idnits 2.17.1 draft-ietf-pim-bidir-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There are 243 instances of too long lines in the document, the longest one being 1 character in excess of 72. ** The abstract seems to contain references ([4]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 473: '..._Capable PIM-Hello option that MUST be...' RFC 2119 keyword, line 589: '...(G) the Join or Prune MUST be silently...' RFC 2119 keyword, line 862: '...nterface then it MUST advertise the MR...' RFC 2119 keyword, line 1077: '...router MUST always advertise an infini...' RFC 2119 keyword, line 1079: '...B indicated RPF Interface then it MUST...' (7 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (19 June 2003) is 7588 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? '4' on line 1781 looks like a reference -- Missing reference section? '2' on line 1775 looks like a reference -- Missing reference section? '9' on line 1800 looks like a reference -- Missing reference section? '5' on line 1786 looks like a reference -- Missing reference section? '8' on line 1797 looks like a reference -- Missing reference section? '7' on line 1794 looks like a reference -- Missing reference section? '1' on line 1772 looks like a reference -- Missing reference section? '3' on line 1778 looks like a reference -- Missing reference section? '6' on line 1791 looks like a reference Summary: 5 errors (**), 0 flaws (~~), 1 warning (==), 11 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet Engineering Task Force PIM WG 2 INTERNET-DRAFT Mark Handley/UCL 3 draft-ietf-pim-bidir-05.txt Isidor Kouvelas/Cisco 4 Tony Speakman/Cisco 5 Lorenzo Vicisano/Cisco 6 19 June 2003 7 Expires: December 2004 9 Bi-directional Protocol Independent Multicast (BIDIR-PIM) 11 Status of this Document 13 This document is an Internet-Draft and is in full conformance with all 14 provisions of Section 10 of RFC2026. 16 Internet-Drafts are working documents of the Internet Engineering Task 17 Force (IETF), its areas, and its working groups. Note that other groups 18 may also distribute working documents as Internet-Drafts. 20 Internet-Drafts are draft documents valid for a maximum of six months 21 and may be updated, replaced, or obsoleted by other documents at any 22 time. It is inappropriate to use Internet-Drafts as reference material 23 or to cite them other than as "work in progress." 25 The list of current Internet-Drafts can be accessed at 26 http://www.ietf.org/ietf/1id-abstracts.txt 28 The list of Internet-Draft Shadow Directories can be accessed at 29 http://www.ietf.org/shadow.html. 31 This document is a product of the IETF PIM WG. Comments should be 32 addressed to the authors, or the WG's mailing list at 33 pim@catarina.usc.edu. 35 Abstract 37 This document discusses Bi-directional PIM, a variant of PIM 38 Sparse-Mode [4] that builds bi-directional shared trees 39 connecting multicast sources and receivers. Bi-directional 40 trees are built using a fail-safe Designated Forwarder (DF) 41 election mechanism operating on each link of a multicast 42 topology. With the assistance of the DF, multicast data is 43 natively forwarded from sources to the Rendezvous-Point and 44 hence along the shared tree to receivers without requiring 45 source-specific state. The DF election takes place at RP 46 discovery time and provides the route to the RP thus 47 eliminating the requirement for data-driven protocol events. 49 Table of Contents 51 1. Introduction. . . . . . . . . . . . . . . . . . . . . . 5 52 2. Terminology . . . . . . . . . . . . . . . . . . . . . . 5 53 2.1. Definitions. . . . . . . . . . . . . . . . . . . . . 6 54 2.2. Pseudocode Notation. . . . . . . . . . . . . . . . . 7 55 3. Protocol Specification. . . . . . . . . . . . . . . . . 8 56 3.1. BIDIR-PIM Protocol State . . . . . . . . . . . . . . 8 57 3.1.1. General Purpose State . . . . . . . . . . . . . . 9 58 3.1.2. RPA State . . . . . . . . . . . . . . . . . . . . 10 59 3.1.3. Group State . . . . . . . . . . . . . . . . . . . 10 60 3.1.4. State Summarization Macros. . . . . . . . . . . . 11 61 3.2. PIM Neighbor Discovery . . . . . . . . . . . . . . . 12 62 3.3. Data Packet Forwarding Rules . . . . . . . . . . . . 13 63 3.3.1. Upstream Forwarding at RP . . . . . . . . . . . . 14 64 3.3.2. Source-Only Branches. . . . . . . . . . . . . . . 14 65 3.3.3. Directly Connected Sources. . . . . . . . . . . . 14 66 3.4. PIM Join/Prune Messages. . . . . . . . . . . . . . . 14 67 3.4.1. Receiving (*,G) Join/Prune Messages . . . . . . . 15 68 3.4.2. Sending Join/Prune Messages . . . . . . . . . . . 17 69 3.5. Designated Forwarder (DF) Election . . . . . . . . . 20 70 3.5.1. DF Requirements . . . . . . . . . . . . . . . . . 20 71 3.5.2. DF Election description . . . . . . . . . . . . . 21 72 3.5.2.1. Bootstrap Election . . . . . . . . . . . . . . 21 73 3.5.2.2. Loser Metric Changes . . . . . . . . . . . . . 22 74 3.5.2.3. Winner Metric Changes. . . . . . . . . . . . . 23 75 3.5.2.4. Winner Loses Path. . . . . . . . . . . . . . . 23 76 3.5.2.5. Late Router Starting Up. . . . . . . . . . . . 24 77 3.5.2.6. Winner Dies. . . . . . . . . . . . . . . . . . 24 78 3.5.3. Election Protocol Specification . . . . . . . . . 24 79 3.5.3.1. Election State . . . . . . . . . . . . . . . . 24 80 3.5.3.2. Election Messages. . . . . . . . . . . . . . . 25 81 3.5.3.3. Election Events. . . . . . . . . . . . . . . . 26 82 3.5.3.4. Election Actions . . . . . . . . . . . . . . . 27 83 3.5.3.5. Election State Transitions . . . . . . . . . . 27 84 3.5.4. Election Reliability Enhancements . . . . . . . . 31 85 3.5.5. Missing Pass. . . . . . . . . . . . . . . . . . . 31 86 3.5.6. Periodic Winner Announcement. . . . . . . . . . . 31 87 3.6. Timers Counters and Constants. . . . . . . . . . . . 31 88 3.7. BIDIR PIM Packet Formats . . . . . . . . . . . . . . 35 89 3.7.1. DF Election Packet Formats. . . . . . . . . . . . 35 90 3.7.2. Backoff Message . . . . . . . . . . . . . . . . . 36 91 3.7.3. Pass Message. . . . . . . . . . . . . . . . . . . 37 92 3.7.4. Bidir Capable PIM-Hello Option. . . . . . . . . . 38 93 4. RP Discovery. . . . . . . . . . . . . . . . . . . . . . 38 94 5. Security Considerations . . . . . . . . . . . . . . . . 39 95 5.1. Attacks Based on Forged Messages . . . . . . . . . . 39 96 5.1.1. Election of an Incorrect DF . . . . . . . . . . . 39 97 5.1.2. Preventing Election Convergence . . . . . . . . . 40 98 5.2. Non-cryptographic Authentication Mechanisms. . . . . 40 99 5.2.1. Basic Access Control. . . . . . . . . . . . . . . 40 100 5.3. Authentication Using IPsec . . . . . . . . . . . . . 41 101 5.4. Denial of Service Attacks. . . . . . . . . . . . . . 41 102 6. Change history. . . . . . . . . . . . . . . . . . . . . 41 103 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . 41 104 8. Authors' Addresses. . . . . . . . . . . . . . . . . . . 42 105 9. Normative . . . . . . . . . . . . . . . . . . . . . . . 42 106 10. Informative. . . . . . . . . . . . . . . . . . . . . . 43 107 11. Index. . . . . . . . . . . . . . . . . . . . . . . . . 44 109 1. Introduction 111 This document specifies Bi-directional PIM (BIDIR-PIM), a variant of PIM 112 Sparse-Mode (PIM-SM) [4] that builds bi-directional shared trees 113 connecting multicast sources and receivers. 115 PIM-SM constructs uni-directional shared trees that are used to forward 116 data from senders to receivers of a multicast group. PIM-SM also allows 117 the construction of source specific trees, but this capability is not 118 related to the protocol described in this document. 120 The shared tree for each multicast group is rooted at a multicast router 121 called the Rendezvous Point (RP). Different multicast group ranges can 122 use separate RPs within a PIM domain. 124 In unidirectional PIM-SM, there are two possible methods for 125 distributing data packets on the shared tree. These differ in the way 126 packets are forwarded from a source to the RP: 128 o Initially when a source starts transmitting, its first hop router 129 encapsulates data packets in special control messages (Registers) 130 which are unicast to the RP. After reaching the RP the packets are 131 decapsulated and distributed on the shared tree. 133 o A transition from the above distribution mode can be made at a later 134 stage. This is achieved by building source specific state on all 135 routers along the path between the source and the RP. This state is 136 then used to natively forward packets from that source. 138 Both these mechanisms suffer from problems. Encapsulation results in 139 significant processing, bandwidth and delay overheads. Forwarding using 140 source specific state has additional protocol and memory requirements. 142 Bi-directional PIM dispenses with both encapsulation and source state by 143 allowing packets to be natively forwarded from a source to the RP using 144 shared tree state. 146 The protocol specification in this document assumes familiarity with the 147 PIM-SM specification in [4]. Portions of the BIDIR-PIM protocol 148 operation that are identical to that of PIM-SM are only defined by 149 reference. 151 2. Terminology 153 In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", 154 "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and 155 "OPTIONAL" are to be interpreted as described in RFC 2119 and indicate 156 requirement levels for compliant BIDIR-PIM implementations. 158 2.1. Definitions 160 This specification uses a number of terms to refer to the roles of 161 routers participating in BIDIR-PIM. The following terms have special 162 significance for BIDIR-PIM: 164 MRIB Multicast Routing Information Base. This is the multicast 165 topology table, which is typically derived from the unicast 166 routing table, or routing protocols such as MBGP that carry 167 multicast-specific topology information. It is used by PIM for 168 establishing the RPF interface (used in the forwarding rules). In 169 PIM-SM the MRIB is also used to make decisions regarding where to 170 forward Join/Prune messages whereas in BIDIR-PIM it is used as a 171 source for routing metrics for the DF election process. 173 Rendezvous Point Address (RPA): 174 An RPA is an address that has been configured to be used as the 175 root of the distribution tree for a range of multicast groups. The 176 RPA must be routable from all routers in the PIM domain. The RPA 177 does not need to correspond to an address for an interface of a 178 real router. In this respect BIDIR-PIM differs from PIM-SM that 179 requires an actual router to be configured as the Rendezvous Point 180 (RP). Join messages from receivers for a BIDIR-PIM group propagate 181 hop-by-hop towards the RPA. 183 Rendezvous Point Link (RPL): 184 An RPL for a particular RPA is the physical link to which the RPA 185 belongs. In BIDIR-PIM all multicast traffic to groups mapping to a 186 specific RPA is forwarded on the RPL of that RPA. The RPL is 187 special within a BIDIR-PIM domain as it is the only link on which 188 a Designated Forwarder election does not take place (see DF 189 definition below). 191 Upstream 192 Towards the root (RPA) of the tree. The direction used by packets 193 traveling from sources to the RPL. 195 Downstream 196 Away from the root of the tree. The direction on which packets 197 travel from the RPL to receivers. 199 Designated Forwarder (DF): 200 The protocol presented in this document is largely based on the 201 concept of a Designated Forwarder (DF). A single DF exists for 202 each RPA on every link within a BIDIR-PIM domain (this includes 203 both multi-access and point-to-point links). The only exception is 204 the RPL on which no DF exists. The DF is the router on the link 205 with the best route to the RPA (determined by comparing MRIB 206 provided metrics). A DF for a given RPA is in charge of forwarding 207 downstream traffic onto its link, and forwarding upstream traffic 208 from its link towards the RPL. It does this for all the bi- 209 directional groups that map to the RPA. The DF on a link is also 210 responsible processing Join messages from downstream routers on 211 the link as well as ensuring that packets are forwarded to local 212 receivers (discovered through a local membership mechanism such as 213 MLD or IGMP [2]). 215 RPF Interface 216 RPF stands for "Reverse Path Forwarding". The RPF Interface of a 217 router with respect to an address is the interface that the MRIB 218 indicates should be used to forward packets to that address. In 219 the case of a BIDIR-PIM multicast group, the RPF interface is 220 determined by looking up the RPA in the MRIB. The RPF information 221 determines the interface of the router that would be used to send 222 packets towards the RPL for the group. 224 RPF Neighbor 225 The RPF Neighbor of a router with respect to an address is the 226 neighbor that the MRIB indicates should be used to forward packets 227 to that address. Note that in BIDIR-PIM, the RPF neighbor for a 228 group is not necessarily the router on the RPF interface that Join 229 messages for that group would be directed to (Join messages are 230 only directed to the DF on the RPF interface for the group). 232 TIB Tree Information Base. This is the collection of state at a PIM 233 router that has been created by receiving PIM Join/Prune messages, 234 PIM DF election messages and IGMP information from local hosts. 235 It essentially stores the state of all multicast distribution 236 trees at that router. 238 MFIB Multicast Forwarding Information Base. The TIB holds all the 239 state that is necessary to forward multicast packets at a router. 240 However, although this specification defines forwarding in terms 241 of the TIB, to actually forward packets using the TIB is very 242 inefficient. Instead a real router implementation will normally 243 build an efficient MFIB from the TIB state to perform forwarding. 244 How this is done is implementation-specific, and is not discussed 245 in this document. 247 2.2. Pseudocode Notation 249 We use set notation in several places in this specification. 251 A (+) B 252 is the union of two sets A and B. 254 A (-) B 255 is the elements of set A that are not in set B. 257 NULL 258 is the empty set or list. 260 In addition we use C-like syntax: 262 = denotes assignment of a variable. 264 == denotes a comparison for equality. 266 != denotes a comparison for inequality. 268 Braces { and } are used for grouping. 270 3. Protocol Specification 272 The specification of BIDIR-PIM is broken into several parts: 274 o Section 3.1 details the protocol state stored. 276 o Section 3.2 defines the BIDIR-PIM extensions to the PIM-SM [4] 277 neighbour discovery mechanism. 279 o Section 3.3 specifies the data packet forwarding rules. 281 o Section 3.4 specifies the BIDIR-PIM Join/Prune generation and 282 processing rules. 284 o Designated Forwarder (DF) election is specified in Section 3.5. 286 o PIM packet formats are specified in Section 3.7. 288 o A summary of BIDIR-PIM timers and their default values is given in 289 Section 3.6. 291 3.1. BIDIR-PIM Protocol State 293 This section specifies all the protocol state that a BIDIR-PIM 294 implementation should maintain in order to function correctly. We term 295 this state the Tree Information Base or TIB, as it holds the state of 296 all the multicast distribution trees at this router. In this 297 specification we define PIM mechanisms in terms of the TIB. However, 298 only a very simple implementation would actually implement packet 299 forwarding operations in terms of this state. Most implementations will 300 use this state to build a multicast forwarding table, which would then 301 be updated when the relevant state in the TIB changes. 303 Although we specify precisely the state to be kept, this does not mean 304 that an implementation of BIDIR-PIM needs to hold the state in this 305 form. This is actually an abstract state definition, which is needed in 306 order to specify the router's behavior. A BIDIR-PIM implementation is 307 free to hold whatever internal state it requires, and will still be 308 conformant with this specification so long as it results in the same 309 externally visible protocol behavior as an abstract router that holds 310 the following state. 312 We divide TIB state into two sections: 314 RPA state 315 State that maintains the DF election information for each RPA. 317 Group state 318 State that maintains a group-specific tree for groups that map to a 319 given RPA. 321 The state that should be kept is described below. Of course, 322 implementations will only maintain state when it is relevant to 323 forwarding operations - for example, the "NoInfo" state might be assumed 324 from the lack of other state information, rather than being held 325 explicitly. 327 3.1.1. General Purpose State 329 A router holds the following state that is not specific to a RPA or 330 group: 332 Neighbor State: 334 For each neighbor: 336 o Information from neighbor's Hello 338 o Neighbor's Gen ID. 340 o Neighbor liveness timer (NLT) 342 3.1.2. RPA State 344 A router maintains a multicast-group to RPA mapping which is built 345 through static configuration or by using an automatic RP discovery 346 mechanism like BSR or AUTO-RP (see section 4 ). For each BIDIR-PIM RPA a 347 router holds the following state: 349 o RPA (actual address) 351 Designated Forwarder (DF) State: 353 For each router interface: 355 Acting DF information: 357 o DF IP Address 359 o DF metric 361 Election information: 363 o Election State 365 o DF election-Timer (DFT) 367 o Message-Count (MC) 369 Current best offer: 371 o IP address of best offering router 373 o Best offering router metric 375 Designated Forwarder state is described in section 3.5. 377 3.1.3. Group State 379 For every group G a router keeps the following state: 381 Group state: 383 For each interface: 385 Local Membership: 387 o State: One of {"NoInfo", "Include"} 389 PIM Join/Prune State: 391 o State: One of {"NoInfo" (NI), "Join" (J), 392 "PrunePending" (PP)} 394 o Prune Pending Timer (PPT) 396 o Join/Prune Expiry Timer (ET) 398 Not interface specific: 400 o Upstream Join/Prune Timer (JT) 402 o Last RPA Used 404 Local membership is the result of the local membership mechanism (such 405 as IGMP [2]) running on that interface. This information is used by the 406 pim_include(*,G) macro described in section 3.1.4. 408 PIM Join/Prune state is the result of receiving PIM (*,G) Join/Prune 409 messages on this interface, and is specified in section 3.4.1. The state 410 is used by the macros that calculate the outgoing interface list in 411 section 3.1.4, and in the JoinDesired(G) macro (defined in section 412 3.4.2) that is used in deciding whether a Join(*,G) should be sent 413 upstream. 415 The upstream Join/Prune timer is used to send out periodic Join(*,G) 416 messages, and to override Prune(*,G) messages from peers on an upstream 417 LAN interface. 419 The last RPA used must be stored because if the RP Set changes (see [4]) 420 then state must be torn down and rebuilt for groups whose RPA changes. 422 3.1.4. State Summarization Macros 424 Using this state, we define the following "macro" definitions which we 425 will use in the descriptions of the state machines and pseudocode in the 426 following sections. 428 olist(G) = 429 RPF_interface(RPA(G)) (+) joins(G) (+) pim_include(G) 431 RPF_interface(RPA) is the interface the MRIB indicates would be used to 432 route packets to RPA. The olist(G) is the list of interfaces on which 433 packets to group G must be forwarded. 435 The macro pim_include(G) indicates the interfaces to which traffic might 436 be forwarded because of hosts that are local members on that interface. 438 pim_include(G) = 439 { all interfaces I such that: 440 I_am_DF(RPA(G),I) AND local_receiver_include(G,I) } 442 The clause "I_am_DF(RPA,I)" is TRUE if the router is in the Win or 443 Backoff states in the DF election state machine (described in section 444 3.5) for the given RPA on interface I. Otherwise it is FALSE. 446 The clause "local_receiver_include(G,I)" is true if the IGMP module or 447 other local membership mechanism has determined that there are local 448 members on interface I that desire to receive traffic sent to group G. 450 The set "joins(G)" is the set of all interfaces on which the router has 451 received (*,G) Joins: 453 joins(G) = 454 { all interfaces I such that 455 I_am_DF(RPA(G),I) AND 456 DownstreamJPState(G,I) is either Joined or PrunePending } 458 DownstreamJPState(G,I) is the state of the finite state machine in 459 section 3.4.1. 461 RPF_DF(RPA) is the neighbor that Join messages must be sent to in order 462 to build the group shared tree rooted at the RPL for the given RPA. This 463 is the Designated-Forwarder on the RPF_interface(RPA). 465 3.2. PIM Neighbor Discovery 467 PIM routers exchange PIM-Hello messages with their neighboring PIM 468 routers. These messages are used to update the Neighbor State described 469 in section 3.1. The procedures for generating and processing Hello 470 messages as well as maintaining Neighbor State are specified in the PIM- 471 SM [4] documentation. 473 Bidir PIM introduces the Bidir_Capable PIM-Hello option that MUST be 474 included in all Hello messages from a Bidir-PIM capable router. The 475 Bidir_Capable option advertises the router's ability to participate in 476 the Bidir-PIM protocol. The format of the Bidir_Capable option is 477 described in section 3.7. 479 3.3. Data Packet Forwarding Rules 481 For groups mapping to a given RPA, the following responsibilities are 482 uniquely assigned to the DF for that RPA on each link: 484 o The DF is the only router that forwards packets traveling downstream 485 onto the link. 487 o The DF is the only router that picks-up upstream traveling packets off 488 the link to forward towards the RPL. 490 Non-DF routers on a link, that use that link as their RPF interface to 491 reach the RPA, may perform the following forwarding actions for 492 bidirectional groups: 494 o Forward packets from the link towards downstream receivers. 496 o Forward packets from downstream sources onto the link (provided they 497 are the DF for the downstream link from which the packet was picked- 498 up). 500 The BIDIR-PIM packet forwarding rules are defined below in pseudocode. 502 iif is the incoming interface of the packet. 503 G is the destination address of the packet (group address). 504 RPA is the Rendezvous Point Address for this group. 506 First we check to see whether the packet should be accepted based on TIB 507 state and the interface that the packet arrived on. A packet is accepted 508 if it arrives on the RPF_interface to reach the RPA (downstream 509 traveling packet) or if the router is the DF on the interface the packet 510 arrives (upstream traveling packet). 512 If the packet should be forwarded we build an outgoing interface list 513 for the packet. 515 Finally we remove the incoming interface from the outgoing interface 516 list we've created, and if the resulting outgoing interface list is not 517 empty, we forward the packet out of those interfaces. 519 On receipt on a data to G on interface iif: 521 if( iif == RPF_interface(RPA) || I_am_DF(RPA,I) ) { 522 oiflist = olist(G) (-) iif 523 forward packet on all interfaces in oiflist 524 } 526 3.3.1. Upstream Forwarding at RP 528 When configuring a BIDIR-PIM domain it is possible to assign the 529 Rendezvous Point Address (RPA) such that it does not belong to a 530 physical box but instead is simply a routable address. Routers that have 531 interfaces on the RPL that the RPA belongs to will upstrem forward 532 traffic onto the link. Joins from receivers in the domain will propagate 533 hop-by-hop till they reach one of the routers connected to the RPL where 534 they will terminate (as there will be no DF elected on the RPL). 536 If instead the administrator chooses to configure the RPA to be the 537 addres of an interface of a specific router then nothing changes. That 538 router must still upstream forward traffic on to the RPL and behave no 539 differently than any other router with an interface on the RPL. 541 To configure a BIDIR-PIM network to operate in a mode similar to that of 542 PIM-SM where a single router (the RP) is acting as the root of the 543 distribution tree, the RPA address can be configured to be the loopback 544 interface of a router. 546 3.3.2. Source-Only Branches 548 Source-only branches of the distribution tree for a group G are branches 549 which do not lead to any receivers, but which are used to forward 550 packets traveling upstream from sources towards the RPL. Routers along 551 source-only branches only have the RPF_interface to the RPA in their 552 olist for G and hence do not need to maintain any group specific state. 553 Upstream forwarding can be performed using only RPA specific state. An 554 implementation may decide to maintain group state for source-only 555 branches for accounting or performance reasons. 557 3.3.3. Directly Connected Sources 559 A major advantage of using a Designated Forwarder in BIDIR-PIM compared 560 to PIM-SM is that special treatment is no longer required for sources 561 that are directly connected to a router. Data from such sources does not 562 need to be differentiated from other multicast traffic and will 563 automatically be picked up by the DF and forwarded upstream. This 564 removes the need for performing a directly-connected-source check for 565 data to groups that do not have existing state. 567 3.4. PIM Join/Prune Messages 569 BIDIR-PIM Join/Prune messages are used to construct group specific 570 distribution trees between receivers and the RPL. Joins are originated 571 by last-hop routers that are elected as the DF on an interface with 572 directly connected receivers. The Joins propagate hop-by-hop towards the 573 RPA till they reach a router connected to the RPL. 575 A BIDIR-PIM Join/Prune message consists of a list of Joined and Pruned 576 Groups. When processing a received Join/Prune message, each Joined or 577 Pruned Group is effectively considered individually by applying the 578 following state machines. When considering a Join/Prune message whose 579 PIM Destination field addresses this router, (*,G) Joins and Prunes can 580 affect the downstream state machine. When considering a Join/Prune 581 message whose PIM Destination field addresses another router, most Join 582 or Prune entries could affect the upstream state machine. 584 3.4.1. Receiving (*,G) Join/Prune Messages 586 When a router receives a Join(*,G) or Prune(*,G) it must first check to 587 see whether the RP address in the message matches RPA(G) (the router's 588 idea of what the Rendezvous Point Address is). If the RP address in the 589 message does not match RPA(G) the Join or Prune MUST be silently 590 dropped. 592 The per-interface state-machine for receiving (*,G) Join/Prune Messages 593 is given below. There are three states: 595 NoInfo (NI) 596 The interface has no (*,G) Join state and no timers running. 598 Join (J) 599 The interface has (*,G) Join state. If the router is the DF on 600 this interface (I_am_DF(RPA(G),I) is TRUE), the Join state 601 will cause us to forward packets destined for G on this 602 interface. 604 PrunePending (PP) 605 The router has received a Prune(*,G) on this interface from a 606 downstream neighbor and is waiting to see whether the prune 607 will be overridden by another downstream router. For 608 forwarding purposes, the PrunePending state functions exactly 609 like the Join state. 611 In addition the state-machine uses two timers: 613 ExpiryTimer (ET) 614 This timer is restarted when a valid Join(*,G) is received. 615 Expiry of the ExpiryTimer causes the interface state to revert 616 to NoInfo for this group. 618 PrunePendingTimer (PPT) 619 This timer is set when a valid Prune(*,G) is received. Expiry 620 of the PrunePendingTimer causes the interface state to revert 621 to NoInfo for this group. 623 +-----------------------------------+ 624 | Figures omitted from text version | 625 +-----------------------------------+ 627 Figure 1: Downstream group per-interface state-machine 629 In tabular form, the group per-interface state-machine is: 631 +----------+------------------------------------------------------------+ 632 | | Event | 633 | +----------+------------+-----------+------------+-----------+ 634 Prev State |Receive |Receive |Prune |Expiry Stop Being | 635 | |Join(*,G) |Prune(*,G) |Pending |Timer DF on I | 636 | | | |Timer |Expires | | 637 | | | |Expires | | | 638 +----------+----------+------------+-----------+------------+-----------+ 639 | |-> J state|- |- |- + | 640 NoInfo |start | | | | | 641 (NI) |Expiry | | | | | 642 | |Timer | | | | | 643 +----------+----------+------------+-----------+------------+-----------+ 644 | |-> J state|-> PP state |- |-> NI state +> NI state | 645 Join (J) |restart |start Prune | | | | 646 | |Expiry |Pending | | | | 647 | |Timer |Timer | | | | 648 +----------+----------+------------+-----------+------------+-----------+ 649 | |-> J state|-> PP state |-> NI state|-> NI state +> NI state | 650 | |restart | |Send Prune-| | | 651 Prune |Expiry | |Echo(*,G) | | | 652 Pending |Timer; | | | | | 653 (PP) |stop Prune| | | | | 654 | |Pending | | | | | 655 | |Timer | | | | | 656 +----------+----------+------------+-----------+------------+-----------+ 658 The transition events "Receive Join(*,G)" and "Receive Prune(*,G)" imply 659 receiving a Join or Prune targeted to this router's address on the 660 received interface. If the destination address is not correct, these 661 state transitions in this state machine must not occur, although seeing 662 such a packet may cause state transitions in other state machines. 664 On unnumbered interfaces on point-to-point links, the router's address 665 should be the same as the source address it chose for the hello packet 666 it sent over that interface. However on point-to-point links we also 667 recommend that PIM messages with a 0.0.0.0 destination address are also 668 accepted. 670 The transition event "Stop being DF" implies a DF re-election taking 671 place on this router interface for RPA(G) and the router changing status 672 from being the active DF to being a non-DF router (the value of the 673 I_am_DF macro changing to FALSE). 675 When ExpiryTimer is started or restarted, it is set to the HoldTime from 676 the triggering received Join/Prune message. 678 When PrunePendingTimer is started, it is set to the 679 J/P_Override_Interval if the router has more than one neighbor on that 680 interface; otherwise it is set to zero causing it to expire immediately. 682 The action "Send PruneEcho(*,G)" is triggered when the router stops 683 forwarding on an interface as a result of a prune. A PruneEcho(*,G) is 684 simply a Prune(*,G) message sent by the upstream router to itself on a 685 LAN. Its purpose is to add additional reliability so that if a Prune 686 that should have been overridden by another router is lost locally on 687 the LAN, then the PruneEcho may be received and cause the override to 688 happen. A PruneEcho(*,G) need not be sent when the router has only one 689 neighbour on the link. 691 3.4.2. Sending Join/Prune Messages 693 The downstream per-interface state-machines described above hold join 694 state from downstream PIM routers. This state then determines whether a 695 router needs to propagate a Join(*,G) upstream towards the RPA. Such 696 Join(*,G) messages are sent on the RPF_interface towards the RPA and are 697 targeted at the DF on that interface. 699 If a router wishes to propagate a Join(*,G) upstream, it must also watch 700 for messages on its upstream interface from other routers on that 701 subnet, and these may modify its behavior. If it sees a Join(*,G) to 702 the correct upstream neighbor, it should suppress its own Join(*,G). If 703 it sees a Prune(*,G) to the correct upstream neighbor, it should be 704 prepared to override that prune by sending a Join(*,G) almost 705 immediately. Finally, if it sees the Generation ID (see PIM-SM 706 specification [4]) of the correct upstream neighbor change, it knows 707 that the upstream neighbor has lost state, and it should be prepared to 708 refresh the state by sending a Join(*,G) almost immediately. 710 In addition changes in the next hop towards the RPA trigger a prune off 711 from the old next hop, and join towards the new next hop. Such a change 712 can be caused by the following two events: 714 o The MRIB indicates that the RPF Interface towards the RPA has 715 changed. In this case the DF on the new RPF_interface becomes 716 the new RPF Neighbour. 718 o There is a DF re-election on the RPF_interface and a new router 719 emerges as the DF. 721 The upstream (*,G) state-machine only contains two states: 723 Not Joined 724 The downstream state-machines indicate that the router does not 725 need to join the RPA tree for this group. 727 Joined 728 The downstream state-machines indicate that the router would like 729 to join the RPA tree for this group. 731 In addition, one timer JT(G) is kept which is used to trigger the 732 sending of a Join(*,G) to the upstream next hop towards the RPA (the DF 733 on the RPF_interface for RPA(G)). 735 +-----------------------------------+ 736 | Figures omitted from text version | 737 +-----------------------------------+ 739 Figure 2: Upstream group state-machine 741 In tabular form, the state machine is: 743 +----------------------+------------------------------------------------+ 744 | | Event | 745 | Prev State +------------------------+-----------------------+ 746 | | JoinDesired(G) | JoinDesired(G) | 747 | | ->True | ->False | 748 +----------------------+------------------------+-----------------------+ 749 | | -> J state | - | 750 | NotJoined (NJ) | Send Join(*,G); | | 751 | | Set Timer to | | 752 | | t_periodic | | 753 +----------------------+------------------------+-----------------------+ 754 | Joined (J) | - | -> NJ state | 755 | | | Send Prune(*,G) | 756 +----------------------+------------------------+-----------------------+ 758 In addition, we have the following transitions which occur within the 759 Joined state: 761 +-----------------------------------------------------------------------+ 762 | In Joined (J) State | 763 +-----------------+-----------------+-----------------+-----------------+ 764 |Timer Expires | See Join(*,G) | See Prune(*,G) | RPF_DF(RPA(G)) | 765 | | to | to | changes | 766 | | RPF_DF(RPA(G)) | RPF_DF(RPA(G)) | | 767 +-----------------+-----------------+-----------------+-----------------+ 768 |Send | Increase Timer | Decrease Timer | Decrease Timer | 769 |Join(*,G); Set | to | to t_override | to t_override | 770 |Timer to | t_suppressed | | | 771 |t_periodic | | | | 772 +-----------------+-----------------+-----------------+-----------------+ 774 +-----------------------------------------------------------------------+ 775 | In Joined (J) State | 776 +-------------------------------------+---------------------------------+ 777 | Change of RPF_DF(RPA(G)) | RPF_DF(RPA(G)) GenID | 778 | | changes | 779 +-------------------------------------+---------------------------------+ 780 | Send Join(*,G) to new | Decrease Timer to | 781 | DF; Send Prune(*,G) to | t_override | 782 | old DF; set Timer to | | 783 | t_periodic | | 784 +-------------------------------------+---------------------------------+ 785 This state machine uses the following macro: 787 bool JoinDesired(G) { 788 if (olist(G) (-) RPF_interface(RPA(G))) != NULL 789 return TRUE 790 else 791 return FALSE 792 } 794 3.5. Designated Forwarder (DF) Election 796 This section presents a fail-safe mechanism for electing a per-RPA 797 designated router on each link in a BIDIR-PIM domain. We call this 798 router the Designated Forwarder (DF). The DF election does not take 799 place on the RPL for a RPA. 801 3.5.1. DF Requirements 803 The DF election chooses the best router on a link to assume the 804 responsibility of forwarding traffic between the RPL and the link for 805 the range of multicast groups served by the RPA. Different multicast 806 groups that share a common RPA must use the same bi-directional tree for 807 data forwarding. Hence, the election of an upstream forwarder on each 808 link does not have to be a group specific decision but instead can be 809 RPA-specific. As the number of RPAs is typically small, the number of 810 elections that have to be performed is significantly reduced by this 811 observation. 813 To optimise tree creation, it is desirable that the winner of the 814 election process should be the router on the link with the "best" 815 unicast routing metric to reach the RPA (as reported by the MRIB). When 816 comparing metrics from different unicast routing protocols, we use the 817 same comparison rules used by the PIM-SM assert process [4]. 819 The election process needs to take place when information on a new RPA 820 initially becomes available. The result can be re-used as new bidir 821 groups that map to the same RPA are encountered. There are however some 822 conditions under which an update to the election is required: 824 o There is a change in unicast metric to reach the RPA for any of 825 the routers on the link. 827 o The interface on which the RPA is reachable (RPF Interface) 828 changes to an interface for which the router was previously the 829 DF. 831 o A new PIM neighbor starts up on a link that must participate in 832 the elections and be informed of current outcome. 834 o The elected DF dies (detected through neighbor information 835 timeout or MRIB RPF change at downstream router). 837 The election process has to be robust enough to ensure with very high 838 probability that all routers on the link have a consistent view of the 839 DF. This is because with the forwarding rules described in section 3.3 840 if multiple routers end-up thinking that they should be responsible for 841 forwarding, loops may result. To reduce the possibility of this 842 occurrence to a minimum, the election algorithm has been biased towards 843 discarding DF information and suspending forwarding during periods of 844 ambiguity. 846 3.5.2. DF Election description 848 This section gives an outline of the DF election process. It does not 849 provide the definitive specification for the DF election. If any 850 discrepancy exists between section 3.5.3 and this section, the 851 specification in section 3.5.3 is to be assumed correct. 853 To perform the election of the DF for a particular RPA, routers on a 854 link need to exchange their unicast routing metric information for 855 reaching the RPA. Routers advertise their own metrics in Offer, Winner, 856 Backoff and Pass messages. The advertised metric is calculated using the 857 RPF Interface and metric to reach the RPA available through the MRIB. 858 When a router is paricipating in a DF election for an RPA on the 859 interface that its MRIB indicates as the RPF Interface then that router 860 MUST always advertise an infinite metric in its election messages. When 861 a router is participating in a DF election on an interface other than 862 the MRIB indicated RPF Interface then it MUST advertise the MRIB 863 provided metrics in its election messages. 865 In the election protocol described below, many message exchanges are 866 repeated Election_Robustness times for reliability. In all those cases 867 the message retransmissions are spaced in time by a small random 868 interval. All of the following description is specific to the election 869 on a single link for a single RPA. 871 3.5.2.1. Bootstrap Election 873 Initially when no DF has been elected, routers finding out about a new 874 RPA start participating in the election by sending Offer messages. 875 Offer messages include the router's metric to reach the RPA. Offers are 876 periodically retransmitted with a period of Offer_Interval. 878 If a router hears a better offer than its own from a neighbor, it stops 879 participating in the election for a period of Election_Robustness * 880 Offer_Interval thus giving a chance to the neighbour with the better 881 metric to be elected DF. If during this period no winner is elected, the 882 router restarts the election from the beginning. If at any point during 883 the initial election a router receives an out of order offer with worse 884 metrics than its own, then it restarts the election from the beginning. 886 The result should be that all routers except the best candidate stop 887 advertising their offers. 889 A router assumes the role of the DF after having advertised its metrics 890 Election_Robustness times without receiving any offer from any other 891 neighbor. At that point it transmits a Winner message which declares to 892 every other router on the link the identity of the winner and the 893 metrics it is using. 895 Routers hearing a winner message stop participating in the election and 896 record the identity and metrics of the winner. If the local metrics are 897 better than those of the winner then the router records the identity of 898 the winner (accepting it as the acting DF) but reinitiates the election 899 to try and take over. 901 3.5.2.2. Loser Metric Changes 903 Whenever the unicast metric to a RPA changes at a non-DF router to a 904 value that is better than that previously advertised by the acting DF, 905 the router with the new better metric should take action to eventually 906 assume forwarding responsibility. When the metric change is detected, 907 the non-DF router with the now better metric restarts the DF election 908 process by sending Offer messages with this new metric. Note that at 909 any point during an election if no response is received after 910 Election_Robustness retransmissions of an offer, a router assumes the 911 role of the DF following the usual Winner announcement procedure. 913 Upon receipt of an offer that is worse than its current metric, the DF 914 will respond with a Winner message declaring its status and advertising 915 its better metric. Upon receiving the Winner message, the originator of 916 the Offer records the identity of the DF and aborts the election. 918 Upon receipt of an offer that is better than its current metric, the DF 919 records the identity and metrics of the offering router and responds 920 with a Backoff message. This instructs the offering router to hold off 921 for a short period of time while the unicast routing stabilises and 922 other routers get a chance to put in their offers. The Backoff message 923 includes the offering router's new metric and address. All routers on 924 the link who have pending offers with metrics worse than those in the 925 backoff message (including the original offering router) will hold 926 further offers for a period of time defined in the Backoff message. 928 If during the Backoff_Period, a third router sends a new better offer, 929 the Backoff message is repeated for the new offer and the Backoff_Period 930 restarted. 932 Before the Backoff_Period expires, the acting DF nominates the router 933 having made the best offer as the new DF using a Pass message. This 934 message includes the IDs and metrics of both the old and new DFs. The 935 old DF stops performing its tasks at the time the Pass message 936 transmission is made. The new DF assumes the role of the DF as soon as 937 it receives the Pass message. All other routers on the link take note of 938 the new DF and its metric. Note that this event constitutes an RPF 939 Neighbour change which may trigger Join messags to the new DF (see 940 section 3.4). 942 3.5.2.3. Winner Metric Changes 944 If the DF's routing metric to reach the RPA changes to a worse value, it 945 sends a set of Election_Robustness randomly spaced Winner messages on 946 the link, advertising the new metric. Routers who receive this 947 announcement but have a better metric may respond with an Offer message 948 which results in the same handoff procedure described above. All 949 routers assume the DF has not changed until they see a Pass or Winner 950 message indicating the change. 952 There is no pressure to make this handoff quickly if the acting DF still 953 has a path to the RPL. The old path may now be suboptimal but it will 954 still work while the re-election is in progress. 956 If the routing metric at the DF changes to a better value, a single 957 Winner message is sent advertising the new metric. 959 3.5.2.4. Winner Loses Path 961 If a router's RPF Interface to the RPA switches to be on a link for 962 which it is acting as the DF, then it can no longer provide forwarding 963 services for that link. It therefore immediately stops being the DF and 964 restarts the election. As its path to the RPA is through the link, an 965 infinite metric is used in the Offer message it sends. 967 Note: At this stage the old DF will have a hint at a possible RPF 968 neighbor on the link indicated by the new MRIB next-hop. The old DF 969 could use this next-hop hint in a Pass message but this adds unnecessary 970 complication to the election process. 972 3.5.2.5. Late Router Starting Up 974 A late router starting up after the DF election process has completed 975 will have no immediate knowledge of the election outcome. As a result, 976 it will start advertising its metric in Offer messages. As soon as this 977 happens, the currently elected DF will respond with a Winner message if 978 its metric is better than the metric in the Offer message, or with a 979 Backoff message if its metric worse than the metric in the Offer 980 message. 982 3.5.2.6. Winner Dies 984 Whenever the DF dies, a new DF has to be elected. The speed at which 985 this can be achieved depends on whether there are any downstream routers 986 on the link. 988 If there are downstream routers, typically their MRIB reported next-hop 989 before the DF dies will be the DF itself. They will therefore notice 990 either a change in the metric for the route to the RPA or a change in 991 next-hop away from the DF and can restart the election by transmitting 992 Offer messages. If according to the MRIB the RPA is now reachable 993 through the same link via another upstream router, an infinite metric 994 will be used in the Offer. 996 If no downstream routers are present, the only way for other upstream 997 routers to detect a DF failure is by the timeout of the PIM neighbor 998 information, which will take significantly longer. 1000 3.5.3. Election Protocol Specification 1002 This section provides the definitive specification for the DF election 1003 process. If any discrepancy exists between section 3.5.2 and this 1004 section, the specification in this section is to be assumed correct. 1006 3.5.3.1. Election State 1008 The DF election state is maintained per RPA for each multicast enabled 1009 interface I on the router as introduced in section 3.1. 1011 The state machine has the following four states: 1013 Offer 1014 Initial election state. When in the Offer state a router 1015 thinks it can eventually become the winner and periodically 1016 generates Offer messages. 1018 Lose In this state the router knows that there either is a 1019 different election winner or that no router on the link has a 1020 path to the RP. 1022 Winner 1023 The router is the acting DF without any contest. 1025 Backoff 1026 The router is the acting DF but another router has made a bid 1027 to take over. 1029 In the state machine a router is considered to be an acting DF if it is 1030 in the Win or Backoff states. 1032 The operation of the election protocol makes use of the variables and 1033 timers described below: 1035 Acting DF information 1036 Used to store the election winner who is the currently acting 1037 DF. 1039 DF election-Timer (DFT) 1040 Used to schedule transmission of Offer, Winner and Pass 1041 messages. 1043 Message-Count (MC) 1044 Used to maintain the number of times an Offer or Winner 1045 message has been transmitted. 1047 Best-Offer 1048 Used by the DF to record who has made the last offer for 1049 sending the Pass message. 1051 3.5.3.2. Election Messages 1053 The election process uses the following PIM control messages the packet 1054 format of which is described in section 3.7: 1056 Offer (OfferingID, Metric) 1057 Sent by routers that believe they have a better metric to the 1058 RPA than the metric that has been on offer so far. 1060 Winner (DF-ID, DF-Metric) 1061 Sent by a router when assuming the role of the DF or when re- 1062 asserting in response to worse offers. 1064 Backoff (DF-ID, DF-Metric, OfferingID, OfferMetric, 1065 BackoffInterval) 1066 Used by the DF to acknowledge better offers. It instructs 1067 other routers with equal or worse offers to wait till the DF 1068 passes responsibility to the sender of the offer. 1070 Pass (Old-DF-ID, Old-DF-Metric, New-DF-ID, New-DF-Metric) 1071 Used by the old DF to pass forwarding responsibility to a 1072 router that has previously made an offer. The Old-DF-Metric 1073 is the current metric of the DF at the time the pass is sent. 1075 Note that when a router is paricipating in a DF election for an RPA on 1076 the interface that its MRIB indicates as the RPF Interface then that 1077 router MUST always advertise an infinite metric in its election 1078 messages. When a router is participating in a DF election on an 1079 interface other than the MRIB indicated RPF Interface then it MUST 1080 advertise the MRIB provided metrics in its election messages. 1082 3.5.3.3. Election Events 1084 During protocol operation the following events can take place: 1086 Control message reception 1087 Reception of one of the four control DF election messages 1088 (Offer, Winner, Backoff and Pass). When a control message is 1089 received and actions are specified on a condition that metrics 1090 are Better or Worse the comparison must be performed as 1091 follows: 1093 o On receipt of an Offer or Winner message compare our current 1094 metrics for the RPA with the metrics advertised for the 1095 sender of the message. 1097 o On receipt of a Backoff or Pass message compare our current 1098 metrics for the RPA with the metrics advertised for the 1099 target of the message. 1101 Path to RPA lost 1102 Losing the path to the RPA can happen in two ways. The first 1103 happens when the route learned through the MRIB is withdrawn 1104 and the MRIB no longer reports an available route to reach the 1105 RPA. The second case happens when the next-hop information 1106 reported by the MRIB changes to indicate a next-hop that is 1107 reachable through the router interface for which the DF 1108 election is taking place. Clearly as the router is using the 1109 interface as its RPF Interface it cannot offer forwarding 1110 services towards the RPL to other routers on that link. 1112 Metric reported by the MRIB to reach the RPA changes 1113 This event is triggered when the MRIB supplied information for 1114 the RPA changes and the new information provides a path to the 1115 RPA. If the new MRIB information either reports no route or 1116 reports a next-hop interface through the interface for which 1117 the DF election is taking place then the "Path to RPA lost" 1118 event triggers instead. In specific states the event may be 1119 further filtered by specifying whether it is expected of the 1120 metric to become better or worse and which stored metric the 1121 new MRIB information must be compared against. The new 1122 information must be compared with either the router's old 1123 metric, the stored DF metric or the stored Best Offer metric. 1125 Election-Timer (DFT) Expiration 1126 Expiration of the DFT election timer can cause message 1127 transmission and state transitions. The event might be further 1128 qualified by specifying the value of the Message Count (MC) as 1129 well as the current existence of a path to the RPA (as defined 1130 above). 1132 Detection of DF failure 1133 Detection of DF failure can occur through the timeout of PIM 1134 neighbor state. 1136 3.5.3.4. Election Actions 1138 The DF election state machine action descriptions use the following 1139 notation in addition to the pseudocode notation described earlier in 1140 this spec. 1142 ?= denotes the operation of lowering a timer to a new value. If 1143 the timer is not running then it is started using the new 1144 value. If the timer is running with an expiration lower than 1145 the new value, then the timer is not altered. 1147 When an action of "set DF to Sender or Target" is encountered during 1148 receipt of a Winner, Pass or Backoff message it means the following: 1150 o On receipt of a Winner message set the DF to be the originator of 1151 the message and record its metrics. 1153 o On receipt of a Pass message set the DF to be the target of the 1154 message and record its metrics. 1156 o On receipt of a Backoff message set the DF to be the originator 1157 of the message and record its metrics. 1159 3.5.3.5. Election State Transitions 1161 When a Designated Forwarder election is initiated the starting state is 1162 the Offer state, the message counter (MC) is set to zero and the DF 1163 election Timer (DFT) is set to OPlow (see section 3.6 for a definition 1164 of timer values). 1166 +-----------------------------------+ 1167 | Figures omitted from text version | 1168 +-----------------------------------+ 1170 Figure 3: Designated Forwarder election state-machine 1172 In tabular form, the state machine is: 1174 +-------------++--------------------------------------------------------+ 1175 | || Event | 1176 | Prev State ++------------------+------------------+------------------+ 1177 | || Recv better | Recv better | Recv better | 1178 | || Pass / Win | Backoff | Offer | 1179 +-------------++------------------+------------------+------------------+ 1180 | || -> Lose | - | - | 1181 | Offer || DF = Sender or | DFT = BOperiod | DFT = OPhigh; | 1182 | || Target; Stop | + OPlow; MC = | MC = 0 | 1183 | || DFT | 0 | | 1184 +-------------++------------------+------------------+------------------+ 1185 | || - | - | -> Offer | 1186 | Lose || DF = Sender or | DF = Sender | DFT = OPhigh; | 1187 | || Target | | MC = 0 | 1188 +-------------++------------------+------------------+------------------+ 1189 | || -> Lose | -> Lose | -> Backoff | 1190 | || DF = Sender or | DF = Sender; | Set Best to | 1191 | Win || Target; Stop | Stop DFT | Sender; Send | 1192 | || DFT | | Backoff; DFT = | 1193 | || | | BOperiod | 1194 +-------------++------------------+------------------+------------------+ 1195 | || -> Lose | -> Lose | - | 1196 | || DF = Sender or | DF = Sender; | Set Best to | 1197 | Backoff || Target; Stop | Stop DFT | Sender; Send | 1198 | || DFT | | Backoff; DFT = | 1199 | || | | BOperiod | 1200 +-------------++------------------+------------------+------------------+ 1201 +-----------++----------------------------------------------------------+ 1202 | || Event | 1203 | ++-------------+--------------+--------------+--------------+ 1204 |Prev State ||Recv Backoff | Recv Pass | Recv Worse | Recv worse | 1205 | ||for us | for us | Pass / Win / | Offer | 1206 | || | | Backoff | | 1207 +-----------++-------------+--------------+--------------+--------------+ 1208 | ||- | -> Win | - | - | 1209 | ||DFT = | Stop DFT | Set DF to | DFT ?= | 1210 |Offer ||BOperiod + | | Sender or | OPlow; MC = | 1211 | ||OPlow; MC = | | Target; DFT | 0 | 1212 | ||0 | | ?= OPlow; MC | | 1213 | || | | = 0 | | 1214 +-----------++-------------+--------------+--------------+--------------+ 1215 | ||-> Offer | -> Offer | -> Offer | -> Offer | 1216 | ||DF = Sender; | DF = Sender; | DF = Sender | DFT = OPlow; | 1217 |Lose ||DFT = OPlow; | DFT = OPlow; | or Target; | MC = 0 | 1218 | ||MC = 0 | MC = 0 | DFT = OPlow; | | 1219 | || | | MC = 0 | | 1220 +-----------++-------------+--------------+--------------+--------------+ 1221 | ||-> Offer | -> Offer | -> Offer | - | 1222 | ||DF = Sender; | DF = Sender; | DF = Sender | Send Winner | 1223 |Win ||DFT = OPlow; | DFT = OPlow; | or Target; | | 1224 | ||MC = 0 | MC = 0 | DFT = OPlow; | | 1225 | || | | MC = 0 | | 1226 +-----------++-------------+--------------+--------------+--------------+ 1227 | ||-> Offer | -> Offer | -> Offer | -> Win | 1228 | ||DF = Sender; | DF = Sender; | DF = Sender | Send Winner; | 1229 |Backoff ||DFT = OPlow; | DFT = OPlow; | or Target; | Stop DFT | 1230 | ||MC = 0 | MC = 0 | DFT = OPlow; | | 1231 | || | | MC = 0 | | 1232 +-----------++-------------+--------------+--------------+--------------+ 1234 +-----------------------------------------------------------------------+ 1235 | In Offer State | 1236 +-----------------------+-----------------------+-----------------------+ 1237 | DFT Expires and MC | DFT Expires and MC | DFT Expires and MC | 1238 | is less than | is equal to | is equal to | 1239 | Robustness | Robustness and we | Robustness and | 1240 | | have path to RPA | there is no path | 1241 | | | to RPA | 1242 +-----------------------+-----------------------+-----------------------+ 1243 | - | -> Win | -> Lose | 1244 | Send Offer; DFT = | Send Winner | Set DF to None | 1245 | OPlow; MC = MC + 1 | | | 1246 +-----------------------+-----------------------+-----------------------+ 1247 +-----------------------------------------------------------------------+ 1248 | In Offer State | 1249 +-----------------------------------------------------------------------+ 1250 | Metric changes and is now worse | 1251 +-----------------------------------------------------------------------+ 1252 | DFT ?= OPlow | 1253 | OC = 0 | 1254 +-----------------------------------------------------------------------+ 1256 +-----------------------------------------------------------------------+ 1257 | In Lose State | 1258 +--------------------------------+--------------------------------------+ 1259 | Detect DF Failure | Metric changes and now | 1260 | | is better than DF | 1261 +--------------------------------+--------------------------------------+ 1262 | -> Offer | -> Offer | 1263 | DF = None; DFT = | DFT = OPlow_int; MC = 0 | 1264 | OPlow_int; MC = 0 | | 1265 +--------------------------------+--------------------------------------+ 1267 +-----------------------------------------------------------------------+ 1268 | In Win State | 1269 +-----------------------+------------------------+----------------------+ 1270 | Metric changes and | Timer Expires and | Path to RPA lost | 1271 | is now worse | MC is less than | | 1272 | | Robustness | | 1273 +-----------------------+------------------------+----------------------+ 1274 | - | - | -> Offer | 1275 | DFT = OPlow; MC = | Send Winner; DFT = | Set DF to None; | 1276 | 0 | OPlow; MC = MC + 1 | DFT = OPlow; MC = | 1277 | | | 0 | 1278 +-----------------------+------------------------+----------------------+ 1280 +-----------------------------------------------------------------------+ 1281 | In Backoff State | 1282 +-----------------------+------------------------+----------------------+ 1283 | Metric changes and | Timer Expires | Path to RPA lost | 1284 | is now better than | | | 1285 | Best | | | 1286 +-----------------------+------------------------+----------------------+ 1287 | -> Win | -> Lose | -> Offer | 1288 | Stop Timer | Send Pass; Set DF | Set DF to None; | 1289 | | to stored Best | DFT = OPlow; MC = | 1290 | | | 0 | 1291 +-----------------------+------------------------+----------------------+ 1292 3.5.4. Election Reliability Enhancements 1294 For the correct operation of BIDIR-PIM it is very important to avoid 1295 situations where two routers consider themselves to be Designated 1296 Forwarders for the same link. The two precautions below are not required 1297 for correct operation but can help diagnose anomalies and correct them. 1299 3.5.5. Missing Pass 1301 After a DF has been elected, a router whose metrics change to become 1302 better than the DF will attempt to take over. If during the re-election 1303 the acting DF has a condition that causes it to lose all of the election 1304 messages (like a CPU overload), the new candidate will transmit three 1305 offers and assume the role of the forwarder resulting in two DFs on the 1306 link. This situation is pathological and should be corrected by fixing 1307 the overloaded router. It is desirable that such an event can be 1308 detected by a network administrator. 1310 When a router becomes the DF for a link without receiving a Pass message 1311 from the known old DF, the PIM neighbor information for the old DF can 1312 be marked to this effect. Upon receiving the next PIM Hello message from 1313 the old DF, the router can retransmit Winner messages for all the RPAs 1314 for which it acting as the DF. The anomaly may also be logged by the 1315 router in a rate-limited manner to alert the operator. 1317 3.5.6. Periodic Winner Announcement 1319 An additional degree of safety can be achieved by having the DF for each 1320 RPA periodically announce its status in a Winner message. Transmission 1321 of the periodic Winner message can be restricted to occur only for RPAs 1322 which have active groups, thus avoiding the periodic control traffic in 1323 areas of the network without senders or receivers for a particular RPA. 1325 3.6. Timers Counters and Constants 1327 BIDIR-PIM maintains the following timers, as discussed in section 3.1. 1328 All timers are countdown timers - they are set to a value and count down 1329 to zero, at which point they typically trigger an action. Of course 1330 they can just as easily be implemented as count-up timers, where the 1331 absolute expiry time is stored and compared against a real-time clock, 1332 but the language in this specification assumes that they count downwards 1333 to zero. 1335 Per Rendezvous-Point Address (RPA): 1337 Per interface (I): 1339 DF Election Timer: DFT(RPA,I) 1341 Per Group (G): 1343 Upstream Join Timer: JT(G) 1345 Per interface (I): 1347 Join Expiry Timer: ET(G,I) 1349 PrunePending Timer: PPT(G,I) 1351 When timers are started or restarted, they are set to default values. 1352 This section summarizes those default values. 1354 Timer Name: DF Election Timer (DFT) 1356 +--------------------+-------------------------+------------------------+ 1357 | Value Name | Value | Explanation | 1358 +--------------------+-------------------------+------------------------+ 1359 | Offer_Period | 100 ms | Interval to wait | 1360 | | | between repeated | 1361 | | | Offer and Winner | 1362 | | | messages. | 1363 +--------------------+-------------------------+------------------------+ 1364 | Backoff_Period | 1 sec | Period that acting | 1365 | | | DF waits between | 1366 | | | receiving a better | 1367 | | | Offer and sending | 1368 | | | the Pass message | 1369 | | | to transfer DF | 1370 | | | responsibility. | 1371 +--------------------+-------------------------+------------------------+ 1372 | OPLow | rand(0.5, 1) * | Range of actual | 1373 | | Offer_Period | randomised value | 1374 | | | used between | 1375 | | | repeated messages. | 1376 +--------------------+-------------------------+------------------------+ 1377 | OPHigh | Election_Robustness | Interval to wait | 1378 | | * Offer_Period | in order to give a | 1379 | | | chance to a router | 1380 | | | with a better | 1381 | | | Offer to become | 1382 | | | the DF. | 1383 +--------------------+-------------------------+------------------------+ 1385 Timer Names: Join Expiry Timer (ET(G,I)) 1387 +----------------+----------------+-------------------------------------+ 1388 | Value Name | Value | Explanation | 1389 +----------------+----------------+-------------------------------------+ 1390 | J/P HoldTime | from message | Hold Time from Join/Prune Message | 1391 +----------------+----------------+-------------------------------------+ 1392 Timer Names: Prune Pending Timer (PPT(G,I)) 1394 +--------------------------+--------------------+-----------------------+ 1395 | Value Name | Value | Explanation | 1396 +--------------------------+--------------------+-----------------------+ 1397 | J/P Override Interval | Default: 3 secs | Short period after | 1398 | | | a join or prune to | 1399 | | | allow other | 1400 | | | routers on the LAN | 1401 | | | to override the | 1402 | | | join or prune | 1403 +--------------------------+--------------------+-----------------------+ 1405 Note that the value of the J/P Override Interval is interface specific 1406 and depends on both the Propagation_Delay and the Override_Interval 1407 values that may change when Hello messages are received [4]. 1409 Timer Names: Upstream Join Timer (JT(G)) 1411 +-------------+--------------------+------------------------------------+ 1412 |Value Name |Value |Explanation | 1413 +-------------+--------------------+------------------------------------+ 1414 |t_periodic |Default: 60 secs |Period between Join/Prune Messages | 1415 +-------------+--------------------+------------------------------------+ 1416 |t_suppressed |rand(1.1 * |Suppression period when someone | 1417 | |t_periodic, 1.4 * |else sends a J/P message so we | 1418 | |t_periodic) |don't need to do so. | 1419 +-------------+--------------------+------------------------------------+ 1420 |t_override |rand(0, 0.9 * J/P |Randomized delay to prevent | 1421 | |Override Interval) |response implosion when sending a | 1422 | | |join message to override someone | 1423 | | |else's prune message. | 1424 +-------------+--------------------+------------------------------------+ 1426 For more information about these values refer to the PIM-SM [4] 1427 documentation. 1429 Constant Name: DF Election Robustness 1431 +--------------------------+-------------------+------------------------+ 1432 | Constant Name | Value | Explanation | 1433 +--------------------------+-------------------+------------------------+ 1434 | Election_Robustness | Default: 3 | Minimum number of | 1435 | | | election messages | 1436 | | | that must be lost | 1437 | | | in order for | 1438 | | | election to fail. | 1439 +--------------------------+-------------------+------------------------+ 1441 3.7. BIDIR PIM Packet Formats 1443 This section describes the details of the packet formats for BIDIR-PIM 1444 control messages. BIDIR-PIM shares a number of control messages in 1445 common with PIM-SM [4] well as the format for the Encoded-Unicast 1446 address. For details on the format of these packets please refer to the 1447 PIM-SM documentation. Here we will only define the additional packets 1448 that are introduced by BIDIR-PIM. These are the packets used in the DF 1449 election process as well as the Bidir_Capable PIM-Hello option. 1451 3.7.1. DF Election Packet Formats 1453 All PIM control messages have IP protocol number 103. 1455 BIDIR-PIM messages are multicast with TTL 1 to the `ALL-PIM-ROUTERS' 1456 group `224.0.0.13'. 1458 All DF election BIDIR-PIM control messages share the common header 1459 below: 1461 0 1 2 3 1462 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1463 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1464 |PIM Ver| Type |Subtype| Rsvd | Checksum | 1465 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1466 | Encoded-Unicast-RP-Address | 1467 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1468 | Sender Metric Preference | 1469 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1470 | Sender Metric | 1471 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1473 PIM Ver 1474 PIM Version number is 2. 1476 Type All DF-Election PIM control messages share the PIM message Type of 1477 10. 1479 Subtype 1480 Subtypes for DF election messages are: 1482 1 = Offer 1483 2 = Winner 1484 3 = Backoff 1485 4 = Pass 1487 Rsvd Set to zero on transmission. Ignored upon receipt. 1489 Checksum 1490 The checksum is standard IP checksum, i.e. the 16-bit one's 1491 complement of the one's complement sum of the entire PIM message. 1492 For computing the checksum, the checksum field is zeroed. 1494 RP-Address 1495 The bidir RPA for which the election is taking place (note that the 1496 length of this field is more than 32 bits). 1498 Sender Metric Preference 1499 Preference value assigned to the unicast routing protocol that the 1500 message sender used to obtain the route to the RPA. 1502 Sender Metric 1503 The unicast routing table metric used by the message sender to 1504 reach the RPA. The metric is in units applicable to the unicast 1505 routing protocol used. 1507 In addition to the fields defined above the Backoff and Pass messages 1508 have the extra fields described below. 1510 3.7.2. Backoff Message 1512 The Backoff message uses the following fields in addition to the common 1513 election message format described above. 1515 0 1 2 3 1516 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1517 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1518 | Encoded-Unicast-Offering-Address | 1519 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1520 | Offering Metric Preference | 1521 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1522 | Offering Metric | 1523 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1524 | Interval | 1525 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1527 Offering Address 1528 The address of the router that made the last (best) Offer (note 1529 that the length of this field is more than 32 bits). 1531 Offering Metric Preference 1532 Preference value assigned to the unicast routing protocol that the 1533 offering router used to obtain the route to the RPA. 1535 Offering Metric 1536 The unicast routing table metric used by the offering router to 1537 reach the RPA. The metric is in units applicable to the unicast 1538 routing protocol used. 1540 Interval 1541 The backoff interval in milliseconds to be used by routers with 1542 worse metrics than the offering router. 1544 3.7.3. Pass Message 1546 The Pass message uses the following fields in addition to the common 1547 election fields described above. 1549 0 1 2 3 1550 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1551 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1552 | Encoded-Unicast-New-Winner-Address | 1553 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1554 | New Winner Metric Preference | 1555 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1556 | New Winner Metric | 1557 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1558 New Winner Address 1559 The address of the router that made the last (best) Offer (note 1560 that the length of this field is more than 32 bits). 1562 New Winner Metric Preference 1563 Preference value assigned to the unicast routing protocol that the 1564 offering router used to obtain the route to the RPA. 1566 New Winner Metric 1567 The unicast routing table metric used by the offering router to 1568 reach the RPA. The metric is in units applicable to the unicast 1569 routing protocol used. 1571 3.7.4. Bidir Capable PIM-Hello Option 1573 BIDIR-PIM introduces one new PIM-Hello option. 1575 o OptionType 22: Bidir Capable 1577 0 1 2 3 1578 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1579 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1580 | Type = 22 | Length = 0 | 1581 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1583 4. RP Discovery 1585 Routers discover that a range of multicast group addresses operates in 1586 bi-directional mode and the address of the Rendezvous-Point serving the 1587 group range either through static configuration or using an automatic RP 1588 discovery mechanism like the PIM Bootsrtap mechanism (BSR). [9]. 1590 By default the BSR protocol advertises RPs that operate the PIM-SM 1591 protocol. In order to identify a RP as operating in BIDIR mode, the 1592 Encoded-Group Address field in Bootstrap and Candidate-RP Advertisement 1593 messages has been extended by adding the BIDIR bit (B-bit) as specified 1594 below: 1596 0 1 2 3 1597 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1598 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1599 | Addr Family | Encoding Type |B| Reserved | Mask Len | 1600 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1601 | Group Multicast Address | 1602 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1603 B-bit 1604 When the Bidir-bit is set, all BIDIR capable PIM routers will 1605 operate the protocol described in this document for the specified 1606 group range. 1608 5. Security Considerations 1610 The IPsec [5] authentication header MAY be used to provide data 1611 integrity protection and group-wise data origin authentication of BIDIR- 1612 PIM protocol messages. Authentication of BIDIR-PIM messages can protect 1613 against unwanted behaviour caused by unauthorized or altered BIDIR-PIM 1614 messages. 1616 5.1. Attacks Based on Forged Messages 1618 As in PIM Sparse-Mode, the extent of possible damage depends on the type 1619 of counterfeit messages accepted. BIDIR-PIM only uses link-local 1620 multicast messages sent to the ALL_PIM_ROUTERS address, hence attacks 1621 can only be carried out by directly connected nodes, or with the 1622 complicity of directly connected routers. 1624 Some of the BIDIR-PIM protocol messages (Join/Prune and Hello) are 1625 identical, both in format and functionality, to the respective messages 1626 used in PIM-SM. Security considerations for these messages are to be 1627 found in [4]. Other messages (DF-election messages) are specific to 1628 BIDIR-PIM and will be discussed in the following paragraphs. 1630 By forging DF-election messages an attacker can disrupt the election of 1631 the Designated Forwarder on a link in two different ways: 1633 5.1.1. Election of an Incorrect DF 1635 An attacker can force its election as DF by participating in a regular 1636 election and advertising the best metric to reach the RPA. An attacker 1637 can also try to force the election of another router as DF by sending an 1638 Offer, Winner or Pass message and impersonating another router. In some 1639 cases (e.g. the Offer) multiple messages might be needed to carry out an 1640 attack. 1642 In the case of Offer or Winner messages the attacker will have to 1643 impersonate the node that it wants to have become the DF. In the case of 1644 the Pass it will have to impersonate the current DF. This type of attack 1645 causes the wrong DF to be recorded in all nodes apart from the one that 1646 is being impersonated. This node typically will be able to detect the 1647 anomaly and, possibly, restart a new election. 1649 A more sophisticated attacker might carry out a concurrent DoS attack on 1650 the node being impersonated, so that it will not be able to detect the 1651 forged packets and/or take countermeasures. 1653 All attacks based on impersonation can be detected by all routers and 1654 avoided if the source of DF-election messages can be authenticated. 1655 When authentication is available, spoofed messages MUST be discarded and 1656 a rate-limited warning message SHOULD be logged. 1658 A more subtle attacker could use MAC-level addresses to partition the 1659 set of recipients of DF-election messages and create an inconsistent DF 1660 view on the link. For example the attacker could use unicast MAC 1661 addresses for its forged DF-election messages. To prevent this type of 1662 attack, BIDIR-PIM routers SHOULD check the destination MAC address of 1663 received DF-election messages. This however is ineffective on links 1664 that do not support layer-2 multicast delivery. 1666 Source authentication is also sufficient to prevent this kind of attack. 1668 5.1.2. Preventing Election Convergence 1670 By forging DF election messages, an attacker can prevent the election 1671 from converging thus disrupting the establishment of multicast 1672 forwarding trees. There are many way to achieve this. The simplest is by 1673 sending an infinite sequence of Offer messages (the metric used in the 1674 messages is not important). 1676 5.2. Non-cryptographic Authentication Mechanisms 1678 A BIDIR-PIM router SHOULD provide an option to limit the set of 1679 neighbors from which it will accept Join/Prune, Assert, and DF-election 1680 messages. Either static configuration of IP addresses or an IPsec 1681 security association may be used. Furthermore, a PIM router SHOULD NOT 1682 accept protocol messages from a router from which it has not yet 1683 received a valid Hello message. 1685 5.2.1. Basic Access Control 1687 In a PIM-SM domain, when all router are trusted, it is possible to 1688 implement a basic form of access control for both sources and receivers: 1689 Receivers can be validated by the last-hop DR and sources can be 1690 validated by the first-hop DR and/or the RP. 1692 In BIDIR-PIM this is generally feasible only for receivers, as sources 1693 can send to the multicast group without the need for routers to detect 1694 their activity and create source-specific state. However it is possible 1695 to modify the standard BIDIR-PIM behaviour, in a backward compatible 1696 way, to allow per-source access control. The tradeoff would be protocol 1697 simplicity, memory and processing requirements. 1699 5.3. Authentication Using IPsec 1701 The IPsec [5] transport mode using the Authentication Header (AH) is the 1702 RECOMMENDED method to prevent the above attacks against BIDIR-PIM. 1704 It is RECOMMENDED that IPsec authentication be applied to all BIDIR-PIM 1705 protocol messages. The specification on how this is done is to be found 1706 in [4]. pecifically the authentication of PIM-SM link-local messages, 1707 described in [4] applies to all BIDIR-PIM messages as well. 1709 5.4. Denial of Service Attacks 1711 The denial of service attack based on forged Join described in [4] also 1712 apply to BIDIR-PIM. 1714 6. Change history 1716 >From 03 to 04: 1718 RP concept replaced by RP Address (RPA) and RP Link (RPL). No DF 1719 election on RPL. RP forwards upstream on RPL. Accept joins even if not 1720 DF but do not forward. Added event description for DF election state 1721 machine. Removed comparison with Dino's draft. 1723 >From 02 to 03: 1725 Consistency fixes in DF election tables to match state transition 1726 diagram pointed out by Apoorva. 1728 >From 00 to 01: 1730 The differences between this version (-01) of the BIDIR-PIM 1731 specification and draft-ietf-pim-bidir-new-00.txt are mostly in the 1732 format of the information presented. As BIDIR-PIM has many similarities 1733 in operation to Sparse-Mode PIM, the earlier version of this spec relied 1734 heavily on the now obsolete PIM-SM [8] specification. This revision 1735 removes this dependency and instead references the new Sparse-Mode 1736 documentation [4] where necessary. In addition the method in which the 1737 protocol specification is presented has been updated to follow the 1738 format of [4]. 1740 7. Acknowledgments 1742 The bidir proposal in this draft is heavily based on the ideas and text 1743 presented by Estrin and Farinacci in [7]. The main difference between 1744 the two proposals is in the method chosen for upstream forwarding. 1746 We would also like to thank John Zwiebel at procket, Deborah Estrin at 1747 ISI/USC as well as Nidhi Bhaskar, Yiqun Cai, Toerless Eckert, Apoorva 1748 Karan, Rajitha Sumanasekera and Beau Williamson at cisco for their 1749 contributions and comments to this draft. 1751 8. Authors' Addresses 1753 Mark Handley 1754 Computer Science Department 1755 University College London 1756 M.Handley@cs.ucl.ac.uk 1758 Isidor Kouvelas 1759 Cisco Systems 1760 kouvelas@cisco.com 1762 Tony Speakman 1763 Cisco Systems 1764 speakman@cisco.com 1766 Lorenzo Vicisano 1767 Cisco Systems 1768 lorenzo@cisco.com 1770 9. Normative 1772 [1] S.E. Deering, "Host extensions for IP multicasting", RFC 1112, Aug 1773 1989. 1775 [2] B. Cain, S Deering, W. Fenner, I Kouvelas, A. Thyagarajan, "Internet 1776 Group Management Protocol, Version 3", RFC 3376. 1778 [3] S. Deering, W. Fenner, B. Haberman, "Multicast Listener Discovery 1779 (MLD) for IPv6", RFC 2710. 1781 [4] B. Fenner, M. Handley, H. Holbrook, I. Kouvelas "Protocol 1782 Independent Multicast - Sparse Mode (PIM-SM): Protocol 1783 Specification (Revised)", Work In Progress, , 2000. 1786 [5] S. Kent, R. Atkinson, "Security Architecture for the Internet 1787 Protocol.", RFC 2401. 1789 10. Informative 1791 [6] T. Bates , R. Chandra , D. Katz , Y. Rekhter, "Multiprotocol 1792 Extensions for BGP-4", RFC 2283 1794 [7] D. Estrin, D. Farinacci, "Bi-directional Shared Trees in PIM-SM", 1795 Work In Progress, , May 1999. 1797 [8] D. Estrin et al, "Protocol Independent Multicast-Sparse Mode (PIM- 1798 SM): Protocol Specification", RFC 2362, Nov 1999. 1800 [9] W. Fenner, M. Handley, R. Kermode and D. Thaler, "Bootstrap Router 1801 (BSR) Mechanism for PIM Sparse Mode", draft-ietf-pim-sm-bsr-00.txt, 1802 work in progress. 1804 11. Index 1805 DownstreamJPState(G,I) . . . . . . . . . . . . . . . . . . . . . . . 12 1806 ET(G,I). . . . . . . . . . . . . . . . . . . . . . . . . . . . .11,15,33 1807 ET(RPA,I). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1808 I_am_DF(RPA,I) . . . . . . . . . . . . . . . . . . . . . . . . .12,14,17 1809 J/P_HoldTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 1810 J/P_Override_Interval. . . . . . . . . . . . . . . . . . . . . . . 17,34 1811 JoinDesired(G) . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 1812 joins(G) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1813 JT(*,G). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 1814 JT(G). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11,34 1815 local_receiver_include(G,I). . . . . . . . . . . . . . . . . . . . . 12 1816 NLT(N,I) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1817 Offer_Period . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 1818 olist(G) . . . . . . . . . . . . . . . . . . . . . . . . . . . .11,14,19 1819 OT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 1820 pim_include(G) . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1821 PPT(G,I) . . . . . . . . . . . . . . . . . . . . . . . . . . . .11,16,34 1822 RPF_interface(RPA) . . . . . . . . . . . . . . . . . . . . . . . . 12,14 1823 t_override . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19,34 1824 t_periodic . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19,34 1825 t_suppressed . . . . . . . . . . . . . . . . . . . . . . . . . . . 19,34