idnits 2.17.1 draft-ietf-pim-null-register-packing-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (11 September 2021) is 929 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 210 == Missing Reference: 'N' is mentioned on line 216, but not defined == Unused Reference: 'RFC4610' is defined on line 375, but no explicit reference was found in the text == Unused Reference: 'RFC3446' is defined on line 385, but no explicit reference was found in the text ** Obsolete normative reference: RFC 8736 (Obsoleted by RFC 9436) ** Downref: Normative reference to an Informational RFC: RFC 3446 Summary: 2 errors (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group V. Kamath 3 Internet-Draft VMware 4 Intended status: Standards Track R. Chokkanathapuram Sundaram 5 Expires: 15 March 2022 Cisco Systems, Inc. 6 R. Banthia 7 Apstra 8 A. Gopal 9 Cisco Systems, Inc. 10 11 September 2021 12 PIM Null-Register packing 13 draft-ietf-pim-null-register-packing-10 15 Abstract 17 In PIM-SM networks PIM Null-Register messages are sent by the 18 Designated Router (DR) to the Rendezvous Point (RP) to signal the 19 presence of Multicast sources in the network. There are periodic PIM 20 Null-Registers sent from the DR to the RP to keep the state alive at 21 the RP as long as the source is active. The PIM Null-Register 22 message carries information about a single Multicast source and 23 group. 25 This document defines a standard to send multiple multicast source 26 and group information in a single PIM Null-Register message, in a 27 packed format. We will refer to this packed format as the PIM Packed 28 Null-Register format throughout the document. This document also 29 discusses the interoperability between the PIM routers which do not 30 understand the packed message format with multiple multicast source 31 and group details. 33 Status of This Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at https://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on 15 March 2022. 50 Copyright Notice 52 Copyright (c) 2021 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 57 license-info) in effect on the date of publication of this document. 58 Please review these documents carefully, as they describe your rights 59 and restrictions with respect to this document. Code Components 60 extracted from this document must include Simplified BSD License text 61 as described in Section 4.e of the Trust Legal Provisions and are 62 provided without warranty as described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 67 1.1. Conventions used in this document . . . . . . . . . . . . 3 68 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 69 2. Packed Null-Register Capability . . . . . . . . . . . . . . . 3 70 3. PIM Packed Null-Register message . . . . . . . . . . . . . . 4 71 4. PIM Packed Register-Stop message format . . . . . . . . . . . 5 72 5. Protocol operation . . . . . . . . . . . . . . . . . . . . . 6 73 6. Operational Considerations . . . . . . . . . . . . . . . . . 7 74 7. PIM Anycast RP considerations . . . . . . . . . . . . . . . . 7 75 8. PIM RP router version downgrade . . . . . . . . . . . . . . . 7 76 9. Fragmentation consideration . . . . . . . . . . . . . . . . . 7 77 10. Security Considerations . . . . . . . . . . . . . . . . . . . 8 78 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 79 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 80 13. Normative References . . . . . . . . . . . . . . . . . . . . 8 81 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 83 1. Introduction 85 PIM Null-Registers are sent by the DR periodically for Multicast 86 streams to keep the states active on the RP, as long as the multicast 87 source is alive. As the number of multicast sources increases, the 88 number of PIM Null-Register messages that are sent also increases. 89 This results in more PIM packet processing at the RP and the DR. 91 The control plane policing (COPP), monitors the packets that are 92 processed by the control plane. The high rate at which Null- 93 Registers are received at the RP can lead to COPP drops of Multicast 94 PIM Null-Register messages. This draft proposes a method to 95 efficiently pack multiple PIM Null-Registers [[RFC7761] 96 (Section 4.4)] and Register-Stops [[RFC7761] (Section 3.2)] into a 97 single message as these packets anyway do not contain encapsulated 98 data. 100 The draft also discusses interoperability with PIM routers that do 101 not understand the new packet format. 103 1.1. Conventions used in this document 105 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 106 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 107 "OPTIONAL" in this document are to be interpreted as described in BCP 108 14 [RFC2119] when, and only when, they appear in all capitals, as 109 shown here. 111 1.2. Terminology 113 RP: Rendezvous Point 115 DR: Designated Router 117 2. Packed Null-Register Capability 119 A router (DR) can decide to pack multiple Null-Register messages 120 based on the capability received from the RP as part of the PIM 121 Register-Stop. This ensures compatibility with routers that do not 122 support processing of the new format. The capability information can 123 be indicated by the RP via the PIM Register-Stop message sent to the 124 DR. Thus a DR will switch to the new format only when it learns that 125 the RP is capable of handling the PIM Packed Null-Register messages. 127 Conversely, a DR that does not support the packed format can continue 128 generating the PIM Null-Register as defined in [[RFC7761] 129 (Section 4.4)]. To exchange the capability information in the 130 Register-Stop message, the "Reserved" field can be used to indicate 131 this capability in those Register-Stop messages. One bit of the 132 Reserved field is used to indicate the "packing" capability (P bit). 133 The rest of the bits in the "Reserved" field will be retained for 134 future use. 136 0 1 2 3 137 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 138 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 139 |PIM Ver| Type |P| Reserved | Checksum | 140 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 141 | Group Address (Encoded-Group format) | 142 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 143 | Source Address (Encoded-Unicast format) | 144 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 145 Figure 1: PIM Register-Stop message with capability option 147 PIM Version, Type, Checksum, Group Address, Source Address: 149 Same as [RFC7761] (Section 4.9.4) 151 P: 153 Capability bit (flag bit 7) used to indicate support for the 154 Packed Null-Register Capability 156 3. PIM Packed Null-Register message 158 PIM Packed Null-Register message format includes a count to indicate 159 the number of Null-Register records in the message. 161 0 1 2 3 162 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 163 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 164 |PIM Ver| Type |Subtype| FB | Checksum | 165 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 166 | Count | Reserved | 167 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 168 | Group Address[1] (Encoded-Group format) | 169 | Source Address[1] (Encoded-Unicast format) | 170 . . 171 . . 172 . . 173 . . 174 . Group Address[N] . 175 | Source Address[N] | 176 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 177 Figure 2: PIM Packed Null-Register message format 179 PIM Version, Reserved, Checksum: 181 Same as [RFC7761] (Section 4.9.3) 183 Type, SubType: 185 The new packed Null-Register Type and SubType values TBD. 186 [RFC8736] 188 Count: 190 The number of packed Null-Register records. A record consists of 191 a Group Address and Source Address pair. 193 Group Address, Source Address: 195 Same as [RFC7761] (Section 4.9.4) 197 4. PIM Packed Register-Stop message format 199 The PIM Packed Register-Stop message includes a count to indicate the 200 number of records that are present in the message. 202 0 1 2 3 203 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 204 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 205 |PIM Ver| Type |Subtype| FB | Checksum | 206 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 207 | Count | Reserved | 208 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 209 | Group Address[1] (Encoded-Group format) | 210 | Source Address[1] (Encoded-Unicast format) | 211 . . 212 . . 213 . . 214 . . 215 . Group Address[N] . 216 | Source Address[N] | 217 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 219 Figure 3: PIM Packed Register-Stop message format 221 PIM Version, Reserved, Checksum: 223 Same as [RFC7761] (Section 4.9.4) 225 Type: 227 The new Register Stop Type and SubType values TBD 229 Count: 231 The number of PIM packed Register-Stop records. A record consists 232 of a Group Address and Source Address pair. 234 Group Address, Source Address: 236 Same as [RFC7761] (Section 4.9.4) 238 5. Protocol operation 240 The following combinations exist - 242 1. DR and RP both support the PIM Packed Null-Register and PIM 243 Packed Register-Stop formats: 245 * As specified in [[RFC7761]], the DR sends PIM Register 246 messages towards the RP when a new source is detected. 248 * An RP supporting this specification MUST set the P-bit in the 249 corresponding Register-Stop messages. 251 * When a Register-Stop message with the P-bit set is received, 252 the DR MAY send PIM Packed Null-Register messages (Section 3) 253 to the RP instead of multiple Register messages with the N-bit 254 set ([[RFC7761]]). 256 * The RP, after receiving a PIM Packed Null-Register message MAY 257 start sending PIM Packed Register-Stop messages (Section 4) to 258 the corresponding DR instead of individual Register-Stop 259 messages. 261 2. DR supports but RP does not support the PIM Packed Null-Register 262 and PIM Packed Register-Stop formats: 264 * As specified in [[RFC7761]], DR sends PIM Null-Registers 265 towards the RP. 267 * RP sends a normal Register-Stop without any capability 268 information. 270 * DR then sends PIM Null-Registers in the unpacked format. 271 [[RFC7761]] 273 3. RP supports but DR does not support the PIM Packed Null-Register 274 and PIM Packed Register-Stop formats: 276 * As specified in [[RFC7761]], DR sends the PIM Null-Register 277 towards the RP. 279 * RP sends a PIM Packed Register-Stop towards the DR that 280 includes capability information. 282 * Since DR does not support the new format, it sends PIM Null- 283 Registers in the unpacked format. [[RFC7761]] 285 6. Operational Considerations 287 In case the network manager disables the packed capability at the RP, 288 the router should not advertise the capability. However, an 289 implementation MAY choose to still parse any packed registers if they 290 are received. This may be particularly useful in the transitional 291 period after the network manager disables it. 293 7. PIM Anycast RP considerations 295 The PIM Packed Null-Register format should be enabled only if it is 296 supported by all PIM Anycast RP [[RFC4610]] members in the RP set for 297 the RP address. This consideration applies to PIM Anycast RP with 298 MSDP [[RFC3446]] as well. 300 8. PIM RP router version downgrade 302 Consider a PIM RP router that supports PIM Packed Null-Registers and 303 PIM Packed Register-Stops. When this router downgrades to a software 304 version which does not support PIM Packed Null-Registers and PIM 305 Packed Register-Stops, the DR that sends the PIM Packed Null-Register 306 message will not get a PIM Register-Stop message back from the RP. 307 In such scenarios the DR can send an unpacked PIM Null-Register and 308 check the PIM Register-Stop to see if the capability bit (P-bit) for 309 PIM Packed Null-Register is set or not. If it is not set then the DR 310 will continue sending unpacked PIM Null-Register messages. 312 9. Fragmentation consideration 314 When building a PIM Packed Null-Register message or PIM Packed 315 Register-Stop message, a router should include as many records as 316 possible based on the path MTU towards RP, if path MTU discovery is 317 done. Otherwise, the number of records should be limited by the MTU 318 of the outgoing interface. 320 10. Security Considerations 322 General Register messages security considerations from RFC7761 apply. 323 As mentioned in RFC7761, PIM Null-Register messages and Register-Stop 324 messages are forwarded by intermediate routers to their destination 325 using normal IP forwarding. Without data origin authentication, an 326 attacker who is located anywhere in the network may be able to forge 327 a Null-Register or Register-Stop message. We next consider the 328 effect of a forgery of each of these messages. By forging a Register 329 message, an attacker can cause the RP to inject forged traffic onto 330 the shared multicast tree. 332 By forging a Register-Stop message, an attacker can prevent a 333 legitimate DR from registering packets to the RP. This can prevent 334 local hosts on that LAN from sending multicast packets. The above 335 two PIM messages are not changed by intermediate routers and need 336 only be examined by the intended receiver. Thus, these messages can 337 be authenticated end-to-end. Attacks on Register and Register-Stop 338 messages do not apply to a PIM-SSM-only implementation, as these 339 messages are not used in PIM-SSM. 341 There is another case where a spoofed Register-Stop can be sent to 342 make it appear that is from the RP, and that the RP supports this new 343 packed capability when it does not. This can cause Null-Registers to 344 be sent to an RP that doesnt support this packed format. But 345 standard methods to prevent spoofing should take care of this case. 346 For example, uRPF can be used to filter out packets coming from the 347 outside from addresses that belong to routers inside. 349 11. IANA Considerations 351 This document requires the assignment of Capability bit (P-bit), 352 flag bit 7 in the PIM Register-Stop message. 354 This document requires the assignment of 2 new PIM message types 355 for the PIM Packed Null-Register and PIM Packed Register-Stop. 357 12. Acknowledgments 359 The authors would like to thank Stig Venaas, Anish Peter, Zheng Zhang 360 and Umesh Dudani for their helpful comments on the draft. 362 13. Normative References 364 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 365 Requirement Levels", BCP 14, RFC 2119, 366 DOI 10.17487/RFC2119, March 1997, 367 . 369 [RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., 370 Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent 371 Multicast - Sparse Mode (PIM-SM): Protocol Specification 372 (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March 373 2016, . 375 [RFC4610] Farinacci, D. and Y. Cai, "Anycast-RP Using Protocol 376 Independent Multicast (PIM)", RFC 4610, 377 DOI 10.17487/RFC4610, August 2006, 378 . 380 [RFC8736] Venaas, S. and A. Retana, "PIM Message Type Space 381 Extension and Reserved Bits", RFC 8736, 382 DOI 10.17487/RFC8736, February 2020, 383 . 385 [RFC3446] Kim, D., Meyer, D., Kilmer, H., and D. Farinacci, "Anycast 386 Rendevous Point (RP) mechanism using Protocol Independent 387 Multicast (PIM) and Multicast Source Discovery Protocol 388 (MSDP)", RFC 3446, DOI 10.17487/RFC3446, January 2003, 389 . 391 Authors' Addresses 393 Vikas Ramesh Kamath 394 VMware 395 3401 Hillview Ave 396 Palo Alto, CA 94304 397 United States of America 399 Email: vkamath@vmware.com 401 Ramakrishnan Chokkanathapuram Sundaram 402 Cisco Systems, Inc. 403 Tasman Drive 404 San Jose, CA 95134 405 United States of America 407 Email: ramaksun@cisco.com 409 Raunak Banthia 410 Apstra 411 333 Middlefield Rd STE 200 412 Menlo Park, CA 94025 413 United States of America 414 Email: rbanthia@apstra.com 416 Ananya Gopal 417 Cisco Systems, Inc. 418 Tasman Drive 419 San Jose, CA 95134 420 United States of America 422 Email: ananygop@cisco.com