idnits 2.17.00 (12 Aug 2021) /tmp/idnits57565/draft-ietf-msdp-spec-06.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document is more than 15 pages and seems to lack a Table of Contents. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 27 longer pages, the longest (page 2) being 60 lines == It seems as if not all pages are separated by form feeds - found 0 form feeds but 28 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 9 instances of too long lines in the document, the longest one being 7 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: RPs which originate SA messages do it periodically as long as there is data being sent by the source. There is one SA-Advertisement-Timer covering the sources that an RP may advertise. [SA-Advertisement-Period] MUST be 60 seconds. An RP MUST not send more than one periodic SA message for a given (S,G) within an SA Advertisement interval. Originating periodic SA messages is important so that new receivers who join after a source has been active can get data quickly via the receiver's own RP when it is not caching SA state. Finally, an originating RP SHOULD trigger the transmission of an SA message as soon as it receives data from an internal source for the first time. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'SA-Advertisement-Period' is mentioned on line 179, but not defined == Missing Reference: 'SA-State-Period' is mentioned on line 199, but not defined == Missing Reference: 'SA-Hold-Down-Period' is mentioned on line 208, but not defined == Missing Reference: 'KeepAlive-Period' is mentioned on line 219, but not defined == Missing Reference: 'ConnectRetry-Period' is mentioned on line 230, but not defined == Missing Reference: 'Hold-Time-Period' is mentioned on line 243, but not defined == Missing Reference: 'MSDP-GRE-ProtocolType' is mentioned on line 932, but not defined -- Possible downref: Non-RFC (?) normative reference: ref. 'ETYPES' ** Obsolete normative reference: RFC 1700 (Obsoleted by RFC 3232) ** Obsolete normative reference: RFC 1771 (Obsoleted by RFC 4271) ** Obsolete normative reference: RFC 1825 (Obsoleted by RFC 2401) ** Downref: Normative reference to an Historic RFC: RFC 1828 ** Obsolete normative reference: RFC 2283 (Obsoleted by RFC 2858) ** Obsolete normative reference: RFC 2362 (Obsoleted by RFC 4601, RFC 5059) Summary: 15 errors (**), 0 flaws (~~), 13 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Dino Farinacci 2 INTERNET DRAFT Procket Networks 3 Yakov Rekhter 4 David Meyer 5 Cisco Systems 6 Peter Lothberg 7 Sprint 8 Hank Kilmer 9 Jeremy Hall 10 UUnet 11 Category Standards Track 12 July, 2000 14 Multicast Source Discovery Protocol (MSDP) 15 17 1. Status of this Memo 19 This document is an Internet-Draft and is in full conformance with 20 all provisions of Section 10 of RFC 2026. 22 Internet Drafts are working documents of the Internet Engineering 23 Task Force (IETF), its areas, and its working groups. Note that other 24 groups may also distribute working documents as Internet-Drafts. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 The list of current Internet-Drafts can be accessed at 32 http://www.ietf.org/ietf/1id-abstracts.txt. 34 The list of Internet-Draft Shadow Directories can be accessed at 35 http://www.ietf.org/shadow.html. 37 2. Abstract 39 The Multicast Source Discovery Protocol, MSDP, describes a mechanism 40 to connect multiple PIM-SM domains together. Each PIM-SM domain uses 41 its own independent RP(s) and does not have to depend on RPs in other 42 domains. 44 3. Copyright Notice 46 Copyright (C) The Internet Society (2000). All Rights Reserved. 48 4. Introduction 50 The Multicast Source Discovery Protocol, MSDP, describes a mechanism 51 to connect multiple PIM-SM domains together. Each PIM-SM domain uses 52 its own independent RP(s) and does not have to depend on RPs in other 53 domains. Advantages of this approach include: 55 o No Third-party resource dependencies on RP 57 PIM-SM domains can rely on their own RPs only. 59 o Receiver only Domains 61 Domains with only receivers get data without globally 62 advertising group membership. 64 o Global Source State 66 Global source state is not required, since a router need not 67 cache Source Active (SA) messages (see below). MSDP is a 68 periodic protocol. 70 The keywords MUST, MUST NOT, MAY, OPTIONAL, REQUIRED, RECOMMENDED, 71 SHALL, SHALL NOT, SHOULD, SHOULD NOT are to be interpreted as defined 72 in RFC 2119 [RFC2119]. 74 5. Overview 76 MSDP-speaking routers in a PIM-SM [RFC2362] domain will have a MSDP 77 peering relationship with MSDP peers in another domain. The peering 78 relationship will be made up of a TCP connection in which control 79 information is exchanged. Each domain will have one or more 80 connections to this virtual topology. 82 The purpose of this topology is to allow domains discover multicast 83 sources from other domains. If the multicast sources are of interest 84 to a domain which has receivers, the normal source-tree building 85 mechanism in PIM-SM will be used to deliver multicast data over an 86 inter-domain distribution tree. 88 We envision this virtual topology will essentially be congruent to 89 the existing BGP topology used in the unicast-based Internet today. 90 That is, the TCP connections between MSDP peers are likely to be 91 congruent to the connections in the BGP routing system. 93 6. Procedure 95 A source in a PIM-SM domain originates traffic to a multicast group. 96 The PIM DR which is directly connected to the source sends the data 97 encapsulated in a PIM Register message to the RP in the domain. 99 The RP will construct a "Source-Active" (SA) message and send it to 100 its MSDP peers. The SA message contains the following fields: 102 o Source address of the data source. 103 o Group address the data source sends to. 104 o IP address of the RP. 106 Each MSDP peer receives and forwards the message away from the RP 107 address in a "peer-RPF flooding" fashion. The notion of peer-RPF 108 flooding is with respect to forwarding SA messages. The BGP routing 109 table is examined to determine which peer is the NEXT_HOP towards the 110 originating RP of the SA message. Such a peer is called an "RPF 111 peer". See section 14 below for the details of peer-RPF forwarding. 113 If the MSDP peer receives the SA from a non-RPF peer towards the 114 originating RP, it will drop the message. Otherwise, it forwards the 115 message to all its MSDP peers (except the one from which it received 116 the SA message). 118 The flooding can be further constrained to children of the peer by 119 interrogating BGP reachability information. That is, if a BGP peer 120 advertises a route (back to you) and you are the next to last AS in 121 the AS_PATH, the peer is using you as the NEXT_HOP. This is known in 122 other circles as Split-Horizon with Poison Reverse. An implementation 123 SHOULD NOT forward SA messages (which were originated from the RP 124 address covered by a route) to peers which have not Poison Reversed 125 that route. 127 When an MSDP peer which is also an RP for its own domain receives a 128 new SA message, it determines if it has any group members interested 129 in the group which the SA message describes. That is, the RP checks 130 for a (*,G) entry with a non-empty outgoing interface list; this 131 implies that the domain is interested in the group. In this case, the 132 RP triggers a (S,G) join event towards the data source as if a 133 Join/Prune message was received addressed to the RP itself. This sets 134 up a branch of the source-tree to this domain. Subsequent data 135 packets arrive at the RP which are forwarded down the shared-tree 136 inside the domain. If leaf routers choose to join the source-tree 137 they have the option to do so according to existing PIM-SM 138 conventions. Finally, if an RP in a domain receives a PIM Join 139 message for a new group G, and it is caching SAs, then the RP should 140 trigger a (S,G) join event for each SA for that group in its cache. 142 This procedure has been affectionately named flood-and-join because 143 if any RP is not interested in the group, they can ignore the SA 144 message. Otherwise, they join a distribution tree. 146 7. Controlling State 148 While RPs which receive SA messages are not required to keep MSDP 149 (S,G) state, an RP SHOULD cache SA messages by default. One of the 150 main advantages of caching is that since the RP has MSDP (S,G) state, 151 join latency is greatly reduced for new receivers of G. In addition, 152 caching greatly aids in diagnosis and debugging of various problems. 154 8. Timers 156 The main timers for MSDP are: SA-Advertisement-Timer, SA-Hold-Down- 157 Timer, SA Cache Entry timer, KeepAlive timer, and ConnectRetry and 158 Peer Hold Timer. Each is considered below. 160 8.1. SA-Advertisement-Timer 162 RPs which originate SA messages do it periodically as long as there 163 is data being sent by the source. There is one SA-Advertisement-Timer 164 covering the sources that an RP may advertise. [SA-Advertisement- 165 Period] MUST be 60 seconds. An RP MUST not send more than one 166 periodic SA message for a given (S,G) within an SA Advertisement 167 interval. Originating periodic SA messages is important so that new 168 receivers who join after a source has been active can get data 169 quickly via the receiver's own RP when it is not caching SA state. 170 Finally, an originating RP SHOULD trigger the transmission of an SA 171 message as soon as it receives data from an internal source for the 172 first time. 174 8.2. SA-Advertisement-Timer Processing 176 An RP MUST spread the generation of periodic SA messages over its 177 reporting interval (i.e. SA-Advertisement-Period). An RP starts the 178 SA-Advertisement-Timer when the MSDP process is configured. When the 179 timer expires, an RP resets the timer to [SA-Advertisement-Period] 180 seconds, and begins the advertisement of its active sources. Active 181 sources are advertised in the following manner: An RP packs its 182 active sources into an SA message until the largest MSDP packet that 183 can be sent is built or there are no more sources, and then sends the 184 message. This process is repeated periodically within the SA- 185 Advertisement-Period in such a way that all of the RP's sources are 186 advertised. Note that the largest MSDP packet that can be sent has 187 size that is the minimum of MTU of outgoing link minus size of TCP 188 and IP headers, and 1400 (largest MSDP packet). Finally, the timer is 189 deleted when the MSDP process is deconfigured. Note that a caching 190 implementation may also wish to check the SA-Cache on this timer 191 event. 193 8.3. SA Cache Timeout (SA-State-Timer) 195 Each entry in an SA Cache has an associated SA-State-Timer. A 196 (S,G)-SA-State-Timer is started when an (S,G)-SA message is initially 197 received by a caching MSDP peer. The timer is reset to [SA-State- 198 Period] if another (S,G)-SA message is received before the (S,G)-SA- 199 State-Timer expires. [SA-State-Period] MUST NOT be less than 90 200 seconds. 202 8.4. SA-Hold-Down-Timer 204 The per-(S,G) timer is set to [SA-Hold-Down-Period] when forwarding 205 an SA message, and a SA message MUST only be forwarded when it's 206 associated timer is not running. [SA-Hold-Down-Period] SHOULD be set 207 to 30 seconds. A caching MSDP peer MUST NOT forward a (S,G)-SA 208 message it has received in during the previous [SA-Hold-Down-Period] 209 seconds. Finally, the timer is deleted when the SA cache entry is 210 deleted. 212 8.5. KeepAlive Timer 214 The KeepAlive timer contols when to send MSDP KeepAlive messages. In 215 particular, the KeepAlive timer is used to reset the TCP connection 216 when the passive-connect side of the connection goes down. The 217 KeepAlive timer is set to [KeepAlive-Period] when the passive-connect 218 peer comes up. [KeepAlive-Period] SHOULD NOT be less that 75 seconds. 219 The timer is reset to [KeepAlive-Period] upon receipt of an MSDP 220 message from peer, and deleted when the timer expires or the 221 passive-connect peer closes the connection. 223 8.6. ConnectRetry Timer 225 The ConnectRetry timer is used by an MSDP peer to transition from 226 INACTIVE to CONNECTING states. There is one timer per peer, and the 227 [ConnectRetry-Period] SHOULD be set to 30 seconds. The timer is 228 initialized to [ConnectRetry-Period] when an MSDP peer's active 229 connect attempt fails. When the timer expires, the peer retries the 230 connection and the timer is reset to [ConnectRetry-Period]. It is 231 deleted if either the connection transitions into ESTABLISHED state 232 or the peer is deconfigured. 234 8.7. Peer Hold Timer 236 If a system does not receive successive KeepAlive messages (or any SA 237 message) within the period specified by the Hold Timer, then a 238 Notification message with Hold Timer Expired Error Code MUST be sent 239 and the MSDP connection MUST be closed. [Hold-Time-Period] MUST be at 240 least three seconds. A suggested value for [Hold-Time-Period] is 90 241 seconds. 243 The Hold Timer is initialized to [Hold-Time-Period] when the peer's 244 transport connection is established, and is reset to [Hold-Time- 245 Period] when any MSDP message is received. 247 9. Intermediate MSDP Peers 249 Intermediate RPs do not originate periodic SA messages on behalf of 250 sources in other domains. In general, an RP MUST only originate an SA 251 for a source which would register to it. 253 10. SA Filtering and Policy 255 As the number of (S,G) pairs increases in the Internet, an RP may 256 want to filter which sources it describes in SA messages. Also, 257 filtering may be used as a matter of policy which at the same time 258 can reduce state. Only the RP co-located in the same domain as the 259 source can restrict SA messages. Note, however, that MSDP peers in 260 transit domains should not filter SA messages or the flood-and-join 261 model can not guarantee that sources will be known throughout the 262 Internet (i.e., SA filtering by transit domains can cause undesired 263 lack of connectivity). In general, policy should be expressed using 264 MBGP [RFC2283]. This will cause MSDP messages to flow in the desired 265 direction and peer-RPF fail otherwise. An exception occurs at an 266 administrative scope [RFC2365] boundary. In particular, a SA message 267 for a (S,G) MUST NOT be sent to peers which are on the other side of 268 an administrative scope boundary for G. 270 11. SA Requests 272 If an MSDP peer decides to cache SA state, it MAY accept SA-Requests 273 from other MSDP peers. When an MSDP peer receives an SA-Request for a 274 group range, it will respond to the peer with a set of SA entries, in 275 an SA-Response message, for all active sources sending to the group 276 range requested in the SA-Request message. The peer that sends the 277 request will not flood the responding SA-Response message to other 278 peers. See section 17 for discussion of error handling relating to SA 279 requests and responses. 281 12. Encapsulated Data Packets 283 For bursty sources, the RP may encapsulate multicast data from the 284 source. An interested RP may decapsulate the packet, which SHOULD be 285 forwarded as if a PIM register encapsulated packet was received. That 286 is, if packets are already arriving over the interface toward the 287 source, then the packet is dropped. Otherwise, if the outgoing 288 interface list is non-null, the packet is forwarded appropriately. 289 Note that when doing data encapsulation, an implementation MUST bound 290 the time during which packets are encapsulated. 292 This allows for small bursts to be received before the multicast tree 293 is built back toward the source's domain. For example, an 294 implementation SHOULD encapsulate at least the first packet to 295 provide service to bursty sources. 297 13. Other Scenarios 299 MSDP is not limited to deployment across different routing domains. 300 It can be used within a routing domain when it is desired to deploy 301 multiple RPs for the same group ranges. As long as all RPs have a 302 interconnected MSDP topology, each can learn about active sources as 303 well as RPs in other domains. 305 14. MSDP Peer-RPF Forwarding 307 The MSDP Peer-RPF Forwarding rules are used for forwarding SA 308 messages throughout an MSDP enabled internet. Unlike the RPF check 309 used when forwarding data packets, the Peer-RPF check is against the 310 RP address carried in the SA message. 312 14.1. Peer-RPF Forwarding Rules 314 An SA message originated by an MSDP originator R and received by a 315 MSDP router from MSDP peer N is accepted if N is the appropriate RPF 316 neighbor for originator R (the RP in the SA message), and discarded 317 otherwise. 319 The RPF neighbor is chosen using the first of the following rules 320 that matches: 322 (i). R is the RPF neighbor if we have an MSDP peering with R, 323 and R is the next hop towards the prefix covering the RP 324 in the SA message. 326 (ii). The external MBGP neighbor towards which we are 327 poison-reversing the MBGP route towards R is the RPF neighbor 328 if we have an MSDP peering with it. 330 (iii). If we have any MSDP peerings with neighbors in the first 331 AS along the AS_PATH (the AS from which we learned this 332 route), but no external MBGP peerings with them, 333 the neighbor with the highest IP address is the RPF neighbor. 335 (iv). The internal MBGP advertiser of the router towards R is 336 the RPF neighbor if we have an MSDP peering with it. 338 (v). If none of the above match, and we have an MSDP 339 default-peer configured, the MSDP default-peer is 340 the RPF neighbor. 342 14.2. MSDP default-peer semantics 344 An MSDP default-peer is much like a default route. It is intended to 345 be used in those cases where a stub network isn't running BGP. An 346 MSDP peer configured with a default-peer accepts all SA messages from 347 the default-peer. Note that a router running BGP SHOULD NOT allow 348 configuration of default peers, since this allows the possibility for 349 SA looping or black-holes to occur. 351 14.3. MSDP mesh-group semantics 353 A MSDP mesh-group is a operational mechanism for reducing SA 354 flooding, typically in an intra-domain setting. In particular, when 355 some subset of a domain's MSDP speakers are fully meshed, then can be 356 configured into a mesh-group. The semantics of the mesh-group are as 357 follows: 359 (i). If a member R of a mesh-group M receives a SA message from an 360 MSDP peer that is also a member of mesh-group M, R accepts the 361 SA message and forwards it to all of it's peers that are not 362 part of any mesh-group. R MUST NOT forward the SA message to 363 other members of mesh-group M. 365 (ii). If a member R of a mesh-group M receives a SA message from an 366 MSDP peer that is not a member of mesh-group M, and the SA 367 message passes the peer-RPF check, then R forwards the SA 368 message to all members of mesh-group M. 370 Note that since mesh-groups suspend peer-RPF checking of SAs received 371 from a mesh-group member ((i). above), they allow for mis- 372 configuration to cause SA looping. 374 15. MSDP Connection Establishment 376 MSDP messages will be encapsulated in a TCP connection. An MSDP peer 377 listens for new TCP connections on port 639. One side of the MSDP 378 peering relationship will listen on the well-known port and the other 379 side will do an active connect to the well-known port. The side with 380 the higher peer IP address will do the listen. This connection 381 establishment algorithm avoids call collision. Therefore, there is no 382 need for a call collision procedure. It should be noted, however, 383 that the disadvantage of this approach is that it may result in 384 longer startup times at the passive end. 386 An MSDP peer starts in the INACTIVE state. MSDP peers establish 387 peering sessions according to the following state machine: 389 De-configured or 390 disabled 391 +-------------------------------------------+ 392 | | 393 | | 394 Enable | 395 +-----|--------->+----------+ Connect Retry Timer | 396 | | +->| INACTIVE |----------------+ | 397 | | | +----------+ | | 398 Deconf'ed | | | /|\ /|\ | | Lower Address 399 or | | | | | | | 400 disabled | | | | | \|/ | 401 | | | | | | +-------------+ 402 | | | | | +---------------| CONNECTING | 403 | | | | | Timeout or +-------------+ 404 | | | | | Local Address Change | 405 \|/ \|/ | | | | 406 +----------+ | | | | 407 | DISABLED | | | +---------------------+ | TCP Established 408 +----------+ | | | | 409 /|\ /|\ | | Connection Timeout, | | 410 | | | | Local Address change, | | 411 | | | | Authorization Failure | | 412 | | | | | | 413 | | | | | \|/ 414 | | | | +-------------+ 415 | | Local | | | ESTABLISHED | 416 | | Address | | Higher Address +-------------+ 417 | | Change | \|/ /|\ | 418 | | | +--------+ | | 419 | | +--| LISTEN |--------------------+ | 420 | | +--------+ TCP Accept | 421 | | | | 422 | | | | 423 | +---------------+ | 424 | De-configured or | 425 | disabled | 426 | | 427 +------------------------------------------------------+ 428 De-configured or 429 disabled 431 16. Packet Formats 433 MSDP messages will be encoded in TLV format. If an implementation 434 receives a TLV that has length that is longer than expected, the TLV 435 SHOULD be accepted. Any additional data SHOULD be ignored. 437 16.1. MSDP TLV format: 439 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 440 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 441 | Type | Length | Value .... | 442 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 444 Type (8 bits) 445 Describes the format of the Value field. 447 Length (16 bits) 448 Length of Type, Length, and Value fields in octets. 449 minimum length required is 4 octets, except for 450 Keepalive messages. 452 Value (variable length) 453 Format is based on the Type value. See below. The length of 454 the value field is Length field minus 3. All reserved fields 455 in the Value field MUST be transmitted as zeros and ignored on 456 receipt. 458 16.2. Defined TLVs 460 The following TLV Types are defined: 462 Code Type 463 =========================================================== 464 1 IPv4 Source-Active 465 2 IPv4 Source-Active Request 466 3 IPv4 Source-Active Response 467 4 KeepAlive 468 5 Notification 470 Each TLV is described below. 472 16.2.1. IPv4 Source-Active TLV 474 The maximum size SA message that can be sent is 1400 octets. If an 475 MSDP peer needs to originate a message with information greater than 476 1400 octets, it sends successive 1400 octet or smaller messages. The 477 1400 octet size does not include the TCP, IP, layer-2 headers. 479 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 480 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 481 | 1 | x + y | Entry Count | 482 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 483 | RP Address | 484 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 485 | Reserved | Sprefix Len | \ 486 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ 487 | Group Address | ) z 488 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / 489 | Source Address | / 490 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 492 Type 493 IPv4 Source-Active TLV is type 1. 495 Length x 496 Is the length of the control information in the message. x is 497 8 octets (for the first two 32-bit quantities) plus 12 times 498 Entry Count octets. 500 Length y 501 If 0, then there is no data encapsulated. Otherwise an IPv4 502 packet follows and y is the length of the total length field 503 of the IPv4 header encapsulated. If there are multiple SA TLVs 504 in a message, and data is also included, y must be 0 in all SA 505 TLVs except the last one and the last SA TLV must reflect the 506 source and destination addresses in the IP header of the 507 encapsulated data. 509 Entry Count 510 Is the count of z entries (note above) which follow the RP 511 address field. This is so multiple (S,G)s from the same domain 512 can be encoded efficiently for the same RP address. 514 RP Address 515 The address of the RP in the domain the source has become 516 active in. 518 Reserved 519 The Reserved field MUST be transmitted as zeros and ignored 520 by a receiver. 522 Sprefix Len 523 The route prefix length associated with source address. 524 This field MUST be transmitted as 32 (/32). An Invalid 525 Sprefix Len Notification SHOULD be sent upon receipt 526 of any other value. 528 Group Address 529 The group address the active source has sent data to. 531 Source Address 532 The IP address of the active source. 534 Multiple SA TLVs MAY appear in the same message and can be batched 535 for efficiency at the expense of data latency. This would typically 536 occur on intermediate forwarding of SA messages. 538 16.2.2. IPv4 Source-Active Request TLV 540 The Source-Active Request is used to request SA-state from a caching 541 MSDP peer. If an RP in a domain receives a PIM Join message for a 542 group, creates (*,G) state and wants to know all active sources for 543 group G, and it has been configured to peer with an SA-state caching 544 peer, it may send an SA-Request message for the group. 546 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 547 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 548 | 2 | 8 | Reserved | 549 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 550 | Group Address Prefix | 551 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 553 Type 554 IPv4 Source-Active Request TLV is type 2. 556 Reserved 557 Must be transmitted as zero and ignored on receipt. 559 Group Address 560 The group address the MSDP peer is requesting. 562 16.2.3. IPv4 Source-Active Response TLV 564 The Source-Active Response is sent in response to a Source-Active 565 Request message. The Source-Active Response message has the same 566 format as a Source-Active message but does not allow encapsulation of 567 multicast data. 569 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 570 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 571 | 3 | x | .... | 572 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 574 Type 575 IPv4 Source-Active Response TLV is type 3. 577 Length x 578 Is the length of the control information in the message. x is 8 579 octets (for the first two 32-bit quantities) plus 12 times Entry 580 Count octets. 582 16.2.4. KeepAlive TLV 584 A KeepAlive TLV is sent to an MSDP peer if and only if there were no 585 MSDP messages sent to the peer after a period of time. This message 586 is necessary for the active connect side of the MSDP connection. The 587 passive connect side of the connection knows that the connection will 588 be reestablished when a TCP SYN packet is sent from the active 589 connect side. However, the active connect side will not know when the 590 passive connect side goes down. Therefore, the KeepAlive timeout will 591 be used to reset the TCP connection. 593 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 594 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 595 | 4 | 3 | 596 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 598 The length of the message is 3 octets which encompasses the one octet 599 Type field and the two octet Length field. 601 16.2.5. Notification TLV 603 A Notification message is sent when an error condition is detected, 604 and has the following form: 606 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 607 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 608 | 5 | x + 5 |O| Error Code | 609 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 610 | Error subcode | ... | 611 +-+-+-+-+-+-+-+-+ | 612 | Data | 613 | ... | 614 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 616 Type 617 The Notification TLV is type 5. 619 Length 620 Length is a two octet field with value x + 5, where x is 621 the length of the notification data field. 623 O-bit 624 Open-bit. If clear, the connection will be closed. 626 Error code 627 This 7-bit unsigned integer indicates the type of Notification. 628 The following Error Codes have been defined: 630 Error Code Symbolic Name Reference 632 1 Message Header Error Section 17.1 633 2 SA-Request Error Section 17.2 634 3 SA-Message/SA-Response Error Section 17.3 635 4 Hold Timer Expired Section 17.4 636 5 Finite State Machine Error Section 17.5 637 6 Notification Section 17.6 638 7 Cease Section 17.7 640 Error subcode: 641 This one-octet unsigned integer provides more specific information 642 about the reported error. Each Error Code may have one or more Error 643 Subcodes associated with it. If no appropriate Error Subcode is 644 defined, then a zero (Unspecific) value is used for the Error Subcode 645 field, and the O-bit must be cleared (i.e. the connection will be 646 closed). The used notation in the error description below is: MC = 647 Must Close connection = O-bit clear; CC = Can Close connection = 648 O-bit might be cleared. 650 Message Header Error subcodes: 652 0 - Unspecific (MC) 653 2 - Bad Message Length (MC) 654 3 - Bad Message Type (CC) 656 SA-Request Error subcodes: 658 0 - Unspecific (MC) 659 1 - Does not cache SA (MC) 660 2 - Invalid Group (MC) 662 SA-Message/SA-Response Error subcodes 664 0 - Unspecific (MC) 665 1 - Invalid Entry Count (CC) 666 2 - Invalid RP Address (MC) 667 3 - Invalid Group Address (MC) 668 4 - Invalid Source Address (MC) 669 5 - Invalid Sprefix Length (MC) 670 6 - Looping SA (Self is RP) (MC) 671 7 - Unknown Encapsulation (MC) 672 8 - Administrative Scope Boundary Violated (MC) 674 Hold Timer Expired subcodes (the O-bit is always clear): 676 0 - Unspecific (MC) 678 Finite State Machine Error subcodes: 680 0 - Unspecific (MC) 681 1 - Unexpected Message Type FSM Error (MC) 683 Notification subcodes (the O-bit is always clear): 685 0 - Unspecific (MC) 687 Cease subcodes (the O-bit is always clear): 689 0 - Unspecific (MC) 691 17. MSDP Error Handling 693 This section describes actions to be taken when errors are detected 694 while processing MSDP messages. MSDP Error Handling is similar to 695 that of BGP [RFC1771]. 697 When any of the conditions described here are detected, a 698 Notification message with the indicated Error Code, Error Subcode, 699 and Data fields is sent. In addition, the MSDP connection might be 700 closed. If no Error Subcode is specified, then a zero (Unspecific) 701 must be used. 703 The phrase "the MSDP connection is closed" means that the transport 704 protocol connection has been closed and that all resources for that 705 MSDP connection have been deallocated. 707 17.1. Message Header Error Handling 709 All errors detected while processing the Message Header are indicated 710 by sending the Notification message with Error Code Message Header 711 Error. The Error Subcode describes the specific nature of the error. 712 The Data field contains the erroneous Message (including the message 713 header). 715 If the Length field of the message header is less than 4 or greater 716 than 1400, or the length of a KeepAlive message is not equal to 3, 717 then the Error Subcode is set to Bad Message Length. 719 If the Type field of the message header is not recognized, then the 720 Error Subcode is set to Bad Message Type. 722 17.2. SA-Request Error Handling 724 The SA-Request Error code is used to signal the receipt of a SA 725 request at a non-caching MSDP peer, or at a caching MSDP peer when an 726 invalid group address requested. 728 When a non-caching MSDP peer receives an SA-Request, it returns the 729 following notification: 731 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 732 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 733 | 5 | 16 |O| 2 | 734 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 735 | 1 | Reserved | Gprefix Len | 736 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 737 | Gprefix | 738 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 739 | Group Address | 740 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 742 If a caching MSDP peer receives a request for an invalid group, it 743 returns the following notification: 745 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 746 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 747 | 5 | 16 |O| 2 | 748 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 749 | 2 | Reserved | Gprefix Len | 750 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 751 | Gprefix | 752 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 753 | Invalid Group Address | 754 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 756 17.3. SA-Message/SA-Response Error Handling 758 The SA-Message/SA-Response Error code is used to signal the receipt 759 of a erroneous SA Message at an MSDP peer, or the receipt of an SA- 760 Response Message by a peer that did not issue a SA-Request. It has 761 the following form: 763 17.3.1. Invalid Entry Count (IEC) 765 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 766 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 767 | 5 | 6 |O| 3 | 768 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 769 | 1 | IEC | 770 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 772 17.3.2. Invalid RP Address 774 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 775 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 776 | 5 | 12 |O| 3 | 777 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 778 | 2 | Reserved | 779 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 780 | Invalid RP Address | 781 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 783 17.3.3. Invalid Group Address 785 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 786 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 787 | 5 | 12 |O| 3 | 788 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 789 | 3 | Reserved | 790 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 791 | Invalid Group Address | 792 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 794 17.3.4. Invalid Source Address 796 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 797 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 798 | 5 | 12 |O| 3 | 799 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 800 | 4 | Reserved | 801 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 802 | Invalid Source Address | 803 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 805 17.3.5. Invalid Sprefix Length (ISL) 807 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 808 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 809 | 5 | 6 |O| 3 | 810 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 811 | 5 | ISL | 812 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 814 17.3.6. Looping SAs (Self is RP in received SA) 816 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 817 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 818 | 5 | x + 5 |O| 3 | 819 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 820 | 6 | Looping SA Message .... 821 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 823 Length x 824 x is the length of the looping SA message contained in the data 825 field of the Notification message. 827 17.3.7. Unknown Encapsulation 829 This notification is sent on receipt of SA data that is encapsulated 830 in an unknown encapsulation type. See section 18 for known 831 encapsulations. 833 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 834 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 835 | 5 | x + 5 |O| 3 | 836 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 837 | 7 | SA Message .... 838 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 840 Length x 841 x is the length of the SA message (which contained data which 842 was encapsulated in some unknown way) that is contained in the 843 data field of the Notification message. 845 17.3.8. Administrative Scope Boundary Violated 847 This notification is used when an SA message is received for a group 848 G from a peer which is across an administrative scope boundary for G. 850 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 851 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 852 | 5 | 16 |O| 3 | 853 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 854 | 8 | Reserved | Gprefix Len | 855 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 856 | Gprefix | 857 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 858 | Group Address | 859 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 861 17.4. Hold Time Expired 863 If a system does not receive successive KeepAlive or any SA Message 864 and/or Notification messages within the period specified in the Hold 865 Timer, the notification message with Hold Timer Expired Error Code 866 and no additional data MUST be sent and the MSDP connection closed. 868 17.5. Finite State Machine Error Handling 870 Any error detected by the MSDP Finite State Machine (e.g., receipt of 871 an unexpected event) is indicated by sending the Notification message 872 with Error Code Finite State Machine Error. 874 17.6. Notification Message Error Handling 876 If a node sends a Notification message, and there is an error in that 877 message, and the O-bit of that message is not clear, a Notification 878 with O-bit clear, Error Code of Notification Error, and subcode 879 Unspecific must be sent. In addition, the Data field must include 880 the Notification message that triggered the error. However, if the 881 erroneous Notification message had the O-bit clear, then any error, 882 such as an unrecognized Error Code or Error Subcode, should be 883 noticed, logged locally, and brought to the attention of the 884 administrator of the remote node. 886 17.7. Cease 888 In absence of any fatal errors (that are indicated in this section), 889 an MSDP node may choose at any given time to close its MSDP 890 connection by sending the Notification message with Error Code Cease. 891 However, the Cease Notification message MUST NOT be used when a fatal 892 error indicated by this section does exist. 894 18. SA Data Encapsulation 896 This section describes UDP, GRE, and TCP encapsulation of SA data. 897 Encapsulation type is a configuration option. 899 18.1. UDP Data Encapsulation 901 Data packets MAY be encapsulated in UDP. In this case, the UDP 902 pseudo-header has the following form: 904 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 905 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 906 | Source Port | Destination Port | 907 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 908 | Length | Checksum | 909 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 910 | Origin RP Address | 911 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 913 The Source port, Destination Port, Length, and Checksum are used 914 according to RFC 768. Source and Destination ports are known via an 915 implementation-specific method (e.g. per-peer configuration). 917 Checksum 918 The checksum is computed according to RFC 768 [RFC768]. 920 Originating RP Address 921 The Originating RP Address is the address of the RP sending 922 the encapsulated data. 924 18.2. GRE Encapsulation 926 MSDP SA-data MAY be encapsulated in GRE using protocol type [MSDP- 927 GRE-ProtocolType]. The GRE header and payload packet have the 928 following form: 930 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 931 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 932 |C| Reserved0 | Ver | [MSDP-GRE-ProtocolType] |\ 933 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ GRE Header 934 | Checksum (optional) | Reserved1 |/ 935 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 936 | Originating RP IPv4 Address |\ 937 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Payload 938 | (S,G) Data Packet .... / 939 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 941 MSDP-GRE-ProtocolType is set to 0x876C, pending IANA approval 942 [ETYPES,RFC1700]. 944 18.2.1. Encapsulation and Path MTU Discovery [RFC1191] 946 Existing implementations of GRE, when using IPv4 as the Delivery 947 Header, do not implement Path MTU discovery and do not set the Don't 948 Fragment bit in the Delivery Header. This can cause large packets to 949 become fragmented within the tunnel and reassembled at the tunnel 950 exit (independent of whether the payload packet is using PMTU). If a 951 tunnel entry point were to use Path MTU discovery, however, that 952 tunnel entry point would also need to relay ICMP unreachable error 953 messages (in particular the "fragmentation needed and DF set" code) 954 back to the originator of the packet, which is not required by the 955 GRE specification [RFC2784]. Failure to properly relay Path MTU 956 information to an originator can result in the following behavior: 957 the originator sets the don't fragment bit, the packet gets dropped 958 within the tunnel, but since the originator doesn't receive proper 959 feedback, it retransmits with the same PMTU, causing subsequently 960 transmitted packets to be dropped. 962 18.3. TCP Data Encapsulation 964 As discussed earlier, encapsulation of data in SA messages MAY be 965 supported for backwards compatibility with legacy MSDP peers. 967 19. Security Considerations 969 An MSDP implementation MAY use IPsec [RFC1825] or keyed MD5 [RFC1828] 970 to secure control messages. When encapsulating SA data in GRE, 971 security should be relatively similar to security in a normal IPv4 972 network, as routing using GRE follows the same routing that IPv4 uses 973 natively. Route filtering will remain unchanged. However packet 974 filtering at a firewall requires either that a firewall look inside 975 the GRE packet or that the filtering is done on the GRE tunnel 976 endpoints. In those environments in which this is considered to be a 977 security issue it may be desirable to terminate the tunnel at the 978 firewall. 980 20. Acknowledgments 982 The authors would like to thank Bill Nickless, John Meylor, Liming 983 Wei, Manoj Leelanivas, Mark Turner, John Zwiebel, Cristina 984 Radulescu-Banu and IJsbrand Wijnands for their design feedback and 985 comments. In addition to many other contributions, Tom Pusateri 986 helped to clarify the connection state machine, Dave Thaler helped to 987 clarify the Notification message types, and Bill Fenner helped to 988 clarify the Peer-RPF rules. 990 21. Author's Address: 992 Dino Farinacci 993 Procket Networks 994 3850 No. First St., Ste. C 995 San Jose, CA 95134 996 Email: dino@procket.com 998 Yakov Rehkter 999 Cisco Systems, Inc. 1000 170 Tasman Drive 1001 San Jose, CA, 95134 1002 Email: yakov@cisco.com 1004 Peter Lothberg 1005 Sprint 1006 VARESA0104 1007 12502 Sunrise Valley Drive 1008 Reston VA, 20196 1009 Email: roll@sprint.net 1011 Hank Kilmer 1012 Email: hank@rem.com 1014 Jeremy Hall 1015 UUnet Technologies 1016 3060 Williams Drive 1017 Fairfax, VA 22031 1018 Email: jhall@uu.net 1020 David Meyer 1021 Cisco Systems, Inc. 1022 170 Tasman Drive 1023 San Jose, CA, 95134 1024 Email: dmm@cisco.com 1026 22. REFERENCES 1028 [ETYPES] ftp://ftp.isi.edu/in-notes/iana/assignments/ethernet-numbers 1030 [RFC1700] J. Reynolds and J. Postel, "Assigned Numbers", RFC 1700, 1031 October, 1994. 1033 [RFC2784] Farinacci, D., et al., "Generic Routing Encapsulation 1034 (GRE)", RFC 2784, March 2000. 1036 [RFC768] Postel, J. "User Datagram Protocol", RFC 768, August, 1037 1980. 1039 [RFC1191] Mogul, J., and S. Deering, "Path MTU Discovery", 1040 RFC 1191, November 1990. 1042 [RFC1771] Rekhter, Y., and T. Li, "A Border Gateway Protocol 4 1043 (BGP-4)", RFC 1771, March 1995. 1045 [RFC1825] Atkinson, R., "Security Architecture for the Internet 1046 Protocol", RFC 1825, August, 1995. 1048 [RFC1828] P. Metzger and W. Simpson, "IP Authentication using 1049 Keyed MD5", RFC 1828, August, 1995. 1051 [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate 1052 Requirement Levels", RFC 2119, March, 1997. 1054 [RFC2283] Bates, T., Chandra, R., Katz, D., and Y. Rekhter., 1055 "Multiprotocol Extensions for BGP-4", RFC 2283, 1056 February 1998. 1058 [RFC2362] Estrin D., et al., "Protocol Independent Multicast - 1059 Sparse Mode (PIM-SM): Protocol Specification", RFC 1060 2362, June 1998. 1062 [RFC2365] Meyer, D. "Administratively Scoped IP Multicast", RFC 1063 2365, July, 1998.