idnits 2.17.1 draft-ietf-pim-3376bis-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 7 instances of lines with multicast IPv4 addresses in the document. If these are generic example addresses, they should be changed to use the 233.252.0.x range defined in RFC 5771 Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (April 2022) is 743 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 686 -- Looks like a reference, but probably isn't: '2' on line 688 == Missing Reference: 'N' is mentioned on line 694, but not defined == Missing Reference: 'M' is mentioned on line 672, but not defined ** Obsolete normative reference: RFC 2402 (Obsoleted by RFC 4302, RFC 4305) == Outdated reference: A later version (-01) exists of draft-haberman-pim-3228bis-00 Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group B. Haberman, Ed. 3 Internet-Draft JHU APL 4 Obsoletes: 3376 (if approved) April 2022 5 Intended status: Standards Track 6 Expires: 14 October 2022 8 Internet Group Management Protocol, Version 3 9 draft-ietf-pim-3376bis-02 11 Abstract 13 This document specifies a revised Version 3 of the Internet Group 14 Management Protocol, IGMPv3. IGMP is the protocol used by IPv4 15 systems to report their IP multicast group memberships to neighboring 16 multicast routers. Version 3 of IGMP adds support for source 17 filtering, that is, the ability for a system to report interest in 18 receiving packets only from specific source addresses, or from all 19 but specific source addresses, sent to a particular multicast 20 address. That information may be used by multicast routing protocols 21 to avoid delivering multicast packets from specific sources to 22 networks where there are no interested receivers. 24 This document obsoletes RFC 3376. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at https://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on 3 October 2022. 43 Copyright Notice 45 Copyright (c) 2022 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 50 license-info) in effect on the date of publication of this document. 51 Please review these documents carefully, as they describe your rights 52 and restrictions with respect to this document. Code Components 53 extracted from this document must include Revised BSD License text as 54 described in Section 4.e of the Trust Legal Provisions and are 55 provided without warranty as described in the Revised BSD License. 57 Table of Contents 59 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 60 2. The Service Interface for Requesting IP Multicast 61 Reception . . . . . . . . . . . . . . . . . . . . . . . . 5 62 3. Multicast Reception State Maintained by Systems . . . . . . . 6 63 3.1. Socket State . . . . . . . . . . . . . . . . . . . . . . 7 64 3.2. Interface State . . . . . . . . . . . . . . . . . . . . . 7 65 4. Message Formats . . . . . . . . . . . . . . . . . . . . . . . 9 66 4.1. Membership Query Message . . . . . . . . . . . . . . . . 10 67 4.1.1. Max Resp Code . . . . . . . . . . . . . . . . . . . . 11 68 4.1.2. Checksum . . . . . . . . . . . . . . . . . . . . . . 12 69 4.1.3. Group Address . . . . . . . . . . . . . . . . . . . . 12 70 4.1.4. Flags . . . . . . . . . . . . . . . . . . . . . . . . 12 71 4.1.5. S Flag (Suppress Router-Side Processing) . . . . . . 12 72 4.1.6. QRV (Querier's Robustness Variable) . . . . . . . . . 12 73 4.1.7. QQIC (Querier's Query Interval Code) . . . . . . . . 12 74 4.1.8. Number of Sources (N) . . . . . . . . . . . . . . . . 13 75 4.1.9. Source Address [i] . . . . . . . . . . . . . . . . . 13 76 4.1.10. Additional Data . . . . . . . . . . . . . . . . . . . 13 77 4.1.11. Query Variants . . . . . . . . . . . . . . . . . . . 14 78 4.1.12. IP Destination Addresses for Queries . . . . . . . . 14 79 4.2. Version 3 Membership Report Message . . . . . . . . . . . 14 80 4.2.1. Reserved . . . . . . . . . . . . . . . . . . . . . . 16 81 4.2.2. Checksum . . . . . . . . . . . . . . . . . . . . . . 16 82 4.2.3. Flags . . . . . . . . . . . . . . . . . . . . . . . . 16 83 4.2.4. Number of Group Records (M) . . . . . . . . . . . . . 16 84 4.2.5. Group Record . . . . . . . . . . . . . . . . . . . . 17 85 4.2.6. Record Type . . . . . . . . . . . . . . . . . . . . . 17 86 4.2.7. Aux Data Len . . . . . . . . . . . . . . . . . . . . 17 87 4.2.8. Number of Sources (N) . . . . . . . . . . . . . . . . 17 88 4.2.9. Multicast Address . . . . . . . . . . . . . . . . . . 17 89 4.2.10. Source Address [i] . . . . . . . . . . . . . . . . . 17 90 4.2.11. Auxiliary Data . . . . . . . . . . . . . . . . . . . 17 91 4.2.12. Additional Data . . . . . . . . . . . . . . . . . . . 18 92 4.2.13. Group Record Types . . . . . . . . . . . . . . . . . 18 93 4.2.14. IP Source Addresses for Reports . . . . . . . . . . . 19 94 4.2.15. IP Destination Addresses for Reports . . . . . . . . 20 95 4.2.16. Notation for Group Records . . . . . . . . . . . . . 20 96 4.2.17. Membership Report Size . . . . . . . . . . . . . . . 20 97 5. Description of the Protocol for Group Members . . . . . . . . 21 98 5.1. Action on Change of Interface State . . . . . . . . . . . 22 99 5.2. Action on Reception of a Query . . . . . . . . . . . . . 24 100 6. Description of the Protocol for Multicast Routers . . . . . . 27 101 6.1. Conditions for IGMP Queries . . . . . . . . . . . . . . . 27 102 6.2. IGMP State Maintained by Multicast Routers . . . . . . . 28 103 6.2.1. Definition of Router Filter-Mode . . . . . . . . . . 29 104 6.2.2. Definition of Group Timers . . . . . . . . . . . . . 30 105 6.2.3. Definition of Source Timers . . . . . . . . . . . . . 31 106 6.3. IGMPv3 Source-Specific Forwarding Rules . . . . . . . . . 31 107 6.4. Action on Reception of Reports . . . . . . . . . . . . . 32 108 6.4.1. Reception of Current-State Records . . . . . . . . . 32 109 6.4.2. Reception of Filter-Mode-Change and Source-List-Change 110 Records . . . . . . . . . . . . . . . . . . . . . . . 34 111 6.5. Switching Router Filter-Modes . . . . . . . . . . . . . . 35 112 6.6. Action on Reception of Queries . . . . . . . . . . . . . 36 113 6.6.1. Timer Updates . . . . . . . . . . . . . . . . . . . . 36 114 6.6.2. Querier Election . . . . . . . . . . . . . . . . . . 36 115 6.6.3. Building and Sending Specific Queries . . . . . . . . 37 116 7. Interoperation With Older Versions of IGMP . . . . . . . . . 38 117 7.1. Query Version Distinctions . . . . . . . . . . . . . . . 38 118 7.2. Group Member Behavior . . . . . . . . . . . . . . . . . . 38 119 7.2.1. In the Presence of Older Version Queriers . . . . . . 38 120 7.2.2. In the Presence of Older Version Group Members . . . 40 121 7.3. Multicast Router Behavior . . . . . . . . . . . . . . . . 40 122 7.3.1. In the Presence of Older Version Queriers . . . . . . 40 123 7.3.2. In the Presence of Older Version Group Members . . . 40 124 8. List of Timers, Counters and Their Default Values . . . . . . 42 125 8.1. Robustness Variable . . . . . . . . . . . . . . . . . . . 43 126 8.2. Query Interval . . . . . . . . . . . . . . . . . . . . . 43 127 8.3. Query Response Interval . . . . . . . . . . . . . . . . . 43 128 8.4. Group Membership Interval . . . . . . . . . . . . . . . . 43 129 8.5. Other Querier Present Interval . . . . . . . . . . . . . 43 130 8.6. Startup Query Interval . . . . . . . . . . . . . . . . . 44 131 8.7. Startup Query Count . . . . . . . . . . . . . . . . . . . 44 132 8.8. Last Member Query Interval . . . . . . . . . . . . . . . 44 133 8.9. Last Member Query Count . . . . . . . . . . . . . . . . . 44 134 8.10. Last Member Query Time . . . . . . . . . . . . . . . . . 44 135 8.11. Unsolicited Report Interval . . . . . . . . . . . . . . . 44 136 8.12. Older Version Querier Present Interval . . . . . . . . . 45 137 8.13. Older Host Present Interval . . . . . . . . . . . . . . . 45 138 8.14. Configuring Timers . . . . . . . . . . . . . . . . . . . 45 139 8.14.1. Robustness Variable . . . . . . . . . . . . . . . . 45 140 8.14.2. Query Interval . . . . . . . . . . . . . . . . . . . 46 141 8.14.3. Max Response Time . . . . . . . . . . . . . . . . . 46 142 9. Security Considerations . . . . . . . . . . . . . . . . . . . 46 143 9.1. Query Message . . . . . . . . . . . . . . . . . . . . . . 47 144 9.2. Current-State Report messages . . . . . . . . . . . . . . 47 145 9.3. State-Change Report Messages . . . . . . . . . . . . . . 48 146 9.4. 9.4. IPSEC Usage . . . . . . . . . . . . . . . . . . . . 49 147 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 49 148 11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 50 149 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 50 150 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 50 151 13.1. Normative References . . . . . . . . . . . . . . . . . . 50 152 13.2. Informative References . . . . . . . . . . . . . . . . . 51 153 Appendix A. Design Rationale . . . . . . . . . . . . . . . . . . 51 154 A.1. The Need for State-Change Messages . . . . . . . . . . . 51 155 A.2. Host Suppression . . . . . . . . . . . . . . . . . . . . 52 156 A.3. Switching Router Filter Modes from EXCLUDE to INCLUDE . . 52 157 Appendix B. Summary of Changes from IGMPv2 . . . . . . . . . . . 53 158 Appendix C. Summary of Changes from RFC 3376 . . . . . . . . . . 53 159 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 54 161 1. Introduction 163 The Internet Group Management Protocol (IGMP) is used by IPv4 systems 164 (hosts and routers) to report their IP multicast group memberships to 165 any neighboring multicast routers. Note that an IP multicast router 166 may itself be a member of one or more multicast groups, in which case 167 it performs both the multicast router part of the protocol (to 168 collect the membership information needed by its multicast routing 169 protocol) and the group member part of the protocol (to inform itself 170 and other, neighboring multicast routers of its memberships). 172 IGMP is also used for other IP multicast management functions, using 173 message types other than those used for group membership reporting. 174 This document specifies only the group membership reporting functions 175 and messages. 177 This document specifies Version 3 of IGMP. Version 1, specified in 178 [RFC1112], was the first widely-deployed version and the first 179 version to become an Internet Standard. Version 2, specified in 180 [RFC2236], added support for low leave latency, that is, a reduction 181 in the time it takes for a multicast router to learn that there are 182 no longer any members of a particular group present on an attached 183 network. Version 3 adds support for source filtering, that is, the 184 ability for a system to report interest in receiving packets only 185 from specific source addresses, as required to support Source- 186 Specific Multicast [RFC3569], or from all but specific source 187 addresses, sent to a particular multicast address. Version 3 is 188 designed to be interoperable with Versions 1 and 2. 190 This document obsoletes [RFC3376]. 192 The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL", 193 "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and 194 "OPTIONAL" in this document are to be interpreted as described in 195 [RFC2119]. 197 2. The Service Interface for Requesting IP Multicast Reception 199 Within an IP system, there is (at least conceptually) a service 200 interface used by upper-layer protocols or application programs to 201 ask the IP layer to enable and disable reception of packets sent to 202 specific IP multicast addresses. In order to take full advantage of 203 the capabilities of IGMPv3, a system's IP service interface must 204 support the following operation: 206 IPMulticastListen ( socket, interface, multicast-address, 207 filter-mode, source-list ) 209 where: 211 * "socket" is an implementation-specific parameter used to 212 distinguish among different requesting entities (e.g., programs or 213 processes) within the system; the socket parameter of BSD Unix 214 system calls is a specific example. 216 * "interface" is a local identifier of the network interface on 217 which reception of the specified multicast address is to be 218 enabled or disabled. Interfaces may be physical (e.g., an 219 Ethernet interface) or virtual (e.g., the endpoint of a Frame 220 Relay virtual circuit or the endpoint of an IP-in-IP "tunnel"). 221 An implementation may allow a special "unspecified" value to be 222 passed as the interface parameter, in which case the request would 223 apply to the "primary" or "default" interface of the system 224 (perhaps established by system configuration). If reception of 225 the same multicast address is desired on more than one interface, 226 IPMulticastListen is invoked separately for each desired 227 interface. 229 * "multicast-address" is the IP multicast address, or group, to 230 which the request pertains. If reception of more than one 231 multicast address on a given interface is desired, 232 IPMulticastListen is invoked separately for each desired multicast 233 address. 235 * "filter-mode" may be either INCLUDE or EXCLUDE. In INCLUDE mode, 236 reception of packets sent to the specified multicast address is 237 requested only from those IP source addresses listed in the 238 source-list parameter. In EXCLUDE mode, reception of packets sent 239 to the given multicast address is requested from all IP source 240 addresses except those listed in the source-list parameter. 242 * "source-list" is an unordered list of zero or more IP unicast 243 addresses from which multicast reception is desired or not 244 desired, depending on the filter mode. An implementation MAY 245 impose a limit on the size of source lists, but that limit MUST 246 NOT be less than 64 addresses per list. When an operation causes 247 the source list size limit to be exceeded, the service interface 248 MUST return an error. 250 For a given combination of socket, interface, and multicast address, 251 only a single filter mode and source list can be in effect at any one 252 time. However, either the filter mode or the source list, or both, 253 may be changed by subsequent IPMulticastListen requests that specify 254 the same socket, interface, and multicast address. Each subsequent 255 request completely replaces any earlier request for the given socket, 256 interface and multicast address. 258 Previous versions of IGMP did not support source filters and had a 259 simpler service interface consisting of Join and Leave operations to 260 enable and disable reception of a given multicast address (from all 261 sources) on a given interface. The equivalent operations in the new 262 service interface follow: 264 The Join operation is equivalent to: 266 IPMulticastListen ( socket, interface, multicast-address, 267 EXCLUDE, {} ) 269 and the Leave operation is equivalent to: 271 IPMulticastListen ( socket, interface, multicast-address, 272 INCLUDE, {} ) 274 where {} is an empty source list. 276 An example of an API providing the capabilities outlined in this 277 service interface is in [RFC3678]. 279 3. Multicast Reception State Maintained by Systems 280 3.1. Socket State 282 For each socket on which IPMulticastListen has been invoked, the 283 system records the desired multicast reception state for that socket. 284 That state conceptually consists of a set of records of the form: 286 (interface, multicast-address, filter-mode, source-list) 288 The socket state evolves in response to each invocation of 289 IPMulticastListen on the socket, as follows: 291 * If the requested filter mode is INCLUDE and the requested source 292 list is empty, then the entry corresponding to the requested 293 interface and multicast address is deleted if present. If no such 294 entry is present, the request is ignored. 296 * If the requested filter mode is EXCLUDE or the requested source 297 list is non-empty, then the entry corresponding to the requested 298 interface and multicast address, if present, is changed to contain 299 the requested filter mode and source list. If no such entry is 300 present, a new entry is created, using the parameters specified in 301 the request. 303 3.2. Interface State 305 In addition to the per-socket multicast reception state, a system 306 must also maintain or compute multicast reception state for each of 307 its interfaces. That state conceptually consists of a set of records 308 of the form: 310 (multicast-address, filter-mode, source-list) 312 At most one record per multicast-address exists for a given 313 interface. This per-interface state is derived from the per-socket 314 state, but may differ from the per-socket state when different 315 sockets have differing filter modes and/or source lists for the same 316 multicast address and interface. For example, suppose one 317 application or process invokes the following operation on socket s1: 319 IPMulticastListen ( s1, i, m, INCLUDE, {a, b, c} ) 321 requesting reception on interface i of packets sent to multicast 322 address m, only if they come from source a, b, or c. Suppose another 323 application or process invokes the following operation on socket s2: 325 IPMulticastListen ( s2, i, m, INCLUDE, {b, c, d} ) 327 requesting reception on the same interface i of packets sent to the 328 same multicast address m, only if they come from sources b, c, or d. 329 In order to satisfy the reception requirements of both sockets, it is 330 necessary for interface i to receive packets sent to m from any one 331 of the sources a, b, c, or d. Thus, in this example, the reception 332 state of interface i for multicast address m has filter mode INCLUDE 333 and source list {a, b, c, d}. 335 After a multicast packet has been accepted from an interface by the 336 IP layer, its subsequent delivery to the application or process 337 listening on a particular socket depends on the multicast reception 338 state of that socket [and possibly also on other conditions, such as 339 what transport-layer port the socket is bound to]. So, in the above 340 example, if a packet arrives on interface i, destined to multicast 341 address m, with source address a, it will be delivered on socket s1 342 but not on socket s2. Note that IGMP Queries and Reports are not 343 subject to source filtering and must always be processed by hosts and 344 routers. 346 Filtering of packets based upon a socket's multicast reception state 347 is a new feature of this service interface. The previous service 348 interface [RFC1112] described no filtering based upon multicast join 349 state; rather, a join on a socket simply caused the host to join a 350 group on the given interface, and packets destined for that group 351 could be delivered to all sockets whether they had joined or not. 353 The general rules for deriving the per-interface state from the per- 354 socket state are as follows: For each distinct (interface, multicast- 355 address) pair that appears in any socket state, a per- interface 356 record is created for that multicast address on that interface. 357 Considering all socket records containing the same (interface, 358 multicast-address) pair, 360 * if any such record has a filter mode of EXCLUDE, then the filter 361 mode of the interface record is EXCLUDE, and the source list of 362 the interface record is the intersection of the source lists of 363 all socket records in EXCLUDE mode, minus those source addresses 364 that appear in any socket record in INCLUDE mode. For example, if 365 the socket records for multicast address m on interface i are: 367 from socket s1: ( i, m, EXCLUDE, {a, b, c, d} ) 369 from socket s2: ( i, m, EXCLUDE, {b, c, d, e} ) 371 from socket s3: ( i, m, INCLUDE, {d, e, f} ) 373 then the corresponding interface record on interface i is: 375 ( m, EXCLUDE, {b, c} ) 377 If a fourth socket is added, such as: 379 from socket s4: ( i, m, EXCLUDE, {} ) 381 then the interface record becomes: 383 ( m, EXCLUDE, {} ) 385 * if all such records have a filter mode of INCLUDE, then the filter 386 mode of the interface record is INCLUDE, and the source list of 387 the interface record is the union of the source lists of all the 388 socket records. For example, if the socket records for multicast 389 address m on interface i are: 391 from socket s1: ( i, m, INCLUDE, {a, b, c} ) 393 from socket s2: ( i, m, INCLUDE, {b, c, d} ) 395 from socket s3: ( i, m, INCLUDE, {e, f} ) 397 then the corresponding interface record on interface i is: 399 ( m, INCLUDE, {a, b, c, d, e, f} ) 401 An implementation MUST NOT use an EXCLUDE interface record to 402 represent a group when all sockets for this group are in INCLUDE 403 state. If system resource limits are reached when an interface 404 state source list is calculated, an error MUST be returned to the 405 application which requested the operation. 407 The above rules for deriving the interface state are (re-)evaluated 408 whenever an IPMulticastListen invocation modifies the socket state by 409 adding, deleting, or modifying a per-socket state record. Note that 410 a change of socket state does not necessarily result in a change of 411 interface state. 413 4. Message Formats 415 IGMP messages are encapsulated in IPv4 datagrams, with an IP protocol 416 number of 2. Every IGMP message described in this document is sent 417 with an IP Time-to-Live of 1, IP Precedence of Internetwork Control 418 (e.g., Type of Service 0xc0), and carries an IP Router Alert option 419 [RFC2113] in its IP header. IGMP message types are registered per 420 [RFC3228]. 422 There are two IGMP message types of concern to the IGMPv3 protocol 423 described in this document: 425 +===================+=============================+ 426 | Type Number (hex) | Message Name | 427 +===================+=============================+ 428 | 0x11 | Membership Query | 429 +-------------------+-----------------------------+ 430 | 0x22 | Version 3 Membership Report | 431 +-------------------+-----------------------------+ 433 Table 1: New messages introduced by IGMP3 435 An implementation of IGMPv3 MUST also support the following three 436 message types, for interoperation with previous versions of IGMP (see 437 Section 7): 439 +===================+=============================+===========+ 440 | Type Number (hex) | Message Name | Reference | 441 +===================+=============================+===========+ 442 | 0x12 | Version 1 Membership Report | [RFC1112] | 443 +-------------------+-----------------------------+-----------+ 444 | 0x16 | Version 2 Membership Report | [RFC2236] | 445 +-------------------+-----------------------------+-----------+ 446 | 0x17 | Version 2 Leave Group | [RFC2236] | 447 +-------------------+-----------------------------+-----------+ 449 Table 2: Legacy IGMP messages 451 Unrecognized message types MUST be silently ignored. Other message 452 types may be used by newer versions or extensions of IGMP, by 453 multicast routing protocols, or for other uses. 455 In this document, unless otherwise qualified, the capitalized words 456 "Query" and "Report" refer to IGMP Membership Queries and IGMP 457 Version 3 Membership Reports, respectively. 459 4.1. Membership Query Message 461 Membership Queries are sent by IP multicast routers to query the 462 multicast reception state of neighboring interfaces. Queries have 463 the following format: 465 0 1 2 3 466 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 467 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 468 | Type = 0x11 | Max Resp Code | Checksum | 469 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 470 | Group Address | 471 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 472 | Flags |S| QRV | QQIC | Number of Sources (N) | 473 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 474 | Source Address [1] | 475 +- -+ 476 | Source Address [2] | 477 +- . -+ 478 . . . 479 . . . 480 +- -+ 481 | Source Address [N] | 482 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 484 Figure 1: IGMPv3 Query Message 486 4.1.1. Max Resp Code 488 The Max Resp Code field specifies the maximum time allowed before 489 sending a responding report. The actual time allowed, called the Max 490 Resp Time, is represented in units of 1/10 second and is derived from 491 the Max Resp Code as follows: 493 If Max Resp Code < 128, Max Resp Time = Max Resp Code 495 If Max Resp Code >= 128, Max Resp Code represents a floating-point 496 value as follows: 498 0 1 2 3 4 5 6 7 499 +-+-+-+-+-+-+-+-+ 500 |1| exp | mant | 501 +-+-+-+-+-+-+-+-+ 503 Max Resp Time = (mant | 0x10) << (exp + 3) 505 Figure 2: Max Resp Code Representation 507 Small values of Max Resp Time allow IGMPv3 routers to tune the "leave 508 latency" (the time between the moment the last host leaves a group 509 and the moment the routing protocol is notified that there are no 510 more members). Larger values, especially in the exponential range, 511 allow tuning of the burstiness of IGMP traffic on a network. 513 4.1.2. Checksum 515 The Checksum is the 16-bit one's complement of the one's complement 516 sum of the whole IGMP message (the entire IP payload). For computing 517 the checksum, the Checksum field is set to zero. When receiving 518 packets, the checksum MUST be verified before processing a packet 519 [RFC1071]. 521 4.1.3. Group Address 523 The Group Address field is set to zero when sending a General Query, 524 and set to the IP multicast address being queried when sending a 525 Group-Specific Query or Group-and-Source-Specific Query (see 526 Section Section 4.1.9, below). 528 4.1.4. Flags 530 The Flags field is a bitstring managed by an IANA registry defined in 531 [I-D.haberman-pim-3228bis]. 533 4.1.5. S Flag (Suppress Router-Side Processing) 535 When set to one, the S Flag indicates to any receiving multicast 536 routers that they are to suppress the normal timer updates they 537 perform upon hearing a Query. It does not, however, suppress the 538 querier election or the normal "host-side" processing of a Query that 539 a router may be required to perform as a consequence of itself being 540 a group member. 542 4.1.6. QRV (Querier's Robustness Variable) 544 If non-zero, the QRV field contains the [Robustness Variable] value 545 used by the querier, i.e., the sender of the Query. If the querier's 546 [Robustness Variable] exceeds 7, the maximum value of the QRV field, 547 the QRV is set to zero. Routers adopt the QRV value from the most 548 recently received Query as their own [Robustness Variable] value, 549 unless that most recently received QRV was zero, in which case the 550 receivers use the default [Robustness Variable] value specified in 551 section Section 8.1 or a statically configured value. 553 4.1.7. QQIC (Querier's Query Interval Code) 555 The Querier's Query Interval Code field specifies the [Query 556 Interval] used by the querier. The actual interval, called the 557 Querier's Query Interval (QQI), is represented in units of seconds 558 and is derived from the Querier's Query Interval Code as follows: 560 If QQIC < 128, QQI = QQIC 561 If QQIC >= 128, QQIC represents a floating-point value as follows: 563 0 1 2 3 4 5 6 7 564 +-+-+-+-+-+-+-+-+ 565 |1| exp | mant | 566 +-+-+-+-+-+-+-+-+ 568 QQI = (mant | 0x10) << (exp + 3) 570 Figure 3: QQIC Representation 572 Multicast routers that are not the current querier adopt the QQI 573 value from the most recently received Query as their own [Query 574 Interval] value, unless that most recently received QQI was zero, in 575 which case the receiving routers use the default [Query Interval] 576 value specified in Section 8.2. 578 4.1.8. Number of Sources (N) 580 The Number of Sources (N) field specifies how many source addresses 581 are present in the Query. This number is zero in a General Query or 582 a Group-Specific Query, and non-zero in a Group-and-Source-Specific 583 Query. This number is limited by the MTU of the network over which 584 the Query is transmitted. For example, on an Ethernet with an MTU of 585 1500 octets, the IP header including the Router Alert option consumes 586 24 octets, and the IGMP fields up to including the Number of Sources 587 (N) field consume 12 octets, leaving 1464 octets for source 588 addresses, which limits the number of source addresses to 366 589 (1464/4). 591 4.1.9. Source Address [i] 593 The Source Address [i] fields are a vector of n IP unicast addresses, 594 where n is the value in the Number of Sources (N) field. 596 4.1.10. Additional Data 598 If the Packet Length field in the IP header of a received Query 599 indicates that there are additional octets of data present, beyond 600 the fields described here, IGMPv3 implementations MUST include those 601 octets in the computation to verify the received IGMP Checksum, but 602 MUST otherwise ignore those additional octets. When sending a Query, 603 an IGMPv3 implementation MUST NOT include additional octets beyond 604 the fields described here. 606 4.1.11. Query Variants 608 There are three variants of the Query message: 610 1. A General Query is sent by a multicast router to learn the 611 complete multicast reception state of the neighboring interfaces 612 (that is, the interfaces attached to the network on which the 613 Query is transmitted). In a General Query, both the Group 614 Address field and the Number of Sources (N) field are zero. 616 2. A Group-Specific Query is sent by a multicast router to learn the 617 reception state, with respect to a single multicast address, of 618 the neighboring interfaces. In a Group-Specific Query, the Group 619 Address field contains the multicast address of interest, and the 620 Number of Sources (N) field contains zero. 622 3. A Group-and-Source-Specific Query is sent by a multicast router 623 to learn if any neighboring interface desires reception of 624 packets sent to a specified multicast address, from any of a 625 specified list of sources. In a Group-and-Source-Specific Query, 626 the Group Address field contains the multicast address of 627 interest, and the Source Address [i] fields contain the source 628 address(es) of interest. 630 4.1.12. IP Destination Addresses for Queries 632 In IGMPv3, General Queries are sent with an IP destination address of 633 224.0.0.1, the all-systems multicast address. Group-Specific and 634 Group-and-Source-Specific Queries are sent with an IP destination 635 address equal to the multicast address of interest. However, a 636 system MUST accept and process any Query whose IP Destination Address 637 field contains any of the addresses (unicast or multicast) assigned 638 to the interface on which the Query arrives. 640 4.2. Version 3 Membership Report Message 642 Version 3 Membership Reports are sent by IP systems to report (to 643 neighboring routers) the current multicast reception state, or 644 changes in the multicast reception state, of their interfaces. 645 Reports have the following format: 647 0 1 2 3 648 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 649 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 650 | Type = 0x22 | Reserved | Checksum | 651 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 652 | Flags | Number of Group Records (M) | 653 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 654 | | 655 . . 656 . Group Record [1] . 657 . . 658 | | 659 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 660 | | 661 . . 662 . Group Record [2] . 663 . . 664 | | 665 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 666 | . | 667 . . . 668 | . | 669 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 670 | | 671 . . 672 . Group Record [M] . 673 . . 674 | | 675 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 677 Figure 4: IGMPv3 Report Message 679 where each Group Record has the following internal format: 681 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 682 | Record Type | Aux Data Len | Number of Sources (N) | 683 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 684 | Multicast Address | 685 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 686 | Source Address [1] | 687 +- -+ 688 | Source Address [2] | 689 +- -+ 690 . . . 691 . . . 692 . . . 693 +- -+ 694 | Source Address [N] | 695 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 696 | | 697 . . 698 . Auxiliary Data . 699 . . 700 | | 701 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 703 Figure 5: IGMPv3 Report Group Record 705 4.2.1. Reserved 707 The Reserved field is set to zero on transmission, and ignored on 708 reception. 710 4.2.2. Checksum 712 The Checksum is the 16-bit one's complement of the one's complement 713 sum of the whole IGMP message (the entire IP payload). For computing 714 the checksum, the Checksum field is set to zero. When receiving 715 packets, the checksum MUST be verified before processing a message. 717 4.2.3. Flags 719 The Flags field is a bitstring managed by an IANA registry defined in 720 [I-D.haberman-pim-3228bis]. 722 4.2.4. Number of Group Records (M) 724 The Number of Group Records (M) field specifies how many Group 725 Records are present in this Report. 727 4.2.5. Group Record 729 Each Group Record is a block of fields containing information 730 pertaining to the sender's membership in a single multicast group on 731 the interface from which the Report is sent. 733 4.2.6. Record Type 735 See section Section 4.2.13, below. 737 4.2.7. Aux Data Len 739 The Aux Data Len field contains the length of the Auxiliary Data 740 field in this Group Record, in units of 32-bit words. It may contain 741 zero, to indicate the absence of any auxiliary data. 743 4.2.8. Number of Sources (N) 745 The Number of Sources (N) field specifies how many source addresses 746 are present in this Group Record. 748 4.2.9. Multicast Address 750 The Multicast Address field contains the IP multicast address to 751 which this Group Record pertains. 753 4.2.10. Source Address [i] 755 The Source Address [i] fields are a vector of n IP unicast addresses, 756 where n is the value in this record's Number of Sources (N) field. 758 4.2.11. Auxiliary Data 760 The Auxiliary Data field, if present, contains additional information 761 pertaining to this Group Record. The protocol specified in this 762 document, IGMPv3, does not define any auxiliary data. Therefore, 763 implementations of IGMPv3 MUST NOT include any auxiliary data (i.e., 764 MUST set the Aux Data Len field to zero) in any transmitted Group 765 Record, and MUST ignore any auxiliary data present in any received 766 Group Record. The semantics and internal encoding of the Auxiliary 767 Data field are to be defined by any future version or extension of 768 IGMP that uses this field. 770 4.2.12. Additional Data 772 If the Packet Length field in the IP header of a received Report 773 indicates that there are additional octets of data present, beyond 774 the last Group Record, IGMPv3 implementations MUST include those 775 octets in the computation to verify the received IGMP Checksum, but 776 MUST otherwise ignore those additional octets. When sending a 777 Report, an IGMPv3 implementation MUST NOT include additional octets 778 beyond the last Group Record. 780 4.2.13. Group Record Types 782 There are a number of different types of Group Records that may be 783 included in a Report message: 785 * A Current-State Record is sent by a system in response to a Query 786 received on an interface. It reports the current reception state 787 of that interface, with respect to a single multicast address. 788 The Record Type of a Current-State Record may be one of the 789 following two values: 791 1 - MODE_IS_INCLUDE - indicates that the interface has a filter 792 mode of INCLUDE for the specified multicast address. The 793 Source Address [i] fields in this Group Record contain the 794 interface's source list for the specified multicast address, 795 if it is non-empty. 797 2 - MODE_IS_EXCLUDE - indicates that the interface has a filter 798 mode of EXCLUDE for the specified multicast address. The 799 Source Address [i] fields in this Group Record contain the 800 interface's source list for the specified multicast address, 801 if it is non-empty. 803 * A Filter-Mode-Change Record is sent by a system whenever a local 804 invocation of IPMulticastListen causes a change of the filter mode 805 (i.e., a change from INCLUDE to EXCLUDE, or from EXCLUDE to 806 INCLUDE), of the interface-level state entry for a particular 807 multicast address. The Record is included in a Report sent from 808 the interface on which the change occurred. The Record Type of a 809 Filter-Mode-Change Record may be one of the following two values: 811 3 - CHANGE_TO_INCLUDE_MODE - indicates that the interface has 812 changed to INCLUDE filter mode for the specified multicast 813 address. The Source Address [i] fields in this Group Record 814 contain the interface's new source list for the specified 815 multicast address, if it is non-empty. 817 4 - CHANGE_TO_EXCLUDE_MODE - indicates that the interface has 818 changed to EXCLUDE filter mode for the specified multicast 819 address. The Source Address [i] fields in this Group Record 820 contain the interface's new source list for the specified 821 multicast address, if it is non-empty. 823 * A Source-List-Change Record is sent by a system whenever a local 824 invocation of IPMulticastListen causes a change of source list 825 that is not coincident with a change of filter mode, of the 826 interface-level state entry for a particular multicast address. 827 The Record is included in a Report sent from the interface on 828 which the change occurred. The Record Type of a Source-List- 829 Change Record may be one of the following two values: 831 5 - ALLOW_NEW_SOURCES - indicates that the Source Address [i] 832 fields in this Group Record contain a list of the additional 833 sources that the system wishes to hear from, for packets sent 834 to the specified multicast address. If the change was to an 835 INCLUDE source list, these are the addresses that were added 836 to the list; if the change was to an EXCLUDE source list, 837 these are the addresses that were deleted from the list. 839 6 - BLOCK_OLD_SOURCES - indicates that the Source Address [i] 840 fields in this Group Record contain a list of the sources 841 that the system no longer wishes to hear from, for packets 842 sent to the specified multicast address. If the change was 843 to an INCLUDE source list, these are the addresses that were 844 deleted from the list; if the change was to an EXCLUDE source 845 list, these are the addresses that were added to the list. 847 If a change of source list results in both allowing new sources and 848 blocking old sources, then two Group Records are sent for the same 849 multicast address, one of type ALLOW_NEW_SOURCES and one of type 850 BLOCK_OLD_SOURCES. 852 We use the term State-Change Record to refer to either a Filter- 853 Mode-Change Record or a Source-List-Change Record. 855 Unrecognized Record Type values MUST be silently ignored. 857 4.2.14. IP Source Addresses for Reports 859 An IGMP report is sent with a valid IP source address for the 860 destination subnet. The 0.0.0.0 source address may be used by a 861 system that has not yet acquired an IP address. Note that the 862 0.0.0.0 source address may simultaneously be used by multiple systems 863 on a LAN. Routers MUST accept a report with a source address of 864 0.0.0.0. 866 4.2.15. IP Destination Addresses for Reports 868 Version 3 Reports are sent with an IP destination address of 869 224.0.0.22, to which all IGMPv3-capable multicast routers listen. A 870 system that is operating in version 1 or version 2 compatibility 871 modes sends version 1 or version 2 Reports to the multicast group 872 specified in the Group Address field of the Report. In addition, a 873 system MUST accept and process any version 1 or version 2 Report 874 whose IP Destination Address field contains any of the addresses 875 (unicast or multicast) assigned to the interface on which the Report 876 arrives. 878 4.2.16. Notation for Group Records 880 In the rest of this document, we use the following notation to 881 describe the contents of a Group Record pertaining to a particular 882 multicast address: 884 IS_IN ( x ) - Type MODE_IS_INCLUDE, source addresses x 885 IS_EX ( x ) - Type MODE_IS_EXCLUDE, source addresses x 886 TO_IN ( x ) - Type CHANGE_TO_INCLUDE_MODE, source addresses x 887 TO_EX ( x ) - Type CHANGE_TO_EXCLUDE_MODE, source addresses x 888 ALLOW ( x ) - Type ALLOW_NEW_SOURCES, source addresses x 889 BLOCK ( x ) - Type BLOCK_OLD_SOURCES, source addresses x 891 where x is either: 893 * a capital letter (e.g., "A") to represent the set of source 894 addresses, or 896 * a set expression (e.g., "A+B"), where "A+B" means the union of 897 sets A and B, "A*B" means the intersection of sets A and B, and 898 "A-B" means the removal of all elements of set B from set A. 900 4.2.17. Membership Report Size 902 If the set of Group Records required in a Report does not fit within 903 the size limit of a single Report message (as determined by the MTU 904 of the network on which it will be sent), the Group Records are sent 905 in as many Report messages as needed to report the entire set. 907 If a single Group Record contains so many source addresses that it 908 does not fit within the size limit of a single Report message, if its 909 Type is not MODE_IS_EXCLUDE or CHANGE_TO_EXCLUDE_MODE, it is split 910 into multiple Group Records, each containing a different subset of 911 the source addresses and each sent in a separate Report message. If 912 its Type is MODE_IS_EXCLUDE or CHANGE_TO_EXCLUDE_MODE, a single Group 913 Record is sent, containing as many source addresses as can fit, and 914 the remaining source addresses are not reported; though the choice of 915 which sources to report is arbitrary, it is preferable to report the 916 same set of sources in each subsequent report, rather than reporting 917 different sources each time. 919 5. Description of the Protocol for Group Members 921 IGMP is an asymmetric protocol, specifying separate behaviors for 922 group members -- that is, hosts or routers that wish to receive 923 multicast packets -- and multicast routers. This section describes 924 the part of IGMPv3 that applies to all group members. (Note that a 925 multicast router that is also a group member performs both parts of 926 IGMPv3, receiving and responding to its own IGMP message 927 transmissions as well as those of its neighbors. The multicast 928 router part of IGMPv3 is described in Section 6.) 930 A system performs the protocol described in this section over all 931 interfaces on which multicast reception is supported, even if more 932 than one of those interfaces is connected to the same network. 934 For interoperability with multicast routers running older versions of 935 IGMP, systems maintain a MulticastRouterVersion variable for each 936 interface on which multicast reception is supported. This section 937 describes the behavior of group member systems on interfaces for 938 which MulticastRouterVersion = 3. The algorithm for determining 939 MulticastRouterVersion, and the behavior for versions other than 3, 940 are described in Section 7. 942 The all-systems multicast address, 224.0.0.1, is handled as a special 943 case. On all systems -- that is all hosts and routers, including 944 multicast routers -- reception of packets destined to the all-systems 945 multicast address, from all sources, is permanently enabled on all 946 interfaces on which multicast reception is supported. No IGMP 947 messages are ever sent regarding the all-systems multicast address. 949 There are two types of events that trigger IGMPv3 protocol actions on 950 an interface: 952 * a change of the interface reception state, caused by a local 953 invocation of IPMulticastListen. 955 * reception of a Query. 957 (Received IGMP messages of types other than Query are silently 958 ignored, except as required for interoperation with earlier versions 959 of IGMP.) 960 The following subsections describe the actions to be taken for each 961 of these two cases. In those descriptions, timer and counter names 962 appear in square brackets. The default values for those timers and 963 counters are specified in Section 8. 965 5.1. Action on Change of Interface State 967 An invocation of IPMulticastListen may cause the multicast reception 968 state of an interface to change, according to the rules in 969 Section Section 3.2. Each such change affects the per-interface 970 entry for a single multicast address. 972 A change of interface state causes the system to immediately transmit 973 a State-Change Report from that interface. The type and contents of 974 the Group Record(s) in that Report are determined by comparing the 975 filter mode and source list for the affected multicast address before 976 and after the change, according to the table below. If no interface 977 state existed for that multicast address before the change (i.e., the 978 change consisted of creating a new per-interface record), or if no 979 state exists after the change (i.e., the change consisted of deleting 980 a per-interface record), then the "non-existent" state is considered 981 to have a filter mode of INCLUDE and an empty source list. 983 +=============+=============+==========================+ 984 | Old State | New State | State-Change Record Sent | 985 +=============+=============+==========================+ 986 | INCLUDE (A) | INCLUDE (B) | ALLOW (B-A), BLOCK (A-B) | 987 +-------------+-------------+--------------------------+ 988 | EXCLUDE (A) | EXCLUDE (B) | ALLOW (A-B), BLOCK (B-A) | 989 +-------------+-------------+--------------------------+ 990 | INCLUDE (A) | EXCLUDE (B) | TO_EX (B) | 991 +-------------+-------------+--------------------------+ 992 | EXCLUDE (A) | INCLUDE (B) | TO_IN (B) | 993 +-------------+-------------+--------------------------+ 995 Table 3 997 If the computed source list for either an ALLOW or a BLOCK State- 998 Change Record is empty, that record is omitted from the Report 999 message. 1001 To cover the possibility of the State-Change Report being missed by 1002 one or more multicast routers, it is retransmitted [Robustness 1003 Variable] - 1 more times, at intervals chosen at random from the 1004 range (0, [Unsolicited Report Interval]). 1006 If more changes to the same interface state entry occur before all 1007 the retransmissions of the State-Change Report for the first change 1008 have been completed, each such additional change triggers the 1009 immediate transmission of a new State-Change Report. 1011 The contents of the new transmitted report are calculated as follows. 1012 As was done with the first report, the interface state for the 1013 affected group before and after the latest change is compared. The 1014 report records expressing the difference are built according to the 1015 table above. However these records are not transmitted in a message 1016 but instead merged with the contents of the pending report, to create 1017 the new State-Change report. The rules for merging the difference 1018 report resulting from the state change and the pending report are 1019 described below. 1021 The transmission of the merged State-Change Report terminates 1022 retransmissions of the earlier State-Change Reports for the same 1023 multicast address, and becomes the first of [Robustness Variable] 1024 transmissions of State-Change Reports. 1026 Each time a source is included in the difference report calculated 1027 above, retransmission state for that source needs to be maintained 1028 until [Robustness Variable] State-Change reports have been sent by 1029 the host. This is done in order to ensure that a series of 1030 successive state changes do not break the protocol robustness. 1032 If the interface reception-state change that triggers the new report 1033 is a filter-mode change, then the next [Robustness Variable] State- 1034 Change Reports will include a Filter-Mode-Change record. This 1035 applies even if any number of source-list changes occur in that 1036 period. The host has to maintain retransmission state for the group 1037 until the [Robustness Variable] State-Change reports have been sent. 1038 When [Robustness Variable] State-Change reports with Filter-Mode- 1039 Change records have been transmitted after the last filter-mode 1040 change, and if source-list changes to the interface reception have 1041 scheduled additional reports, then the next State-Change report will 1042 include Source-List-Change records. 1044 Each time a State-Change Report is transmitted, the contents are 1045 determined as follows. If the report should contain a Filter-Mode- 1046 Change record, then if the current filter-mode of the interface is 1047 INCLUDE, a TO_IN record is included in the report, otherwise a TO_EX 1048 record is included. If instead the report should contain Source- 1049 List-Change records, an ALLOW and a BLOCK record are included. The 1050 contents of these records are built according to the table below. 1052 +========+==============================+ 1053 | Record | Sources Included | 1054 +========+==============================+ 1055 | TO_IN | All in the current interface | 1056 | | state that must be forwarded | 1057 +--------+------------------------------+ 1058 | TO_EX | All in the current interface | 1059 | | state that must be blocked | 1060 +--------+------------------------------+ 1061 | ALLOW | All with retransmission | 1062 | | state that must be forwarded | 1063 +--------+------------------------------+ 1064 | BLOCK | All with retransmission | 1065 | | state that must be blocked | 1066 +--------+------------------------------+ 1068 Table 4 1070 If the computed source list for either an ALLOW or a BLOCK record is 1071 empty, that record is omitted from the State-Change report. 1073 Note: When the first State-Change report is sent, the non-existent 1074 pending report to merge with, can be treated as a source-change 1075 report with empty ALLOW and BLOCK records (no sources have 1076 retransmission state). 1078 5.2. Action on Reception of a Query 1080 When a system receives a Query, it does not respond immediately. 1081 Instead, it delays its response by a random amount of time, bounded 1082 by the Max Resp Time value derived from the Max Resp Code in the 1083 received Query message. A system may receive a variety of Queries on 1084 different interfaces and of different kinds (e.g., General Queries, 1085 Group-Specific Queries, and Group-and-Source-Specific Queries), each 1086 of which may require its own delayed response. 1088 Before scheduling a response to a Query, the system must first 1089 consider previously scheduled pending responses and in many cases 1090 schedule a combined response. Therefore, the system must be able to 1091 maintain the following state: 1093 * A timer per interface for scheduling responses to General Queries. 1095 * A per-group and interface timer for scheduling responses to Group- 1096 Specific and Group-and-Source-Specific Queries. 1098 * A per-group and interface list of sources to be reported in the 1099 response to a Group-and-Source-Specific Query. 1101 When a new Query with the Router-Alert option arrives on an 1102 interface, provided the system has state to report, a delay for a 1103 response is randomly selected in the range (0, [Max Resp Time]) where 1104 Max Resp Time is derived from Max Resp Code in the received Query 1105 message. The following rules are then used to determine if a Report 1106 needs to be scheduled and the type of Report to schedule. The rules 1107 are considered in order and only the first matching rule is applied. 1109 1. If there is a pending response to a previous General Query 1110 scheduled sooner than the selected delay, no additional response 1111 needs to be scheduled. 1113 2. If the received Query is a General Query, the interface timer is 1114 used to schedule a response to the General Query after the 1115 selected delay. Any previously pending response to a General 1116 Query is canceled. 1118 3. If the received Query is a Group-Specific Query or a Group-and- 1119 Source-Specific Query and there is no pending response to a 1120 previous Query for this group, then the group timer is used to 1121 schedule a report. If the received Query is a Group-and-Source- 1122 Specific Query, the list of queried sources is recorded to be 1123 used when generating a response. 1125 4. If there already is a pending response to a previous Query 1126 scheduled for this group, and either the new Query is a Group- 1127 Specific Query or the recorded source-list associated with the 1128 group is empty, then the group source-list is cleared and a 1129 single response is scheduled using the group timer. The new 1130 response is scheduled to be sent at the earliest of the remaining 1131 time for the pending report and the selected delay. 1133 5. If the received Query is a Group-and-Source-Specific Query and 1134 there is a pending response for this group with a non-empty 1135 source-list, then the group source list is augmented to contain 1136 the list of sources in the new Query and a single response is 1137 scheduled using the group timer. The new response is scheduled 1138 to be sent at the earliest of the remaining time for the pending 1139 report and the selected delay. 1141 When the timer in a pending response record expires, the system 1142 transmits, on the associated interface, one or more Report messages 1143 carrying one or more Current-State Records (see section 1144 Section 4.2.13), as follows: 1146 1. If the expired timer is the interface timer (i.e., it is a 1147 pending response to a General Query), then one Current-State 1148 Record is sent for each multicast address for which the specified 1149 interface has reception state, as described in Section 3.2. The 1150 Current- State Record carries the multicast address and its 1151 associated filter mode (MODE_IS_INCLUDE or MODE_IS_EXCLUDE) and 1152 source list. Multiple Current-State Records are packed into 1153 individual Report messages, to the extent possible. 1155 This naive algorithm may result in bursts of packets when a 1156 system is a member of a large number of groups. Instead of using 1157 a single interface timer, implementations are recommended to 1158 spread transmission of such Report messages over the interval (0, 1159 [Max Resp Time]). Note that any such implementation MUST avoid 1160 the "ack-implosion" problem, i.e., MUST NOT send a Report 1161 immediately on reception of a General Query. 1163 2. If the expired timer is a group timer and the list of recorded 1164 sources for the that group is empty (i.e., it is a pending 1165 response to a Group-Specific Query), then if and only if the 1166 interface has reception state for that group address, a single 1167 Current-State Record is sent for that address. The Current-State 1168 Record carries the multicast address and its associated filter 1169 mode (MODE_IS_INCLUDE or MODE_IS_EXCLUDE) and source list. 1171 3. If the expired timer is a group timer and the list of recorded 1172 sources for that group is non-empty (i.e., it is a pending 1173 response to a Group-and-Source-Specific Query), then if and only 1174 if the interface has reception state for that group address, the 1175 contents of the responding Current-State Record is determined 1176 from the interface state and the pending response record, as 1177 specified in the following table: 1179 +=================+=========================+===============+ 1180 | interface state | set of sources in the | Current-State | 1181 | | pending response record | Record | 1182 +=================+=========================+===============+ 1183 | INCLUDE (A) | B | IS_IN (A*B) | 1184 +-----------------+-------------------------+---------------+ 1185 | EXCLUDE (A) | B | IS_IN (B-A) | 1186 +-----------------+-------------------------+---------------+ 1188 Table 5 1190 If the resulting Current-State Record has an empty set of source 1191 addresses, then no response is sent. 1193 Finally, after any required Report messages have been generated, the 1194 source lists associated with any reported groups are cleared. 1196 6. Description of the Protocol for Multicast Routers 1198 The purpose of IGMP is to enable each multicast router to learn, for 1199 each of its directly attached networks, which multicast addresses are 1200 of interest to the systems attached to those networks. IGMP version 1201 3 adds the capability for a multicast router to also learn which 1202 sources are of interest to neighboring systems, for packets sent to 1203 any particular multicast address. The information gathered by IGMP 1204 is provided to whichever multicast routing protocol is being used by 1205 the router, in order to ensure that multicast packets are delivered 1206 to all networks where there are interested receivers. 1208 This section describes the part of IGMPv3 that is performed by 1209 multicast routers. Multicast routers may also themselves become 1210 members of multicast groups, and therefore also perform the group 1211 member part of IGMPv3, described in Section 5. 1213 A multicast router performs the protocol described in this section 1214 over each of its directly-attached networks. If a multicast router 1215 has more than one interface to the same network, it only needs to 1216 operate this protocol over one of those interfaces. On each 1217 interface over which this protocol is being run, the router MUST 1218 enable reception of multicast address 224.0.0.22, from all sources 1219 (and MUST perform the group member part of IGMPv3 for that address on 1220 that interface). 1222 Multicast routers need to know only that at least one system on an 1223 attached network is interested in packets to a particular multicast 1224 address from a particular source; a multicast router is not required 1225 to keep track of the interests of each individual neighboring system. 1226 (However, see Appendix A.2 point 1 for discussion.) 1228 IGMPv3 is backward compatible with previous versions of the IGMP 1229 protocol. In order to remain backward compatible with older IGMP 1230 systems, IGMPv3 multicast routers MUST also implement versions 1 and 1231 2 of the protocol (see section Section 7). 1233 6.1. Conditions for IGMP Queries 1235 Multicast routers send General Queries periodically to request group 1236 membership information from an attached network. These queries are 1237 used to build and refresh the group membership state of systems on 1238 attached networks. Systems respond to these queries by reporting 1239 their group membership state (and their desired set of sources) with 1240 Current-State Group Records in IGMPv3 Membership Reports. 1242 As a member of a multicast group, a system may express interest in 1243 receiving or not receiving traffic from particular sources. As the 1244 desired reception state of a system changes, it reports these changes 1245 using Filter-Mode-Change Records or Source-List-Change Records. 1246 These records indicate an explicit state change in a group at a 1247 system in either the group record's source list or its filter-mode. 1248 When a group membership is terminated at a system or traffic from a 1249 particular source is no longer desired, a multicast router must query 1250 for other members of the group or listeners of the source before 1251 deleting the group (or source) and pruning its traffic. 1253 To enable all systems on a network to respond to changes in group 1254 membership, multicast routers send specific queries. A Group- 1255 Specific Query is sent to verify there are no systems that desire 1256 reception of the specified group or to "rebuild" the desired 1257 reception state for a particular group. Group-Specific Queries are 1258 sent when a router receives a State-Change record indicating a system 1259 is leaving a group. 1261 A Group-and-Source Specific Query is used to verify there are no 1262 systems on a network which desire to receive traffic from a set of 1263 sources. Group-and-Source Specific Queries list sources for a 1264 particular group which have been requested to no longer be forwarded. 1265 This query is sent by a multicast router to learn if any systems 1266 desire reception of packets to the specified group address from the 1267 specified source addresses. Group-and-Source Specific Queries are 1268 only sent in response to State-Change Records and never in response 1269 to Current-State Records. Section 4.1.11 describes each query in 1270 more detail. 1272 6.2. IGMP State Maintained by Multicast Routers 1274 Multicast routers implementing IGMPv3 keep state per group per 1275 attached network. This group state consists of a filter-mode, a list 1276 of sources, and various timers. For each attached network running 1277 IGMP, a multicast router records the desired reception state for that 1278 network. That state conceptually consists of a set of records of the 1279 form: 1281 (multicast address, group timer, filter-mode, (source records)) 1283 Each source record is of the form: 1285 (source address, source timer) 1287 If all sources within a given group are desired, an empty source 1288 record list is kept with filter-mode set to EXCLUDE. This means 1289 hosts on this network want all sources for this group to be 1290 forwarded. This is the IGMPv3 equivalent to a IGMPv1 or IGMPv2 group 1291 join. 1293 6.2.1. Definition of Router Filter-Mode 1295 To reduce internal state, IGMPv3 routers keep a filter-mode per group 1296 per attached network. This filter-mode is used to condense the total 1297 desired reception state of a group to a minimum set such that all 1298 systems' memberships are satisfied. This filter-mode may change in 1299 response to the reception of particular types of group records or 1300 when certain timer conditions occur. In the following sections, we 1301 use the term "router filter-mode" to refer to the filter-mode of a 1302 particular group within a router. Section 6.4 describes the changes 1303 of a router filter-mode per group record received. 1305 Conceptually, when a group record is received, the router filter-mode 1306 for that group is updated to cover all the requested sources using 1307 the least amount of state. As a rule, once a group record with a 1308 filter-mode of EXCLUDE is received, the router filter-mode for that 1309 group will be EXCLUDE. 1311 When a router filter-mode for a group is EXCLUDE, the source record 1312 list contains two types of sources. The first type is the set which 1313 represents conflicts in the desired reception state; this set must be 1314 forwarded by some router on the network. The second type is the set 1315 of sources which hosts have requested to not be forwarded. 1316 Appendix A describes the reasons for keeping two different sets when 1317 in EXCLUDE mode. 1319 When a router filter-mode for a group is INCLUDE, the source record 1320 list is the list of sources desired for the group. This is the total 1321 desired set of sources for that group. Each source in the source 1322 record list must be forwarded by some router on the network. 1324 Because a reported group record with a filter-mode of EXCLUDE will 1325 cause a router to transition its filter-mode for that group to 1326 EXCLUDE, a mechanism for transitioning a router's filter-mode back to 1327 INCLUDE must exist. If all systems with a group record in EXCLUDE 1328 filter-mode cease reporting, it is desirable for the router filter- 1329 mode for that group to transition back to INCLUDE mode. This 1330 transition occurs when the group timer expires and is explained in 1331 detail in Section 6.5. 1333 6.2.2. Definition of Group Timers 1335 The group timer is only used when a group is in EXCLUDE mode and it 1336 represents the time for the filter-mode of the group to expire and 1337 switch to INCLUDE mode. We define a group timer as a decrementing 1338 timer with a lower bound of zero kept per group per attached network. 1339 Group timers are updated according to the types of group records 1340 received. 1342 A group timer expiring when a router filter-mode for the group is 1343 EXCLUDE means there are no listeners on the attached network in 1344 EXCLUDE mode. At this point, a router will transition to INCLUDE 1345 filter-mode. Section 6.5 describes the actions taken when a group 1346 timer expires while in EXCLUDE mode. 1348 The following table summarizes the role of the group timer. 1349 Section Section 6.4 describes the details of setting the group timer 1350 per type of group record received. 1352 +=============+=======+========================================+ 1353 | Group | Group | Actions/Comments | 1354 | Filter-Mode | Timer | | 1355 | | Value | | 1356 +=============+=======+========================================+ 1357 | INCLUDE | Timer | All members in INCLUDE mode. | 1358 | | >= 0 | | 1359 +-------------+-------+----------------------------------------+ 1360 | EXCLUDE | Timer | At least one member in EXCLUDE mode. | 1361 | | > 0 | | 1362 +-------------+-------+----------------------------------------+ 1363 | EXCLUDE | Timer | No more listeners to group. If all | 1364 | | == 0 | source timers have expired then delete | 1365 | | | Group Record. If there are still | 1366 | | | source record timers running, switch | 1367 | | | to INCLUDE filter-mode using those | 1368 | | | source records with running timers as | 1369 | | | the INCLUDE source record state. | 1370 +-------------+-------+----------------------------------------+ 1372 Table 6 1374 6.2.3. Definition of Source Timers 1376 A source timer is kept per source record and is a decrementing timer 1377 with a lower bound of zero. Source timers are updated according to 1378 the type and filter-mode of the group record received. Source timers 1379 are always updated (for a particular group) whenever the source is 1380 present in a received record for that group. Section 6.4 describes 1381 the setting of source timers per type of group records received. 1383 A source record with a running timer with a router filter-mode for 1384 the group of INCLUDE means that there is currently one or more 1385 systems (in INCLUDE filter-mode) which desire to receive that source. 1386 If a source timer expires with a router filter-mode for the group of 1387 INCLUDE, the router concludes that traffic from this particular 1388 source is no longer desired on the attached network, and deletes the 1389 associated source record. 1391 Source timers are treated differently when a router filter-mode for a 1392 group is EXCLUDE. If a source record has a running timer with a 1393 router filter-mode for the group of EXCLUDE, it means that at least 1394 one system desires the source. It should therefore be forwarded by a 1395 router on the network. Appendix A describes the reasons for keeping 1396 state for sources that have been requested to be forwarded while in 1397 EXCLUDE state. 1399 If a source timer expires with a router filter-mode for the group of 1400 EXCLUDE, the router informs the routing protocol that there is no 1401 longer a receiver on the network interested in traffic from this 1402 source. 1404 When a router filter-mode for a group is EXCLUDE, source records are 1405 only deleted when the group timer expires. Section 6.3 describes the 1406 actions that should be taken dependent upon the value of a source 1407 timer. 1409 6.3. IGMPv3 Source-Specific Forwarding Rules 1411 When a multicast router receives a datagram from a source destined to 1412 a particular group, a decision has to be made whether to forward the 1413 datagram onto an attached network or not. The multicast routing 1414 protocol in use is in charge of this decision, and should use the 1415 IGMPv3 information to ensure that all sources/groups desired on a 1416 subnetwork are forwarded to that subnetwork. IGMPv3 information does 1417 not override multicast routing information; for example, if the 1418 IGMPv3 filter-mode group for G is EXCLUDE, a router may still forward 1419 packets for excluded sources to a transit subnet. 1421 To summarize, the following table describes the forwarding 1422 suggestions made by IGMP to the routing protocol for traffic 1423 originating from a source destined to a group. It also summarizes 1424 the actions taken upon the expiration of a source timer based on the 1425 router filter-mode of the group. 1427 +=============+==========+=======================================+ 1428 | Group | Group | Action | 1429 | Filter-Mode | Timer | | 1430 | | Value | | 1431 +=============+==========+=======================================+ 1432 | INCLUDE | TIMER > | Suggest to forward traffic from | 1433 | | 0 | source | 1434 +-------------+----------+---------------------------------------+ 1435 | INCLUDE | TIMER == | Suggest to stop forwarding traffic | 1436 | | 0 | from source and remove source record. | 1437 | | | If there are no more source records | 1438 | | | for the group, delete group record. | 1439 +-------------+----------+---------------------------------------+ 1440 | INCLUDE | No | Suggest to not forward source | 1441 | | Source | | 1442 | | Elements | | 1443 +-------------+----------+---------------------------------------+ 1444 | EXCLUDE | TIMER > | Suggest to forward traffic from | 1445 | | 0 | source | 1446 +-------------+----------+---------------------------------------+ 1447 | EXCLUDE | TIMER == | Suggest to not forward traffic from | 1448 | | 0 | source (DO NOT remove record) | 1449 +-------------+----------+---------------------------------------+ 1450 | EXCLUDE | No | Suggest to forward traffic from | 1451 | | Source | source | 1452 | | Elements | | 1453 +-------------+----------+---------------------------------------+ 1455 Table 7 1457 6.4. Action on Reception of Reports 1459 6.4.1. Reception of Current-State Records 1461 When receiving Current-State Records, a router updates both its group 1462 and source timers. In some circumstances, the reception of a type of 1463 group record will cause the router filter-mode for that group to 1464 change. The table below describes the actions, with respect to state 1465 and timers that occur to a router's state upon reception of Current- 1466 State Records. 1468 The following notation is used to describe the updating of source 1469 timers. The notation ( A, B ) will be used to represent the total 1470 number of sources for a particular group, where 1472 A = set of source records whose source timers > 0 (Sources that at 1473 least one host has requested to be forwarded) 1474 B = set of source records whose source timers = 0 (Sources that IGMP 1475 will suggest to the routing protocol not to forward) 1477 Note that there will only be two sets when a router's filter-mode for 1478 a group is EXCLUDE. When a router's filter-mode for a group is 1479 INCLUDE, a single set is used to describe the set of sources 1480 requested to be forwarded (e.g., simply (A)). 1482 In the following tables, abbreviations are used for several variables 1483 (all of which are described in detail in Section 8). The variable 1484 GMI is an abbreviation for the Group Membership Interval, which is 1485 the time in which group memberships will time out. The variable LMQT 1486 is an abbreviation for the Last Member Query Time, which is the total 1487 time spent after Last Member Query Count retransmissions. LMQT 1488 represents the "leave latency", or the difference between the 1489 transmission of a membership change and the change in the information 1490 given to the routing protocol. 1492 Within the "Actions" section of the router state tables, we use the 1493 notation 'A=J', which means that the set A of source records should 1494 have their source timers set to value J. 'Delete A' means that the 1495 set A of source records should be deleted. 'Group Timer=J' means 1496 that the Group Timer for the group should be set to value J. 1498 Router State Report Rec'd New Router State Actions 1499 ------------ ------------ ---------------- ------- 1501 INCLUDE (A) IS_IN (B) INCLUDE (A+B) (B)=GMI 1503 INCLUDE (A) IS_EX (B) EXCLUDE (A*B,B-A) (B-A)=0 1504 Delete (A-B) 1505 Group Timer=GMI 1507 EXCLUDE (X,Y) IS_IN (A) EXCLUDE (X+A,Y-A) (A)=GMI 1509 EXCLUDE (X,Y) IS_EX (A) EXCLUDE (A-Y,Y*A) (A-X-Y)=GMI 1510 Delete (X-A) 1511 Delete (Y-A) 1512 Group Timer=GMI 1514 6.4.2. Reception of Filter-Mode-Change and Source-List-Change Records 1516 When a change in the global state of a group occurs in a system, the 1517 system sends either a Source-List-Change Record or a Filter-Mode- 1518 Change Record for that group. As with Current-State Records, routers 1519 must act upon these records and possibly change their own state to 1520 reflect the new desired membership state of the network. 1522 Routers must query sources that are requested to be no longer 1523 forwarded to a group. When a router queries or receives a query for 1524 a specific set of sources, it lowers its source timers for those 1525 sources to a small interval of Last Member Query Time seconds. If 1526 group records are received in response to the queries which express 1527 interest in receiving traffic from the queried sources, the 1528 corresponding timers are updated. 1530 Similarly, when a router queries a specific group, it lowers its 1531 group timer for that group to a small interval of Last Member Query 1532 Time seconds. If any group records expressing EXCLUDE mode interest 1533 in the group are received within the interval, the group timer for 1534 the group is updated and the suggestion to the routing protocol to 1535 forward the group stands without any interruption. 1537 During a query period (i.e., Last Member Query Time seconds), the 1538 IGMP component in the router continues to suggest to the routing 1539 protocol that it forwards traffic from the groups or sources that it 1540 is querying. It is not until after Last Member Query Time seconds 1541 without receiving a record expressing interest in the queried group 1542 or sources that the router may prune the group or sources from the 1543 network. 1545 The following table describes the changes in group state and the 1546 action(s) taken when receiving either Filter-Mode-Change or Source- 1547 List-Change Records. This table also describes the queries which are 1548 sent by the querier when a particular report is received. 1550 We use the following notation for describing the queries which are 1551 sent. We use the notation 'Q(G)' to describe a Group-Specific Query 1552 to G. We use the notation 'Q(G,A)' to describe a Group-and-Source 1553 Specific Query to G with source-list A. If source-list A is null as 1554 a result of the action (e.g., A*B) then no query is sent as a result 1555 of the operation. 1557 In order to maintain protocol robustness, queries sent by actions in 1558 the table below need to be transmitted [Last Member Query Count] 1559 times, once every [Last Member Query Interval]. 1561 If while scheduling new queries, there are already pending queries to 1562 be retransmitted for the same group, the new and pending queries have 1563 to be merged. In addition, received host reports for a group with 1564 pending queries may affect the contents of those queries. 1565 Section Section 6.6.3 describes the process of building and 1566 maintaining the state of pending queries. 1568 Router State Report Rec'd New Router State Actions 1569 ------------ ------------ ---------------- ------- 1571 INCLUDE (A) ALLOW (B) INCLUDE (A+B) (B)=GMI 1573 INCLUDE (A) BLOCK (B) INCLUDE (A) Send Q(G,A*B) 1575 INCLUDE (A) TO_EX (B) EXCLUDE (A*B,B-A) (B-A)=0 1576 Delete (A-B) 1577 Send Q(G,A*B) 1578 Group Timer=GMI 1580 INCLUDE (A) TO_IN (B) INCLUDE (A+B) (B)=GMI 1581 Send Q(G,A-B) 1583 EXCLUDE (X,Y) ALLOW (A) EXCLUDE (X+A,Y-A) (A)=GMI 1585 EXCLUDE (X,Y) BLOCK (A) EXCLUDE (X+(A-Y),Y) (A-X-Y)=Group Timer 1586 Send Q(G,A-Y) 1588 EXCLUDE (X,Y) TO_EX (A) EXCLUDE (A-Y,Y*A) (A-X-Y)=Group Timer 1589 Delete (X-A) 1590 Delete (Y-A) 1591 Send Q(G,A-Y) 1592 Group Timer=GMI 1594 EXCLUDE (X,Y) TO_IN (A) EXCLUDE (X+A,Y-A) (A)=GMI 1595 Send Q(G,X-A) 1596 Send Q(G) 1598 6.5. Switching Router Filter-Modes 1600 The group timer is used as a mechanism for transitioning the router 1601 filter-mode from EXCLUDE to INCLUDE. 1603 When a group timer expires with a router filter-mode of EXCLUDE, a 1604 router assumes that there are no systems with a filter-mode of 1605 EXCLUDE present on the attached network. When a router's filter-mode 1606 for a group is EXCLUDE and the group timer expires, the router 1607 filter-mode for the group transitions to INCLUDE. 1609 A router uses source records with running source timers as its state 1610 for the switch to a filter-mode of INCLUDE. If there are any source 1611 records with source timers greater than zero (i.e., requested to be 1612 forwarded), a router switches to filter-mode of INCLUDE using those 1613 source records. Source records whose timers are zero (from the 1614 previous EXCLUDE mode) are deleted. 1616 For example, if a router's state for a group is EXCLUDE(X,Y) and the 1617 group timer expires for that group, the router switches to filter- 1618 mode of INCLUDE with state INCLUDE(X). 1620 6.6. Action on Reception of Queries 1622 6.6.1. Timer Updates 1624 When a router sends or receives a query with a clear Suppress Router- 1625 Side Processing flag, it must update its timers to reflect the 1626 correct timeout values for the group or sources being queried. The 1627 following table describes the timer actions when sending or receiving 1628 a Group-Specific or Group-and-Source Specific Query with the Suppress 1629 Router-Side Processing flag not set. 1631 +========+===================================================+ 1632 | Query | Action | 1633 +========+===================================================+ 1634 | Q(G,A) | Source Timer for sources in A are lowered to LMQT | 1635 +--------+---------------------------------------------------+ 1636 | Q(G) | Group Timer is lowered to LMQT | 1637 +--------+---------------------------------------------------+ 1639 Table 8 1641 When a router sends or receives a query with the Suppress Router-Side 1642 Processing flag set, it will not update its timers. 1644 6.6.2. Querier Election 1646 IGMPv3 elects a single querier per subnet using the same querier 1647 election mechanism as IGMPv2, namely by IP address. When a router 1648 receives a general query with a lower IP address, it sets the Other- 1649 Querier- Present timer to Other Querier Present Interval and ceases 1650 to send general queries on the network if it was the previously 1651 elected querier. After its Other-Querier Present timer expires, it 1652 should begin sending General Queries. 1654 If a router receives an older version general query, it MUST use the 1655 oldest version of IGMP on the network. For a detailed description of 1656 compatibility issues between IGMP versions see section Section 7. 1658 6.6.3. Building and Sending Specific Queries 1660 6.6.3.1. Building and Sending Group Specific Queries 1662 When a table action "Send Q(G)" is encountered, then the group timer 1663 must be lowered to LMQT. The router must then immediately send a 1664 group specific query as well as schedule [Last Member Query Count - 1665 1] query retransmissions to be sent every [Last Member Query 1666 Interval] over [Last Member Query Time]. 1668 When transmitting a group specific query, if the group timer is 1669 larger than LMQT, the "Suppress Router-Side Processing" bit is set in 1670 the query message. 1672 6.6.3.2. Building and Sending Group and Source Specific Queries 1674 When a table action "Send Q(G,X)" is encountered by a querier in the 1675 table in Section 6.4.2, the following actions must be performed for 1676 each of the sources in X of group G, with source timer larger than 1677 LMQT: 1679 * Set number of retransmissions for each source to [Last Member 1680 Query Count]. 1682 * Lower source timer to LMQT. 1684 The router must then immediately send a group and source specific 1685 query as well as schedule [Last Member Query Count - 1] query 1686 retransmissions to be sent every [Last Member Query Interval] over 1687 [Last Member Query Time]. The contents of these queries are 1688 calculated as follows. 1690 When building a group and source specific query for a group G, two 1691 separate query messages are sent for the group. The first one has 1692 the "Suppress Router-Side Processing" bit set and contains all the 1693 sources with retransmission state and timers greater than LMQT. The 1694 second has the "Suppress Router-Side Processing" bit clear and 1695 contains all the sources with retransmission state and timers lower 1696 or equal to LMQT. If either of the two calculated messages does not 1697 contain any sources, then its transmission is suppressed. 1699 Note: If a group specific query is scheduled to be transmitted at the 1700 same time as a group and source specific query for the same group, 1701 then transmission of the group and source specific message with the 1702 "Suppress Router-Side Processing" bit set may be suppressed. 1704 7. Interoperation With Older Versions of IGMP 1706 IGMP version 3 hosts and routers interoperate with hosts and routers 1707 that have not yet been upgraded to IGMPv3. This compatibility is 1708 maintained by hosts and routers taking appropriate actions depending 1709 on the versions of IGMP operating on hosts and routers within a 1710 network. 1712 7.1. Query Version Distinctions 1714 The IGMP version of a Membership Query message is determined as 1715 follows: 1717 IGMPv1 Query: length = 8 octets AND Max Resp Code field is zero 1719 IGMPv2 Query: length = 8 octets AND Max Resp Code field is non- 1720 zero 1722 IGMPv3 Query: length >= 12 octets 1724 Query messages that do not match any of the above conditions (e.g., a 1725 Query of length 10 octets) MUST be silently ignored. 1727 7.2. Group Member Behavior 1729 7.2.1. In the Presence of Older Version Queriers 1731 In order to be compatible with older version routers, IGMPv3 hosts 1732 MUST operate in version 1 and version 2 compatibility modes. IGMPv3 1733 hosts MUST keep state per local interface regarding the compatibility 1734 mode of each attached network. A host's compatibility mode is 1735 determined from the Host Compatibility Mode variable which can be in 1736 one of three states: IGMPv1, IGMPv2 or IGMPv3. This variable is kept 1737 per interface and is dependent on the version of General Queries 1738 heard on that interface as well as the Older Version Querier Present 1739 timers for the interface. 1741 In order to switch gracefully between versions of IGMP, hosts keep 1742 both an IGMPv1 Querier Present timer and an IGMPv2 Querier Present 1743 timer per interface. IGMPv1 Querier Present is set to Older Version 1744 Querier Present Timeout seconds whenever an IGMPv1 Membership Query 1745 is received. IGMPv2 Querier Present is set to Older Version Querier 1746 Present Timeout seconds whenever an IGMPv2 General Query is received. 1748 The Host Compatibility Mode of an interface changes whenever an older 1749 version query (than the current compatibility mode) is heard or when 1750 certain timer conditions occur. When the IGMPv1 Querier Present 1751 timer expires, a host switches to Host Compatibility mode of IGMPv2 1752 if it has a running IGMPv2 Querier Present timer. If it does not 1753 have a running IGMPv2 Querier Present timer then it switches to Host 1754 Compatibility of IGMPv3. When the IGMPv2 Querier Present timer 1755 expires, a host switches to Host Compatibility mode of IGMPv3. 1757 The Host Compatibility Mode variable is based on whether an older 1758 version General query was heard in the last Older Version Querier 1759 Present Timeout seconds. The Host Compatibility Mode is set 1760 depending on the following: 1762 +=========================+========================================+ 1763 | Host Compatibility Mode | Timer State | 1764 +=========================+========================================+ 1765 | IGMPv3 (default) | IGMPv2 Querier Present not running and | 1766 | | IGMPv1 Querier Present not running | 1767 +-------------------------+----------------------------------------+ 1768 | IGMPv2 | IGMPv2 Querier Present running and | 1769 | | IGMPv1 Querier Present not running | 1770 +-------------------------+----------------------------------------+ 1771 | IGMPv1 | IGMPv1 Querier Present running | 1772 +-------------------------+----------------------------------------+ 1774 Table 9 1776 If a host receives a query which causes its Querier Present timers to 1777 be updated and correspondingly its compatibility mode, it should 1778 switch compatibility modes immediately. 1780 When Host Compatibility Mode is IGMPv3, a host acts using the IGMPv3 1781 protocol on that interface. When Host Compatibility Mode is IGMPv2, 1782 a host acts in IGMPv2 compatibility mode, using only the IGMPv2 1783 protocol, on that interface. When Host Compatibility Mode is IGMPv1, 1784 a host acts in IGMPv1 compatibility mode, using only the IGMPv1 1785 protocol on that interface. 1787 An IGMPv1 router will send General Queries with the Max Resp Code set 1788 to 0. This MUST be interpreted as a value of 100 (10 seconds). 1790 An IGMPv2 router will send General Queries with the Max Resp Code set 1791 to the desired Max Resp Time, i.e., the full range of this field is 1792 linear and the exponential algorithm described in Section 4.1.1 is 1793 not used. 1795 Whenever a host changes its compatibility mode, it cancels all its 1796 pending response and retransmission timers. 1798 7.2.2. In the Presence of Older Version Group Members 1800 An IGMPv3 host may be placed on a network where there are hosts that 1801 have not yet been upgraded to IGMPv3. A host MAY allow its IGMPv3 1802 Membership Record to be suppressed by either a Version 1 Membership 1803 Report, or a Version 2 Membership Report. 1805 7.3. Multicast Router Behavior 1807 7.3.1. In the Presence of Older Version Queriers 1809 IGMPv3 routers may be placed on a network where at least one router 1810 on the network has not yet been upgraded to IGMPv3. The following 1811 requirements apply: 1813 * If any older versions of IGMP are present on routers, the querier 1814 MUST use the lowest version of IGMP present on the network. This 1815 must be administratively assured; routers that desire to be 1816 compatible with IGMPv1 and IGMPv2 MUST have a configuration option 1817 to act in IGMPv1 or IGMPv2 compatibility modes. When in IGMPv1 1818 mode, routers MUST send Periodic Queries with a Max Resp Code of 0 1819 and truncated at the Group Address field (i.e., 8 bytes long), and 1820 MUST ignore Leave Group messages. They SHOULD also warn about 1821 receiving an IGMPv2 or IGMPv3 query, although such warnings MUST 1822 be rate-limited. When in IGMPv2 mode, routers MUST send Periodic 1823 Queries truncated at the Group Address field (i.e., 8 bytes long), 1824 and SHOULD also warn about receiving an IGMPv3 query (such 1825 warnings MUST be rate-limited). They also MUST fill in the Max 1826 Resp Time in the Max Resp Code field, i.e., the exponential 1827 algorithm described in Section 4.1.1 is not used. 1829 * If a router is not explicitly configured to use IGMPv1 or IGMPv2 1830 and hears an IGMPv1 Query or IGMPv2 General Query, it SHOULD log a 1831 warning. These warnings MUST be rate-limited. 1833 7.3.2. In the Presence of Older Version Group Members 1835 IGMPv3 routers may be placed on a network where there are hosts that 1836 have not yet been upgraded to IGMPv3. In order to be compatible with 1837 older version hosts, IGMPv3 routers MUST operate in version 1 and 1838 version 2 compatibility modes. IGMPv3 routers keep a compatibility 1839 mode per group record. A group's compatibility mode is determined 1840 from the Group Compatibility Mode variable which can be in one of 1841 three states: IGMPv1, IGMPv2 or IGMPv3. This variable is kept per 1842 group record and is dependent on the version of Membership Reports 1843 heard for that group as well as the Older Version Host Present timer 1844 for the group. 1846 In order to switch gracefully between versions of IGMP, routers keep 1847 an IGMPv1 Host Present timer and an IGMPv2 Host Present timer per 1848 group record. The IGMPv1 Host Present timer is set to Older Version 1849 Host Present Timeout seconds whenever an IGMPv1 Membership Report is 1850 received. The IGMPv2 Host Present timer is set to Older Version Host 1851 Present Timeout seconds whenever an IGMPv2 Membership Report is 1852 received. 1854 The Group Compatibility Mode of a group record changes whenever an 1855 older version report (than the current compatibility mode) is heard 1856 or when certain timer conditions occur. When the IGMPv1 Host Present 1857 timer expires, a router switches to Group Compatibility mode of 1858 IGMPv2 if it has a running IGMPv2 Host Present timer. If it does not 1859 have a running IGMPv2 Host Present timer then it switches to Group 1860 Compatibility of IGMPv3. When the IGMPv2 Host Present timer expires 1861 and the IGMPv1 Host Present timer is not running, a router switches 1862 to Group Compatibility mode of IGMPv3. Note that when a group 1863 switches back to IGMPv3 mode, it takes some time to regain source- 1864 specific state information. Source-specific information will be 1865 learned during the next General Query, but sources that should be 1866 blocked will not be blocked until [Group Membership Interval] after 1867 that. 1869 The Group Compatibility Mode variable is based on whether an older 1870 version report was heard in the last Older Version Host Present 1871 Timeout seconds. The Group Compatibility Mode is set depending on 1872 the following: 1874 +==========================+=====================================+ 1875 | Group Compatibility Mode | Timer State | 1876 +==========================+=====================================+ 1877 | IGMPv3 (default) | IGMPv2 Host Present not running and | 1878 | | IGMPv1 Host Present not running | 1879 +--------------------------+-------------------------------------+ 1880 | IGMPv2 | IGMPv2 Host Present running and | 1881 | | IGMPv1 Host Present not running | 1882 +--------------------------+-------------------------------------+ 1883 | IGMPv1 | IGMPv1 Host Present running | 1884 +--------------------------+-------------------------------------+ 1886 Table 10 1888 If a router receives a report which causes its older Host Present 1889 timers to be updated and correspondingly its compatibility mode, it 1890 SHOULD switch compatibility modes immediately. 1892 When Group Compatibility Mode is IGMPv3, a router acts using the 1893 IGMPv3 protocol for that group. 1895 When Group Compatibility Mode is IGMPv2, a router internally 1896 translates the following IGMPv2 messages for that group to their 1897 IGMPv3 equivalents: 1899 +================+===================+ 1900 | IGMPv2 Message | IGMPv3 Equivalent | 1901 +================+===================+ 1902 | Report | IS_EX( {} ) | 1903 +----------------+-------------------+ 1904 | Leave | TO_IN( {} ) | 1905 +----------------+-------------------+ 1907 Table 11 1909 IGMPv3 BLOCK messages are ignored, as are source-lists in TO_EX() 1910 messages (i.e., any TO_EX() message is treated as TO_EX( {} )). 1912 When Group Compatibility Mode is IGMPv1, a router internally 1913 translates the following IGMPv1 and IGMPv2 messages for that group to 1914 their IGMPv3 equivalents: 1916 +================+===================+ 1917 | IGMPv2 Message | IGMPv3 Equivalent | 1918 +================+===================+ 1919 | v1 Report | IS_EX( {} ) | 1920 +----------------+-------------------+ 1921 | v2 Report | IS_EX( {} ) | 1922 +----------------+-------------------+ 1924 Table 12 1926 In addition to ignoring IGMPv3 BLOCK messages and source-lists in 1927 TO_EX() messages as in IGMPv2 Group Compatibility Mode, IGMPv2 Leave 1928 messages and IGMPv3 TO_IN() messages are also ignored. 1930 8. List of Timers, Counters and Their Default Values 1932 Most of these timers are configurable. If non-default settings are 1933 used, they MUST be consistent among all systems on a single link. 1934 Note that parentheses are used to group expressions to make the 1935 algebra clear. 1937 8.1. Robustness Variable 1939 The Robustness Variable allows tuning for the expected packet loss on 1940 a network. If a network is expected to be lossy, the Robustness 1941 Variable may be increased. IGMP is robust to (Robustness Variable - 1942 1) packet losses. The Robustness Variable MUST NOT be zero, and 1943 SHOULD NOT be one. Default: 2 1945 8.2. Query Interval 1947 The Query Interval is the interval between General Queries sent by 1948 the Querier. Default: 125 seconds. 1950 By varying the [Query Interval], an administrator may tune the number 1951 of IGMP messages on the network; larger values cause IGMP Queries to 1952 be sent less often. 1954 8.3. Query Response Interval 1956 The Max Response Time used to calculate the Max Resp Code inserted 1957 into the periodic General Queries. Default: 100 (10 seconds) 1959 By varying the [Query Response Interval], an administrator may tune 1960 the burstiness of IGMP messages on the network; larger values make 1961 the traffic less bursty, as host responses are spread out over a 1962 larger interval. The number of seconds represented by the [Query 1963 Response Interval] must be less than the [Query Interval]. 1965 8.4. Group Membership Interval 1967 The Group Membership Interval is the amount of time that must pass 1968 before a multicast router decides there are no more members of a 1969 group or a particular source on a network. 1971 This value MUST be ((the Robustness Variable) times (the Query 1972 Interval)) plus (2 * Query Response Interval). 1974 8.5. Other Querier Present Interval 1976 The Other Querier Present Interval is the length of time that must 1977 pass before a multicast router decides that there is no longer 1978 another multicast router which should be the querier. This value 1979 MUST be ((the Robustness Variable) times (the Query Interval)) plus 1980 (one half of one Query Response Interval). 1982 8.6. Startup Query Interval 1984 The Startup Query Interval is the interval between General Queries 1985 sent by a Querier on startup. Default: 1/4 the Query Interval. 1987 8.7. Startup Query Count 1989 The Startup Query Count is the number of Queries sent out on startup, 1990 separated by the Startup Query Interval. Default: the Robustness 1991 Variable. 1993 8.8. Last Member Query Interval 1995 The Last Member Query Interval is the Max Response Time used to 1996 calculate the Max Resp Code inserted into Group-Specific Queries sent 1997 in response to Leave Group messages. It is also the Max Response 1998 Time used in calculating the Max Resp Code for Group-and-Source- 1999 Specific Query messages. Default: 10 (1 second) 2001 Note that for values of LMQI greater than 12.8 seconds, a limited set 2002 of values can be represented, corresponding to sequential values of 2003 Max Resp Code. When converting a configured time to a Max Resp Code 2004 value, it is recommended to use the exact value if possible, or the 2005 next lower value if the requested value is not exactly representable. 2007 This value may be tuned to modify the "leave latency" of the network. 2008 A reduced value results in reduced time to detect the loss of the 2009 last member of a group or source. 2011 8.9. Last Member Query Count 2013 The Last Member Query Count is the number of Group-Specific Queries 2014 sent before the router assumes there are no local members. The Last 2015 Member Query Count is also the number of Group-and-Source-Specific 2016 Queries sent before the router assumes there are no listeners for a 2017 particular source. Default: the Robustness Variable. 2019 8.10. Last Member Query Time 2021 The Last Member Query Time is the time value represented by the Last 2022 Member Query Interval, multiplied by the Last Member Query Count. It 2023 is not a tunable value, but may be tuned by changing its components. 2025 8.11. Unsolicited Report Interval 2027 The Unsolicited Report Interval is the time between repetitions of a 2028 host's initial report of membership in a group. Default: 1 second. 2030 8.12. Older Version Querier Present Interval 2032 The Older Version Querier Present Interval is the timeout for 2033 transitioning a host back to IGMPv3 mode once an older version query 2034 is heard. When an older version query is received, hosts set their 2035 Older Version Querier Present Timer to Older Version Querier Present 2036 Interval. 2038 It is RECOMMENDED to use the default values for calculating the 2039 interval value as hosts do not know the values configured on the 2040 querying routers. This value SHOULD be [Robustness Variable] times 2041 [Query Interval] plus (10 times the Max Resp Time in the last 2042 received query message). 2044 8.13. Older Host Present Interval 2046 The Older Host Present Interval is the time-out for transitioning a 2047 group back to IGMPv3 mode once an older version report is sent for 2048 that group. When an older version report is received, routers set 2049 their Older Host Present Timer to Older Host Present Interval. 2051 This value MUST be ((the Robustness Variable) times (the Query 2052 Interval)) plus (one Query Response Interval). 2054 8.14. Configuring Timers 2056 This section is meant to provide advice to network administrators on 2057 how to tune these settings to their network. Ambitious router 2058 implementations might tune these settings dynamically based upon 2059 changing characteristics of the network. 2061 8.14.1. Robustness Variable 2063 The Robustness Variable tunes IGMP to expected losses on a link. 2064 IGMPv3 is robust to (Robustness Variable - 1) packet losses, e.g., if 2065 the Robustness Variable is set to the default value of 2, IGMPv3 is 2066 robust to a single packet loss but may operate imperfectly if more 2067 losses occur. On lossy subnetworks, the Robustness Variable should 2068 be increased to allow for the expected level of packet loss. 2069 However, increasing the Robustness Variable increases the leave 2070 latency of the subnetwork. (The leave latency is the time between 2071 when the last member stops listening to a source or group and when 2072 the traffic stops flowing.) 2074 8.14.2. Query Interval 2076 The overall level of periodic IGMP traffic is inversely proportional 2077 to the Query Interval. A longer Query Interval results in a lower 2078 overall level of IGMP traffic. The Query Interval MUST be equal to 2079 or longer than the Max Response Time inserted in General Query 2080 messages. 2082 8.14.3. Max Response Time 2084 The burstiness of IGMP traffic is inversely proportional to the Max 2085 Response Time. A longer Max Response Time will spread Report 2086 messages over a longer interval. However, a longer Max Response Time 2087 in Group-Specific and Source-and-Group-Specific Queries extends the 2088 leave latency. (The leave latency is the time between when the last 2089 member stops listening to a source or group and when the traffic 2090 stops flowing.) The expected rate of Report messages can be 2091 calculated by dividing the expected number of Reporters by the Max 2092 Response Time. The Max Response Time may be dynamically calculated 2093 per Query by using the expected number of Reporters for that Query as 2094 follows: 2096 +===========================+===============================+ 2097 | Query Type | Expected number of Reporters | 2098 +===========================+===============================+ 2099 | General Query | All systems on subnetwork | 2100 +---------------------------+-------------------------------+ 2101 | Group-Specific Query | All systems that had | 2102 | | expressed interest in the | 2103 | | group on the subnetwork | 2104 +---------------------------+-------------------------------+ 2105 | Source-and-Group-Specific | All systems on the subnetwork | 2106 | Query | that had expressed interest | 2107 | | in the source and group | 2108 +---------------------------+-------------------------------+ 2110 Table 13 2112 A router is not required to calculate these populations or tune the 2113 Max Response Time dynamically; these are simply guidelines. 2115 9. Security Considerations 2117 We consider the ramifications of a forged message of each type, and 2118 describe the usage of IPSEC AH to authenticate messages if desired. 2120 9.1. Query Message 2122 A forged Query message from a machine with a lower IP address than 2123 the current Querier will cause Querier duties to be assigned to the 2124 forger. If the forger then sends no more Query messages, other 2125 routers' Other Querier Present timer will time out and one will 2126 resume the role of Querier. During this time, if the forger ignores 2127 Leave Messages, traffic might flow to groups with no members for up 2128 to [Group Membership Interval]. 2130 A DoS attack on a host could be staged through forged Group-and- 2131 Source-Specific Queries. The attacker can find out about membership 2132 of a specific host with a general query. After that it could send a 2133 large number of Group-and-Source-Specific queries, each with a large 2134 source list and the Maximum Response Time set to a large value. The 2135 host will have to store and maintain the sources specified in all of 2136 those queries for as long as it takes to send the delayed response. 2137 This would consume both memory and CPU cycles in order to augment the 2138 recorded sources with the source lists included in the successive 2139 queries. 2141 To protect against such a DoS attack, a host stack implementation 2142 could restrict the number of Group-and-Source-Specific Queries per 2143 group membership within this interval, and/or record only a limited 2144 number of sources. 2146 Forged Query messages from the local network can be easily traced. 2147 There are three measures necessary to defend against externally 2148 forged Queries: 2150 * Routers SHOULD NOT forward Queries. This is easier for a router 2151 to accomplish if the Query carries the Router-Alert option. 2153 * Hosts SHOULD ignore v2 or v3 Queries without the Router-Alert 2154 option. 2156 * Hosts SHOULD ignore v1, v2 or v3 General Queries sent to a 2157 multicast address other than 224.0.0.1, the all-systems address. 2159 9.2. Current-State Report messages 2161 A forged Report message may cause multicast routers to think there 2162 are members of a group on a network when there are not. Forged 2163 Report messages from the local network are meaningless, since joining 2164 a group on a host is generally an unprivileged operation, so a local 2165 user may trivially gain the same result without forging any messages. 2166 Forged Report messages from external sources are more troublesome; 2167 there are two defenses against externally forged Reports: 2169 * Ignore the Report if you cannot identify the source address of the 2170 packet as belonging to a network assigned to the interface on 2171 which the packet was received. This solution means that Reports 2172 sent by mobile hosts without addresses on the local network will 2173 be ignored. Report messages with a source address of 0.0.0.0 2174 SHOULD be accepted on any interface. 2176 * Ignore Report messages without Router Alert options [RFC2113], and 2177 require that routers not forward Report messages. (The 2178 requirement is not a requirement of generalized filtering in the 2179 forwarding path, since the packets already have Router Alert 2180 options in them.) This solution breaks backwards compatibility 2181 with implementations of IGMPv1 or earlier versions of IGMPv2 which 2182 did not require Router Alert. 2184 A forged Version 1 Report Message may put a router into "version 1 2185 members present" state for a particular group, meaning that the 2186 router will ignore Leave messages. This can cause traffic to flow to 2187 groups with no members for up to [Group Membership Interval]. This 2188 can be solved by providing routers with a configuration switch to 2189 ignore Version 1 messages completely. This breaks automatic 2190 compatibility with Version 1 hosts, so should only be used in 2191 situations where "fast leave" is critical. 2193 A forged Version 2 Report Message may put a router into "version 2 2194 members present" state for a particular group, meaning that the 2195 router will ignore IGMPv3 source-specific state messages. This can 2196 cause traffic to flow from unwanted sources for up to [Group 2197 Membership Interval]. This can be solved by providing routers with a 2198 configuration switch to ignore Version 2 messages completely. This 2199 breaks automatic compatibility with Version 2 hosts, so should only 2200 be used in situations where source include and exclude is critical. 2202 9.3. State-Change Report Messages 2204 A forged State-Change Report message will cause the Querier to send 2205 out Group-Specific or Source-and-Group-Specific Queries for the group 2206 in question. This causes extra processing on each router and on each 2207 member of the group, but can not cause loss of desired traffic. 2208 There are two defenses against externally forged State-Change Report 2209 messages: 2211 * Ignore the State-Change Report message if you cannot identify the 2212 source address of the packet as belonging to a subnet assigned to 2213 the interface on which the packet was received. This solution 2214 means that State-Change Report messages sent by mobile hosts 2215 without addresses on the local subnet will be ignored. State- 2216 Change Report messages with a source address of 0.0.0.0 SHOULD be 2217 accepted on any interface. 2219 * Ignore State-Change Report messages without Router Alert options 2220 [RFC2113], and require that routers not forward State-Change 2221 Report messages. (The requirement is not a requirement of 2222 generalized filtering in the forwarding path, since the packets 2223 already have Router Alert options in them.) 2225 9.4. 9.4. IPSEC Usage 2227 In addition to these measures, IPSEC in Authentication Header mode 2228 [RFC2402] may be used to protect against remote attacks by ensuring 2229 that IGMPv3 messages came from a system on the LAN (or, more 2230 specifically, a system with the proper key). When using IPSEC, the 2231 messages sent to 224.0.0.1 and 224.0.0.22 should be authenticated 2232 using AH. When keying, there are two possibilities: 2234 1. Use a symmetric signature algorithm with a single key for the LAN 2235 (or a key for each group). This allows validation that a packet 2236 was sent by a system with the key. This has the limitation that 2237 any system with the key can forge a message; it is not possible 2238 to authenticate the individual sender precisely. It also 2239 requires disabling IPSec's Replay Protection. 2241 2. When appropriate key management standards have been developed, 2242 use an asymmetric signature algorithm. All systems need to know 2243 the public key of all routers, and all routers need to know the 2244 public key of all systems. This requires a large amount of key 2245 management but has the advantage that senders can be 2246 authenticated individually so e.g., a host cannot forge a message 2247 that only routers should be allowed to send. 2249 This solution only directly applies to Query and Leave messages in 2250 IGMPv1 and IGMPv2, since Reports are sent to the group being reported 2251 and it is not feasible to agree on a key for host-to-router 2252 communication for arbitrary multicast groups. 2254 10. IANA Considerations 2256 All IGMP types described in this document are already assigned in 2257 [RFC3228]. The Flags fields are managed via 2258 [I-D.haberman-pim-3228bis]. 2260 11. Contributors 2262 Brad Cain, Steve Deering, Isidor Kouvelas, Bill Fenner, and Ajit 2263 Thyagarajan are the authors of RFC 3376, which forms the bulk of the 2264 content contained herein. 2266 Anuj Budhiraja, Toerless Eckert, Olufemi Komolafe and Tim Winters 2267 have contributed valuable content to this version of the 2268 specification. 2270 12. Acknowledgments 2272 We would like to thank Ran Atkinson, Luis Costa, Toerless Eckert, 2273 Dino Farinacci, Serge Fdida, Wilbert de Graaf, Sumit Gupta, Mark 2274 Handley, Bob Quinn, Michael Speer, Dave Thaler and Rolland Vida for 2275 comments and suggestions on RFC 3376. 2277 Stig Venaas, Hitoshi Asaeda, and Mike McBride have provided valuable 2278 feedback on this version of the specification and we thank them for 2279 their input. 2281 13. References 2283 13.1. Normative References 2285 [RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5, 2286 RFC 1112, DOI 10.17487/RFC1112, August 1989, 2287 . 2289 [RFC2113] Katz, D., "IP Router Alert Option", RFC 2113, 2290 DOI 10.17487/RFC2113, February 1997, 2291 . 2293 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2294 Requirement Levels", BCP 14, RFC 2119, 2295 DOI 10.17487/RFC2119, March 1997, 2296 . 2298 [RFC2236] Fenner, W., "Internet Group Management Protocol, Version 2299 2", RFC 2236, DOI 10.17487/RFC2236, November 1997, 2300 . 2302 [RFC2402] Kent, S. and R. Atkinson, "IP Authentication Header", 2303 RFC 2402, DOI 10.17487/RFC2402, November 1998, 2304 . 2306 [RFC3228] Fenner, B., "IANA Considerations for IPv4 Internet Group 2307 Management Protocol (IGMP)", BCP 57, RFC 3228, 2308 DOI 10.17487/RFC3228, February 2002, 2309 . 2311 13.2. Informative References 2313 [I-D.haberman-pim-3228bis] 2314 Haberman, B., "IANA Considerations for Internet Group 2315 Management Protocols", Work in Progress, Internet-Draft, 2316 draft-haberman-pim-3228bis-00, 15 April 2022, 2317 . 2320 [RFC1071] Braden, R., Borman, D., and C. Partridge, "Computing the 2321 Internet checksum", RFC 1071, DOI 10.17487/RFC1071, 2322 September 1988, . 2324 [RFC3376] Cain, B., Deering, S., Kouvelas, I., Fenner, B., and A. 2325 Thyagarajan, "Internet Group Management Protocol, Version 2326 3", RFC 3376, DOI 10.17487/RFC3376, October 2002, 2327 . 2329 [RFC3569] Bhattacharyya, S., Ed., "An Overview of Source-Specific 2330 Multicast (SSM)", RFC 3569, DOI 10.17487/RFC3569, July 2331 2003, . 2333 [RFC3678] Thaler, D., Fenner, B., and B. Quinn, "Socket Interface 2334 Extensions for Multicast Source Filters", RFC 3678, 2335 DOI 10.17487/RFC3678, January 2004, 2336 . 2338 Appendix A. Design Rationale 2340 A.1. The Need for State-Change Messages 2342 IGMPv3 specifies two types of Membership Reports: Current-State and 2343 State Change. This section describes the rationale for the need for 2344 both these types of Reports. 2346 Routers need to distinguish Membership Reports that were sent in 2347 response to Queries from those that were sent as a result of a change 2348 in interface state. Membership reports that are sent in response to 2349 Membership Queries are used mainly to refresh the existing state at 2350 the router; they typically do not cause transitions in state at the 2351 router. Membership Reports that are sent in response to changes in 2352 interface state require the router to take some action in response to 2353 the received report (see Section 6.4). 2355 The inability to distinguish between the two types of reports would 2356 force a router to treat all Membership Reports as potential changes 2357 in state and could result in increased processing at the router as 2358 well as an increase in IGMP traffic on the network. 2360 A.2. Host Suppression 2362 In IGMPv1 and IGMPv2, a host would cancel sending a pending 2363 membership reports if a similar report was observed from another 2364 member on the network. In IGMPv3, this suppression of host 2365 membership reports has been removed. The following points explain 2366 the reasons behind this decision. 2368 1. Routers may want to track per-host membership status on an 2369 interface. This allows routers to implement fast leaves (e.g., 2370 for layered multicast congestion control schemes) as well as 2371 track membership status for possible accounting purposes. 2373 2. Membership Report suppression does not work well on bridged LANs. 2374 Many bridges and Layer2/Layer3 switches that implement IGMP 2375 snooping do not forward IGMP messages across LAN segments in 2376 order to prevent membership report suppression. Removing 2377 membership report suppression eases the job of these IGMP 2378 snooping devices. 2380 3. By eliminating membership report suppression, hosts have fewer 2381 messages to process; this leads to a simpler state machine 2382 implementation. 2384 4. In IGMPv3, a single membership report now bundles multiple 2385 multicast group records to decrease the number of packets sent. 2386 In comparison, the previous versions of IGMP required that each 2387 multicast group be reported in a separate message. 2389 A.3. Switching Router Filter Modes from EXCLUDE to INCLUDE 2391 If there exist hosts in both EXCLUDE and INCLUDE modes for a single 2392 multicast group in a network, the router must be in EXCLUDE mode as 2393 well (see section 6.2.1). In EXCLUDE mode, a router forwards traffic 2394 from all sources unless that source exists in the exclusion source 2395 list. If all hosts in EXCLUDE mode cease to exist, it would be 2396 desirable for the router to switch back to INCLUDE mode seamlessly 2397 without interrupting the flow of traffic to existing receivers. 2399 One of the ways to accomplish this is for routers to keep track of 2400 all sources desired by hosts that are in INCLUDE mode even though the 2401 router itself is in EXCLUDE mode. If the group timer now expires in 2402 EXCLUDE mode, it implies that there are no hosts in EXCLUDE mode on 2403 the network (otherwise a membership report from that host would have 2404 refreshed the group timer). The router can then switch to INCLUDE 2405 mode seamlessly with the list of sources currently being forwarded in 2406 its source list. 2408 Appendix B. Summary of Changes from IGMPv2 2410 While the main additional feature of IGMPv3 is the addition of source 2411 filtering, the following is a summary of other changes from RFC 2236. 2413 * State is maintained as Group + List-of-Sources, not simply Group 2414 as in IGMPv2. 2416 * Interoperability with IGMPv1 and IGMPv2 systems is defined as 2417 operations on the IGMPv3 state. 2419 * The IP Service Interface has changed to allow specification of 2420 source-lists. 2422 * The Querier includes its Robustness Variable and Query Interval in 2423 Query packets to allow synchronization of these variables on non- 2424 Queriers. 2426 * The Max Response Time in Query messages has an exponential range, 2427 changing the maximum from 25.5 seconds to about 53 minutes, for 2428 use on links with huge numbers of systems. 2430 * Hosts retransmit state-change messages for increased robustness. 2432 * Additional data sections are defined to allow later extensions. 2434 * Report packets are sent to 224.0.0.22, to assist layer-2 switches 2435 in snooping. 2437 * Report packets can contain multiple group records, to allow 2438 reporting of full current state using fewer packets. 2440 * Hosts no longer perform suppression, to simplify implementations 2441 and permit explicit membership tracking. 2443 * New Suppress Router-Side Processing (S) flag in Query messages 2444 fixes robustness issues which were also present in IGMPv2. 2446 Appendix C. Summary of Changes from RFC 3376 2448 The following is a list of changes made since RFC 3376. 2450 * Modified definition of Older Version Querier Present Interval to 2451 address Erratum 4375. 2453 Author's Address 2455 Brian Haberman (editor) 2456 Johns Hopkins University Applied Physics Lab 2457 Email: brian@innovationslab.net