Network Working GroupInternet Engineering Task Force (IETF) IJ. WijnandsInternet-DraftRequest for Comments: 8364 S. VenaasIntended status:Category: Experimental Cisco Systems, Inc.Expires: August 4, 2018ISSN: 2070-1721 M. Brig Aegis BMD Program Office A. JonassonSwedish Defence Material Administration (FMV) January 31,FMV March 2018 PIM Flooding Mechanism (PFM) and Source Discoverydraft-ietf-pim-source-discovery-bsr-12(SD) AbstractPIM Sparse-ModeProtocol Independent Multicast - Sparse Mode (PIM-SM) uses a Rendezvous Point (RP) and shared trees to forward multicast packets from new sources. Oncelast hop routersLast-Hop Routers (LHRs) receive packets from a new source, they may join the Shortest Path Tree (SPT) for the source for optimal forwarding. Thisdraftdocument defines a new mechanism that provides a way to support PIM-SM without the need for PIM registers,RPsRPs, or shared trees. Multicast source information is flooded throughout the multicast domain using a new generic PIMflooding mechanism.Flooding Mechanism (PFM). This allowslast hop routersLHRs to learn about new sources without receiving initial data packets. Status of This Memo ThisInternet-Draftdocument issubmitted in full conformance with the provisions of BCP 78not an Internet Standards Track specification; it is published for examination, experimental implementation, andBCP 79. Internet-Drafts are working documentsevaluation. This document defines an Experimental Protocol for the Internet community. This document is a product of the Internet Engineering Task Force (IETF).Note that other groups may also distribute working documents as Internet-Drafts. The listIt represents the consensus ofcurrent Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draftthe IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documentsvalidapproved by the IESG are candidates fora maximumany level ofsix monthsInternet Standard; see Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may beupdated, replaced, or obsoleted by other documentsobtained atany time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on August 4, 2018.https://www.rfc-editor.org/info/rfc8364. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Conventions Used in This Document . . . . . . . . . . . . 4 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 2. Testing and Deployment Experiences . . . . . . . . . . . . . 4 3. A Generic PIM Flooding Mechanism . . . . . . . . . . . . . . 5 3.1. PFM Message Format . . . . . . . . . . . . . . . . . . .65 3.2. Administrative Boundaries . . . . . . . . . . . . . . . . 7 3.3. Originating PFM Messages . . . . . . . . . . . . . . . . 7 3.4. Processing PFM Messages . . . . . . . . . . . . . . . . . 9 3.4.1. Initial Checks . . . . . . . . . . . . . . . . . . . 9 3.4.2. Processing and Forwarding of PFM Messages . . . . . . 10 4. DistributingSource GroupSG Mappings . . . . . . . . . . . . .10. . . . . 11 4.1. Group Source Holdtime TLV . . . . . . . . . . . . . . . .1011 4.2. Originating Group Source Holdtime TLVs . . . . . . . . .1112 4.3. Processing GSH TLVs . . . . . . . . . . . . . . . . . . . 13 4.4. The First Packets and Bursty Sources . . . . . . . . . . 13 4.5. Resiliency to Network Partitioning . . . . . . . . . . . 14 5. Configurable Parameters . . . . . . . . . . . . . . . . . . .1415 6. Security Considerations . . . . . . . . . . . . . . . . . . . 15 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 8.AcknowledgmentsReferences . . . . . . . . . . . . . . . . . . . . . . . . . 169.8.1. Normative References . . . . . . . . . . . . . . . . . . 16 8.2. Informative References . . . . . . .16 9.1. Normative References. . . . . . . . . . 17 Acknowledgments . . . . . . . .16 9.2. Informative References. . . . . . . . . . . . . . . . . 17 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 1. IntroductionPIM Sparse-ModeProtocol Independent Multicast - Sparse Mode (PIM-SM) [RFC7761] uses a Rendezvous Point (RP) and shared trees to forward multicast packets toLast HopLast-Hop Routers(LHR).(LHRs). After the first packet is received byaan LHR, the source of the multicast stream is learned and the Shortest Path Tree (SPT) can be joined. Thisdraftdocument defines a new mechanism that provides a way to support PIM-SM without the need for PIM registers,RPsRPs, or shared trees. Multicast source information is flooded throughout the multicast domain using a new generic PIM flooding mechanism. By removing the need for RPs and shared trees, the PIM-SM procedures are simplified, thus improving routeroperations, managementoperations and management, and making the protocol more robust.AlsoAlso, the data packets are only sent on the SPTs, providing optimal forwarding. This mechanism has some similarities toPIMProtocol Independent Multicast - Dense Mode (PIM-DM) with its State-Refresh signaling [RFC3973], except that there is no initial flooding of data packets for new sources. It provides the traffic efficiency of PIM-SM, while being as easy to deploy asPIM- DM.PIM-DM. The downside is that it cannot provide forwarding of initial packets from a new source, see Section 4.4. PIM-DM is very different fromPIM-SM andPIM-SM; it's not as mature, it is categorized as Experimentalvsnot an Internet Standard, and there are only a fewimplementations.implementations of it. The solution in this document consists of a lightweight source discovery mechanism on top of the Source-Specific Multicast (SSM) [RFC4607] parts of PIM-SM. It isfeasablefeasible to implement only a subset of PIM-SM to provide SSMsupport, andsupport and, inadditionaddition, implement the mechanism in thisdraftdocument to offer a source discovery mechanism for applications that do not provide their own source discovery. This document defines a generic flooding mechanism for distributing information throughout a PIM domain. While the forwarding rules are largely similar to the Bootstrap Routermechanism(BSR) mechanism [RFC5059], any router can originateinformation, and itinformation; this allows for flooding of any kind of information. Each message contains one or more pieces of information encoded asTLVs (type, length and value).TLVs. This document defines one TLV used for distributing information about active multicast sources. Other documents may define additional TLVs. Note that this document isexperimental.an Experimental RFC. While the flooding mechanism is largely similar to BSR, there are some concerns about scale as there can be multiple routers distributing information, and potentially a larger amount of data that needs to be processed and stored. Distributing knowledge of active sources in this way isnew, andnew; there are some concerns, mainly regarding potentially large amounts of source states that need to be distributed. While there has been some testing in the field, we need to learn more about the forwarding efficiency, both the amount of processing per router,andpropagation delay, and the amount of state that can be distributed. In particular, how many active sources one can support without consuming too many resources. There are also parameters, see Section 5, that can be tuned regarding how frequently information isdistributed, and itdistributed. It is not clear what parameters are useful for different types of networks. 1.1. Conventions Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described inRFC 2119 [RFC2119].BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 1.2. Terminology RP: Rendezvous Point BSR: Bootstrap Router RPF: Reverse Path Forwarding SPT: Shortest Path Tree FHR:First HopFirst-Hop Router, directly connected to the source LHR:Last HopLast-Hop Router, directly connected to the receiver PFM: PIM Flooding Mechanism PFM-SD: PFM Source Discovery SG Mapping: Multicast source group (SG) mapping 2. Testing and Deployment Experiences A prototype of this specification has beenimplementedimplemented, and there has been some limited testing in the field. The prototype was tested in a network withlow bandwidthlow-bandwidth radio links. The network has frequent topology changes, including frequent link or router failures. Previously existing mechanismslikewere tested (for example, PIM-SM andPIM-DM were tested.PIM-DM). WithPIM-SMPIM-SM, the existing RP election mechanisms were found to be too slow. With PIM-DM, issues were observed with new multicast sources starvinglow bandwidthlow-bandwidth links even when therearewere noreceivers,receivers; in somecases suchcases, so much so that there was no bandwidth left for prune messages. For the PFM-SD prototype tests, all routers were configured to send PFM-SD for the directly connected source and to cache received announcements. Applications such as SIP with multicast subscriber discovery, multicast voice conferencing, positiontrackingtracking, and NTP were successfully tested. The tests went quite well. Packets were rerouted asneeded andneeded; therewerewas no unnecessary forwarding of packets. Ease of configuration was seen as a plus. 3. A Generic PIM Flooding Mechanism The Bootstrap Routermechanism(BSR) mechanism [RFC5059] is a commonly used mechanism for distributing dynamicGroup to RPGroup-to-RP mappings in PIM. It is responsible for flooding information about such mappings throughout a PIMdomain,domain so that all routers in the domain can have the same information.BSRBSR, as defined, is only able to distributeGroup to RPGroup-to-RP mappings. This document defines a more generic mechanism that can flood any kind of information. Administrative boundaries, see Section 3.2, may be configured to limit to which parts of a network the information is flooded. The forwarding rules are identical to BSR, except that one can control whether routers should forward unsupported data types. For some types ofinformationinformation, it is quite useful that it can be distributed without all routers having to support the particular type, while there may also be types where it is necessary for every single router to support it. The mechanism includes an originator addresswhichthat is used for RPF checking to restrict theflooding,flooding and prevent loops, just like BSR. Like BSR, messages are forwardedhop by hop;hop- by-hop; the messages arelink-locallink-local, and each router will process and resend the messages. Note that there is no equivalent to the BSR election mechanism; there can be multiple originators. This mechanism is named the PIM Flooding Mechanism (PFM). 3.1. PFM Message Format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |PIM Ver| Type |N| Reserved | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Originator Address (Encoded-Unicast format) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |T| Type 1 | Length 1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value 1 | | . | | . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | . | | . | |T| Type n | Length n | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value n | | . | | . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ PIM Version,ReservedReserved, and Checksum: As specified in [RFC7761]. Type: PIM Message Type. Value(pending IANA)12 for a PFM message. [N]o-Forward bit: When set, this bit means that the PFM message is not to be forwarded. This bit is defined to prevent Bootstrap message forwarding in [RFC5059]. Originator Address: The address of the router that originated the message. This can be any address assigned to the originating router, but it MUST be routable in the domain to allow successful forwarding. The format for this address is given in the Encoded- Unicast address in [RFC7761]. [T]ransitive bit: Each TLV in the message includes a bit called theTransitive"Transitive" bit that controls whether the TLV is forwarded by routers that do not support the given type. See Section 3.4.2. Type 1..n: A message contains one or more TLVs, in this case n TLVs. The Type specifies what kind of information is in the Value. ThetypeType range is from 0 to 32767 (15 bits). Length 1..n: The length of thethe valueValue field in octets. Value 1..n: The value associated with the type and of the specified length. 3.2. Administrative Boundaries PFM messages are generally forwardedhop by hophop-by-hop to all PIM routers. However, similar to BSR, one may configure administrative boundaries to limit the information to certain domains or parts of the network. Implementations MUST have a way of defining a set of interfaces on a router as administrative boundaries for all PFMmessages, or optionallymessages or, optionally, for certain TLVs, allowing for different boundaries for different TLVs.UsuallyUsually, one wants boundaries to be bidirectional, but an implementation MAY also provide unidirectional boundaries. When forwarding a message, a router MUST NOT send it out on an interface that is an outgoing boundary, including a bidirectional boundary, for all PFM messages. If an interface is an outgoing boundary for certain TLVs, the message MUST NOT be sent out on the interface if it is a boundary for all the TLVs in the message.OtherwiseOtherwise, the router MUST remove all the boundary TLVs from the message and send the message with the remaining TLVs. Also, when receiving a PFM message on an interface, the message MUST be discarded if the interface is an incoming boundary, including a bidirectional boundary, for all PFM messages. If the interface is an incoming boundary for certain TLVs, the router MUST ignore all boundary TLVs. If all the TLVs in the message are boundary TLVs, then the message is effectively ignored. Note that when forwarding an incoming message, the boundary is applied before forwarding. If the message was discarded or all the TLVs were ignored, then no message is forwarded. When a message is forwarded, it MUST NOT contain any TLVs for which the incoming interface is anincoming,incoming orbidirectional,bidirectional boundary. 3.3. Originating PFM Messages A router originates a PFM message when it needs to distribute information using a PFM message to other routers in the network. When a message is originated depends on what information is distributed. Forinstanceinstance, this document defines a TLV to distribute information about active sources. When a router has a new active source, a PFM message should be sent as soon as possible.HenceHence, a PFM message should be sent every time there is a new active source. However, the TLV also contains a holdtime and PFM messages need to be sent periodically. Generally speaking, a PFM message would typically be sent when there is a local state change, causing information to be distributed with the PFM to change. Also, some information may need to be sent periodically. These messages are calledtriggered"triggered" andperiodic"periodic" messages, respectively. Each TLV definition will need to define when a triggered PFM message needs to be originated,and alsowhether or not to send periodic messages, and howfrequent.frequently to send them. A router MUST NOT originate more than Max_PFM_Message_Rate messages per minute. This document does not mandate how this should beimplemented, butimplemented; some possible ways could be having a minimal time between each message, counting the number of messages originated and resetting the count every minute, or using a leaky bucket algorithm. One benefit of using a leaky bucket algorithm is that it can handle bursts better. The default value of Max_PFM_Message_Rate is 6. The value MUST be configurable. Depending on the network, one may want to use a larger value of Max_PFM_Message_Rate to favor propagation of new information, but with a large number of routers and many updates, the total number of messages might become too large and require too much processing. There MUST be a minimum of Min_PFM_Message_Gap milliseconds between each originated message. The default value of Min_PFM_Message_Gap is 1000 (1 second). The value MUST be configurable. Unless otherwise specified by the TLV definitions, there is no relationship between different TLVs, and an implementation can choose whether to combine TLVs in one message or across separate messages. It is RECOMMENDED to combine multiple TLVs in onemessage,message to reduce the number of messages, but it is also RECOMMENDED that the messageisbe small enough to avoid fragmentation at the IP layer. When a triggered PFM message needs to be sent due to a state change, a router MAY send a message containing only the information that changed. If there are many changesoccuringoccurring at about the same time, it might be possible to combine multiple changes in one message. In the case where periodic messages are also needed, an implementation MAY include periodic PFM information in a triggered PFM.E.g.,For example, if some information needs to be sent every 60 seconds and a triggered PFM message is about to be sent 20 seconds before the next periodic PFM message was scheduled, the triggered PFM message might include the periodic information and the next periodic PFM message can then be scheduled 60 seconds afterthat,that rather than 20 seconds later. When a router originates a PFM message, it puts one of its own addresses in the originator field. An implementation MUST allow an administrator to configure which address is used. For a message to be received by all routers in a domain, all the routers need to have a route for this address due to theRPF basedRPF-based forwarding.HenceHence, an administrator needs to be careful about which address to choose. When this is not configured, an implementation MUST NOT use alink-locallink- local address. It is RECOMMENDED to use an address of a virtual interface such that the originator can remain unchanged and routable independent of which physical interfaces or links may go down. The No-Forward bit MUST NOT be set, except for the case when a router receives a PIM Hello from a newneighbor,neighbor or a PIM Hello with a new GenerationIdentifier,Identifier (GenID), defined in [RFC7761], is received from an existing neighbor. In thatcasecase, an implementation MAY send PFM messages containing relevant information so that the neighbor can quickly get the correct state. The definition of the different PFM message TLVsneedneeds to specify what, if anything, needs to be sent in this case. If such a PFM message is sent, the No-Forward bit MUST be set, and the message must be sent within 60 seconds after the neighbor state change. The processing rules for PFM messages will ensure that any other neighbors on the same linkignoresignore the message. This behaviorand(and the choice of 60secondsseconds) is similar to what is defined for the No-Forward bit in [RFC5059]. 3.4. Processing PFM Messages A router that receives a PFM message MUST perform the initial checks specified here. If the checks fail, the message MUST be dropped. An error MAY belogged, but otherwiselogged; otherwise, the message MUST be dropped silently. If the checks pass, the contentsisare processed according to the processing rules of the included TLVs. 3.4.1. Initial Checks In order to do further processing, a message MUST meet the following requirements. The message MUST be from a directly connected PIMneighbor,neighbor and the destination address MUST be ALL-PIM-ROUTERS. Also, the interface MUST NOT be an incoming, nor a bidirectional, administrative boundary for PFM messages, see Section 3.2. If the No-Forward bit is not set, the message MUST be from the RPF neighbor of the originator address. If the No-Forward bit is set, this system, the router doing these checks, MUST have enabled the PIM protocol within the last 60 seconds. See Section 3.3 for details. Inpseudo-codepseudocode, the algorithm is as follows: if ((DirectlyConnected(PFM.src_ip_address) == FALSE) OR (PFM.src_ip_address is not a PIM neighbor) OR (PFM.dst_ip_address != ALL-PIM-ROUTERS) OR (Incoming interface is admin boundary for PFM)) { drop the message silently, optionally log error. } if (PFM.no_forward_bit == 0) { if (PFM.src_ip_address != RPF_neighbor(PFM.originator_ip_address)) { drop the message silently, optionally log error. } } else if (more than 60 seconds elapsed since PIM enabled)) { drop the message silently, optionally log error. } Note thatsrc_ip_address"src_ip_address" is the source address in the IP header of the PFM message.Originator"Originator" is the originator field inside the PFMmessage,message and is the router that originated the message. When the message is forwardedhop by hop,hop-by-hop, the originator address never changes, while the source address will be an address belonging to the router that last forwarded the message. 3.4.2. Processing and Forwarding of PFM Messages When the message is received, the initial checks above must be performed. If it passes the checks, then for each included TLV, perform processing according to the specification for that TLV. After processing, themesssagemessage is forwarded. Some TLVs may be omitted or modified in the forwarded message. This depends on administrativeboundaries, seeboundaries (see Section3.2,3.2), the typespecificationspecification, and the setting of the Transitive bit for the TLV. If a router supports the type, then the TLV is forwarded with no changes unless otherwise specified by the type specification. A router not supporting the given type MUST include the TLV in the forwarded message if and only if the Transitive bit is set. Whether or not a router supports thetype or not,type, the value of the Transitive bit MUST be preserved if the TLV is included in the forwarded message. The message is forwarded out of all interfaces with PIM neighbors (including the interface it was received on). As specified in Section 3.2, if an interface is an outgoing boundary for any TLVs, the message MUST NOT be sent out on the interface if it is an outgoing boundary for all the TLVs in the message.OtherwiseOtherwise, the router MUST remove any outgoing boundary TLVs of the interface from the message and send the message out that interface with the remaining TLVs. 4. DistributingSource GroupSG Mappings The genericflooding mechanism (PFM)PFM defined in the previous section can be used for distributingsource groupSG mappings about active multicast sources throughout a PIM domain. A Group Source Holdtime (GSH) TLV is defined for this purpose. 4.1. Group Source Holdtime TLV 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |1| Type = 1 | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Group Address (Encoded-Group format) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Src Count | Src Holdtime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Src Address 1 (Encoded-Unicast format) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Src Address 2 (Encoded-Unicast format) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | . | | . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Src Address m (Encoded-Unicast format) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1: The Transitive bit is set to 1. This means that this type will be forwarded even if a router does not support it. See Section 3.4.2. Type: This TLV has type 1. Length: The length of the value in octets. Group Address: The group that sources are to be announced for. The format for this address is given in the Encoded-Group format in [RFC7761]. Src Count: The number of source addresses that are included. Src Holdtime: TheHoldtimeholdtime (in seconds) for the included source(s). Src Address: The source address for the corresponding group. The format for these addresses is given in theEncoded-UnicastEncoded- Unicast address in [RFC7761]. 4.2. Originating Group Source Holdtime TLVs A PFM message MAY contain one or more Group Source Holdtime (GSH) TLVs. This is used to flood information about active multicast sources. Each FHR that is directly connected to an active multicast source originates PFM messages containing GSH TLVs. How a multicast router discovers the source of the multicastpacketpacket, and when it considers itself theFHRFHR, follows the same procedures as the registering process described in [RFC7761]. Whenaan FHR has decided that a register needs to be sent per [RFC7761], the SG is not registered via the PIM-SM register procedures, but the SG mapping is included inana GSH TLV in a PFM message.Note,Note that only the SG mapping is distributed in themessage,message: not the entire packet as would have been done with a PIM register. The PFM messages containing the GSH TLV are sent periodically for as long as the multicast source is active, similar to how PIM registers are sent periodically. This means that as long as the source is active, it is included in a PFM message originated every Group_Source_Holdtime_Period seconds, within the general PFM timing requirements in Section 3.3. The default value of Group_Source_Holdtime_Period is 60. The value MUST be configurable. The holdtime for the source MUST be set to either zero or Group_Source_Holdtime_Holdtime. The value of the Group_Source_Holdtime_Holdtime parameter MUST be larger than Group_Source_Holdtime_Period. It is RECOMMENDED to be 3.5 times the Group_Source_Holdtime_Period. The default value is 210 (seconds). The value MUST be configurable. A source MAY be announced with a holdtime of zero to indicate that the source is no longer active. If an implementation supports originating GSH TLVs with different holdtimes for different sources, it canif needed(if needed) send multiple TLVs with the same group address. Due to the format, all the sources in the same TLV have the same holdtime. When a new source is detected, an implementation MAY send a PFM message containing just that particular source. However, it MAY also include information about other sources that were just detected, sources that are scheduled for periodic announcement later, or other types of information. See Section 3.3 for details. Note that when a new source is detected, one should trigger the sending of a PFM message as soon aspossible, whilepossible; whereas if a source becomes inactive, there is no reason to trigger a message. There is no urgency in removing state for inactive sources. Note that the message timing requirements in Section 3.3 apply. This means that one cannot always send a triggered message immediately when a new source is detected. In order to meet the timing requirements, the sending of the message may have to be delayed for a small amount of time. When a new PIM neighbor isdetected,detected or an existing neighbor changesGeneration Identifier,GenID, an implementation MAY send a triggered PFM message containing GSH TLVs for anySource GroupSG mappings it has learned by receiving PFM GSH TLVs as well as any active directly connected sources. See Section 3.3 for further details. 4.3. Processing GSH TLVs A router that receives a PFM message containing GSH TLVs MUST parse the GSH TLVs and store each ofthe GSH TLVsthem as SG mappings witha holdtimeran Expiry Timer started with the advertised holdtime, that is, unless the implementation specifically does not support GSH TLVs, the router is configured to ignore GSH TLVs in general, or it is configured to ignore GSH TLVs for certain sources or groups. In particular, an administrator might configure a routertonot to process GSH TLVs if the router is knowntonever to have any directly connected receivers. For each group that has directly connected receivers, this router SHOULD send PIM (S,G) joins for all the SG mappings advertised in the message for the group.GenerallyGenerally, joins are sent, but there could be, forinstance beinstance, an administrative policy limiting which sources and groups to join. The SG mappings are kept alive for as long as theholdtimerExpiry Timer for the source is running. Once theholdtimer expiresExpiry Timer expires, a PIM router MAY send a PIM (S,G) prune to remove itself from the tree. However, when this happens, there should be no more packets sent by the source, so it may be desirable to allow the state to time out rather than sending a prune. Note that a holdtime of zero has a special meaning. It is to be treated as if the source just expired, and then the statetoshould be removed. Source information MUST NOT be removed due to the source being omitted in a message. For instance, if thereisare a large number of sources for a group, there may be multiple PFM messages, each message containing a different list of sources for the group. 4.4. The First Packets and Bursty Sources The PIM register procedure is designed to deliverMulticastmulticast packets to the RP in the absence ofa Shortest Path Tree (SPT)an SPT from the RP to the source. The register packets received on the RP are decapsulated and forwarded down the shared tree to the LHRs. As soon as an SPT is built, multicast packets would flow natively over the SPT to the RP or LHR and the register process would stop. The PIM register process ensures packet delivery until an SPT is in place reaching the FHR. If the packets were not unicast encapsulated to theRPRP, they would be dropped by the FHR until the SPT issetup.set up. This functionality is important for applications where the initial packet(s) must be received for the application to work correctly. Another reason would be for bursty sources. If the application sends out a multicast packet every 4 minutes (or longer), the SPT is torn down (typically after 3:30 minutes of inactivity) before the next packet is forwarded down the tree. This willcause noprevent multicastpacket topackets from everbebeing forwarded. Awell behavedwell-behaved application should be able to deal with packet loss since IP is abest effort basedbest-effort-based packet delivery system. But inrealityreality, this is not always the case. With the procedures defined in thisdocumentdocument, the packet(s) received by the FHR will be dropped until the LHR has learned about the source and the SPT is built.That means forFor bursty sources or applications sensitive for the delivery of the firstpacketpacket, that means this solution would not be very applicable. This solution is mostly useful for applications that don't have a strong dependency on the initial packet(s) and have a fairly constant data rate, like videodistributiondistribution, for example. For applications with strong dependency on the initialpacket(s)packet(s), usingPIM BidirBIDIR-PIM [RFC5015] or SSM [RFC4607] is recommended. The protocol operations are much simpler compared toPIM SM, itPIM-SM; they will cause less churn in thenetwork and bothnetwork. Both guaranteebest effortbest-effort delivery for the initial packet(s). 4.5. Resiliency to Network Partitioning In aPIM SMPIM-SM deployment where the network becomespartitioned,partitioned due to link or node failure, it is possible that the RP becomes unreachable to a certain part of the network. New sources that become active in that partition will not be able to register to the RP and receivers within that partitionarewill not be able to receive the traffic.Ideally you would want to haveIdeally, having a candidate RP in eachpartition,partition is desirable, butyou never know in advancewhich routers will form a partitionednetwork.network is something unknown in advance. In order to be fully resilient, each router in the network may end up being a candidate RP. This would increase the operational complexity of the network. The solution described in this document does not suffer from that problem. If a network becomes partitioned and new sources become active, the receivers in thatpartitionedpartition will receive the SGMappingsmappings and join the source tree. Each partition works independently of the otherpartition(s)partitions and will continue to have access to sources within that partition. Once the network has healed, the periodic flooding of SGMappingsmappings ensures that they arere-floodedreflooded into the otherpartition(s)partitions and then other receivers can jointothe newly learned sources. 5. Configurable Parameters This document contains a number of configurable parameters. These parameters are formally defined inSectionSections 3.3 andSection4.2, but they are repeated here for ease of reference. These parameters all have default values as noted below. Max_PFM_Message_Rate: The maximum number of PFM messages a router is allowed to originate perminute,minute; see Section 3.3 for details. The default value is 6. Min_PFM_Message_Gap: The minimum amount of time between each PFM message originated by a router inmilliseconds,milliseconds; see Section 3.3 for details. The default is 1000. Group_Source_Holdtime_Period: The announcement period for Group Source Holdtime TLVs inseconds,seconds; see Section 4.2 for details. The default value is 60. Group_Source_Holdtime_Holdtime: The holdtime for Group Source Holdtime TLVs inseconds,seconds; see Section 4.2 for details. The default value is 210. 6. Security ConsiderationsWhen it comes toFor general PIM message security, see [RFC7761]. PFM messages MUST only be accepted from a PIM neighbor, but as discussed in [RFC7761], any router can become a PIM neighbor by sending a Hello message. To control from where to accept PFM packets, one can limit on which interfaces PIM isenabled, and alsoenabled. Also, one can configure interfaces as administrative boundaries for PFM messages, see Section 3.2. The implications of forged PFM messages depend on which TLVs they contain. Documents defining new TLVs will need to discuss the security considerations for the specific TLVs. In general though, the PFM messages are flooded within thenetwork, andnetwork; by forging a large number of PFMmessagesmessages, one might stress all the routers in the network. If an attacker can forge PFM messages, then such messages may contain arbitrary GSH TLVs. An issue here is that an attacker might send such TLVs for a huge amount of sources, potentially causing every router in the network to store huge amounts of source state. Also, if there is receiver interest for the groups specified in the GSH TLVs, routers with directly connected receivers will buildShortest Path TreesSPTs for the announced sources, even if the sources are not actually active. Building such trees will consume additional resources on routers that the trees pass through. PIM-SM link-local messages can be authenticated using IPsec, see[RFC7761] sectionSection 6.3 of [RFC7761] and [RFC5796]. Since PFM messages are link- local messages senthop by hop,hop-by-hop, a link-local PFM message can be authenticated using IPsec such that a router can verify that a message was sent by a trusted neighbor and has not been modified. However, to verify that a received message contains correct information announced by the originator specified in the message, one will have to trust every router on the path from the originator and that each router has authenticated the received message. 7. IANA Considerations This documentrequires the assignment ofregisters a new PIM message type for the PIM Flooding Mechanism (PFM) with the name "PIM FloodingMechanism".Mechanism" in the "PIM Message Types" registry with the value of 12. IANAishas alsorequested to createcreated a registry for PFM TLVs called "PIM Flooding Mechanism Message Types". Assignments for the registry are to be made according to the policy "IETF Review" as defined in [RFC8126]. The initial content of the registryshould be:is as follows: Type Name Reference----------------------------------------------------------------------------------------------- 0 Reserved[this document][RFC8364] 1 Source Group Holdtime[this document][RFC8364] 2-32767 Unassigned9.8. References9.1.8.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC5059] Bhaskar, N., Gall, A., Lingard, J., and S. Venaas, "Bootstrap Router (BSR) Mechanism for Protocol Independent Multicast (PIM)", RFC 5059, DOI 10.17487/RFC5059, January 2008, <https://www.rfc-editor.org/info/rfc5059>. [RFC5796] Atwood, W., Islam, S., and M. Siami, "Authentication and Confidentiality in Protocol Independent Multicast Sparse Mode (PIM-SM) Link-Local Messages", RFC 5796, DOI 10.17487/RFC5796, March 2010, <https://www.rfc-editor.org/info/rfc5796>. [RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March 2016, <https://www.rfc-editor.org/info/rfc7761>. [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017, <https://www.rfc-editor.org/info/rfc8126>.9.2.[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>. 8.2. Informative References [RFC3973] Adams, A., Nicholas, J., and W. Siadak, "Protocol Independent Multicast - Dense Mode (PIM-DM): Protocol Specification (Revised)", RFC 3973, DOI 10.17487/RFC3973, January 2005, <https://www.rfc-editor.org/info/rfc3973>. [RFC4607] Holbrook, H. and B. Cain, "Source-Specific Multicast for IP", RFC 4607, DOI 10.17487/RFC4607, August 2006, <https://www.rfc-editor.org/info/rfc4607>. [RFC5015] Handley, M., Kouvelas, I., Speakman, T., and L. Vicisano, "Bidirectional Protocol Independent Multicast (BIDIR- PIM)", RFC 5015, DOI 10.17487/RFC5015, October 2007, <https://www.rfc-editor.org/info/rfc5015>.8.Acknowledgments The authors would like to thank Arjen Boers for contributing to the initial idea, and David Black, Stewart Bryant, Yiqun Cai, Papadimitriou Dimitri, Toerless Eckert, Dino Farinacci, AlvaroRetanaRetana, and Liang Xia for their very helpful comments on thedraft.document. Authors' Addresses IJsbrand Wijnands Cisco Systems, Inc. De kleetlaan 6a Diegem 1831 Belgium Email: ice@cisco.com Stig Venaas Cisco Systems, Inc. Tasman Drive San Jose CA 95134USAUnited States of America Email: stig@cisco.com Michael Brig Aegis BMD Program Office 17211 Avenue D, Suite 160 Dahlgren VA 22448-5148USAUnited States of America Email: michael.brig@mda.mil Anders Jonasson Swedish Defence Material Administration (FMV) Loennvaegen 4 Vaexjoe 35243 Sweden Email: anders@jomac.se