idnits 2.17.1 draft-ietf-msdp-spec-13.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document is more than 15 pages and seems to lack a Table of Contents. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 21 instances of too long lines in the document, the longest one being 7 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: RPs which originate SA messages do so periodically as long as there is data being sent by the source. There is one SA-Advertisement-Timer covering the sources that an RP may advertise. [SA-Advertisement-Period] MUST be 60 seconds. An RP MUST not send more than one periodic SA message for a given (S,G) within an SA Advertisement interval. Originating periodic SA messages is required to keep announcements alive in caches. Finally, an originating RP SHOULD trigger the transmission of an SA message as soon as it receives data from an internal source for the first time. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'SG-State-Period' is mentioned on line 182, but not defined == Missing Reference: 'SA-Advertisement-Period' is mentioned on line 202, but not defined == Missing Reference: 'SA-Hold-Down-Period' is mentioned on line 183, but not defined == Missing Reference: 'SG-Rate-Limit-Period' is mentioned on line 201, but not defined == Missing Reference: 'HoldTime-Period' is mentioned on line 567, but not defined == Missing Reference: 'KeepAlive-Period' is mentioned on line 760, but not defined == Missing Reference: 'ConnectRetry-Period' is mentioned on line 506, but not defined == Missing Reference: 'R2' is mentioned on line 426, but not defined == Missing Reference: 'MSDP-GRE-ProtocolType' is mentioned on line 1096, but not defined -- Possible downref: Non-RFC (?) normative reference: ref. 'IANA' ** Obsolete normative reference: RFC 1771 (Obsoleted by RFC 4271) ** Obsolete normative reference: RFC 2283 (Obsoleted by RFC 2858) ** Obsolete normative reference: RFC 2362 (Obsoleted by RFC 4601, RFC 5059) ** Obsolete normative reference: RFC 2401 (Obsoleted by RFC 4301) Summary: 12 errors (**), 0 flaws (~~), 13 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group David Meyer (Editor) 2 INTERNET DRAFT Bill Fenner (Editor) 3 Category Standards Track 4 November, 2001 6 Multicast Source Discovery Protocol (MSDP) 7 9 1. Status of this Memo 11 This document is an Internet-Draft and is in full conformance with 12 all provisions of Section 10 of RFC 2026. 14 Internet Drafts are working documents of the Internet Engineering 15 Task Force (IETF), its areas, and its working groups. Note that other 16 groups may also distribute working documents as Internet-Drafts. 18 Internet-Drafts are draft documents valid for a maximum of six months 19 and may be updated, replaced, or obsoleted by other documents at any 20 time. It is inappropriate to use Internet-Drafts as reference 21 material or to cite them other than as "work in progress." 23 The list of current Internet-Drafts can be accessed at 24 http://www.ietf.org/ietf/1id-abstracts.txt. 26 The list of Internet-Draft Shadow Directories can be accessed at 27 http://www.ietf.org/shadow.html. 29 2. Abstract 31 The Multicast Source Discovery Protocol, MSDP, describes a mechanism 32 to connect multiple PIM-SM domains together. Each PIM-SM domain uses 33 its own independent RP(s) and does not have to depend on RPs in other 34 domains. 36 3. Copyright Notice 38 Copyright (C) The Internet Society (2001). All Rights Reserved. 40 4. Introduction 42 The Multicast Source Discovery Protocol, MSDP, describes a mechanism 43 to connect multiple PIM-SM domains together. Each PIM-SM domain uses 44 its own independent RP(s) and does not have to depend on RPs in other 45 domains. Advantages of this approach include: 47 o No Third-party resource dependencies on RP 49 PIM-SM domains can rely on their own RPs only. 51 o Receiver only Domains 53 Domains with only receivers get data without globally 54 advertising group membership. 56 Note that MSDP may be used with protocols other than PIM-SM, but such 57 usage is not specified in this memo. 59 The keywords MUST, MUST NOT, MAY, OPTIONAL, REQUIRED, RECOMMENDED, 60 SHALL, SHALL NOT, SHOULD, SHOULD NOT are to be interpreted as defined 61 in RFC 2119 [RFC2119]. 63 5. Overview 65 MSDP-speaking routers in a PIM-SM [RFC2362] domain have a MSDP 66 peering relationship with MSDP peers in another domain. The peering 67 relationship is made up of a TCP connection in which control 68 information is exchanged. Each domain has one or more connections to 69 this virtual topology. 71 The purpose of this topology is to allow domains to discover 72 multicast sources from other domains. If the multicast sources are of 73 interest to a domain which has receivers, the normal source-tree 74 building mechanism in PIM-SM will be used to deliver multicast data 75 over an inter-domain distribution tree. 77 We envision this virtual topology will essentially be congruent to 78 the existing BGP topology used in the unicast-based Internet today. 79 That is, the TCP connections between MSDP peers are likely to be 80 congruent to the connections in the BGP routing system. 82 6. Procedure 84 When an RP in a PIM-SM domain first learns of a new sender, e.g. via 85 PIM register messages, it constructs a "Source-Active" (SA) message 86 and sends it to its MSDP peers. The SA message contains the following 87 fields: 89 o Source address of the data source. 90 o Group address the data source sends to. 91 o IP address of the RP. 93 Note that an RP that isn't a DR on a shared network SHOULD NOT 94 originate SA's for directly connected sources on that shared network; 95 it should only originate in response to receiving Register messages 96 from the DR. 98 Each MSDP peer receives and forwards the message away from the RP 99 address in a "peer-RPF flooding" fashion. The notion of peer-RPF 100 flooding is with respect to forwarding SA messages. The Multicast RPF 101 Routing Information Base (MRIB) is examined to determine which peer 102 towards the originating RP of the SA message is selected. Such a peer 103 is called an "RPF peer". See section 14 for the details of peer-RPF 104 forwarding. 106 If the MSDP peer receives the SA from a non-RPF peer towards the 107 originating RP, it will drop the message. Otherwise, it forwards the 108 message to all its MSDP peers (except the one from which it received 109 the SA message). 111 When an MSDP peer which is also an RP for its own domain receives a 112 new SA message, it determines if there are any group members within 113 the domain interested in any group described by an (S,G) entry within 114 the SA message. That is, the RP checks for a (*,G) entry with a non- 115 empty outgoing interface list; this implies that some system in the 116 domain is interested in the group. In this case, the RP triggers a 117 (S,G) join event towards the data source as if a Join/Prune message 118 was received addressed to the RP itself. This sets up a branch of the 119 source-tree to this domain. Subsequent data packets arrive at the RP 120 via this tree branch, and are forwarded down the shared-tree inside 121 the domain. If leaf routers choose to join the source-tree they have 122 the option to do so according to existing PIM-SM conventions. 123 Finally, if an RP in a domain receives a PIM Join message for a new 124 group G, the RP SHOULD trigger a (S,G) join event for each active 125 (S,G) for that group in its SA cache. 127 This procedure has been affectionately named flood-and-join because 128 if any RP is not interested in the group, they can ignore the SA 129 message. Otherwise, they join a distribution tree. 131 7. Caching 133 A MSDP speaker MUST cache SA messages. Caching allows pacing of MSDP 134 messages as well as reducing join latency for new receivers of a 135 group G at an originating RP which has existing MSDP (S,G) state. In 136 addition, caching greatly aids in diagnosis and debugging of various 137 problems. 139 8. Timers 141 The main timers for MSDP are: SA-Advertisement-Timer, SG-Rate-Limit- 142 Timer, SA Cache Entry timer, KeepAlive timer, ConnectRetry and Peer 143 Hold Timer. Each is considered below. 145 8.1. SA-Advertisement-Timer 147 RPs which originate SA messages do so periodically as long as there 148 is data being sent by the source. There is one SA-Advertisement-Timer 149 covering the sources that an RP may advertise. [SA-Advertisement- 150 Period] MUST be 60 seconds. An RP MUST not send more than one 151 periodic SA message for a given (S,G) within an SA Advertisement 152 interval. Originating periodic SA messages is required to keep 153 announcements alive in caches. Finally, an originating RP SHOULD 154 trigger the transmission of an SA message as soon as it receives data 155 from an internal source for the first time. 157 8.2. SA-Advertisement-Timer Processing 159 An RP MUST spread the generation of periodic SA messages (i.e. 160 messages advertising the active sources for which it is the RP) over 161 its reporting interval (i.e. SA-Advertisement-Period). An RP starts 162 the SA-Advertisement-Timer when the MSDP process is configured. When 163 the timer expires, an RP resets the timer to [SA-Advertisement- 164 Period] seconds, and begins the advertisement of its active sources. 165 Active sources are advertised in the following manner: An RP packs 166 its active sources into an SA message until the largest MSDP packet 167 that can be sent is built or there are no more sources, and then 168 sends the message. This process is repeated periodically within the 169 SA-Advertisement-Period in such a way that all of the RP's sources 170 are advertised. Note that since MSDP is a periodic protocol, an 171 implemenation SHOULD send all cached SA messages when a connection is 172 established. Finally, the timer is deleted when the MSDP process is 173 deconfigured. 175 8.3. SA Cache Timeout (SA-State Timer) 177 Each entry in an SA Cache has an associated SA-State Timer. A 178 (S,G)-SA-State-Timer is started when an (S,G)-SA message is initially 179 received by a MSDP peer. The timer is reset to [SG-State-Period] if 180 another (S,G)-SA message is received before the (S,G)-SA-State Timer 181 expires. The timer is reset whether or not the (S,G) entry's SG- 182 Rate-Limit timer is running. [SG-State-Period] MUST NOT be less than 183 [SA-Advertisement-Period] + [SA-Hold-Down-Period]. 185 8.4. SG-Rate-Limit Timer 187 The SG-Rate-Limit Timer is a per-(S,G) timer which is used to limit 188 possible SA storms. After an SA message passes the peer-RPF check, 189 the SG-Rate-Limit timer for each (S,G) in the message is checked. If 190 the SG-Rate-Limit timer is running for a given (S,G), it is removed 191 from the message before forwarding. If this process causes the 192 message to become empty, the empty message is discarded. 194 When an SA message is forwarded, the SG-Rate-Limit timer for each 195 (S,G) mentioned in the message is set to [SG-Rate-Limit-Period] 196 seconds. Note that this sequence means that the SG-Rate-Limit timer 197 will never be reset if it is running, since any (S,G) whose timer was 198 running was removed from the forwarded message; it acts as a "one- 199 shot" timer. 201 [SG-Rate-Limit-Period] SHOULD be set to 30 seconds, and MUST NOT be 202 greater than [SA-Advertisement-Period]. 204 8.5. Peer Hold Timer 206 If a system has not received any MSDP message within the period 207 specified by the Hold Timer, then a Notification message with Hold 208 Timer Expired Error Code MUST be sent and the MSDP connection MUST be 209 closed. [HoldTime-Period] MUST be at least three seconds. The 210 recommended value for [HoldTime-Period] is 90 seconds. 212 The Hold Timer is initialized to [HoldTime-Period] when the peer's 213 transport connection is established, and is reset to [HoldTime- 214 Period] when any MSDP message is received. Finally, the timer is 215 deleted when the peer's transport connection is closed. 217 8.6. KeepAlive Timer 219 Once an MSDP transport connection is established, each side of the 220 connection sends a KeepAlive message and sets a KeepAlive timer. If 221 the KeepAlive timer expires, the local system sends a KeepAlive 222 message and restarts its KeepAlive timer. 224 The KeepAlive timer is set to [KeepAlive-Period] when the peer comes 225 up. The timer is reset to [KeepAlive-Period] each time an MSDP 226 message is sent to the peer, and reset when the timer expires. 228 Finally, the KeepAlive timer is deleted when the peer's transport 229 connection is closed. 231 [KeepAlive-Period] MUST be less than [HoldTime-Period], and MUST be 232 at least one second. The recommended value for [KeepAlive-Period] is 233 75 seconds. 235 8.7. ConnectRetry Timer 237 The ConnectRetry timer is used by the MSDP peer with the lower IP 238 address to transition from INACTIVE to CONNECTING states. There is 239 one timer per peer, and the [ConnectRetry-Period] SHOULD be set to 30 240 seconds. The timer is initialized to [ConnectRetry-Period] when an 241 MSDP speaker attempts to actively open a TCP connection to its peer 242 (see section 15, event E2, action A2 ). When the timer expires, the 243 peer retries the connection and the timer is reset to [ConnectRetry- 244 Period]. It is deleted if either the connection transitions into 245 ESTABLISHED state or the peer is deconfigured. 247 9. Intermediate MSDP Peers 249 Intermediate MSDP speakers do not originate periodic SA messages on 250 behalf of sources in other domains. In general, an RP MUST only 251 originate an SA for a source which would register to it, and ONLY RPs 252 may originate SA messages. 254 10. SA Filtering and Policy 256 As the number of (S,G) pairs increases in the Internet, an RP may 257 want to filter which sources it describes in SA messages. Also, 258 filtering may be used as a matter of policy which at the same time 259 can reduce state. Only the RP co-located in the same domain as the 260 source can restrict SA messages. Note, however, that MSDP peers in 261 transit domains should not filter SA messages or the flood-and-join 262 model can not guarantee that sources will be known throughout the 263 Internet (i.e., SA filtering by transit domains can cause undesired 264 lack of connectivity). In general, policy should be expressed using 265 MBGP [RFC2283]. This will cause MSDP messages to flow in the desired 266 direction and peer-RPF fail otherwise. An exception occurs at an 267 administrative scope [RFC2365] boundary. In particular, a SA message 268 for a (S,G) MUST NOT be sent to peers which are on the other side of 269 an administrative scope boundary for G. 271 11. SA Requests 273 A MSDP speaker MAY accept SA-Requests from other MSDP peers. When an 274 MSDP speaker receives an SA-Request for a group range, it will 275 respond to the peer with a set of SA entries, in an SA-Response 276 message, for all active sources in its SA cache sending to the group 277 requested in the SA-Request message. The peer that sends the request 278 will not flood the responding SA-Response message to other peers. See 279 section 17 for discussion of error handling relating to SA requests 280 and responses. 282 12. Encapsulated Data Packets 284 The RP may encapsulate multicast data from the source. An interested 285 RP may decapsulate the packet, which SHOULD be forwarded as if a PIM 286 register encapsulated packet was received. That is, if packets are 287 already arriving over the interface toward the source, then the 288 packet is dropped. Otherwise, if the outgoing interface list is non- 289 null, the packet is forwarded appropriately. Note that when doing 290 data encapsulation, an implementation MUST bound the time during 291 which packets are encapsulated. 293 This allows for small bursts to be received before the multicast tree 294 is built back toward the source's domain. For example, an 295 implementation SHOULD encapsulate at least the first packet to 296 provide service to bursty sources. 298 13. Other Scenarios 300 MSDP is not limited to deployment across different routing domains. 301 It can be used within a routing domain when it is desired to deploy 302 multiple RPs for the same group ranges. As long as all RPs have a 303 interconnected MSDP topology, each can learn about active sources as 304 well as RPs in other domains. 306 14. MSDP Peer-RPF Forwarding 308 The MSDP Peer-RPF Forwarding rules are used for forwarding SA 309 messages throughout an MSDP enabled internet. Unlike the RPF check 310 used when forwarding data packets, which generally compares the 311 packet's source address against the interface upon which the packet 312 was received, the Peer-RPF check compares the RP address carried in 313 the SA message against the MSDP peer from which the message was 314 received. 316 14.1. Definitions 318 The following definitions are used in the description of the Peer-RPF 319 Forwarding Rules: 321 14.1.1. Multicast RPF Routing Information Base (MRIB) 323 The MRIB is the multicast topology table. It is typically derived 324 from the unicast routing table or from other routing protocols such 325 as multi-protocol BGP [RFC2283]. 327 14.1.2. Peer-RPF Route 329 The Peer-RPF route is the route that the MRIB chooses for a given 330 address. The Peer-RPF route for a SA's originating RP is used to 331 select the peer from which the SA is accepted. 333 14.2. Peer-RPF Forwarding Rules 335 An SA message originated by R and received by X from N is 336 accepted if N is the peer-RPF neighbor for X, and is discarded 337 otherwise. 339 MPP(R,N) MP(N,X) 340 R ---------....-------> N ------------------> X 341 SA(S,G,R) SA(S,G,R) 343 MP(N,X) is an MSDP peering between N and X. MPP(R,N) is 344 an MSDP peering path (zero or more MSDP peers) between R 345 and N, e.g. MPP(R,N) = MP(R, A) + MP(A, B) + MP(B, N). 346 SA(S,G,R) is an SA message for source S on group G originated 347 by an RP R. 349 The peer-RPF neighbor P is chosen deterministically, using the 350 first of the following rules that matches. In particular, 351 P is the RPF neighbor of X with respect to R if 353 (i). P == R (X has an MSDP peering with R). 355 (ii). P is the BGP NEXT_HOP of the Peer-RPF route 356 for R. 358 (iii). The Peer-RPF route for R is learned through a 359 distance-vector or path-vector routing protocol 360 (e.g. BGP, RIP, DVMRP) and P is the neighbor that 361 advertised the Peer-RPF route for R if the 362 route was learned via a distance-vector or 363 path-vector protocol, or P is the IGP next hop 364 for R if learned via a link-state protocol. 366 (iv). P resides in an AS that is in the AS_PATH of the 367 Peer-RPF route for R, and P has the highest IP address among 368 the MSDP peers that reside in ASs in that AS_PATH. 370 (v). P is configured as the static RPF-peer for R. 372 When an SA message with RP R is received from neighbor N, it is 373 discarded unless N == P as determined above. 375 14.3. MSDP static RPF-peer semantics 377 If none of the rules (i) - (iv) are able to determine an RPF peer for 378 R, a longest-match lookup is performed in the static RPF peer table. 379 This table MUST be able to contain a default entry, and SHOULD be 380 able to contain prefix or per-host (RP) entries. This table 381 statically maps RP addresses to peers, and allows configuration of 382 topology that is e.g. unknown to the multicast topology gathering 383 protocol. 385 The result of the longest-match lookup of an RP address R in the 386 static RPF peer table is an MSDP peer, which is the RPF neighbor for 387 R. 389 14.4. MSDP mesh-group semantics 391 A MSDP mesh-group is a operational mechanism for reducing SA 392 flooding, typically in an intra-domain setting. In particular, when 393 some subset of a domain's MSDP speakers are fully meshed, then can be 394 configured into a mesh-group. 396 Note that mesh-groups assume that a member doesn't have to forward an 397 SA to other members of the mesh-group because the originator will 398 forward to all members. To be able for the originator to forward to 399 all members (and to have each member also be a potential originator), 400 the mesh-group must be a full mesh of MSDP peering among all members. 402 The semantics of the mesh-group are as follows: 404 (i). If a member R of a mesh-group M receives a SA message from an 405 MSDP peer that is also a member of mesh-group M, R accepts the 406 SA message and forwards it to all of its peers that are not 407 part of any mesh-group. R MUST NOT forward the SA message to 408 other members of mesh-group M. 410 (ii). If a member R of a mesh-group M receives a SA message from an 411 MSDP peer that is not a member of mesh-group M, and the SA 412 message passes the peer-RPF check, then R forwards the SA 413 message to all members of mesh-group M. 415 (iii). Cross mesh-group forwarding 416 If a member R of a mesh-groups M and N receives an SA 417 message from an MSDP peer in mesh-group M, R forwards the SA 418 to its MSDP peers in mesh-group N if it receives that SA 419 message from a peer that is in the same mesh-group as its 420 peer-RPF neighbor for that SA. 422 For example, consider the case in which three routers (R1, R2, 423 and R3) and three mesh-groups (A, B, and C) are arranged in a 424 triangle, e.g., 426 [R2] {A,B} 427 / \ 428 / \ 429 / \ 430 / \ 431 {A,C} [R1]--------[R3] {B,C} 433 Now, when R1 receives an SA message from R2 and R1's 434 peer-RPF neighbor for this SA lies in mesh-group A, R1 435 forwards the SA message its peers in other mesh-groups 436 (in particular, R3 in mesh-group C). Similarly, if R3's 437 peer-RPF neighbor lies in mesh-group B, R3 will forward an 438 SA message from R2. In this case, both R1 and R3 will send 439 SA messages to each other (because they share common mesh-group 440 C), but neither of them will forward any further the SA messages 441 received from each other (as their peer-RPF neighbors do 442 not lie in mesh-group C). 444 Note that since mesh-groups suspend peer-RPF checking of SAs received 445 from a mesh-group member ((i). above), they allow for mis- 446 configuration to cause SA looping. 448 15. MSDP Connection State Machine 450 MSDP uses TCP as its transport protocol. In a peering relationship, 451 one MSDP peer listens for new TCP connections on the well-known port 452 639. The other side makes an active connect to this port. The peer 453 with the higher IP address will listen. This connection establishment 454 algorithm avoids call collision. Therefore, there is no need for a 455 call collision procedure. It should be noted, however, that the 456 disadvantage of this approach is that the startup time depends 457 completely upon the active side and its connect retry timer; the 458 passive side cannot cause the connection to be established. 460 An MSDP peer starts in the DISABLED state. MSDP peers establish 461 peering sessions according to the following state machine: 463 --------------->+----------+ 464 / | DISABLED |<---------- 465 | ------>+----------+ \ 466 | / |E1->A1 | 467 | | | | 468 | | V |E7->A7 469 | | +----------+ E3->A3 +--------+ 470 | | | INACTIVE |------->| LISTEN | 471 | | +----------+ +--------+ 472 | | E2->A2| ^ |E5->A5 473 | | | | | 474 | |E7->A6 V |E6 | 475 | \ +------------+ | 476 E7->A8 | ------| CONNECTING | | 477 E8->A9 | +------------+ | 478 E9->A10| |E4->A4 | 479 E10->A11| | | 480 E11->A12| V | 481 \ +-------------+ / 482 --------------| ESTABLISHED |<--------- 483 +-------------+ 485 15.1. Events 487 E1) Enable MSDP peering with P 488 E2) Own IP address < P's IP address 489 E3) Own IP address > P's IP address 490 E4) TCP established (active side) 491 E5) TCP established (passive side) 492 E6) ConnectRetry timer expired 493 E7) Disable MSDP peering with P 494 An example of when to do this is when one's own address is 495 changed) 496 E8) Hold Timer expired 497 E9) Authorization failure 498 E10) Notification TLV received 499 E11) Error detected 501 15.2. Actions 503 A1) Allocate resources for peering with P 504 Compare one's own and peer's IP addresses 505 A2) TCP active OPEN 506 Set ConnectRetry timer to [ConnectRetry-Period] 507 A3) TCP passive OPEN (listen) 508 A4) Delete ConnectRetry timer 509 Send KeepAlive TLV 510 Set KeepAlive timer to [KeepAlive-Period] 511 Set Hold Timer to [HoldTime-Period] 512 A5) Send KeepAlive TLV 513 Set KeepAlive timer to [KeepAlive-Period] 514 Set Hold Timer to [HoldTime-Period] 515 A6) Abort TCP active OPEN attempt 516 Release resources allocated for peering with P 517 A7) Abort TCP passive OPEN attempt 518 Release resources allocated for peering with P 520 In action sets 8)-12), the action "Close peering session" includes 521 the following steps: 522 Close TCP connection 523 Delete KeepAlive timer 524 Delete Hold Timer 525 Release resources allocated for peering with P 527 A8) Send Notification TLV with Error Code "Cease" 528 Close peering session 529 A9) Send Notification TLV with Error Code "Hold Timer Expired" 530 Close peering session 532 A10) Notify management system unless this has already been done by 533 the security mechanism 534 Close peering session 535 A11) Notify management system 536 If the received Notification TLV's O-bit was cleared, close 537 peering session. Otherwise, remain in ESTABLISHED state. 538 A12) Send Notification TLV with appropriate Error Code 539 Notify management system 540 If the sent Notification TLV's O-bit was cleared, close peering 541 session. Otherwise, remain in ESTABLISHED state. 543 15.3. Peer-specific Events 545 The following peer-specific events can occur in the ESTABLISHED 546 state, they do not cause a state transition. Appropriate actions are 547 listed for each event. 549 *) KeepAlive timer expired: 550 -> Send KeepAlive TLV 551 -> Set KeepAlive timer to [KeepAlive-Period] 552 *) KeepAlive TLV received: 553 -> Set Hold Timer to [HoldTime-Period] 554 *) Source-Active TLV received: 555 -> Set Hold Timer to [HoldTime-Period] 556 -> Run Peer-RPF Forwarding algorithm (consider SG-Rate-Limit 557 Timer and SA-State Timer) 558 -> Set KeepAlive timer to [KeepAlive-Period] for those peers 559 the Source-Active TLV is forwarded to 560 -> Send information to PIM-SM 561 -> Store information in cache 562 *) Source-Active Request TLV received: 563 -> Set Hold Timer to [HoldTime-Period] 564 -> If SA-Requests are accepted, send Source-Active Response 565 TLV and set KeepAlive timer to [KeepAlive-Period] 566 *) Source-Active Response TLV received: 567 -> Set Hold Timer to [HoldTime-Period] 568 -> If a corresponding SA-Request were previously sent, send 569 information to PIM-SM. If not, an error has occured 570 (event 11 above) 571 -> Store information in cache 573 15.4. Peer-independent Events 575 There are also a number of events that affect more than one peering 576 session, but still require actions to be performed on a per-peer 577 basis. 579 *) SA-Advertisement-Timer expired: 580 -> Start periodic transmission of Source-Active TLV(s) 581 -> Set KeepAlive timer to [KeepAlive-Period] each time a 582 Source-Active TLV is sent 583 *) MSDP learns of a new active internal source (e.g. PIM-SM 584 register received for a new source): 585 -> Send Source-Active TLV 586 -> Set KeepAlive timer to [KeepAlive-Period] 587 *) Source-Active Request triggered (event not specified here): 588 -> Send Source-Active Request TLV 589 -> Set KeepAlive timer to [KeepAlive-Period] 590 *) SG-State-Timer expired (one timer per cache entry): 591 -> Implementation specific, typically mark the cache entry for 592 deletion 594 16. Packet Formats 596 MSDP messages will be encoded in TLV format. If an implementation 597 receives a TLV that has length that is longer than expected, the TLV 598 SHOULD be accepted. Any additional data SHOULD be ignored. 600 16.1. MSDP TLV format: 602 0 1 2 3 603 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 604 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 605 | Type | Length | Value .... | 606 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 608 Type (8 bits) 609 Describes the format of the Value field. 611 Length (16 bits) 612 Length of Type, Length, and Value fields in octets. 613 Minimum length required is 4 octets, except for 614 Keepalive messages. The maximum TLV length is 9192. 616 Value (variable length) 617 Format is based on the Type value. See below. The length of 618 the value field is Length field minus 3. All reserved fields 619 in the Value field MUST be transmitted as zeros and ignored on 620 receipt. 622 16.2. Defined TLVs 624 The following TLV Types are defined: 626 Code Type 627 =========================================================== 628 1 IPv4 Source-Active 629 2 IPv4 Source-Active Request 630 3 IPv4 Source-Active Response 631 4 KeepAlive 632 5 Notification 634 Each TLV is described below. 636 In addition, the following TLV Types are assigned but not described 637 in this memo: 639 Code Type 640 =========================================================== 641 6 MSDP traceroute in progress 642 7 MSDP traceroute reply 644 16.2.1. IPv4 Source-Active TLV 646 The maximum size SA message that can be sent is 9192 octets. The 9192 647 octet size does not include the TCP, IP, layer-2 headers. 649 0 1 2 3 650 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 651 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 652 | 1 | x + y | Entry Count | 653 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 654 | RP Address | 655 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 656 | Reserved | Sprefix Len | \ 657 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ 658 | Group Address | ) z 659 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / 660 | Source Address | / 661 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 663 Type 664 IPv4 Source-Active TLV is type 1. 666 Length x 667 Is the length of the control information in the message. x is 668 8 octets (for the first two 32-bit quantities) plus 12 times 669 Entry Count octets. 671 Length y 672 If 0, then there is no data encapsulated. Otherwise an IPv4 673 packet follows and y is the length of the total length field 674 of the IPv4 header encapsulated. If there are multiple SA TLVs 675 in a message, and data is also included, y must be 0 in all SA 676 TLVs except the last one and the last SA TLV must reflect the 677 source and destination addresses in the IP header of the 678 encapsulated data. 680 Entry Count 681 Is the count of z entries (note above) which follow the RP 682 address field. This is so multiple (S,G)s from the same domain 683 can be encoded efficiently for the same RP address. An 684 SA message containing encapsulated data typically has an 685 entry count of 1 (i.e. only contains a single entry, for 686 the (S,G) representing the encapsulated packet). 688 RP Address 689 The address of the RP in the domain the source has become 690 active in. 692 Reserved 693 The Reserved field MUST be transmitted as zeros and MUST be 694 ignored by a receiver. 696 Sprefix Len 697 The route prefix length associated with source address. 698 This field MUST be transmitted as 32 (/32). An Invalid 699 Sprefix Len Notification SHOULD be sent upon receipt 700 of any other value. 702 Group Address 703 The group address the active source has sent data to. 705 Source Address 706 The IP address of the active source. 708 Multiple SA TLVs MAY appear in the same message and can be batched 709 for efficiency at the expense of data latency. This would typically 710 occur on intermediate forwarding of SA messages. 712 16.2.2. IPv4 Source-Active Request TLV 714 The Source-Active Request is used to request SA-state from a MSDP 715 peer. If an RP in a domain receives a PIM Join message for a group, 716 creates (*,G) state and wants to know all active sources for group G, 717 it may send an SA-Request message for the group. 719 0 1 2 3 720 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 721 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 722 | 2 | 8 | Reserved | 723 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 724 | Group Address | 725 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 727 Type 728 IPv4 Source-Active Request TLV is type 2. 730 Reserved 731 Must be transmitted as zero and ignored on receipt. 733 Group Address 734 The group address the MSDP peer is requesting. 736 16.2.3. IPv4 Source-Active Response TLV 738 The Source-Active Response is sent in response to a Source-Active 739 Request message. The Source-Active Response message has the same 740 format as a Source-Active message but does not allow encapsulation of 741 multicast data. 743 0 1 2 3 744 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 745 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 746 | 3 | x | .... | 747 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 749 Type 750 IPv4 Source-Active Response TLV is type 3. 752 Length x 753 Is the length of the control information in the message. x is 8 754 octets (for the first two 32-bit quantities) plus 12 times Entry 755 Count octets. 757 16.2.4. KeepAlive TLV 759 A KeepAlive TLV is sent to an MSDP peer if and only if there were no 760 MSDP messages sent to the peer within [KeepAlive-Period] seconds. 761 This message is necessary to keep the MSDP connection alive. 763 0 1 2 3 764 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 765 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 766 | 4 | 3 | 767 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 769 The length of the message is 3 octets which encompasses the one octet 770 Type field and the two octet Length field. 772 16.2.5. Notification TLV 774 A Notification message is sent when an error condition is detected, 775 and has the following form: 777 0 1 2 3 778 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 779 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 780 | 5 | x + 5 |O| Error Code | 781 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 782 | Error subcode | ... | 783 +-+-+-+-+-+-+-+-+ | 784 | Data | 785 | ... | 786 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 788 Type 789 The Notification TLV is type 5. 791 Length 792 Length is a two octet field with value x + 5, where x is 793 the length of the notification data field. 795 O-bit 796 Open-bit. If clear, the connection will be closed. 798 Error code 799 This 7-bit unsigned integer indicates the type of Notification. 800 The following Error Codes have been defined: 802 Error Code Symbolic Name Reference 804 1 Message Header Error Section 17.1 805 2 SA-Request Error Section 17.2 806 3 SA-Message/SA-Response Error Section 17.3 807 4 Hold Timer Expired Section 17.4 808 5 Finite State Machine Error Section 17.5 809 6 Notification Section 17.6 810 7 Cease Section 17.7 812 Error subcode: 813 This one-octet unsigned integer provides more specific information 814 about the reported error. Each Error Code may have one or more Error 815 Subcodes associated with it. If no appropriate Error Subcode is 816 defined, then a zero (Unspecific) value is used for the Error Subcode 817 field, and the O-bit must be cleared (i.e. the connection will be 818 closed). The used notation in the error description below is: MC = 819 Must Close connection = O-bit clear; CC = Can Close connection = 820 O-bit MAY be cleared. 822 Message Header Error subcodes: 824 0 - Unspecific (MC) 825 2 - Bad Message Length (MC) 826 3 - Bad Message Type (CC) 828 SA-Request Error subcodes (the O-bit is always clear): 830 0 - Unspecific (MC) 831 1 - Invalid Group (MC) 833 SA-Message/SA-Response Error subcodes 835 0 - Unspecific (MC) 836 1 - Invalid Entry Count (CC) 837 2 - Invalid RP Address (MC) 838 3 - Invalid Group Address (MC) 839 4 - Invalid Source Address (MC) 840 5 - Invalid Sprefix Length (MC) 841 6 - Looping SA (Self is RP) (MC) 842 7 - Unknown Encapsulation (MC) 843 8 - Administrative Scope Boundary Violated (MC) 845 Hold Timer Expired subcodes (the O-bit is always clear): 847 0 - Unspecific (MC) 849 Finite State Machine Error subcodes (the O-bit is always clear): 851 0 - Unspecific (MC) 852 1 - Unexpected Message Type FSM Error (MC) 854 Notification subcodes (the O-bit is always clear): 856 0 - Unspecific (MC) 858 Cease subcodes (the O-bit is always clear): 860 0 - Unspecific (MC) 862 17. MSDP Error Handling 864 This section describes actions to be taken when errors are detected 865 while processing MSDP messages. MSDP Error Handling is similar to 866 that of BGP [RFC1771]. 868 When any of the conditions described here are detected, a 869 Notification message with the indicated Error Code, Error Subcode, 870 and Data fields is sent. In addition, the MSDP connection MAY be 871 closed. If no Error Subcode is specified, then a zero (Unspecific) 872 must be used. 874 The phrase "the MSDP connection is closed" means that the transport 875 protocol connection has been closed and that all resources for that 876 MSDP connection have been deallocated. 878 17.1. Message Header Error Handling 880 All errors detected while processing the Message Header are indicated 881 by sending the Notification message with Error Code Message Header 882 Error. The Error Subcode describes the specific nature of the error. 883 The Data field contains the erroneous Message (including the message 884 header). 886 If the Length field of the message header is less than 4 or greater 887 than 9192, or the length of a KeepAlive message is not equal to 3, 888 then the Error Subcode is set to Bad Message Length. 890 If the Type field of the message header is not recognized, then the 891 Error Subcode is set to Bad Message Type. 893 17.2. SA-Request Error Handling 895 The SA-Request Error code is used to signal the receipt of a SA 896 request at a MSDP peer when an invalid group address requested. 898 When a MSDP peer receives a request for an invalid group, it returns 899 the following notification: 901 0 1 2 3 902 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 903 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 904 | 5 | 12 |O| 2 | 905 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 906 | 1 | Reserved | 907 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 908 | Group Address | 909 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 911 17.3. SA-Message/SA-Response Error Handling 913 The SA-Message/SA-Response Error code is used to signal the receipt 914 of a erroneous SA Message at an MSDP peer, or the receipt of an SA- 915 Response Message by a peer that did not issue a SA-Request. It has 916 the following form: 918 17.3.1. Invalid Entry Count (IEC) 920 0 1 2 3 921 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 922 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 923 | 5 | 6 |O| 3 | 924 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 925 | 1 | Entry Count | 926 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 928 17.3.2. Invalid RP Address 930 0 1 2 3 931 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 932 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 933 | 5 | 12 |O| 3 | 934 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 935 | 2 | Reserved | 936 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 937 | RP Address | 938 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 940 17.3.3. Invalid Group Address 942 0 1 2 3 943 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 944 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 945 | 5 | 12 |O| 3 | 946 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 947 | 3 | Reserved | 948 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 949 | Group Address | 950 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 952 17.3.4. Invalid Source Address 954 0 1 2 3 955 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 956 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 957 | 5 | 12 |O| 3 | 958 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 959 | 4 | Reserved | 960 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 961 | Source Address | 962 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 964 17.3.5. Invalid Sprefix Length (ISL) 966 0 1 2 3 967 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 968 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 969 | 5 | 6 |O| 3 | 970 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 971 | 5 | Sprefix Len | 972 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 974 17.3.6. Looping SAs (Self is RP in received SA) 976 0 1 2 3 977 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 978 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 979 | 5 | x + 5 |O| 3 | 980 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 981 | 6 | SA Message .... 982 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 984 Length x 985 x is the length of the looping SA message contained in the data 986 field of the Notification message. 988 17.3.7. Unknown Encapsulation 990 This notification is sent on receipt of SA data that is encapsulated 991 in an unknown encapsulation type. See section 18 for known 992 encapsulations. 994 0 1 2 3 995 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 996 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 997 | 5 | x + 5 |O| 3 | 998 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 999 | 7 | SA Message .... 1000 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1002 Length x 1003 x is the length of the SA message (which contained data which 1004 was encapsulated in some unknown way) that is contained in the 1005 data field of the Notification message. 1007 17.3.8. Administrative Scope Boundary Violated 1009 This notification is used when an SA message is received for a group 1010 G from a peer which is across an administrative scope boundary for G. 1012 0 1 2 3 1013 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1014 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1015 | 5 | 12 |O| 3 | 1016 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1017 | 8 | Reserved | 1018 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1019 | Group Address | 1020 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1022 17.4. Hold Time Expired 1024 If a system has not received any MSDP message within the period 1025 specified in the Hold Timer, the notification message with Hold Timer 1026 Expired Error Code and no additional data MUST be sent and the MSDP 1027 connection closed. 1029 17.5. Finite State Machine Error Handling 1031 Any error detected by the MSDP Finite State Machine (e.g., receipt of 1032 an unexpected event) is indicated by sending the Notification message 1033 with Error Code Finite State Machine Error. 1035 17.6. Notification Message Error Handling 1037 If a node sends a Notification message, and there is an error in that 1038 message, and the O-bit of that message is not clear, a Notification 1039 with O-bit clear, Error Code of Notification Error, and subcode 1040 Unspecific must be sent. In addition, the Data field must include 1041 the Notification message that triggered the error. However, if the 1042 erroneous Notification message had the O-bit clear, then any error, 1043 such as an unrecognized Error Code or Error Subcode, should be 1044 noticed, logged locally, and brought to the attention of the 1045 administrator of the remote node. 1047 17.7. Cease 1049 In absence of any fatal errors (that are indicated in this section), 1050 an MSDP node may choose at any given time to close its MSDP 1051 connection by sending the Notification message with Error Code Cease. 1052 However, the Cease Notification message MUST NOT be used when a fatal 1053 error indicated by this section does exist. 1055 18. SA Data Encapsulation 1057 This section describes UDP, GRE, and TCP encapsulation of data 1058 packets to be included with SA messages. Encapsulation type is a 1059 configuration option. 1061 18.1. UDP Data Encapsulation 1063 Data packets MAY be encapsulated in UDP. In this case, the UDP 1064 pseudo-header has the following form: 1066 0 1 2 3 1067 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1068 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1069 | Source Port | Destination Port | 1070 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1071 | Length | Checksum | 1072 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1073 | Origin RP Address | 1074 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1076 The Source port, Destination Port, Length, and Checksum are used 1077 according to RFC 768. Source and Destination ports are known via 1078 an implementation-specific method (e.g. per-peer configuration). 1080 Checksum 1081 The checksum is computed according to RFC 768 [RFC768]. 1083 Originating RP Address 1084 The Originating RP Address is the address of the RP sending 1085 the encapsulated data. 1087 18.2. GRE Encapsulation 1089 MSDP SA-data MAY be encapsulated in GRE using protocol type [MSDP- 1090 GRE-ProtocolType]. The GRE header and payload packet have the 1091 following form: 1093 0 1 2 3 1094 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1095 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1096 |C| Reserved0 | Ver | [MSDP-GRE-ProtocolType] |\ 1097 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ GRE Header 1098 | Checksum (optional) | Reserved1 |/ 1099 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1100 | Originating RP IPv4 Address |\ 1101 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Payload 1102 | (S,G) Data Packet .... / 1103 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1105 18.2.1. Encapsulation and Path MTU Discovery [RFC1191] 1107 Existing implementations of GRE, when using IPv4 as the Delivery 1108 Header, do not implement Path MTU discovery and do not set the Don't 1109 Fragment bit in the Delivery Header. This can cause large packets to 1110 become fragmented within the tunnel and reassembled at the tunnel 1111 exit (independent of whether the payload packet is using PMTU). If a 1112 tunnel entry point were to use Path MTU discovery, however, that 1113 tunnel entry point would also need to relay ICMP unreachable error 1114 messages (in particular the "fragmentation needed and DF set" code) 1115 back to the originator of the packet, which is not required by the 1116 GRE specification [RFC2784]. Failure to properly relay Path MTU 1117 information to an originator can result in the following behavior: 1118 the originator sets the don't fragment bit, the packet gets dropped 1119 within the tunnel, but since the originator doesn't receive proper 1120 feedback, it retransmits with the same PMTU, causing subsequently 1121 transmitted packets to be dropped. 1123 18.3. TCP Data Encapsulation 1125 As discussed earlier, encapsulation of data in SA messages MAY be 1126 supported for backwards compatibility with legacy MSDP peers. 1128 19. IANA Considerations 1130 The IANA should assign 0x0009 from the IANA SNAP Protocol IDs [IANA] 1131 to MSDP-GRE-ProtocolType. 1133 20. Security Considerations 1135 An MSDP implementation MUST use IPsec [RFC2401] to secure control 1136 messages. In particular, the TCP connection between MSDP peers MUST 1137 be secured using IPsec. When encapsulating data packets in GRE, 1138 security should be relatively similar to security in a normal IPv4 1139 network, as routing using GRE follows the same routing that IPv4 uses 1140 natively. Route filtering will remain unchanged. However packet 1141 filtering at a firewall requires either that a firewall look inside 1142 the GRE packet or that the filtering is done on the GRE tunnel 1143 endpoints. In those environments in which this is considered to be a 1144 security issue it may be desirable to terminate the tunnel at the 1145 firewall. 1147 21. Acknowledgments 1149 The editors would like to thank the original authors, Dino Farinacci, 1150 Yakov Rehkter, Peter Lothberg, Hank Kilmer, and Jermey Hall for their 1151 orginal contribution to the MSDP specification. In addition, Bill 1152 Nickless, John Meylor, Liming Wei, Manoj Leelanivas, Mark Turner, 1153 John Zwiebel, Cristina Radulescu-Banu, Brian Edwards, Selina 1154 Priestley and IJsbrand Wijnands provided useful and productive design 1155 feedback and comments. In addition to many other contributions, Tom 1156 Pusateri, Kristofer Warell, Henning Eriksson, and Thomas Eriksson 1157 helped to clarify the connection state machine, Dave Thaler helped to 1158 clarify the Notification message types. Ravi Shekhar helped clarify 1159 the semantics of mesh-groups, and countless others helped to clarify 1160 the Peer-RPF rules. 1162 22. Editors' Address: 1164 David Meyer 1165 Sprint 1166 12502 Sunrise Valley Drive 1167 Reston VA, 20191 1168 Email: dmm@sprint.net 1170 Bill Fenner 1171 AT&T Labs -- Research 1172 75 Willow Road 1173 Menlo Park, CA 94025 1174 Email: fenner@research.att.com 1176 23. REFERENCES 1178 [IANA] http://www.iana.org 1180 [RFC768] Postel, J. "User Datagram Protocol", RFC 768, August, 1181 1980. 1183 [RFC1191] Mogul, J., and S. Deering, "Path MTU Discovery", 1184 RFC 1191, November 1990. 1186 [RFC1771] Rekhter, Y., and T. Li, "A Border Gateway Protocol 4 1187 (BGP-4)", RFC 1771, March 1995. 1189 [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate 1190 Requirement Levels", RFC 2119, March, 1997. 1192 [RFC2283] Bates, T., Chandra, R., Katz, D., and Y. Rekhter., 1193 "Multiprotocol Extensions for BGP-4", RFC 2283, 1194 February 1998. 1196 [RFC2362] Estrin D., et al., "Protocol Independent Multicast - 1197 Sparse Mode (PIM-SM): Protocol Specification", RFC 1198 2362, June 1998. 1200 [RFC2365] Meyer, D. "Administratively Scoped IP Multicast", RFC 1201 2365, July, 1998. 1203 [RFC2401] Kent, S. and R. Atkinson, "Security Architecture for 1204 the Internet Protocol", RFC 2401, November 1998. 1206 [RFC2784] Farinacci, D., et al., "Generic Routing Encapsulation 1207 (GRE)", RFC 2784, March 2000. 1209 24. Full Copyright Statement 1211 Copyright (C) The Internet Society (2001). All Rights Reserved. 1213 This document and translations of it may be copied and furnished to 1214 others, and derivative works that comment on or otherwise explain it 1215 or assist in its implementation may be prepared, copied, published 1216 and distributed, in whole or in part, without restriction of any 1217 kind, provided that the above copyright notice and this paragraph are 1218 included on all such copies and derivative works. However, this 1219 document itself may not be modified in any way, such as by removing 1220 the copyright notice or references to the Internet Society or other 1221 Internet organizations, except as needed for the purpose of 1222 developing Internet standards in which case the procedures for 1223 copyrights defined in the Internet Standards process must be 1224 followed, or as required to translate it into languages other than 1225 English. 1227 The limited permissions granted above are perpetual and will not be 1228 revoked by the Internet Society or its successors or assigns. 1230 This document and the information contained herein is provided on an 1231 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 1232 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 1233 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 1234 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 1235 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.