idnits 2.17.1 draft-ietf-mboned-mtrace-v2-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 7 instances of lines with non-RFC2606-compliant FQDNs in the document. == There are 1 instance of lines with multicast IPv4 addresses in the document. If these are generic example addresses, they should be changed to use the 233.252.0.x range defined in RFC 5771 Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 5, 2016) is 2880 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2460 (ref. '2') (Obsoleted by RFC 8200) ** Obsolete normative reference: RFC 5226 (ref. '4') (Obsoleted by RFC 8126) ** Obsolete normative reference: RFC 4601 (ref. '5') (Obsoleted by RFC 7761) Summary: 3 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 MBONED Working Group H. Asaeda 3 Internet-Draft NICT 4 Intended status: Standards Track K. Meyer 5 Expires: December 7, 2016 Cisco 6 W. Lee, Ed. 7 June 5, 2016 9 Mtrace Version 2: Traceroute Facility for IP Multicast 10 draft-ietf-mboned-mtrace-v2-13 12 Abstract 14 This document describes the IP multicast traceroute facility, named 15 Mtrace version 2 (Mtrace2). Unlike unicast traceroute, Mtrace2 16 requires special implementations on the part of routers. This 17 specification describes the required functionality in multicast 18 routers, as well as how an Mtrace2 client invokes a query and 19 receives a reply. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on December 7, 2016. 38 Copyright Notice 40 Copyright (c) 2016 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 57 2.1. Definitions . . . . . . . . . . . . . . . . . . . . . . . 5 58 3. Packet Formats . . . . . . . . . . . . . . . . . . . . . . . 6 59 3.1. Mtrace2 TLV format . . . . . . . . . . . . . . . . . . . 7 60 3.2. Defined TLVs . . . . . . . . . . . . . . . . . . . . . . 7 61 3.2.1. Mtrace2 Query . . . . . . . . . . . . . . . . . . . . 8 62 3.2.2. Mtrace2 Request . . . . . . . . . . . . . . . . . . . 10 63 3.2.3. Mtrace2 Reply . . . . . . . . . . . . . . . . . . . . 10 64 3.2.4. IPv4 Mtrace2 Standard Response Block . . . . . . . . 11 65 3.2.5. IPv6 Mtrace2 Standard Response Block . . . . . . . . 14 66 3.2.6. Mtrace2 Augmented Response Block . . . . . . . . . . 17 67 3.2.7. Mtrace2 Extended Query Block . . . . . . . . . . . . 18 68 4. Router Behavior . . . . . . . . . . . . . . . . . . . . . . . 19 69 4.1. Receiving Mtrace2 Query . . . . . . . . . . . . . . . . . 19 70 4.1.1. Query Packet Verification . . . . . . . . . . . . . . 19 71 4.1.2. Query Normal Processing . . . . . . . . . . . . . . . 20 72 4.2. Receiving Mtrace2 Request . . . . . . . . . . . . . . . . 20 73 4.2.1. Request Packet Verification . . . . . . . . . . . . . 20 74 4.2.2. Request Normal Processing . . . . . . . . . . . . . . 21 75 4.3. Forwarding Mtrace2 Request . . . . . . . . . . . . . . . 22 76 4.3.1. Destination Address . . . . . . . . . . . . . . . . . 23 77 4.3.2. Source Address . . . . . . . . . . . . . . . . . . . 23 78 4.3.3. Appending Standard Response Block . . . . . . . . . . 23 79 4.4. Sending Mtrace2 Reply . . . . . . . . . . . . . . . . . . 24 80 4.4.1. Destination Address . . . . . . . . . . . . . . . . . 24 81 4.4.2. Source Address . . . . . . . . . . . . . . . . . . . 24 82 4.4.3. Appending Standard Response Block . . . . . . . . . . 24 83 4.5. Proxying Mtrace2 Query . . . . . . . . . . . . . . . . . 24 84 4.6. Hiding Information . . . . . . . . . . . . . . . . . . . 25 85 5. Client Behavior . . . . . . . . . . . . . . . . . . . . . . . 25 86 5.1. Sending Mtrace2 Query . . . . . . . . . . . . . . . . . . 25 87 5.1.1. Destination Address . . . . . . . . . . . . . . . . . 25 88 5.1.2. Source Address . . . . . . . . . . . . . . . . . . . 25 89 5.2. Determining the Path . . . . . . . . . . . . . . . . . . 26 90 5.3. Collecting Statistics . . . . . . . . . . . . . . . . . . 26 91 5.4. Last Hop Router (LHR) . . . . . . . . . . . . . . . . . . 26 92 5.5. First Hop Router (FHR) . . . . . . . . . . . . . . . . . 26 93 5.6. Broken Intermediate Router . . . . . . . . . . . . . . . 26 94 5.7. Non-Supported Router . . . . . . . . . . . . . . . . . . 27 95 5.8. Mtrace2 Termination . . . . . . . . . . . . . . . . . . . 27 96 5.8.1. Arriving at Source . . . . . . . . . . . . . . . . . 27 97 5.8.2. Fatal Error . . . . . . . . . . . . . . . . . . . . . 27 98 5.8.3. No Upstream Router . . . . . . . . . . . . . . . . . 27 99 5.8.4. Reply Timeout . . . . . . . . . . . . . . . . . . . . 27 100 5.9. Continuing after an Error . . . . . . . . . . . . . . . . 28 101 6. Protocol-Specific Considerations . . . . . . . . . . . . . . 28 102 6.1. PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . 28 103 6.2. Bi-Directional PIM . . . . . . . . . . . . . . . . . . . 28 104 6.3. PIM-DM . . . . . . . . . . . . . . . . . . . . . . . . . 29 105 6.4. IGMP/MLD Proxy . . . . . . . . . . . . . . . . . . . . . 29 106 7. Problem Diagnosis . . . . . . . . . . . . . . . . . . . . . . 29 107 7.1. Forwarding Inconsistencies . . . . . . . . . . . . . . . 29 108 7.2. TTL or Hop Limit Problems . . . . . . . . . . . . . . . . 29 109 7.3. Packet Loss . . . . . . . . . . . . . . . . . . . . . . . 30 110 7.4. Link Utilization . . . . . . . . . . . . . . . . . . . . 30 111 7.5. Time Delay . . . . . . . . . . . . . . . . . . . . . . . 30 112 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31 113 8.1. Forwarding Codes . . . . . . . . . . . . . . . . . . . . 31 114 8.2. UDP Destination Port . . . . . . . . . . . . . . . . . . 31 115 9. Security Considerations . . . . . . . . . . . . . . . . . . . 31 116 9.1. Addresses in Mtrace2 Header . . . . . . . . . . . . . . . 31 117 9.2. Filtering of Clients . . . . . . . . . . . . . . . . . . 31 118 9.3. Topology Discovery . . . . . . . . . . . . . . . . . . . 32 119 9.4. Characteristics of Multicast Channel . . . . . . . . . . 32 120 9.5. Limiting Query/Request Rates . . . . . . . . . . . . . . 32 121 9.6. Limiting Reply Rates . . . . . . . . . . . . . . . . . . 32 122 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 32 123 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 124 11.1. Normative References . . . . . . . . . . . . . . . . . . 33 125 11.2. Informative References . . . . . . . . . . . . . . . . . 33 126 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 34 128 1. Introduction 130 Given a multicast distribution tree, tracing from a multicast source 131 to a receiver is difficult, since we do not know which branch of the 132 multicast tree the receiver lies. This means that we have to flood 133 the whole tree to find the path from a source to a receiver. On the 134 other hand, walking up the tree from a receiver to a source is easy, 135 as most existing multicast routing protocols know the upstream router 136 for each source. Tracing from a receiver to a source can involve 137 only the routers on the direct path. 139 This document specifies the multicast traceroute facility named 140 Mtrace version 2 or Mtrace2 which allows the tracing of an IP 141 multicast routing path. Mtrace2 is usually initiated from a Mtrace2 142 client towards a specified source, or a Rendezvous Point (RP) if no 143 source address is specified. RP is a special router where the source 144 and receiver meet in PIM-SM [5]. Moreover, Mtrace2 provides 145 additional information such as the packet rates and losses, as well 146 as other diagnosis information. Especially, Mtrace2 can be used for 147 the following purposes: 149 o To trace the path that a packet would take from a source to a 150 receiver. 152 o To isolate packet loss problems (e.g., congestion). 154 o To isolate configuration problems (e.g., TTL threshold). 156 Figure 1 shows a typical case on how Mtrace2 is used. FHR represents 157 the first-hop router, LHR represents the last-hop router, and the 158 arrow lines represent the Mtrace2 messages that are sent from one 159 node to another. The numbers before the Mtrace2 messages represent 160 the sequence of the messages that would happen. Source, Receiver and 161 Mtrace2 client are typically a host on the Internet. 163 2. Request 2. Request 164 +----+ +----+ 165 | | | | 166 v | v | 167 +--------+ +-----+ +-----+ +----------+ 168 | Source |----| FHR |----- The Internet -----| LHR |----| Receiver | 169 +--------+ +-----+ | +-----+ +----------+ 170 \ | ^ 171 \ | / 172 \ | / 173 \ | / 174 3. Reply \ | / 1. Query 175 \ | / 176 \ | / 177 \ +---------+ / 178 v | Mtrace2 |/ 179 | client | 180 +---------+ 182 Figure 1 184 When an Mtrace2 client initiates a multicast trace anywhere on the 185 Internet, it sends an Mtrace2 Query packet to the LHR or RP for a 186 multicast group and a source address. The LHR/RP turns the Query 187 packet into a Request, appends a standard response block containing 188 its interface addresses and packet statistics to the Request packet, 189 then forwards the packet towards the source. The Request packet is 190 either unicasted to its upstream router towards the source, or 191 multicasted to the group if the upstream router's IP address is not 192 known. In a similar fashion, each router along the path to the 193 source appends a standard response block to the end of the Request 194 packet before forwarding it to its upstream router. When the FHR 195 receives the Request packet, it appends its own standard response 196 block, turns the Request packet into a Reply, and unicasts the Reply 197 back to the Mtrace2 client. 199 The Mtrace2 Reply may be returned before reaching the FHR if it 200 reaches the RP first, or a fatal error condition such as "no route" 201 is encountered along the path, or the hop count is exceeded. 203 The Mtrace2 client waits for the Mtrace2 Reply message and displays 204 the results. When not receiving an Mtrace2 Reply message due to 205 network congestion, a broken router (see Section 5.6), or a non- 206 responding router (see Section 5.7), the Mtrace2 client may resend 207 another Mtrace2 Query with a lower hop count (see Section 3.2.1), and 208 repeat the process until it receives an Mtrace2 Reply message. The 209 details are Mtrace2 client specific, and it is outside the scope of 210 this document. 212 Note that when a router's control plane and forwarding plane are out 213 of sync, the Mtrace2 Requests might be forwarded based on the control 214 states instead. In which case, the traced path might not represent 215 the real path the data packets would follow. 217 Mtrace2 supports both IPv4 and IPv6. Unlike the previous version of 218 Mtrace, which implements its query and response as IGMP messages [8], 219 all Mtrace2 messages are UDP-based. Although the packet formats of 220 IPv4 and IPv6 Mtrace2 are different because of the address families, 221 the syntax between them is similar. 223 2. Terminology 225 In this document, the key words "MUST", "MUST NOT", "REQUIRED", 226 "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", 227 and "OPTIONAL" are to be interpreted as described in RFC 2119 [1], 228 and indicate requirement levels for compliant Mtrace2 229 implementations. 231 2.1. Definitions 233 Since Mtrace2 Queries and Requests flow in the opposite direction to 234 the data flow, we refer to "upstream" and "downstream" with respect 235 to data, unless explicitly specified. 237 Incoming interface 238 The interface on which data is expected to arrive from the 239 specified source and group. 241 Outgoing interface 242 The interface to which data from the source or RP is expected to 243 transmit for the specified source and group. It is also the 244 interface on which the Mtrace2 Request will be received. 246 Upstream router 247 The router, connecting to the Incoming interface of the current 248 router, which is responsible for forwarding data for the specified 249 source and group to the current router. 251 First-hop router (FHR) 252 The router that is directly connected to the source the Mtrace2 253 Query specifies. 255 Last-hop router (LHR) 256 The router that is directly connected to the receivers. It is 257 also the router that receives the Mtrace2 Query from an Mtrace2 258 client. 260 Group state 261 It is the state a shared-tree protocol, such as PIM-SM [5], uses 262 to choose the upstream router towards the RP for the specified 263 group. In this state, source-specific state is not available for 264 the corresponding group address on the router. 266 Source-specific state 267 It is the state that is used to choose the path towards the source 268 for the specified source and group. 270 ALL-[protocol]-ROUTERS.MCAST.NET 271 It is a link-local multicast address for multicast routers to 272 communicate with their adjacent routers that are running the same 273 routing protocol. For instance, the address of ALL-PIM- 274 ROUTERS.MCAST.NET [5] is '224.0.0.13' for IPv4 and 'ff02::d' for 275 IPv6. 277 3. Packet Formats 279 This section describes the details of the packet formats for Mtrace2 280 messages. 282 All Mtrace2 messages are encoded in TLV format (see Section 3.1). If 283 an implementation receives an unknown TLV, it SHOULD ignored and 284 silently discarded the unknown TLV. If the length of a TLV exceeds 285 the length specified in the TLV, the TLV SHOULD be accepted; however, 286 any additional data after the specified TLV length SHOULD be ignored. 288 All Mtrace2 messages are UDP packets. For IPv4, Mtrace2 Query and 289 Request messages MUST NOT be fragmented. For IPv6, the packet size 290 for the Mtrace2 messages MUST NOT exceed 1280 bytes, which is the 291 smallest MTU for an IPv6 interface [2]. The source port is uniquely 292 selected by the local host operating system. The destination port is 293 the IANA reserved Mtrace2 port number (see Section 8). All Mtrace2 294 messages MUST have a valid UDP checksum. 296 Additionally, Mtrace2 supports both IPv4 and IPv6, but not mixed. 297 For example, if an Mtrace2 Query or Request message arrives in as an 298 IPv4 packet, all addresses specified in the Mtrace2 messages MUST be 299 IPv4 as well. Same rule applies to IPv6 Mtrace2 messages. 301 3.1. Mtrace2 TLV format 303 0 1 2 3 304 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 305 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 306 | Type | Length | Value .... | 307 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 309 Type: 8 bits 311 Describes the format of the Value field. For all the available 312 types, please see Section 3.2 314 Length: 16 bits 316 Length of Type, Length, and Value fields in octets. Minimum 317 length required is 6 octets. The maximum TLV length is not 318 defined; however the entire Mtrace2 packet length should not 319 exceed the available MTU. 321 Value: variable length 323 The format is based on the Type value. The length of the value 324 field is Length field minus 3. All reserved fields in the Value 325 field MUST be transmitted as zeros and ignored on receipt. 327 3.2. Defined TLVs 329 The following TLV Types are defined: 331 Code Type 332 ==== ================================ 333 0x01 Mtrace2 Query 334 0x02 Mtrace2 Request 335 0x03 Mtrace2 Reply 336 0x04 Mtrace2 Standard Response Block 337 0x05 Mtrace2 Augmented Response Block 338 0x06 Mtrace2 Extended Query Block 340 Each Mtrace2 message MUST begin with either a Query, Request or Reply 341 TLV. The first TLV determines the type of each Mtrace2 message. 342 Following a Query TLV, there can be a sequence of optional Extended 343 Query Blocks. In the case of a Request or a Reply TLV, it is then 344 followed by a sequence of Standard Response Blocks, each from a 345 multicast router on the path towards the source or the RP. In the 346 case more information is needed, a Standard Response Block can be 347 followed by one or multiple Augmented Response Blocks. 349 We will describe each message type in detail in the next few 350 sections. 352 3.2.1. Mtrace2 Query 354 An Mtrace2 Query is usually originated by an Mtrace2 client which 355 sends an Mtrace2 Query message to the LHR. When tracing towards the 356 source or the RP, the intermediate routers MUST NOT modify the Query 357 message except the Type field. 359 An Mtrace2 Query message is shown as follows: 361 0 1 2 3 362 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 363 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 364 | Type | Length | # Hops | 365 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 366 | | 367 | Multicast Address | 368 | | 369 +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 370 | | 371 | Source Address | 372 | | 373 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 374 | | 375 | Mtrace2 Client Address | 376 | | 377 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 378 | Query ID | Client Port # | 379 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 381 Figure 2 383 # Hops: 8 bits 384 This field specifies the maximum number of hops that the Mtrace2 385 client wants to trace. If there are some error conditions in the 386 middle of the path that prevent an Mtrace2 Reply from being 387 received by the client, the client MAY issue another Mtrace2 Query 388 with a lower number of hops until it receives a Reply. 390 Multicast Address: 32 bits or 128 bits 391 This field specifies an IPv4 or IPv6 address, which can be either: 393 m-1: a multicast group address to be traced; or, 395 m-2: all 1's in case of IPv4 or the unspecified address (::) in 396 case of IPv6 if no group-specific information is desired. 398 Source Address: 32 bits or 128 bits 399 This field specifies an IPv4 or IPv6 address, which can be either: 401 s-1: an unicast address of the source to be traced; or, 403 s-2: all 1's in case of IPv4 or the unspecified address (::) in 404 case of IPv6 if no source-specific information is desired. 405 For example, the client is tracing a (*,g) group state. 407 Note that it is invalid to have a source-group combination of 408 (s-2, m-2). If a router receives such combination in an Mtrace2 409 Query, it MUST silently discard the Query. 411 Mtrace2 Client Address: 32 bits or 128 bits 412 This field specifies the Mtrace2 client's IPv4 address or IPv6 413 global address. This address MUST be a valid unicast address, and 414 therefore, MUST NOT be all 1's or an unspecified address. The 415 Mtrace2 Reply will be sent to this address. 417 Query ID: 16 bits 418 This field is used as a unique identifier for this Mtrace2 Query 419 so that duplicate or delayed Reply messages may be detected. 421 Client Port #: 16 bits 422 This field specifies the destination UDP port number for receiving 423 the Mtrace2 Reply packet. 425 3.2.2. Mtrace2 Request 427 The format of an Mtrace2 Request message is similar to an Mtrace2 428 Query except the Type field is 0x02. 430 When a LHR receives an Mtrace2 Query message, it would turn the Query 431 into a Request by changing the Type field of the Query from 0x01 to 432 0x02. The LHR would then append an Mtrace2 Standard Response Block 433 (see Section 3.2.4) of its own to the Request message before sending 434 it upstream. The upstream routers would do the same without changing 435 the Type field until one of them is ready to send a Reply. 437 3.2.3. Mtrace2 Reply 439 The format of an Mtrace2 Reply message is similar to an Mtrace2 Query 440 except the Type field is 0x03. 442 When a FHR or a RP receives an Mtrace2 Request message which is 443 destined to itself, it would append an Mtrace2 Standard Response 444 Block (see Section 3.2.4) of its own to the Request message. Next, 445 it would turn the Request message into a Reply by changing the Type 446 field of the Request from 0x02 to 0x03. The Reply message would then 447 be unicasted to the Mtrace2 client specified in the Mtrace2 Client 448 Address field. 450 There are a number of cases an intermediate router might return a 451 Reply before a Request reaches the FHR or the RP. See Section 4.1.1, 452 Section 4.2.2, Section 4.3.3, and Section 4.5 for more details. 454 3.2.4. IPv4 Mtrace2 Standard Response Block 456 This section describes the message format of an IPv4 Mtrace2 Standard 457 Response Block. The Type field is 0x04. 459 0 1 2 3 460 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 461 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 462 | Type | Length | MBZ | 463 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 464 | Query Arrival Time | 465 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 466 | Incoming Interface Address | 467 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 468 | Outgoing Interface Address | 469 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 470 | Upstream Router Address | 471 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 472 | | 473 . Input packet count on incoming interface . 474 | | 475 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 476 | | 477 . Output packet count on outgoing interface . 478 | | 479 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 480 | | 481 . Total number of packets for this source-group pair . 482 | | 483 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 484 | Rtg Protocol | Multicast Rtg Protocol | 485 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 486 | Fwd TTL | MBZ |S| Src Mask |Forwarding Code| 487 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 489 MBZ: 8 bits 490 This field must be zeroed on transmission and ignored on 491 reception. 493 Query Arrival Time: 32 bits 494 The Query Arrival Time is a 32-bit NTP timestamp specifying the 495 arrival time of the Mtrace2 Query or Request packet at this 496 router. The 32-bit form of an NTP timestamp consists of the 497 middle 32 bits of the full 64-bit form; that is, the low 16 bits 498 of the integer part and the high 16 bits of the fractional part. 500 The following formula converts from a UNIX timeval to a 32-bit NTP 501 timestamp: 503 query_arrival_time 504 = (tv.tv_sec + 32384) << 16 + ((tv.tv_usec << 10) / 15625) 506 The constant 32384 is the number of seconds from Jan 1, 1900 to 507 Jan 1, 1970 truncated to 16 bits. ((tv.tv_usec << 10) / 15625) is 508 a reduction of ((tv.tv_usec / 100000000) << 16). 510 Note that Mtrace2 does not require all the routers on the path to 511 have synchronized clocks in order to measure one-way latency. 513 Additionally, Query Arrival Time is useful for measuring the 514 packet rate. For example, suppose that a client issues two 515 queries, and the corresponding requests R1 and R2 arrive at router 516 X at time T1 and T2, then the client would be able to compute the 517 packet rate on router X by using the packet count information 518 stored in the R1 and R2, and the time T1 and T2. 520 Incoming Interface Address: 32 bits 521 This field specifies the address of the interface on which packets 522 from the source or the RP are expected to arrive, or 0 if unknown 523 or unnumbered. 525 Outgoing Interface Address: 32 bits 526 This field specifies the address of the interface on which packets 527 from the source or the RP are expected to transmit towards the 528 receiver, or 0 if unknown or unnumbered. This is also the address 529 of the interface on which the Mtrace2 Query or Request arrives. 531 Upstream Router Address: 32 bits 532 This field specifies the address of the upstream router from which 533 this router expects packets from this source. This may be a 534 multicast group (e.g. ALL-[protocol]-ROUTERS.MCAST.NET) if the 535 upstream router is not known because of the workings of the 536 multicast routing protocol. However, it should be 0 if the 537 incoming interface address is unknown or unnumbered. 539 Input packet count on incoming interface: 64 bits 540 This field contains the number of multicast packets received for 541 all groups and sources on the incoming interface, or all 1's if no 542 count can be reported. This counter may have the same value as 543 ifHCInMulticastPkts from the IF-MIB [10] for this interface. 545 Output packet count on outgoing interface: 64 bit 546 This field contains the number of multicast packets that have been 547 transmitted or queued for transmission for all groups and sources 548 on the outgoing interface, or all 1's if no count can be reported. 549 This counter may have the same value as ifHCOutMulticastPkts from 550 the IF-MIB [10] for this interface. 552 Total number of packets for this source-group pair: 64 bits 553 This field counts the number of packets from the specified source 554 forwarded by the router to the specified group, or all 1's if no 555 count can be reported. If the S bit is set (see below), the count 556 is for the source network, as specified by the Src Mask field (see 557 below). If the S bit is set and the Src Mask field is 127, 558 indicating no source-specific state, the count is for all sources 559 sending to this group. This counter should have the same value as 560 ipMcastRoutePkts from the IPMROUTE-STD-MIB [11] for this 561 forwarding entry. 563 Rtg Protocol: 16 bits 564 This field describes the unicast routing protocol running between 565 this router and the upstream router, and it is used to determine 566 the RPF interface for the specified source or RP. This value 567 should have the same value as ipMcastRouteRtProtocol from the 568 IPMROUTE-STD-MIB [11] for this entry. If the router is not able 569 to obtain this value, all 0's must be specified. 571 Multicast Rtg Protocol: 16 bits 572 This field describes the multicast routing protocol in use between 573 the router and the upstream router. This value should have the 574 same value as ipMcastRouteProtocol from the IPMROUTE-STD-MIB [11] 575 for this entry. If the router cannot obtain this value, all 0's 576 must be specified. 578 Fwd TTL: 8 bits 579 This field contains the configured multicast TTL threshold, if 580 any, of the outgoing interface. 582 S: 1 bit 583 If this bit is set, it indicates that the packet count for the 584 source-group pair is for the source network, as determined by 585 masking the source address with the Src Mask field. 587 Src Mask: 7 bits 588 This field contains the number of 1's in the netmask the router 589 has for the source (i.e. a value of 24 means the netmask is 590 0xffffff00). If the router is forwarding solely on group state, 591 this field is set to 127 (0x7f). 593 Forwarding Code: 8 bits 594 This field contains a forwarding information/error code. 595 Section 4.1 and Section 4.2 will explain how and when the 596 Forwarding Code is filled. Defined values are as follows: 598 Value Name Description 599 ----- -------------- ---------------------------------------------- 600 0x00 NO_ERROR No error 601 0x01 WRONG_IF Mtrace2 Request arrived on an interface 602 to which this router would not forward for 603 the specified group towards the source or RP. 604 0x02 PRUNE_SENT This router has sent a prune upstream which 605 applies to the source and group in the 606 Mtrace2 Request. 607 0x03 PRUNE_RCVD This router has stopped forwarding for this 608 source and group in response to a request 609 from the downstream router. 610 0x04 SCOPED The group is subject to administrative 611 scoping at this router. 612 0x05 NO_ROUTE This router has no route for the source or 613 group and no way to determine a potential 614 route. 615 0x06 WRONG_LAST_HOP This router is not the proper LHR. 616 0x07 NOT_FORWARDING This router is not forwarding this source and 617 group out the outgoing interface for an 618 unspecified reason. 619 0x08 REACHED_RP Reached the Rendezvous Point. 620 0x09 RPF_IF Mtrace2 Request arrived on the expected 621 RPF interface for this source and group. 622 0x0A NO_MULTICAST Mtrace2 Request arrived on an interface 623 which is not enabled for multicast. 624 0x0B INFO_HIDDEN One or more hops have been hidden from this 625 trace. 626 0x0C REACHED_GW Mtrace2 Request arrived on a gateway (e.g., 627 a NAT or firewall) that hides the 628 information between this router and the 629 Mtrace2 client. 630 0x0D UNKNOWN_QUERY A non-transitive Extended Query Type was 631 received by a router which does not support 632 the type. 633 0x80 FATAL_ERROR A fatal error is one where the router may 634 know the upstream router but cannot forward 635 the message to it. 636 0x81 NO_SPACE There was not enough room to insert another 637 Standard Response Block in the packet. 638 0x83 ADMIN_PROHIB Mtrace2 is administratively prohibited. 640 3.2.5. IPv6 Mtrace2 Standard Response Block 642 This section describes the message format of an IPv6 Mtrace2 Standard 643 Response Block. The Type field is also 0x04. 645 0 1 2 3 646 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 647 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 648 | Type | Length | MBZ | 649 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 650 | Query Arrival Time | 651 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 652 | Incoming Interface ID | 653 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 654 | Outgoing Interface ID | 655 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 656 | | 657 * Local Address * 658 | | 659 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 660 | | 661 * Remote Address * 662 | | 663 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 664 | | 665 . Input packet count on incoming interface . 666 | | 667 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 668 | | 669 . Output packet count on outgoing interface . 670 | | 671 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 672 | | 673 . Total number of packets for this source-group pair . 674 | | 675 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 676 | Rtg Protocol | Multicast Rtg Protocol | 677 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 678 | MBZ 2 |S|Src Prefix Len |Forwarding Code| 679 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 681 MBZ: 8 bits 682 This field must be zeroed on transmission and ignored on 683 reception. 685 Query Arrival Time: 32 bits 686 Same definition as in IPv4. 688 Incoming Interface ID: 32 bits 689 This field specifies the interface ID on which packets from the 690 source or RP are expected to arrive, or 0 if unknown. This ID 691 should be the value taken from InterfaceIndex of the IF-MIB [10] 692 for this interface. 694 Outgoing Interface ID: 32 bits 695 This field specifies the interface ID to which packets from the 696 source or RP are expected to transmit, or 0 if unknown. This ID 697 should be the value taken from InterfaceIndex of the IF-MIB [10] 698 for this interface 700 Local Address: 128 bits 701 This field specifies a global IPv6 address that uniquely 702 identifies the router. An unique local unicast address [9] SHOULD 703 NOT be used unless the router is only assigned link-local and 704 unique local addresses. If the router is only assigned link-local 705 addresses, its link-local address can be specified in this field. 707 Remote Address: 128 bits 708 This field specifies the address of the upstream router, which, in 709 most cases, is a link-local unicast address for the upstream 710 router. 712 Although a link-local address does not have enough information to 713 identify a node, it is possible to detect the upstream router with 714 the assistance of Incoming Interface ID and the current router 715 address (i.e., Local Address). 717 Note that this may be a multicast group (e.g., ALL-[protocol]- 718 ROUTERS.MCAST.NET) if the upstream router is not known because of 719 the workings of a multicast routing protocol. However, it should 720 be the unspecified address (::) if the incoming interface address 721 is unknown. 723 Input packet count on incoming interface: 64 bits 724 Same definition as in IPv4. 726 Output packet count on outgoing interface: 64 bits 727 Same definition as in IPv4. 729 Total number of packets for this source-group pair: 64 bits 730 Same definition as in IPv4, except if the S bit is set (see 731 below), the count is for the source network, as specified by the 732 Src Prefix Len field. If the S bit is set and the Src Prefix Len 733 field is 255, indicating no source-specific state, the count is 734 for all sources sending to this group. This counter should have 735 the same value as ipMcastRoutePkts from the IPMROUTE-STD-MIB [11] 736 for this forwarding entry. 738 Rtg Protocol: 16 bits 739 Same definition as in IPv4. 741 Multicast Rtg Protocol: 16 bits 742 Same definition as in IPv4. 744 MBZ 2: 15 bits 745 This field must be zeroed on transmission and ignored on 746 reception. 748 S: 1 bit 749 Same definition as in IPv4, except the Src Prefix Len field is 750 used to mask the source address. 752 Src Prefix Len: 8 bits 753 This field contains the prefix length this router has for the 754 source. If the router is forwarding solely on group state, this 755 field is set to 255 (0xff). 757 Forwarding Code: 8 bits 758 Same definition as in IPv4. 760 3.2.6. Mtrace2 Augmented Response Block 762 In addition to the Standard Response Block, a multicast router on the 763 traced path can optionally add one or multiple Augmented Response 764 Blocks before sending the Request to its upstream router. 766 The Augmented Response Block is flexible for various purposes such as 767 providing diagnosis information (see Section 7) and protocol 768 verification. Its Type field is 0x05, and its format is as follows: 770 0 1 2 3 771 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 772 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 773 | Type | Length | MBZ | 774 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 775 | Augmented Response Type | Value .... | 776 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 778 MBZ: 8 bits 779 This field must be zeroed on transmission and ignored on 780 reception. 782 Augmented Response Type: 16 bits 783 This field specifies the type of various responses from a 784 multicast router that might need to communicate back to the 785 Mtrace2 client as well as the multicast routers on the traced 786 path. 788 The Augmented Response Type is defined as follows: 790 Code Type 791 ==== =============================================== 792 0x01 # of the returned Standard Response Blocks 794 When the NO_SPACE error occurs on a router, the router should send 795 the original Mtrace2 Request received from the downstream router 796 as a Reply back to the Mtrace2 client, and continue with a new 797 Mtrace2 Request. In the new Request, the router would add a 798 Standard Response Block followed by an Augmented Response Block 799 with 0x01 as the Augmented Response Type, and the number of the 800 returned Mtrace2 Standard Response Blocks as the Value. 802 Each upstream router would recognize the total number of hops the 803 Request has been traced so far by adding this number and the 804 number of the Standard Response Block in the current Request 805 message. 807 This document only defines one Augmented Response Type in the 808 Augmented Response Block. The description on how to provide 809 diagnosis information using the Augmented Response Block is out of 810 the scope of this document, and will be addressed in separate 811 documents. 813 Value: variable length 814 The format is based on the Augmented Response Type value. The 815 length of the value field is Length field minus 6. 817 3.2.7. Mtrace2 Extended Query Block 819 There may be a sequence of optional Extended Query Blocks that follow 820 an Mtrace2 Query to further specify any information needed for the 821 Query. For example, an Mtrace2 client might be interested in tracing 822 the path the specified source and group would take based on a certain 823 topology. In which case, the client can pass in the multi-topology 824 ID as the Value for an Extended Query Type (see below). The Extended 825 Query Type is extensible and the behavior of the new types will be 826 addressed by separate documents. 828 The Mtrace2 Extended Query Block's Type field is 0x06, and is 829 formatted as follows: 831 0 1 2 3 832 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 833 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 834 | Type | Length | MBZ |T| 835 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 836 | Extended Query Type | Value .... | 837 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 839 MBZ: 7 bits 840 This field must be zeroed on transmission and ignored on 841 reception. 843 T-bit (Transitive Attribute): 1 bit 844 If the TLV type is unrecognized by the receiving router, then this 845 TLV is either discarded or forwarded along with the Query, 846 depending on the value of this bit. If this bit is set, then the 847 router MUST forward this TLV. If this bit is clear, the router 848 MUST send an Mtrace2 Reply with an UNKNOWN_QUERY error. 850 Extended Query Type: 16 bits 851 This field specifies the type of the Extended Query Block. 853 Value: 16 bits 854 This field specifies the value of this Extended Query. 856 4. Router Behavior 858 This section describes the router behavior in the context of Mtrace2 859 in detail. 861 4.1. Receiving Mtrace2 Query 863 An Mtrace2 Query message is an Mtrace2 message with no response 864 blocks filled in, and uses TLV type of 0x01. 866 4.1.1. Query Packet Verification 868 Upon receiving an Mtrace2 Query message, a router MUST examine 869 whether the Multicast Address and the Source Address are a valid 870 combination as specified in Section 3.2.1, and whether the Mtrace2 871 Client Address is a valid IP unicast address. If either one is 872 invalid, the Query MUST be silently ignored. 874 Mtrace2 supports a non-local client to the LHR/RP. A router SHOULD, 875 however, support a mechanism to filter out queries from clients 876 beyond a specified administrative boundary. Such a boundary could, 877 for example, be specified via a list of allowed/disallowed client 878 addresses or subnets. If a query is received from beyond the 879 specified administrative boundary, the Query MUST NOT be processed. 880 The router MAY, however, perform rate limited logging of such events. 882 In the case where a local LHR client is required, the router must 883 then examine the Query to see if it is the proper LHR/RP for the 884 destination address in the packet. It is the proper local LHR if it 885 has a multicast-capable interface on the same subnet as the Mtrace2 886 Client Address and is the router that would forward traffic from the 887 given (S,G) or (*,G) onto that subnet. It is the proper RP if the 888 multicast group address specified in the query is 0 and if the IP 889 header destination address is a valid RP address on this router. 891 If the router determines that it is not the proper LHR/RP, or it 892 cannot make that determination, it does one of two things depending 893 on whether the Query was received via multicast or unicast. If the 894 Query was received via multicast, then it MUST be silently discarded. 895 If it was received via unicast, the router turns the Query into a 896 Reply message by changing the TLV type to 0x03 and appending a 897 Standard Response Block with a Forwarding Code of WRONG_LAST_HOP. 898 The rest of the fields in the Standard Response Block MUST be zeroed. 899 The router then sends the Reply message to the Mtrace2 Client Address 900 on the Client Port # as specified in the Mtrace2 Query. 902 Duplicate Query messages as identified by the tuple (Mtrace2 Client 903 Address, Query ID) SHOULD be ignored. This MAY be implemented using 904 a cache of previously processed queries keyed by the Mtrace2 Client 905 Address and Query ID pair. The duration of the cached entries is 906 implementation specific. Duplicate Request messages MUST NOT be 907 ignored in this manner. 909 4.1.2. Query Normal Processing 911 When a router receives an Mtrace2 Query and it determines that it is 912 the proper LHR, it turns the Query to a Request by changing the TLV 913 type from 0x01 to 0x02, and performs the steps listed in Section 4.2. 915 4.2. Receiving Mtrace2 Request 917 An Mtrace2 Request is an Mtrace2 message that uses TLV type of 0x02. 918 With the exception of the LHR, whose Request was just converted from 919 a Query, each Request received by a router should have at least one 920 Standard Response Block filled in. 922 4.2.1. Request Packet Verification 924 If the Mtrace2 Request does not come from an adjacent router, or if 925 the Request is not addressed to this router, or if the Request is 926 addressed to a multicast group which is not a link-scoped group (i.e. 927 224/24 for IPv4, FFx2::/16 [3] for IPv6), it MUST be silently 928 ignored. GTSM [12] SHOULD be used by the router to determine whether 929 the router is adjacent or not. 931 If the sum of the number of the Standard Response Blocks in the 932 received Mtrace2 Request and the value of the Augmented Response Type 933 of 0x01, if any, is equal or more than the # Hops in the Mtrace2 934 Request, it MUST be silently ignored. 936 4.2.2. Request Normal Processing 938 When a router receives an Mtrace2 Request message, it performs the 939 following steps. Note that it is possible to have multiple 940 situations covered by the Forwarding Codes. The first one 941 encountered is the one that is reported, i.e. all "note Forwarding 942 Code N" should be interpreted as "if Forwarding Code is not already 943 set, set Forwarding Code to N". 945 1. Prepare a Standard Response Block to be appended to the packet 946 and fill in the Query Arrival Time, Outgoing Interface Address 947 (for IPv4) or Outgoing Interface ID (for IPv6), Output Packet 948 Count, and Fwd TTL (for IPv4). Note that the Outgoing Interface 949 is the one on which the Mtrace2 Request message arrives. 951 2. Attempt to determine the forwarding information for the 952 specified source and group, using the same mechanisms as would 953 be used when a packet is received from the source destined for 954 the group. A state need not be instantiated, it can be a 955 "phantom" state created only for the purpose of the trace, such 956 as "dry-run." 958 If using a shared-tree protocol and there is no source-specific 959 state, or if no source-specific information is desired (i.e., 960 all 1's for IPv4 or unspecified address (::) for IPv6), group 961 state should be used. If there is no group state or no group- 962 specific information is desired, potential source state (i.e., 963 the path that would be followed for a source-specific Join) 964 should be used. 966 3. If no forwarding information can be determined, the router notes 967 a Forwarding Code of NO_ROUTE, sets the remaining fields that 968 have not yet been filled in to zero, and then sends an Mtrace2 969 Reply back to the Mtrace2 client. 971 4. Fill in the Incoming Interface Address (or Incoming Interface ID 972 and Local Address for IPv6), Upstream Router Address (or Remote 973 Address for IPv6), Input Packet Count, Total Number of Packets, 974 Routing Protocol, S, and Src Mask (or Src Prefix Len for IPv6) 975 using the forwarding information determined by the step 2. 977 5. If Mtrace2 is administratively prohibited, note the Forwarding 978 Code of ADMIN_PROHIB. If Mtrace2 is administratively prohibited 979 and any of the fields as filled in the step 4 are considered 980 private information, zero out the applicable fields. 982 6. If the Outgoing interface is not enabled for multicast, note 983 Forwarding Code of NO_MULTICAST. If the Outgoing interface is 984 the interface from which the router would expect data to arrive 985 from the source, note forwarding code RPF_IF. If the Outgoing 986 interface is not one to which the router would forward data from 987 the source or RP to the group, a Forwarding code of WRONG_IF is 988 noted. In the above three cases, the router will return an 989 Mtrace2 Reply and terminate the trace. 991 7. If the group is subject to administrative scoping on either the 992 Outgoing or Incoming interfaces, a Forwarding Code of SCOPED is 993 noted. 995 8. If this router is the RP for the group for a non-source-specific 996 query, note a Forwarding Code of REACHED_RP. The router will 997 send an Mtrace2 Reply and terminate the trace. 999 9. If this router is directly connected to the specified source or 1000 source network on the Incoming interface, it sets the Upstream 1001 Router Address (for IPv4) or the Remote Address (for IPv6) of 1002 the response block to zero. The router will send an Mtrace2 1003 Reply and terminate the trace. 1005 10. If this router has sent a prune upstream which applies to the 1006 source and group in the Mtrace2 Request, it notes Forwarding 1007 Code of PRUNE_SENT. If the router has stopped forwarding 1008 downstream in response to a prune sent by the downstream router, 1009 it notes Forwarding Code of PRUNE_RCVD. If the router should 1010 normally forward traffic downstream for this source and group 1011 but is not, it notes Forwarding Code of NOT_FORWARDING. 1013 11. If this router is a gateway (e.g., a NAT or firewall) that hides 1014 the information between this router and the Mtrace2 client, it 1015 notes Forwarding Code of REACHED_GW. The router continues the 1016 processing as described in Section 4.5. 1018 12. If the total number of the Standard Response Blocks, including 1019 the newly prepared one, and the value of the Augmented Response 1020 Type of 0x01, if any, is less than the # Hops in the Request, 1021 the packet is then forwarded to the upstream router as described 1022 in Section 4.3; otherwise, the packet is sent as an Mtrace2 1023 Reply to the Mtrace2 client as described in Section 4.4. 1025 4.3. Forwarding Mtrace2 Request 1027 This section describes how an Mtrace2 Request should be forwarded. 1029 4.3.1. Destination Address 1031 If the upstream router for the Mtrace2 Request is known for this 1032 request, the Mtrace2 Request is sent to that router. If the Incoming 1033 interface is known but the upstream router is not, the Mtrace2 1034 Request is sent to an appropriate multicast address on the Incoming 1035 interface. The multicast address SHOULD depend on the multicast 1036 routing protocol in use, such as ALL-[protocol]-ROUTERS.MCAST.NET. 1037 It MUST be a link-scoped group (i.e. 224/24 for IPv4, FF02::/16 for 1038 IPv6), and MUST NOT be ALL-SYSTEMS.MCAST.NET (224.0.0.1) for IPv4 and 1039 All Nodes Address (FF02::1) for IPv6. It MAY also be ALL- 1040 ROUTERS.MCAST.NET (224.0.0.2) for IPv4 or All Routers Address 1041 (FF02::2) for IPv6 if the routing protocol in use does not define a 1042 more appropriate multicast address. 1044 4.3.2. Source Address 1046 An Mtrace2 Request should be sent with the address of the Incoming 1047 interface. However, if the Incoming interface is unnumbered, the 1048 router can use one of its numbered interface address as the source 1049 address. 1051 4.3.3. Appending Standard Response Block 1053 An Mtrace2 Request MUST be sent upstream towards the source or the RP 1054 after appending a Standard Response Block to the end of the received 1055 Mtrace2 Request. The Standard Response Block includes the multicast 1056 states and statistics information of the router described in 1057 Section 3.2.4. 1059 If appending the Standard Response Block would make the Mtrace2 1060 Request packet longer than the MTU of the Incoming Interface, or, in 1061 the case of IPv6, longer than 1280 bytes, the router MUST change the 1062 Forwarding Code in the last Standard Response Block of the received 1063 Mtrace2 Request into NO_SPACE. The router then turns the Request 1064 into a Reply, and sends the Reply as described in Section 4.4. 1066 The router will continue with a new Request by copying from the old 1067 Request excluding all the response blocks, followed by the previously 1068 prepared Standard Response Block, and an Augmented Response Block 1069 with Augmented Response Type of 0x01 and the number of the returned 1070 Standard Response Blocks as the value. The new Request is then 1071 forwarded upstream. 1073 4.4. Sending Mtrace2 Reply 1075 An Mtrace2 Reply MUST be returned to the client by a router if the 1076 total number of the traced routers is equal to the # Hops in the 1077 Request. The total number of the traced routers is the sum of the 1078 Standard Response Blocks in the Request (including the one just 1079 added) and the number of the returned blocks, if any. 1081 4.4.1. Destination Address 1083 An Mtrace2 Reply MUST be sent to the address specified in the Mtrace2 1084 Client Address field in the Mtrace2 Request. 1086 4.4.2. Source Address 1088 An Mtrace2 Reply SHOULD be sent with the address of the router's 1089 Outgoing interface. However, if the Outgoing interface address is 1090 unnumbered, the router can use one of its numbered interface address 1091 as the source address. 1093 4.4.3. Appending Standard Response Block 1095 An Mtrace2 Reply MUST be sent with the prepared Standard Response 1096 Block appended at the end of the received Mtrace2 Request except in 1097 the case of NO_SPACE forwarding code. 1099 4.5. Proxying Mtrace2 Query 1101 When a gateway (e.g., a NAT or firewall), which needs to block 1102 unicast packets to the Mtrace2 client, or hide information between 1103 the gateway and the Mtrace2 client, receives an Mtrace2 Query from an 1104 adjacent host or Mtrace2 Request from an adjacent router, it appends 1105 a Standard Response Block with REACHED_GW as the Forwarding Code, and 1106 turns the Query or Request as a Reply, and sends the Reply back to 1107 the client. 1109 At the same time, the gateway originates a new Mtrace2 Query message 1110 by copying the original Mtrace2 header (the Query or Request without 1111 any of the response blocks), and makes the changes as follows: 1113 o sets the RPF interface's address as the Mtrace2 Client Address; 1115 o uses its own port number as the Client Port #; and, 1117 o decreases # Hops by the number of the Standard Response Block that 1118 was just returned as a Reply. 1120 The new Mtrace2 Query message is then sent to the upstream router or 1121 to an appropriate multicast address on the RPF interface. 1123 When the gateway receives an Mtrace2 Reply whose Query ID matches the 1124 one in the original Mtrace2 header, it MUST relay the Mtrace2 Reply 1125 back to the Mtrace2 client by replacing the Reply's header with the 1126 original Mtrace2 header. If the gateway does not receive the 1127 corresponding Mtrace2 Reply within the [Mtrace Reply Timeout] period 1128 (see Section 5.8.4), then it silently discards the original Mtrace2 1129 Query or Request message, and terminates the trace. 1131 4.6. Hiding Information 1133 Information about a domain's topology and connectivity may be hidden 1134 from the Mtrace2 Requests. The Forwarding Code of INFO_HIDDEN may be 1135 used to note that. For example, the incoming interface address and 1136 packet count on the ingress router of a domain, and the outgoing 1137 interface address and packet count on the egress router of the domain 1138 can be specified as all 1's. Additionally, the source-group packet 1139 count (see Section 3.2.4 and Section 3.2.5) within the domain may be 1140 all 1's if it is hidden. 1142 5. Client Behavior 1144 This section describes the behavior of an Mtrace2 client in detail. 1146 5.1. Sending Mtrace2 Query 1148 An Mtrace2 client initiates an Mtrace2 Query by sending the Query to 1149 the LHR of interest. 1151 5.1.1. Destination Address 1153 If an Mtrace2 client knows the proper LHR, it unicasts an Mtrace2 1154 Query packet to that router; otherwise, it MAY send the Mtrace2 Query 1155 packet to the ALL-ROUTERS.MCAST.NET (224.0.0.2) for IPv4 or All 1156 Routers Address (FF02::2) for IPv6. This will ensure that the packet 1157 is received by the LHR on the subnet. 1159 See also Section 5.4 on determining the LHR. 1161 5.1.2. Source Address 1163 An Mtrace2 Query MUST be sent with the client's interface address, 1164 which would be the Mtrace2 Client Address. 1166 5.2. Determining the Path 1168 An Mtrace2 client could send an initial Query messages with a large # 1169 Hops, in order to try to trace the full path. If this attempt fails, 1170 one strategy is to perform a linear search (as the traditional 1171 unicast traceroute program does); set the # Hops field to 1 and try 1172 to get a Reply, then 2, and so on. If no Reply is received at a 1173 certain hop, the hop count can continue past the non-responding hop, 1174 in the hopes that further hops may respond. These attempts should 1175 continue until the [Mtrace Reply Timeout] timeout has occurred. 1177 See also Section 5.6 on receiving the results of a trace. 1179 5.3. Collecting Statistics 1181 After a client has determined that it has traced the whole path or as 1182 much as it can expect to (see Section 5.8), it might collect 1183 statistics by waiting a short time and performing a second trace. If 1184 the path is the same in the two traces, statistics can be displayed 1185 as described in Section 7.3 and Section 7.4. 1187 5.4. Last Hop Router (LHR) 1189 The Mtrace2 client may not know which is the last-hop router, or that 1190 router may be behind a firewall that blocks unicast packets but 1191 passes multicast packets. In these cases, the Mtrace2 Request should 1192 be multicasted to ALL-ROUTERS.MCAST.NET (224.0.0.2) for IPv4 or All 1193 Routers Address (FF02::2) for IPv6. All routers except the correct 1194 last-hop router SHOULD ignore any Mtrace2 Request received via 1195 multicast. 1197 5.5. First Hop Router (FHR) 1199 The IANA assigned 224.0.1.32, MTRACE.MCAST.NET as the default 1200 multicast group for old IPv4 mtrace (v1) responses, in order to 1201 support mtrace clients that are not unicast reachable from the first- 1202 hop router. Mtrace2, however, does not require any IPv4/IPv6 1203 multicast addresses for the Mtrace2 Replies. Every Mtrace2 Reply is 1204 sent to the unicast address specified in the Mtrace2 Client Address 1205 field of the Mtrace2 Reply. 1207 5.6. Broken Intermediate Router 1209 A broken intermediate router might simply not understand Mtrace2 1210 packets, and drop them. The Mtrace2 client will get no Reply at all 1211 as a result. It should then perform a hop-by-hop search by setting 1212 the # Hops field until it gets an Mtrace2 Reply. The client may use 1213 linear or binary search; however, the latter is likely to be slower 1214 because a failure requires waiting for the [Mtrace Reply Timeout] 1215 period. 1217 5.7. Non-Supported Router 1219 When a non-supported router receives an Mtrace2 Query or Request 1220 message whose destination address is a multicast address, the router 1221 will silently discard the message. 1223 When the router receives an Mtrace2 Query which is destined to 1224 itself, the router would return an ICMP port unreachable to the 1225 Mtrace2 client. On the other hand, when the router receives an 1226 Mtrace2 Request which is destined to itself, the router would return 1227 an ICMP port unreachable to its adjacent router from which the 1228 Request receives. Therefore, the Mtrace2 client needs to terminate 1229 the trace when the [Mtrace Reply Timeout] timeout has occurred, and 1230 may then issue another Query with a lower number of # Hops. 1232 5.8. Mtrace2 Termination 1234 When performing an expanding hop-by-hop trace, it is necessary to 1235 determine when to stop expanding. 1237 5.8.1. Arriving at Source 1239 A trace can be determined to have arrived at the source if the 1240 Incoming Interface of the last router in the trace is non-zero, but 1241 the Upstream Router is zero. 1243 5.8.2. Fatal Error 1245 A trace has encountered a fatal error if the last Forwarding Error in 1246 the trace has the 0x80 bit set. 1248 5.8.3. No Upstream Router 1250 A trace can not continue if the last Upstream Router in the trace is 1251 set to 0. 1253 5.8.4. Reply Timeout 1255 This document defines the [Mtrace Reply Timeout] value, which is used 1256 to time out an Mtrace2 Reply as seen in Section 4.5, Section 5.2, and 1257 Section 5.7. The default [Mtrace Reply Timeout] value is 10 1258 (seconds), and can be manually changed on the Mtrace2 client and 1259 routers. 1261 5.9. Continuing after an Error 1263 When the NO_SPACE error occurs, as described in Section 4.2, a router 1264 will send back an Mtrace2 Reply to the Mtrace2 client, and continue 1265 with a new Request (see Section 4.3.3). In which case, the Mtrace2 1266 client may receive multiple Mtrace2 Replies from different routers 1267 along the path. When this happens, the client MUST treat them as a 1268 single Mtrace2 Reply message. 1270 If a trace times out, it is very likely that a router in the middle 1271 of the path does not support Mtrace2. That router's address will be 1272 in the Upstream Router field of the last Standard Response Block in 1273 the last received Reply. A client may be able to determine (via 1274 mrinfo or SNMP [9][11]) a list of neighbors of the non-responding 1275 router. If desired, each of those neighbors could be probed to 1276 determine the remainder of the path. Unfortunately, this heuristic 1277 may end up with multiple paths, since there is no way of knowing what 1278 the non-responding router's algorithm for choosing an upstream router 1279 is. However, if all paths but one flow back towards the non- 1280 responding router, it is possible to be sure that this is the correct 1281 path. 1283 6. Protocol-Specific Considerations 1285 This section describes the Mtrace2 behavior with the present of 1286 different multicast protocols. 1288 6.1. PIM-SM 1290 When an Mtrace2 reaches a PIM-SM RP, and the RP does not forward the 1291 trace on, it means that the RP has not performed a source-specific 1292 join so there is no more state to trace. However, the path that 1293 traffic would use if the RP did perform a source-specific join can be 1294 traced by setting the trace destination to the RP, the trace source 1295 to the traffic source, and the trace group to 0. This Mtrace2 Query 1296 may be unicasted to the RP, and the RP takes the same actions as an 1297 LHR. 1299 6.2. Bi-Directional PIM 1301 Bi-directional PIM [6] is a variant of PIM-SM that builds bi- 1302 directional shared trees connecting multicast sources and receivers. 1303 Along the bi-directional shared trees, multicast data is natively 1304 forwarded from the sources to the Rendezvous Point Link (RPL), and 1305 from which, to receivers without requiring source-specific state. In 1306 contrast to PIM-SM, Bi-directional PIM always has the state to trace. 1308 A Designated Forwarder (DF) for a given Rendezvous Point Address 1309 (RPA) is in charge of forwarding downstream traffic onto its link, 1310 and forwarding upstream traffic from its link towards the RPL that 1311 the RPA belongs to. Hence Mtrace2 Reply reports DF addresses or RPA 1312 along the path. 1314 6.3. PIM-DM 1316 Routers running PIM Dense Mode [13] do not know the path packets 1317 would take unless traffic is flowing. Without some extra protocol 1318 mechanism, this means that in an environment with multiple possible 1319 paths with branch points on shared media, Mtrace2 can only trace 1320 existing paths, not potential paths. When there are multiple 1321 possible paths but the branch points are not on shared media, the 1322 upstream router is known, but the LHR may not know that it is the 1323 appropriate last hop. 1325 When traffic is flowing, PIM Dense Mode routers know whether or not 1326 they are the LHR for the link (because they won or lost an Assert 1327 battle) and know who the upstream router is (because it won an Assert 1328 battle). Therefore, Mtrace2 is always able to follow the proper path 1329 when traffic is flowing. 1331 6.4. IGMP/MLD Proxy 1333 When an IGMP/MLD Proxy [7] receives an Mtrace2 Query packet on an 1334 incoming interface, it notes a WRONG_IF in the Forwarding Code of the 1335 last Standard Response Block (see Section 3.2.4), and sends the 1336 Mtrace2 Reply back to the Mtrace2 client. On the other hand, when an 1337 Mtrace2 Query packet reaches an outgoing interface of the IGMP/MLD 1338 proxy, it is forwarded onto its incoming interface towards the 1339 upstream router. 1341 7. Problem Diagnosis 1343 This section describes different scenarios Mtrace2 can be used to 1344 diagnose the multicast problems. 1346 7.1. Forwarding Inconsistencies 1348 The Forwarding Error code can tell if a group is unexpectedly pruned 1349 or administratively scoped. 1351 7.2. TTL or Hop Limit Problems 1353 By taking the maximum of hops from the source and forwarding TTL 1354 threshold over all hops, it is possible to discover the TTL or hop 1355 limit required for the source to reach the destination. 1357 7.3. Packet Loss 1359 By taking two traces, it is possible to find packet loss information 1360 by comparing the difference in input packet counts to the difference 1361 in output packet counts for the specified source-group address pair 1362 at the previous hop. On a point-to-point link, any difference in 1363 these numbers implies packet loss. Since the packet counts may be 1364 changing as the Mtrace2 Request is propagating, there may be small 1365 errors (off by 1 or 2 or more) in these statistics. However, these 1366 errors will not accumulate if multiple traces are taken to expand the 1367 measurement period. On a shared link, the count of input packets can 1368 be larger than the number of output packets at the previous hop, due 1369 to other routers or hosts on the link injecting packets. This 1370 appears as "negative loss" which may mask real packet loss. 1372 In addition to the counts of input and output packets for all 1373 multicast traffic on the interfaces, the Standard Response Block 1374 includes a count of the packets forwarded by a node for the specified 1375 source-group pair. Taking the difference in this count between two 1376 traces and then comparing those differences between two hops gives a 1377 measure of packet loss just for traffic from the specified source to 1378 the specified receiver via the specified group. This measure is not 1379 affected by shared links. 1381 On a point-to-point link that is a multicast tunnel, packet loss is 1382 usually due to congestion in unicast routers along the path of that 1383 tunnel. On native multicast links, loss is more likely in the output 1384 queue of one hop, perhaps due to priority dropping, or in the input 1385 queue at the next hop. The counters in the Standard Response Block 1386 do not allow these cases to be distinguished. Differences in packet 1387 counts between the incoming and outgoing interfaces on one node 1388 cannot generally be used to measure queue overflow in the node. 1390 7.4. Link Utilization 1392 Again, with two traces, you can divide the difference in the input or 1393 output packet counts at some hop by the difference in time stamps 1394 from the same hop to obtain the packet rate over the link. If the 1395 average packet size is known, then the link utilization can also be 1396 estimated to see whether packet loss may be due to the rate limit or 1397 the physical capacity on a particular link being exceeded. 1399 7.5. Time Delay 1401 If the routers have synchronized clocks, it is possible to estimate 1402 propagation and queuing delay from the differences between the 1403 timestamps at successive hops. However, this delay includes control 1404 processing overhead, so is not necessarily indicative of the delay 1405 that data traffic would experience. 1407 8. IANA Considerations 1409 The following new assignments can only be made via a Standards Action 1410 as specified in [4]. 1412 8.1. Forwarding Codes 1414 New Forwarding Codes must only be created by an RFC that modifies 1415 this document's Section 3.2.4 and Section 3.2.5, fully describing the 1416 conditions under which the new Forwarding Code is used. The IANA may 1417 act as a central repository so that there is a single place to look 1418 up Forwarding Codes and the document in which they are defined. 1420 8.2. UDP Destination Port 1422 The IANA should allocate UDP destination port for Mtrace2 upon 1423 publication of the first RFC. 1425 9. Security Considerations 1427 This section addresses some of the security considerations related to 1428 Mtrace2. 1430 9.1. Addresses in Mtrace2 Header 1432 An Mtrace2 header includes three addresses, source address, multicast 1433 address, and Mtrace2 client address. These addresses MUST be 1434 congruent with the definition defined in Section 3.2.1 and forwarding 1435 Mtrace2 messages having invalid addresses MUST be prohibited. For 1436 instance, if Mtrace2 Client Address specified in an Mtrace2 header is 1437 a multicast address, then a router that receives the Mtrace2 message 1438 MUST silently discard it. 1440 9.2. Filtering of Clients 1442 A router SHOULD support a mechanism to filter out queries from 1443 clients beyond a specified administrative boundary. Such a boundary 1444 could, for example, be specified via a list of allowed/disallowed 1445 client addresses or subnets. If a query is received from beyond the 1446 specified administrative boundary, the Query MUST NOT be processed. 1447 The router MAY, however, perform rate limited logging of such events. 1449 9.3. Topology Discovery 1451 Mtrace2 can be used to discover any actively-used topology. If your 1452 network topology is a secret, Mtrace2 may be restricted at the border 1453 of your domain, using the ADMIN_PROHIB forwarding code. 1455 9.4. Characteristics of Multicast Channel 1457 Mtrace2 can be used to discover what sources are sending to what 1458 groups and at what rates. If this information is a secret, Mtrace2 1459 may be restricted at the border of your domain, using the 1460 ADMIN_PROHIB forwarding code. 1462 9.5. Limiting Query/Request Rates 1464 A router may limit Mtrace2 Queries and Requests by ignoring some of 1465 the consecutive messages. The router MAY randomly ignore the 1466 received messages to minimize the processing overhead, i.e., to keep 1467 fairness in processing queries, or prevent traffic amplification. 1468 The rate limit is left to the router's implementation. 1470 9.6. Limiting Reply Rates 1472 The proxying and NO_SPACE behaviors may result in one Query returning 1473 multiple Reply messages. In order to prevent abuse, the routers in 1474 the traced path MAY need to rate-limit the Replies. The rate limit 1475 function is left to the router's implementation. 1477 10. Acknowledgements 1479 This specification started largely as a transcription of Van 1480 Jacobson's slides from the 30th IETF, and the implementation in 1481 mrouted 3.3 by Ajit Thyagarajan. Van's original slides credit Steve 1482 Casner, Steve Deering, Dino Farinacci and Deb Agrawal. The original 1483 multicast traceroute client, mtrace (version 1), has been implemented 1484 by Ajit Thyagarajan, Steve Casner and Bill Fenner. The idea of the 1485 "S" bit to allow statistics for a source subnet is due to Tom 1486 Pusateri. 1488 For the Mtrace version 2 specification, the authors would like to 1489 give special thanks to Tatsuya Jinmei, Bill Fenner, and Steve Casner. 1490 Also, extensive comments were received from David L. Black, Ronald 1491 Bonica, Yiqun Cai, Liu Hui, Bharat Joshi, Robert Kebler, Heidi Ou, 1492 Pekka Savola, Shinsuke Suzuki, Dave Thaler, Achmad Husni Thamrin, 1493 Stig Venaas, and Cao Wei. 1495 11. References 1497 11.1. Normative References 1499 [1] Bradner, S., "Key words for use in RFCs to indicate 1500 requirement levels", RFC 2119, March 1997. 1502 [2] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1503 (IPv6) Specification", RFC 2460, December 1998. 1505 [3] Hinden, R. and S. Deering, "IP Version 6 Addressing 1506 Architecture", RFC 4291, February 2006. 1508 [4] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1509 IANA Considerations Section in RFCs", RFC 5226, May 2008. 1511 [5] Fenner, B., Handley, M., Holbrook, H., and I. Kouvelas, 1512 "Protocol Independent Multicast - Sparse Mode (PIM-SM): 1513 Protocol Specification (Revised)", RFC 4601, August 2006. 1515 [6] Handley, M., Kouvelas, I., Speakman, T., and L. Vicisano, 1516 "Bidirectional Protocol Independent Multicast (BIDIR- 1517 PIM)", RFC 5015, October 2007. 1519 [7] Fenner, B., He, H., Haberman, B., and H. Sandick, 1520 "Internet Group Management Protocol (IGMP) / Multicast 1521 Listener Discovery (MLD)-Based Multicast Forwarding 1522 ("IGMP/MLD Proxying")", RFC 4605, August 2006. 1524 11.2. Informative References 1526 [8] Cain, B., Deering, S., Kouvelas, I., Fenner, B., and A. 1527 Thyagarajan, "Internet Group Management Protocol, Version 1528 3", RFC 3376, October 2002. 1530 [9] Draves, R. and D. Thaler, "Default Router Preferences and 1531 More-Specific Routes", RFC 4191, November 2005. 1533 [10] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1534 MIB", RFC 2863, June 2000. 1536 [11] McWalter, D., Thaler, D., and A. Kessler, "IP Multicast 1537 MIB", RFC 5132, December 2007. 1539 [12] Gill, V., Heasley, J., Meyer, D., Savola, P., and C. 1540 Pignataro, "The Generalized TTL Security Mechanism 1541 (GTSM)", RFC 5082, October 2007. 1543 [13] Adams, A., Nicholas, J., and W. Siadak, "Protocol 1544 Independent Multicast - Dense Mode (PIM-DM): Protocol 1545 Specification (Revised)", RFC 3973, January 2005. 1547 Authors' Addresses 1549 Hitoshi Asaeda 1550 National Institute of Information and Communications Technology 1551 4-2-1 Nukui-Kitamachi 1552 Koganei, Tokyo 184-8795 1553 Japan 1555 Email: asaeda@nict.go.jp 1557 Kerry Meyer 1558 Cisco Systems, Inc. 1559 510 McCarthy Blvd. 1560 Milpitas, CA 95035 1561 USA 1563 Email: kerrymey@cisco.com 1565 WeeSan Lee (editor) 1567 Email: weesan@weesan.com