Internet Draft B. Nickless Document: draft-nickless-ipv4-mcast-bcp-01.txt Argonne National Laboratory Expires: October 2001 April 2001 IPv4 Multicast Best Current Practice Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This document describes best current practices for IPv4 multicast deployment, both within and between PIM Domains and Autonomous Systems. Nickless Informational - Expires October 2001 1 IPv4 Multicast Best Current Practice April 2001 Table of Contents Status of this Memo................................................1 Abstract...........................................................1 Conventions used in this document..................................2 Introduction and Terminology.......................................2 Any Source Multicast...............................................3 Source Specific Multicast..........................................3 Multiprotocol BGP..................................................4 PIM Sparse Mode....................................................5 Internet Group Management Protocol.................................5 Multicast Source Discovery Protocol................................6 Model IPv4 Multicast-Capable BGPv4 Configuration...................6 Model IPv4 Multicast Inter-domain PIM Sparse Mode Configuration....7 Model PIM Sparse Mode Rendezvous Point Location....................7 Model MSDP Configuration Between Autonomous Systems................8 Acknowledgements...................................................9 Security Considerations............................................9 References.........................................................9 Author's Address..................................................11 Overview Current best practice for IPv4 multicast service provision uses four different protocols: Internet Group Management Protcol, Protocol Independent Multicast (Sparse Mode), Border Gateway Protocol with multiprotocol extensions, and the Multicast Source Discovery Protocol. This document outlines how these protocols work together to provide end-to-end IPv4 multicast service. In addition, this document describes best current practices for configuring these protocols, individually and in combination. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [RFC2119]. Introduction and Terminology IPv4 multicast [MCAST] is an internetwork service that allows IPv4 datagrams sent from a source to be delivered to more than one interested receiver. That is, a given source sends a packet the network with a destination address 224/4 CIDR [CIDR] range. The network transports this packet to all receivers (replicated where necessary) that have registered their interest in receiving these packets. Nickless Informational - Expires October 2001 2 IPv4 Multicast Best Current Practice April 2001 The letter S is used to represent the IPv4 address of a given source. The letter G is used to represent a given IPv4 group address (within the 224/4 CIDR range). A packet, or series of packets, sent by a sender with a given address S to a given group G is represented as (S,G). A set of packets sent to group G by multiple senders is represented as (*,G). Any Source Multicast Any Source Multicast (ASM) is the traditional IPv4 multicast [MCAST] model. IPv4 multicast sources send IPv4 datagrams to the network, with the destination address of each IPv4 datagram set to a specific ôgroupö address in the Class D address space (224/4). IPv4 multicast receivers register their interest in packets addressed to a group address, and the internetwork delivers packets from all sources in the internetwork to the interested receivers. It is the responsibility of the internetwork to keep track of all the sources transmitting to a particular group, so that when a receiver wishes traffic sent to that group the network can forward traffic from all group sources. IPv4 multicast receivers register their interest in packets sent to group addresses through the Internet Group Management Protocol Version 2 (IGMPv2) [IGMPV2]. IGMPv2 does not have any facility for receivers to specify which sources the receiver wants to receive from. That is, IGMPv2 only allows (*,G) registrations. Source Specific Multicast Source Specific Multicast (SSM) [SSM] is another IPv4 multicast model. IPv4 multicast sources send IPv4 datagrams to the network, with the destination address of each IPv4 datagram set to a specific ôgroupö address in the Class D address space (224/4). IPv4 multicast receivers register their interest in packets from a specific source that have been addressed to a group address, and the internetwork delivers packets from that source to the interested receivers. It is the responsibility of each receiver to specify which sources, sending to which groups, the receiver wishes to receive datagrams from. IPv4 multicast receivers register their interest in packets sent by specific sources to group addresses through the Internet Group Management Protocol Version 3 (IGMPv3) [IGMPV3]. That is, IGMPv3 supports (S,G) registrations. Nickless Informational - Expires October 2001 3 IPv4 Multicast Best Current Practice April 2001 Multiprotocol BGP The topology of inter-domain IPv4 multicast forwarding is determined by BGPv4 [BGPV4] policy, as is IPv4 unicast forwarding. BGP provides reachability information. Reachability information for IPv4 Unicast and IPv4 Multicast prefixes can be advertised separately. (See [MBGP] for details and the definition of Network Layer Reachability Information (NLRI) and Subsequent Address Family Information (SAFI).) The practical definition of reachability is different for IPv4 unicast (NLRI=unicast, SAFI=1) and IPv4 multicast (NLRI=Multicast, SAFI=2). In current practice for BGP unicast advertisements (NLRI=Unicast, SAFI=1), reachability is interpreted to mean that IPv4 datagrams will be forwarded towards their destination host if sent to the NEXT_HOP address in the advertisement. In the case of BGP multicast advertisements (NLRI=Multicast, SAFI=2), reachability is interpreted to mean two things: First, IPv4 datagrams can be requested from sources within the advertised prefix range. Such requests are made to the advertised NEXT_HOP by means of the PIM Sparse Mode [PIM-SM] protocol, or (rarely) any other mutually agreed upon protocol that supports (S,G) requests. Second, the MSDP [MSDP] speaker with the NEXT_HOP address will provide MSDP Source Active messages from PIM Rendevous Points within the advertised prefix range. These two interpretations of BGP NLRI=Multicast flow from the original use of BGP to control Distance Vector Multicast Routing Protocol [DVMRP]. DVMRP is a ôdenseö routing protocol, which means traffic is flooded outwards from the sources to all possible receivers. In this situation, an IPv4 multicast router has to decide which incoming interface may accept IPv4 datagrams from a given source (to avoid forwarding loops). When the switch was made to use a ôsparseö forwarding model (requiring specific (S,G) requests for traffic to flow) both interpretations of BGP NLRI=Multicast became necessary for interoperability with the DVMRP- based model. Note that while MSDP is not strictly necessary for Autonomous Systems that only support Source Specific Multicast [SSM], MSDP depends on the latter interpretation of BGP NLRI=Multicast to avoid MSDP SA forwarding loops. There is a real danger of causing MSDP SA forwarding ôblack holesö unless MSDP peerings are set up at the same time as BGP NLRI=Multicast peerings. MBGP also supports combined multicast and unicast advertisements (SAFI=3). Current practice is to interpret these advertisements to include all three meanings listed above: unicast forwarding, availability of traffic from multicast sources, and MSDP Source Active availability. Nickless Informational - Expires October 2001 4 IPv4 Multicast Best Current Practice April 2001 PIM Sparse Mode The PIM Sparse Mode protocol [PIM-SM] is widely used to create forwarding state from IPv4 multicast sources to interested receivers. The term ôPIM Sparse Mode domainö generally refers to the hosts and routers that share a PIM Sparse Mode Rendezvous Point. In current practice, there is generally one PIM Sparse Mode domain per Autonomous System. Some Autonomous Systems choose to have multiple PIM Sparse Mode domains for scalability reasons. Within a PIM Sparse Mode domain, the standard PIM Sparse Mode mechanisms are used to build shared forwarding trees and source specific trees from IPv4 multicast sources to interested receivers. IPv4 multicast sources are registered with the PIM Rendezvous Point (RP). Interested IPv4 multicast receivers make their group interest known through the Internet Group Management Protocol, and the associated PIM Designated Router (DR) sends PIM Join messages towards the RP to build the appropriate forwarding trees. In the ASM model, PIM Sparse Mode Rendezvous Points have to co- operate in order to discover active sources and set up forwarding trees. MSDP is used to spread the knowledge of active sources within a multicast group. Source-specific (S,G) joins are used to set up forwarding from sources towards the interested receivers. No inter-PIM-domain shared forwarding tree is created. In the SSM model, there is no need for PIM Sparse Mode Rendezvous Points because each receiver explicitly identifies the sources from which it desires traffic. Thus, the local PIM Designated Router that receives an IGMPv3 request for traffic can initiate the PIM- Sparse Mode source-specific (S,G) requests directly towards the source. Internet Group Management Protocol The Internet Group Management Protocol was designed to be used by hosts to notify the network that the hosts want to receive traffic on an IPv4 multicast group. The IGMP design originally assumed a shared media network like Ethernet. When layer 2 switches became available, many vendors built in IGMP ôsnoopingö so as to avoid flooding IP multicast traffic to all ports in a Virtual Local Area Network (VLAN). The best current practice for IPv4 multicast deployment in a switched Local Area Network context is to use IGMP snooping to avoid unnecessary IPv4 multicast flooding. Nickless Informational - Expires October 2001 5 IPv4 Multicast Best Current Practice April 2001 IGMPv2 [IGMPV2] supports the ASM model. IGMPv3 [IGMPV3] supports the ASM model as well as the SSM model. Some wide area network access servers support IGMP and IPv4 Multicast over PPP connections. Host implementations also support the IGMP over PPP connections, even those that use dial-up modems. Such support contributes to the availability and utility of IPv4 multicast service, but only when configured by network operators. Multicast Source Discovery Protocol Current best practice is for Autonomous Systems to ask each other for traffic from specific sources transmitting to specific groups. It follows that inter-AS IP multicast forwarding trees are all source-specific. Thus, when a receiver registers an interest in datagrams addressed to a multicast group G (generally through an IGMPv2 (*,G) join) it is necessary for the associated PIM Sparse Mode Rendezvous Point (or other intra-AS protocol element, such as a Core Based Trees [CBT] Core Router) to arrange (S,G) joins towards each sender. Each inter-AS (S,G) join creates a branch of the forwarding tree towards the sender. The Multicast Source Discovery Protocol [MSDP] is used to communicate the availability of sources between Autonomous Systems. MSDP-speaking PIM Sparse Mode Rendezvous Points (or other designated MSDP speakers with knowledge of all sources within an Autonomous System) flood knowledge of active sources to each other. Model IPv4 Multicast-Capable BGPv4 Configuration IPv4 multicast reachability is communicated between Autonomous Systems by BGPv4 prefix announcements. That is, prefixes are advertised with NLRI=Multicast (SAFI in {2,3}). As outlined above, the semantics of a BGPv4 advertisement of an IPv4 NLRI=Multicast prefix are currently interpreted to mean two things: First, such an advertisement means that the router with the NEXT_HOP address of that advertisement will supply packets from any transmitting source S whose address matches the prefix advertised. In order to fulfill this expectation, any two BGPv4 speakers that communicate NLRI=Multicast advertisements must be able to ask each other for (S,G) traffic. That is, they must have some protocol (most often PIM Sparse Mode) configured between them. Second, such an advertisement means that the router with the NEXT_HOP address of that advertisement will supply MSDP Source Active messages from any (e.g.) PIM Sparse Mode Rendezvous Point whose address matches the prefix advertised. To avoid MSDP ôblack holesö, Autonomous Systems with BGPv4 speakers that exchange NLRI=Multicast advertisements must also have appropriate MSDP peerings configured. Nickless Informational - Expires October 2001 6 IPv4 Multicast Best Current Practice April 2001 Model IPv4 Multicast Inter-domain PIM Sparse Mode Configuration As outlined above, current practice is that each IPv4 BGPv4 NLRI=Multicast capable peering is capable of making (S,G) requests for traffic. Autonomous Systems predominantly use PIM Sparse Mode for this purpose. Whether PIM Sparse Mode is used or not, these peerings/adjacencies are configured in the following ways: The minimum TTL Threshold for traffic crossing an Autonomous System peering is generally set to be 32. This value follows earlier practice [FAQ] that sets inter-institution TTL barriers at 16-32. It also provides a reasonable number of values both above and below the (maximum 255) barrier. The PIM Sparse Mode Adjacency (or other inter-domain (S,G) request mechanism) should not make requests for traffic across the peering for sources in these groups: 224.0.1.39/32: CiscoÆs Rendezvous Point Announcement Protocol 224.0.1.40/32: CiscoÆs Rendezvous Point Discovery Protocol 239.0.0.0/8: Administratively Scoped IPv4 Group Addresses The first two groups are used to determine where PIM Sparse Mode Rendezvous Points can be found within an Autonomous System. The latter group range is defined by RFC 2365 [RFC2365]. RFC 2365 has been generally interpreted to equate ôorganizationsö (see section 6.2) with Autonomous Systems. Some Autonomous Systems choose to interpret this differently. Model PIM Sparse Mode Rendezvous Point Location In order to participate in current-practice inter-Autonomous System IPv4 multicast routing, a PIM Sparse Mode Rendezvous Point (or other such MSDP-speaker) should have access to the full BGP NLRI=Multicast reachability table so as to arrange for (S,G) joins to the appropriate external peer networks. This need arises when a (*,G) request comes in from a host. Access to the BGPv4 NLRI=Multicast reachability table is also important so that the (e.g.) PIM Sparse Mode Rendezvous Point will perform MSDP Reverse-Path-Forwarding (RPF) checks correctly. PIM Sparse Mode Rendezvous Points are often located at the border router of an Autonomous System where the BGPv4 NLRI=Multicast reachability table is already maintained. If necessary, an MSDP Mesh Group can be created if there are multiple BGPv4 NLRI=Multicast speakers within an Autonomous System. (See Section 14.3 of [MSDP].) The IPv4 address of each PIM Sparse Mode Rendezvous Point (or other such MSDP-speaker) must be chosen so that it is within an advertised BGPv4 NLRI=Multicast prefix. The MSDP RPF checks operate on the so- called ôRP-Addressö within the MSDP Source Active message, not the advertised source S. In the most widely deployed case, the RP- Nickless Informational - Expires October 2001 7 IPv4 Multicast Best Current Practice April 2001 Address is set by the MSDP-speaker to be the PIM Sparse Mode Rendezvous Point address. Model MSDP Configuration Between Autonomous Systems MSDP peerings are configured between Autonomous Systems. These peerings are statically defined. Thus, in practice, such MSDP- speaking (e.g.) PIM Sparse Mode Rendezvous Point(s) must be ôtied downö to known addresses and routers for the inter-AS peerings to operate correctly. The so-called ôRP-addressö in MSDP Source Active messages must be addressed within prefixes announced by BGPv4 NLRI=Multicast advertisements. (Otherwise the RP-Address Reverse Path Forwarding checks done by peer MSDP-speaking Autonomous Systems will fail, and the MSDP Source Active messages will be discarded.) The most common RP-address in MSDP Source Active messages is the PIM Rendezvous Point IPv4 address. In practice, MSDP speakers are configured to not advertise sources to external peers from the following groups. MSDP speakers are also configured to not accept source advertisements from external peers within the following groups: 224.0.1.2/32: SGI ôDogfightö game 224.0.1.3/32: RWHOD 224.0.1.22/32: SVRLOC 224.0.1.24/32: MICROSOFT-DS 224.0.1.35/32: SVRLOC-DA 224.0.1.39/32: CiscoÆs Rendezvous Point Announcement Protocol 224.0.1.40/32: CiscoÆs Rendezvous Point Discovery Protocol 224.0.1.60/32: HPÆs Device Discovery Protocol 224.0.2.2/32: SunÆs Remote Procedure Call Protocol 229.55.150.208/32: Norton ôGhostö disk duplication software 232.0.0.0/8: Source-Specific Multicast 239.0.0.0/8: Administratively Scoped IPv4 Group Addresses (with possible specific exceptions) MSDP speakers are configured to not accept or advertise sources to or from external peers with Private Internet addresses [RFC1918]. MSDP-speakers are configured, wherever possible, to only advertise sources within prefixes that they are advertising as BGPv4 NLRI=Multicast (SAFI in {2,3}) announcements. That is, a non- transit Autonomous System would only advertise sources within the prefixes it advertises to its peers. Based on recent events, MSDP peerings are configured with reasonable rate limits to dampen explosions of MSDP SA advertisements. These explosions can occur when malicious software generates packets addressed to many IPv4 multicast groups in a very short period of time. What ôappropriateö means for these rate limits will vary over time with the number of active IPv4 multicast sources in the Nickless Informational - Expires October 2001 8 IPv4 Multicast Best Current Practice April 2001 Internet. To determine an initial approximation for these rate limits, configure MSDP without rate limits initially, and then set the rate limits at some small multiple of the observed steady state rate. Another approach would be to set rate limits based on a small multiple of the current number of active sources in the Internet. The Mantra Project [MANTRA] maintains MSDP statistics, as well as other IPv4 multicast statistics. Security Considerations Autonomous Systems often configure router filters or firewall rules to discard mis-forwarded IPv4 datagrams. Such rules may explicitly list the IPv4 address ranges that are acceptable for incoming IPv4 datagrams. When IPv4 multicast is enabled, these rules need to be updated to disallow incoming IPv4 datagrams with addresses in the 239/8 CIDR range, and to allow incoming IPv4 datagrams with destination addresses in the 224/4 CIDR range. PIM Sparse Mode Rendezvous Points are particularly vulnerable to Denial of Service attacks. As outlined above, it is important to put rate limits on MSDP peerings so as to protect your PIM Sparse Mode Rendezvous Points from explosions in the size of the cached MSDP Source Active table. Other denial of service attacks include sending excessive Register-encapsulated packets towards the Rendezvous Point and flooding the Rendezvous Point with large numbers of IGMP joins. Acknowledgements Dino Farinacci created the (S,G) notation used throughout this document. Marty Hoag, Simon Leinen, David Meyer, and Dave Thaler pointed out mistakes and made suggestions for improvement. Marshall Eubanks described the vulnerability of PIM Sparse Mode Rendezvous Points to various denial of service attacks. This work was supported by the Mathematical, Information, and Computational Sciences Division subprogram of the Office of Advanced Scientific Computing Research, U.S. Department of Energy, under Contract W-31-109-Eng-38. References [RFC2119] RFC 2119: Key Words for use in RFCs to Indicate Requirement Levels. S. Bradner. March 1997. Nickless Informational - Expires October 2001 9 IPv4 Multicast Best Current Practice April 2001 [MCAST] RFC 1112: Host extensions for IP multicasting. S.E. Deering. Aug-01-1989. [CIDR] RFC 1519: Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy. V. Fuller, T. Li, J. Yu, K. Varadhan. September 1993. [IGMPV2] RFC 2232: Internet Group Management Protocol, Version 2. W. Fenner. November 1997. [SSM] draft-holbrook-ssm-arch-02.txt: Source-Specific Multicast for IP. H. Holbrook, B. Cain. 1 March 2001. [IGMPV3] draft-ietf-idmr-igmp-v3-07.txt: Internet Group Management Protocol, Version 3. B. Cain, S. Deering, B. Fenner, I Kouvelas, A. Thyagarajan. March 2001. [BGPV4] RFC 1771: A Border Gateway Protocol 4 (BGP-4). Y. Rekhter, T. Li. March 1995. [MBGP] RFC 2858: Multiprotocol Extensions for BGP-4. T. Bates, Y. Rekhter, R. Chandra, D. Katz. June 2000. [PIM-SM] RFC 2117: Protocol Independent Multicast-Sparse Mode (PIM- SM): Protocol Specification. D. Estrin, D. Farinacci, A. Helmy, D. Thaler, S. Deering, M. Handley, V. Jacobson, C. Liu, P. Sharma, L. Wei. June 1997. [MSDP] draft-ietf-msdp-spec-07.txt: Multicast Source Discovery Protocol (MSDP). D. Meyer (Editor). March 2001. [DVMRP] RFC 1075: Distance Vector Multicast Routing Protocol. D. Waitzman, C. Partridge, S.E. Deering. November 1988. [FAQ] http://netlab.gmu.edu/mbone_installation.htm [RFC2365] RFC 2365: Administratively Scoped IP Multicast. D. Meyer. July 1998. [RFC1918] RFC 1918: Address Allocation for Private Internets. Y. Rekhter, B. Moskowitz, D. Karrenberk, G. J. de Groot, E. Lear. February 1996. [MANTRA] http://www.caida.org/tools/measurement/mantra Nickless Informational - Expires October 2001 10 IPv4 Multicast Best Current Practice April 2001 Author's Address Bill Nickless Argonne National Laboratory 9700 South Cass Avenue #221 Phone: +1 630 252 7390 Argonne, IL 60439 Email: nickless@mcs.anl.gov Nickless Informational - Expires October 2001 11