Internet-Draft PIM Null-Register packing November 2021
Kamath, et al. Expires 11 May 2022 [Page]
Workgroup:
Network Working Group
Internet-Draft:
draft-ietf-pim-null-register-packing-11
Published:
Intended Status:
Standards Track
Expires:
Authors:
V. Kamath
VMware
R. Chokkanathapuram Sundaram
Cisco Systems, Inc.
R. Banthia
Apstra
A. Gopal
Cisco Systems, Inc.

PIM Null-Register packing

Abstract

In PIM-SM networks PIM Null-Register messages are sent by the Designated Router (DR) to the Rendezvous Point (RP) to signal the presence of Multicast sources in the network. There are periodic PIM Null-Registers sent from the DR to the RP to keep the state alive at the RP as long as the source is active. The PIM Null-Register message carries information about a single Multicast source and group.

This document defines a standard to send multiple Multicast source and group information in a single PIM Packed Null-Register message. We will refer to the new packed formats as the PIM Packed Null-Register format and PIM Packed Register-Stop format throughout the document. This document also discusses interoperability between the PIM routers which do not understand the PIM Packed Null-Register format and routers which do understand it.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 11 May 2022.

Table of Contents

1. Introduction

PIM Null-Registers are sent by the DR periodically for Multicast streams to keep the states active on the RP, as long as the multicast source is alive. As the number of multicast sources increases, the number of PIM Null-Register messages that are sent also increases. This results in more PIM packet processing at the RP and the DR.

The control plane policing (COPP), monitors the packets that are processed by the control plane. The high rate at which Null-Registers are received at the RP can lead to COPP drops of Multicast PIM Null-Register messages. This draft proposes a method to efficiently pack multiple PIM Null-Registers [RFC7761] (Section 4.4) and Register-Stops [RFC7761](Section 3.2) into a single message as these packets anyway do not contain encapsulated data.

The draft also discusses interoperability with PIM routers that do not understand the new packet format.

1.1. Conventions used in this document

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

1.2. Terminology

RP:
Rendezvous Point
DR:
Designated Router

2. Packed Null-Register Capability

A router (DR) can decide to pack multiple Null-Register messages based on the capability received from the RP as part of the PIM Register-Stop. This ensures compatibility with routers that do not support processing of the new format. The capability information can be indicated by the RP via the PIM Register-Stop message sent to the DR. Thus a DR will switch to the new format only when it learns that the RP is capable of handling the PIM Packed Null-Register messages.

Conversely, a DR that does not support the packed format can continue generating the PIM Null-Register as defined in [RFC7761] (Section 4.4). To exchange the capability information in the Register-Stop message, the "Reserved" field can be used to indicate this capability in those Register-Stop messages. One bit of the Reserved field is used to indicate the "packing" capability (P bit). The rest of the bits in the "Reserved" field will be retained for future use.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |PIM Ver| Type  |P|  Reserved   |           Checksum            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |             Group Address (Encoded-Group format)              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            Source Address (Encoded-Unicast format)            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Figure 1: PIM Register-Stop message with capability option

PIM Version, Type, Checksum, Group Address, Source Address:
Same as [RFC7761] (Section 4.9.4)
P:
Capability bit (flag bit 7) used to indicate support for the Packed Null-Register Capability

3. PIM Packed Null-Register message format

PIM Packed Null-Register message format includes a count to indicate the number of Null-Register records in the message.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |PIM Ver| Type  |Subtype|  FB   |           Checksum            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Count       |              Reserved                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Group Address[1]   (Encoded-Group format)                 |
   |     Source Address[1]  (Encoded-Unicast format)               |
   .                                                               .
   .                                                               .
   .                                                               .
   .                                                               .
   .     Group Address[N]                                          .
   |     Source Address[N]                                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

           Figure 2: PIM Packed Null-Register message format
PIM Version, Reserved, Checksum:
Same as [RFC7761] (Section 4.9.3)
Type, SubType:
The new packed Null-Register Type and SubType values TBD. [RFC8736]
Count:
The number of packed Null-Register records. A record consists of a Group Address and Source Address pair.
Group Address, Source Address:
Same as [RFC7761] (Section 4.9.4)

4. PIM Packed Register-Stop message format

The PIM Packed Register-Stop message includes a count to indicate the number of records that are present in the message.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |PIM Ver| Type  |Subtype|  FB   |           Checksum            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Count     |          Reserved                             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Group Address[1]  (Encoded-Group format)                  |
   |     Source Address[1]  (Encoded-Unicast format)               |
   .                                                               .
   .                                                               .
   .                                                               .
   .                                                               .
   .     Group Address[N]                                          .
   |     Source Address[N]                                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

            Figure 3: PIM Packed Register-Stop message format

PIM Version, Reserved, Checksum:
Same as [RFC7761] (Section 4.9.4)
Type:
The new Register Stop Type and SubType values TBD
Count:
The number of PIM packed Register-Stop records. A record consists of a Group Address and Source Address pair.
Group Address, Source Address:
Same as [RFC7761] (Section 4.9.4)

5. Protocol operation

The following combinations exist -

  1. DR and RP both support the PIM Packed Null-Register and PIM Packed Register-Stop formats:

    • As specified in [RFC7761], the DR sends PIM Register messages towards the RP when a new source is detected.
    • An RP supporting this specification MUST set the P-bit in the corresponding Register-Stop messages.
    • When a Register-Stop message with the P-bit set is received, the DR SHOULD send PIM Packed Null-Register messages (Section 3) to the RP instead of multiple Register messages with the N-bit set [RFC7761].
    • The RP, after receiving a PIM Packed Null-Register message SHOULD start sending PIM Packed Register-Stop messages (Section 4) to the corresponding DR instead of individual Register-Stop messages.
  2. DR supports but RP does not support the PIM Packed Null-Register and PIM Packed Register-Stop formats:

    • As specified in [RFC7761], DR sends PIM Null-Registers towards the RP.
    • After receiving DR's PIM Null-Register message, RP sends a normal Register-Stop without any capability information.
    • DR then sends PIM Null-Registers in the unpacked format [RFC7761].
  3. RP supports but DR does not support the PIM Packed Null-Register and PIM Packed Register-Stop formats:

    • As specified in [RFC7761], DR sends the PIM Null-Register towards the RP.
    • After receiving DR's PIM Null-Register message, RP sends a PIM Packed Register-Stop towards the DR that includes capability information.
    • Since DR does not support the new format, it sends PIM Null-Registers in the unpacked format [RFC7761].

6. Operational Considerations

In case the network manager disables the packed capability at the RP, the router should not advertise the capability. However, an implementation MAY choose to still parse any packed registers if they are received. This may be particularly useful in the transitional period after the network manager disables it.

7. PIM Anycast RP Considerations

The PIM Packed Null-Register format should be enabled only if it is supported by all PIM Anycast RP [RFC4610] members in the RP set for the RP address. This consideration applies to PIM Anycast RP with MSDP [RFC3446] as well.

8. PIM RP router version downgrade

Consider a PIM RP router that supports PIM Packed Null-Registers and PIM Packed Register-Stops. When this router downgrades to a software version which does not support PIM Packed Null-Registers and PIM Packed Register-Stops, the DR that sends the PIM Packed Null-Register message will not get a PIM Register-Stop message back from the RP. In such scenarios the DR can send an unpacked PIM Null-Register and check the PIM Register-Stop to see if the capability bit (P-bit) for PIM Packed Null-Register is set or not. If it is not set then the DR will continue sending unpacked PIM Null-Register messages.

9. Fragmentation Considerations

When building a PIM Packed Null-Register message or PIM Packed Register-Stop message, a router should include as many records as possible based on the path MTU towards RP, if path MTU discovery is done. Otherwise, the number of records should be limited by the MTU of the outgoing interface.

10. Security Considerations

General Register messages security considerations from [RFC7761] apply. As mentioned in [RFC7761], PIM Null-Register messages and Register-Stop messages are forwarded by intermediate routers to their destination using normal IP forwarding. Without data origin authentication, an attacker who is located anywhere in the network may be able to forge a Null-Register or Register-Stop message. We next consider the effect of a forgery of each of these messages. By forging a Register message, an attacker can cause the RP to inject forged traffic onto the shared multicast tree.

By forging a Register-Stop message, an attacker can prevent a legitimate DR from registering packets to the RP. This can prevent local hosts on that LAN from sending multicast packets. The above two PIM messages are not changed by intermediate routers and need only be examined by the intended receiver. Thus, these messages can be authenticated end-to-end. Attacks on Register and Register-Stop messages do not apply to a PIM-SSM-only implementation, as these messages are not used in PIM-SSM.

There is another case where a spoofed Register-Stop can be sent to make it appear that is from the RP, and that the RP supports this new packed capability when it does not. This can cause Null-Registers to be sent to an RP that doesnt support this packed format. But standard methods to prevent spoofing should take care of this case. For example, uRPF can be used to filter out packets coming from the outside from addresses that belong to routers inside.

11. IANA Considerations

12. Acknowledgments

The authors would like to thank Stig Venaas, Anish Peter, Zheng Zhang and Umesh Dudani for their helpful comments on the draft.

13. References

13.1. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.
[RFC7761]
Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, , <https://www.rfc-editor.org/info/rfc7761>.
[RFC4610]
Farinacci, D. and Y. Cai, "Anycast-RP Using Protocol Independent Multicast (PIM)", RFC 4610, DOI 10.17487/RFC4610, , <https://www.rfc-editor.org/info/rfc4610>.
[RFC8736]
Venaas, S. and A. Retana, "PIM Message Type Space Extension and Reserved Bits", RFC 8736, DOI 10.17487/RFC8736, , <https://www.rfc-editor.org/info/rfc8736>.

13.2. Informative References

[RFC3446]
Kim, D., Meyer, D., Kilmer, H., and D. Farinacci, "Anycast Rendevous Point (RP) mechanism using Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP)", RFC 3446, DOI 10.17487/RFC3446, , <https://www.rfc-editor.org/info/rfc3446>.

Authors' Addresses

Vikas Ramesh Kamath
VMware
3401 Hillview Ave
Palo Alto, CA 94304
United States of America
Ramakrishnan Chokkanathapuram Sundaram
Cisco Systems, Inc.
Tasman Drive
San Jose, CA 95134
United States of America
Raunak Banthia
Apstra
333 Middlefield Rd STE 200
Menlo Park, CA 94025
United States of America
Ananya Gopal
Cisco Systems, Inc.
Tasman Drive
San Jose, CA 95134
United States of America