for Group-and-Source-Specific Query 1789 messages. Default: 10 (1 second) 1791 Note that for values of LMQI greater than 12.8 seconds, a limited set of 1792 values can be represented, corresponding to sequential values of Max 1793 Resp Code. When converting a configured time to a Max Resp Code value, 1794 it is recommended to use the exact value if possible, or the next lower 1795 value if the requested value is not exactly representable. 1797 This value may be tuned to modify the "leave latency" of the network. A 1798 reduced value results in reduced time to detect the loss of the last 1799 member of a group or source. 1801 8.9. Last Member Query Count 1803 The Last Member Query Count is the number of Group-Specific Queries sent 1804 before the router assumes there are no local members. The Last Member 1805 Query Count is also the number of Group-and-Source-Specific Queries sent 1806 before the router assumes there are no listeners for a particular 1807 source. Default: the Robustness Variable. 1809 8.10. Last Member Query Time 1811 The Last Member Query Time is the time value represented by the Last 1812 Member Query Interval, multiplied by the Last Member Query Count. It is 1813 not a tunable value, but may be tuned by changing its components. 1815 8.11. Unsolicited Report Interval 1817 The Unsolicited Report Interval is the time between repetitions of a 1818 host's initial report of membership in a group. Default: 1 second. 1820 8.12. Older Version Querier Present Timeout 1822 The Older Version Querier Interval is the time-out for transitioning a 1823 host back to IGMPv3 mode once an older version query is heard. When an 1824 older version query is received, hosts set their Older Version Querier 1825 Present Timer to Older Version Querier Interval. 1827 This value MUST be ((the Robustness Variable) times (the Query Interval 1828 in the last Query received)) plus (one Query Response Interval). 1830 8.13. Older Host Present Interval 1832 The Older Host Present Interval is the time-out for transitioning a 1833 group back to IGMPv3 mode once an older version report is sent for that 1834 group. When an older version report is received, routers set their 1835 Older Host Present Timer to Older Host Present Interval. 1837 This value MUST be ((the Robustness Variable) times (the Query 1838 Interval)) plus (one Query Response Interval). 1840 8.14. Configuring timers 1842 This section is meant to provide advice to network administrators on how 1843 to tune these settings to their network. Ambitious router 1844 implementations might tune these settings dynamically based upon 1845 changing characteristics of the network. 1847 8.14.1. Robustness Variable 1849 The Robustness Variable tunes IGMP to expected losses on a link. IGMPv3 1850 is robust to (Robustness Variable - 1) packet losses, e.g. if the 1851 Robustness Variable is set to the default value of 2, IGMPv3 is robust 1852 to a single packet loss but may operate imperfectly if more losses 1853 occur. On lossy subnetworks, the Robustness Variable should be 1854 increased to allow for the expected level of packet loss. However, 1855 increasing the Robustness Variable increases the leave latency of the 1856 subnetwork (the time between when the last member stops listening to a 1857 source or group and when the traffic stops flowing.) 1859 8.14.2. Query Interval 1861 The overall level of periodic IGMP traffic is inversely proportional to 1862 the Query Interval. A longer Query Interval results in a lower overall 1863 level of IGMP traffic. The Query Interval MUST be equal to or longer 1864 than the Max Response Time inserted in General Query messages. 1866 8.14.3. Max Response Time 1868 The burstiness of IGMP traffic is inversely proportional to the Max 1869 Response Time. A longer Max Response Time will spread Report messages 1870 over a longer interval. However, a longer Max Response Time in Group- 1871 Specific and Source-and-Group-Specific Queries extends the leave latency 1872 (the time between when the last member stops listening to a source or 1873 group and when the traffic stops flowing.) The expected rate of Report 1874 messages can be calculated by dividing the expected number of 1875 Reporters by the Max Response Time. The Max Response Time may be 1876 dynamically calculated per Query by using the expected number of 1877 Reporters for that Query as follows: 1879 Query Type Expected number of Reporters 1880 ---------- ---------------------------- 1882 General Query All systems on subnetwork 1884 Group-Specific Query All systems that had expressed interest 1885 in the group on the subnetwork 1887 Source-and-Group- All systems on the subnetwork that had 1888 Specific Query expressed interest in the source and group 1890 A router is not required to calculate these populations or tune the Max 1891 Response Time dynamically; these are simply guidelines. 1893 9. SECURITY CONSIDERATIONS 1895 IPSEC in Authentication Header mode [AH] may be used to protect against 1896 remote attacks by ensuring that IGMPv3 messages came from a system on 1897 the LAN (or, more specifically, a system with the proper key). When 1898 using IPSEC, the messages sent to 224.0.0.1 and 224.0.0.22 should be 1899 authenticated using AH. When keying, there are two possibilities: 1901 1. Use a symmetric signature algorithm with a single key for the LAN (or 1902 a key for each group). This allows validation that a packet was sent 1903 by a system with the key. This has the limitation that any system 1904 with the key can forge a message; it is not possible to authenticate 1905 the individual sender precisely. 1907 2. When appropriate key management standards have been developed, use an 1908 asymmetric signature algorithm. All systems need to know the public 1909 key of all routers, and all routers need to know the public key of 1910 all systems. This requires a large amount of key management but has 1911 the advantage that senders can be authenticated individually so e.g. 1913 a host cannot forge a message that only routers should be allowed to 1914 send. 1916 This solution only directly applies to Query and Leave messages in 1917 IGMPv1 and IGMPv2, since Reports are sent to the group being reported 1918 and it is not feasible to agree on a key for host-to-router 1919 communication for arbitrary multicast groups. 1921 We consider the ramifications of a forged message of each type. 1923 9.1. Query Message 1925 A forged Query message from a machine with a lower IP address than the 1926 current Querier will cause Querier duties to be assigned to the forger. 1927 If the forger then sends no more Query messages, other routers' Other 1928 Querier Present timer will time out and one will resume the role of 1929 Querier. During this time, if the forger ignores Leave Messages, 1930 traffic might flow to groups with no members for up to [Group Membership 1931 Interval]. 1933 A DoS attack on a host could be staged through forged Group-and-Source- 1934 Specific Queries. The attacker can find out about membership of a 1935 specific host with a general query. After that it could send a large 1936 number of Group-and-Source-Specific queries, each with a large source 1937 list and the Maximum Response Time set to a large value. The host will 1938 have to store and maintain the sources specified in all of those queries 1939 for as long as it takes to send the delayed response. This would 1940 consume both memory and CPU cycles in order to augment the recorded 1941 sources with the source lists included in the successive queries. 1943 To protect against such a DoS attack, a host stack implementation could 1944 restrict the number of Group-and-Source-Specific Queries per group 1945 membership within this interval, and/or record only a limited number of 1946 sources. 1948 Forged Query messages from the local network can be easily traced. 1949 There are two measures necessary to defend against externally forged 1950 Queries: 1952 o Routers SHOULD NOT forward Queries. This is easier for a router to 1953 accomplish if the Query carries the Router-Alert option. 1955 o Hosts SHOULD Ignore v3 Queries without the Router-Alert option. 1957 9.2. Current-State Report messages 1959 A forged Report message may cause multicast routers to think there are 1960 members of a group on a network when there are not. Forged Report 1961 messages from the local network are meaningless, since joining a group 1962 on a host is generally an unprivileged operation, so a local user may 1963 trivially gain the same result without forging any messages. Forged 1964 Report messages from external sources are more troublesome; there are 1965 two defenses against externally forged Reports: 1967 o Ignore the Report if you cannot identify the source address of the 1968 packet as belonging to a network assigned to the interface on which 1969 the packet was received. This solution means that Reports sent by 1970 mobile hosts without addresses on the local network will be ignored. 1972 o Ignore Report messages without Router Alert options [RFC-2113], and 1973 require that routers not forward Report messages. (The requirement is 1974 not a requirement of generalized filtering in the forwarding path, 1975 since the packets already have Router Alert options in them). This 1976 solution breaks backwards compatibility with implementations of IGMPv1 1977 or earlier versions of IGMPv2 which did not require Router Alert. 1979 A forged Version 1 Report Message may put a router into "version 1 1980 members present" state for a particular group, meaning that the router 1981 will ignore Leave messages. This can cause traffic to flow to groups 1982 with no members for up to [Group Membership Interval]. This can be 1983 solved by providing routers with a configuration switch to ignore 1984 Version 1 messages completely. This breaks automatic compatibility with 1985 Version 1 hosts, so should only be used in situations where "fast leave" 1986 is critical. 1988 A forged Version 2 Report Message may put a router into "version 2 1989 members present" state for a particular group, meaning that the router 1990 will ignore IGMPv3 source-specific state messages. This can cause 1991 traffic to flow from unwanted sources for up to [Group Membership 1992 Interval]. This can be solved by providing routers with a configuration 1993 switch to ignore Version 2 messages completely. This breaks automatic 1994 compatibility with Version 2 hosts, so should only be used in situations 1995 where source include and exclude is critical. 1997 9.3. State-Change Report messages 1999 A forged State-Change Report message will cause the Querier to send out 2000 Group-Specific or Source-and-Group-Specific Queries for the group in 2001 question. This causes extra processing on each router and on each 2002 member of the group, but can not cause loss of desired traffic. There 2003 are two defenses against externally forged State-Change Report messages: 2005 o Ignore the State-Change Report message if you cannot identify the 2006 source address of the packet as belonging to a subnet assigned to the 2007 interface on which the packet was received. This solution means that 2008 State-Change Report messages sent by mobile hosts without addresses on 2009 the local subnet will be ignored. 2011 o Ignore State-Change Report messages without Router Alert options 2012 [RFC-2113], and require that routers not forward State-Change Report 2013 messages. (The requirement is not a requirement of generalized 2014 filtering in the forwarding path, since the packets already have 2015 Router Alert options in them). 2017 10. ACKNOWLEDGMENTS 2019 We would like to thank Ran Atkinson, Luis Costa, Dino Farinacci, Serge 2020 Fdida, Wilbert de Graaf, Sumit Gupta, Mark Handley, Bob Quinn, Michael 2021 Speer, Dave Thaler and Rolland Vida for comments and suggestions on this 2022 document. 2024 Portions of the text of this document were copied from [RFC-1112] and 2025 [RFC-2236]. 2027 11. REFERENCES 2028 [RFC-1112] Deering, S., "Host Extensions for IP Multicasting", RFC 1112, 2029 August 1989. 2031 [RFC-2113] Katz, D., "IP Router Alert Option," RFC 2113, April 1996. 2033 [RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate 2034 Requirement Levels", RFC 2119, BCP14, March 1997. 2036 [RFC-2236] Fenner, W., "Internet Group Management Protocol, Version 2", 2037 RFC 2236, November 1997. 2039 [FILTER-API] Thaler, D., B. Fenner, and B. Quinn, "Socket Interface 2040 Extensions for Multicast Source Filters", Work in progress, 2041 draft-ietf-idmr-msf-api-00.txt, February 2000. 2043 [AH] Kent, S. and R. Atkinson, "IP Authentication Header", 2044 RFC 2402, November 1998. 2046 APPENDIX A. DESIGN RATIONALE 2048 A.1 The Need for State-Change Messages 2050 IGMPv3 specifies two types of Membership Reports: Current-State and 2051 State Change. This section describes the rationale for the need for 2052 both these types of Reports. 2054 Routers need to distinguish Membership Reports that were sent in 2055 response to Queries from those that were sent as a result of a change in 2056 interface state. Membership reports that are sent in response to 2057 Membership Queries are used mainly to refresh the existing state at the 2058 router; they typically do not cause transitions in state at the router. 2059 Membership Reports that are sent in response to changes in interface 2060 state require the router to take some action in response to the received 2061 report (see Section 6.4). 2063 The inability to distinguish between the two types of reports would 2064 force a router to treat all Membership Reports as potential changes in 2065 state and could result in increased processing at the router as well as 2066 an increase in IGMP traffic on the network. 2068 A.2 Host Suppression 2070 In IGMPv1 and IGMPv2, a host would cancel sending a pending membership 2071 reports if a similar report was observed from another member on the 2072 network. In IGMPv3, this suppression of host membership reports has 2073 been removed. The following points explain the reasons behind this 2074 decision. 2076 1. Routers may want to track per-host membership status on an interface 2077 This allows routers to implement fast leaves (e.g. for layered 2078 multicast congestion control schemes) as well as track membership 2079 status for possible accounting purposes. 2081 2. Membership Report suppression does not work well on bridged LANs. 2082 Many bridges and Layer2/Layer3 switches that implement IGMP snooping 2083 do not forward IGMP messages across LAN segments in order to prevent 2084 membership report suppression. Removing membership report 2085 suppression eases the job of these IGMP snooping devices. 2087 3. By eliminating membership report suppression, hosts have fewer 2088 messages to process; this leads to a simpler state machine 2089 implementation. 2091 4. In IGMPv3, a single membership report now bundles multiple multicast 2092 group records to decrease the number of packets sent. In comparison, 2093 the previous versions of IGMP required that each multicast group be 2094 reported in a separate message. 2096 A.3 Switching router filter modes from EXCLUDE to INCLUDE 2098 If there exist hosts in both EXCLUDE and INCLUDE modes for a single 2099 multicast group in a network, the router must be in EXCLUDE mode as well 2100 (see section 6.2.1). In EXCLUDE mode, a router forwards traffic from 2101 all sources unless that source exists in the exclusion source list. If 2102 all hosts in EXCLUDE mode cease to exist, it would be desirable for the 2103 router to switch back to INCLUDE mode seamlessly without interrupting 2104 the flow of traffic to existing receivers. 2106 One of the ways to accomplish this is for routers to keep track of all 2107 sources desired by hosts that are in INCLUDE mode even though the router 2108 itself is in EXCLUDE mode. If the group timer now expires in EXCLUDE 2109 mode, it implies that there are no hosts in EXCLUDE mode on the network 2110 (otherwise a membership report from that host would have refreshed the 2111 group timer). The router can then switch to INCLUDE mode seamlessly 2112 with the list of sources currently being forwarded in its source list. 2114 AUTHORS' ADDRESSES 2116 Brad Cain 2117 Cereva Networks 2118 Email: bcain@cereva.com 2120 Steve Deering 2121 Cisco Systems, Inc. 2122 170 Tasman Drive 2123 San Jose, CA 95134-1706 2124 phone: +1-408-527-8213 2125 email: deering@cisco.com 2127 Bill Fenner 2128 AT&T Labs - Research 2129 75 Willow Rd. 2130 Menlo Park, CA 94025 2131 phone: +1-650-330-7893 2132 email: fenner@research.att.com 2134 Isidor Kouvelas 2135 Cisco Systems, Inc. 2136 170 Tasman Drive 2137 San Jose, CA 95134-1706 2138 phone: +1-408-525-0727 2139 email: kouvelas@cisco.com 2141 Ajit Thyagarajan 2142 Ericsson IP Infrastructure 2143 12120 Plum Orchard Dr. 2144 Silver Spring, MD 20904 2145 phone: +1-301-586-8200 2146 email: ajit@torrentnet.com