Internet Engineering Task Force   Inter-Domain Multicast Routing Working Group
INTERNET-DRAFT                                                       W. Fenner
draft-ietf-idmr-traceroute-ipm-02.txt
draft-ietf-idmr-traceroute-ipm-03.txt                               Xerox PARC
                                                                     S. Casner
                                                              Precept Software
                                                             November 21, 1997
                                                                August 5, 1998
                                                         Expires April December 1998

               A ''traceroute'' "traceroute" facility for IP Multicast.

Status of this Memo

This document is an Internet Draft.  Internet Drafts Internet-Draft.  Internet-Drafts are working
documents docu-
ments of the Internet Engineering Task Force (IETF), its Areas, areas, and its Working Groups.
working groups.  Note that other groups may also distribute working
documents doc-
uments as Internet Drafts.

Internet Drafts Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months.
Internet Drafts months
and may be updated, replaced, or obsoleted by other documents at any
time.  It is not appropriate inappropriate to use Internet Internet- Drafts as reference material
or to cite them other than as a "working draft" or "work in progress."

To learn view the current status entire list of any Internet-Draft, current Internet-Drafts, please check the
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), ftp.nordu.net (Northern Europe),
ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific Rim), ds.internic.net
ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).

Distribution of this document is unlimited.

                                Abstract

     This draft describes the IGMP multicast traceroute facility.  As
     the deployment of IP multicast has spread, it has become clear that
     a method for tracing the route that a multicast IP packet takes
     from a source to a particular receiver is absolutely required.
     Unlike unicast traceroute, multicast traceroute requires a special
     packet type and implementation on the part of routers.  This
     specification speci-
     fication describes the required functionality.

This document is a product of the Inter-Domain Multicast Routing working
group within the Internet Engineering Task Force.  Comments are
solicited and should be addressed to the working group's mailing list at
idmr@cs.ucl.ac.uk and/or the author(s).

1.

Key Words

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [Bradner97].

2.

1.  Introduction

The unicast "traceroute" program allows the tracing of a path from one
machine to another, using a mechanism that already existed in IP.
Unfortunately, no such existing mechanism can be applied to IP multicast
paths.  The key mechanism for unicast traceroute is the ICMP TTL
exceeded message, which is specifically precluded as a response to multicast mul-
ticast packets.  Thus, we specify the multicast "traceroute" facility to
be implemented in multicast routers and accessed by diagnostic programs.
While it is a disadvantage that a new mechanism is required, the
multicast multi-
cast traceroute facility can provide additional information about packet
rates and losses that the unicast traceroute cannot, and generally
requires fewer packets to be sent.

Goals:

+

o    To be able to trace the path that a packet would take from some
     source to some destination.

+

o    To be able to isolate packet loss problems (e.g., congestion).

+

o    To be able to isolate configuration problems (e.g., TTL threshold).

+

o    To minimize packets sent (e.g. no flooding, no implosion).

3.

2.  Overview

Tracing

Given a multicast distribution tree, tracing from a source to a multicast multi-
cast destination is hard, since you don't know down which branch of the
multicast tree the destination lies.  This means that you have to flood
the whole tree to find the path from one source to one destination.
However, walking up the tree from destination to source is easy, as all most
existing multicast routing protocols know the previous hop for each
source.  Tracing from destination to source can involve only routers on
the direct path.

The party requesting the traceroute (which need be neither the source
nor the destination) sends a traceroute Query packet to the last-hop
multicast router for the given destination.  The last-hop router turns
the Query into a Request packet by adding a response data block
containing contain-
ing its interface addresses and packet statistics, and then forwards the
Request packet via unicast to the router that it believes is the proper

previous hop for the given source and group.  Each hop adds its response
data to the end of the Request packet, then unicast forwards it to the
previous hop.  The first hop router (the router that believes that packets pack-
ets from the source originate on one of its directly connected networks)
changes the packet type to indicate a Response packet and sends the completed com-
pleted response to the response destination address.  The response may
be returned before reaching the first hop router if a fatal error condition condi-
tion such as "no route" is encountered along the path.

Multicast traceroute uses any information available to it in the router
to attempt to determine a previous hop to forward the trace towards.
Multicast routing protocols vary in the type and amount of state they
keep; multicast traceroute endeavors to work with all of them by using
whatever is available.  For example, if a DVMRP router has no active
state for a particular source but does have a DVMRP route, it chooses
the parent of the DVMRP route as the previous hop.  If a PIM-SM router
is on the (*,G) tree, it chooses the parent towards the RP as the
previous previ-
ous hop.  In these cases, no source/group-specific state is available,
but the path may still be traced.

4.

3.  Multicast Traceroute header

The header for all multicast traceroute packets is as follows:

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    IGMP Type  |    # hops     |           checksum            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                  Multicast Group Address                      |
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
|                     Source Address                            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                   Destination Address                         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                     Response Address                          |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    resp ttl   |               Query ID                        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

4.1.

3.1.  IGMP Type: 8 bits

     The IGMP type field is defined to be 0x1F for traceroute queries
     and requests.  The IGMP type field is changed to 0x1E when the
     packet is completed and sent as a response from the first hop
     router to the querier.  Two codes are required so that multicast
     routers won't attempt to process a completed response in those
     cases where the initial query was issued from a router or the
     response is sent via multicast.

4.2.

3.2.  # hops: 8 bits

     This field specifies the maximum number of hops that the requester
     wants to trace.  If there is some error condition in the middle of
     the path that keeps the traceroute request from reaching the
     first-hop first-
     hop router, this field can be used to perform an expanding-
     length expanding-length
     search to trace the path to just before the problem.

4.3.

3.3.  Checksum: 16 bits

     The checksum is the 16-bit one's complement of the one's complement
     sum of the whole IGMP message (the entire IP payload).  For payload)[Brad88].
     When computing the checksum, the checksum field is set to zero.
     When transmitting packets, the checksum MUST be computed and
     inserted into this field.  When receiving packets, the checksum
     MUST be verified before processing a packet.

4.4.

3.4.  Group address

     This field specifies the group address to be traced, or zero if no
     group-specific information is desired.  Note that non-group-
     specific non-group-spe-
     cific traceroutes may not be possible with certain multicast
     routing rout-
     ing protocols.

4.5.

3.5.  Source address

     This field specifies the IP address of the multicast source for the
     path being traced, or 0xFFFFFFFF if no source-specific information
     is desired.  Note that non-source-specific traceroutes may not be
     possible with certain multicast routing protocols.

4.6.

3.6.  Destination address

     This field specifies the IP address of the multicast receiver for
     the path being traced.  The trace starts at this destination and
     proceeds toward the traffic source.

4.7.

3.7.  Response Address

     This field specifies where the completed traceroute response packet
     gets sent.  It can be a unicast address or a multicast address, as
     explained in section 6.2.

4.8.

3.8.  resp ttl: 8 bits

     This field specifies the TTL at which to multicast the response, if
     the response address is a multicast address.

4.9.

3.9.  Query ID: 24 bits

     This field is used as a unique identifier for this traceroute
     request so that duplicate or delayed responses may be detected and
     to minimize collisions when a multicast response address is used.

5.

4.  Definitions

Since multicast traceroutes flow in the opposite direction to the data
flow, we always refer to "upstream" and "downstream" with respect to
data, unless explicitly specified.

Incoming Interface
     The interface on which traffic is expected from the specified
     source and group.

Outgoing Interface
     The interface on which traffic is forwarded from the specified
     source and group towards the destination.  Also called the
     "Reception "Recep-
     tion Interface", since it is the interface on which the multicast
     traceroute Request was received.

Previous-Hop Router
     The router, on the Incoming Interface, which is responsible for
     forwarding traffic for the specified source and group.

6.

5.  Response data

Each router adds a "response data" segment to the traceroute packet  be-
fore
before it forwards it on.  The response data looks like this:

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                      Query Arrival Time                       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                  Incoming Interface Address                   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                  Outgoing Interface Address                   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                 Previous-Hop Router Address                   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|           Input packet count on incoming interface            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|           Output packet count on outgoing interface           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      Total number of packets for this source-group pair       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|               |               |M| |           |               |
| Rtg Protocol  |    FwdTTL     |B|S| Src Mask  |Forwarding Code|
|               |               |Z| |           |               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

     6.1.

5.1.  Query Arrival Time

     The Query Arrival Time is a 32-bit NTP timestamp specifying the
     arrival time of the traceroute request packet at this router.  The
     32-bit form of an NTP timestamp consists of the middle 32 bits of
     the full 64-bit form; that is, the low 16 bits of the integer part
     and the high 16 bits of the fractional part.

     The following formula converts from a UNIX timeval to a 32-bit NTP
     timestamp:

     query_arrival_time = (tv.tv_sec + 32384) << 16 + ((tv.tv_usec <<
     10) / 15625)

     The constant 32384 is the number of seconds from Jan 1, 1900 to Jan
     1, 1970 truncated to 16 bits.  ((tv.tv_usec << 10) / 15625) is a
     reduction of ((tv.tv_usec / 100000000) << 16).

     6.2.

5.2.  Incoming Interface Address

     This field specifies the address of the interface on which packets
     from this source and group are expected to arrive, or 0 if unknown.

     6.3.

5.3.  Outgoing Interface Address

     This field specifies the address of the interface on which packets
     from this source and group flow to the specified destination, or 0
     if unknown.

     6.4.

5.4.  Previous-Hop Router Address

     This field specifies the router from which this router expects
     packets from this source.  This may be a multicast group if the
     previous hop is not known because of the workings of the multicast
     routing protocol.  However, it should be 0 if the incoming interface inter-
     face address is unknown.

     6.5.

5.5.  Input packet count on incoming interface

     This field contains the number of multicast packets received for
     all groups and sources on the incoming interface, or 0xffffffff if
     no count can be reported.

     6.6.

5.6.  Output packet count on outgoing interface

     This field contains the number of multicast packets that have been
     transmitted for all groups and sources on the outgoing interface,
     or 0xffffffff if no count can be reported.

     6.7.

5.7.  Total number of packets for this source-group pair

     This field counts the number of packets from the specified source
     forwarded by this router to the specified group, or 0xffffffff if
     no count can be reported.  If the S bit is set, the count is for
     the source network, as specified by the Src Mask field.  If the S
     bit is set and the Src Mask field is 63, indicating no source-specific source-spe-
     cific state, the count is for all sources sending to this group.

     6.8.

5.8.  Rtg Protocol: 8 bits

     This field describes the routing protocol in use between this
     router and the previous-hop router.  Specified values include:

     1   DVMRP
     2   MOSPF
     3   PIM
     4   CBT
     5   PIM using special routing table
     6   PIM using a static route
     7   DVMRP using a static route

     6.9.

5.9.  FwdTTL: 8 bits

     This field contains the TTL that a packet is required to have
     before it will be forwarded over the outgoing interface.

     6.10.

5.10.  MBZ: 1 bit

     Must be zeroed on transmission and ignored on reception.

     6.11.

5.11.  S: 1 bit

     If this bit is set, it indicates that the packet count for the
     source-group pair is for the source network, as determined by
          masking mask-
     ing the source address with the Src Mask field.

     6.12.

5.12.  Src Mask: 6 bits

     This field contains the number of 1's in the netmask this router
     has for the source (i.e. a value of 24 means the netmask is
     0xffffff00).  If the router is forwarding solely on group state,
     this field is set to 63 (0x2f).

     6.13. (0x3f).

5.13.  Forwarding Code: 8 bits

     This field contains a forwarding information/error code.  Defined
     values include:

     Value Name           Description
     --------------------------------------------------------------------
     0x00  NO_ERROR       No error
     0x01  WRONG_IF       Traceroute request arrived on an interface to
                          which this router would not forward for this
                          source,group,destination.
     0x02  PRUNE_SENT     This router has sent a prune upstream which
                          applies to the source and group in the traceroute tracer-
                          oute request.

     0x03  PRUNE_RCVD     This router has stopped forwarding for this
                          source and group in response to a request from
                          the next hop router.
     0x04  SCOPED         The group is subject to administrative scoping
                          at this hop.
     0x05  NO_ROUTE       This router has no route for the source.
     0x06  WRONG_LAST_HOP This router is not the proper last-hop router.
     0x07  NOT_FORWARDING This router is not forwarding this
                          source,group for an unspecified reason.
     0x08  REACHED_RP     Reached Rendez-vous Point or Core
     0x09  RPF_IF         Traceroute request arrived on the expected RPF
                          interface for this source,group.
     0x0A  NO_MULTICAST   Traceroute request arrived on an interface
                          which is not enabled for multicast.
     0x81  NO_SPACE       There was not enough room to insert another
                          response data block in the packet.
     0x82  OLD_ROUTER     The previous hop router does not understand
                          traceroute requests.
     0x83  ADMIN_PROHIB   Traceroute is administratively prohibited.

     Note that if a router discovers there is not enough room in a
     packet to insert its response, it puts the 0x81 error code in the
     previous router's Forwarding Code field, overwriting any error the
     previous router placed there.  It is expected that a multicast
     traceroute client, upon receiving this error, will restart the
     trace at the last hop listed in the packet.

     The 0x80 bit of the Forwarding Code is used to indicate a fatal
     error.  A fatal error is one where the router may know the previous
     hop but cannot forward the message to it.

     7.

6.  Router Behavior

All of these actions are performed in addition to (NOT instead of)
     forwarding for-
warding the packet, if applicable.  E.g. a multicast packet that has TTL
remaining MUST be forwarded normally, as should MUST a unicast packet that has
TTL remaining and is not addressed to this router.

     7.1.

6.1.  Traceroute Query

     A traceroute Query message is a traceroute message with no response
     blocks filled in, and uses IGMP type 0x1F.

     7.1.1.

6.1.1.  Packet Verification

     Upon receiving a traceroute Query message, a router must examine
     the Query to see if it is the proper last-hop router for the
     destination address in the packet.  It is the proper last-hop
     router if it has a multicast-capable interface on the same subnet
     as the Destination Address and is the router that would forward
     traffic from the given source onto that subnet.

          A router may receive a traceroute Query message via either
          unicast or multicast.

     If received via multicast and it the router determines that it is not the proper last-hop router,
     or it cannot make that determination, it does one of two things
     depending if the
          packet Query was received via multicast or unicast.  If
     the Query was received via multicast, then it MUST be silently
     dropped.  If it was received via unicast and
          the packet was addressed to this router, an error unicast, a forwarding code of 0x06
          should be
     NOT_LAST_HOP is noted and normal processing should occur. continues as in section 7.2.

     Duplicate Query messages as identified by the tuple (IP Source,
     Query ID) SHOULD be ignored.

     7.1.2.

6.1.2.  Normal Processing

     When a router receives a traceroute Query and it determines that it
     is the proper last-hop router, it treats it like a traceroute
     Request and performs the steps listed under Normal
          Processing of a Traceroute Request, below. in section 7.2.

6.2.  Traceroute Request

     A traceroute Request is a traceroute message with some number of
     response blocks filled in, and also uses IGMP type 0x1F.  Routers
     can tell the difference between Queries and Requests by checking
     the length of the packet.

     7.2.1.

6.2.1.  Packet Verification

     If the traceroute Request is not addressed to this router, or if
     the Request is addressed to a multicast group which is not a link-scoped link-
     scoped group (e.g. 224.0.0.x), it MUST be silently ignored.

     7.2.2.

6.2.2.  Normal Processing

     When a router receives a traceroute Request, it performs the
          following fol-
     lowing steps.  Note that it is possible to have multiple situations
     covered by the Forwarding Codes.  The first one encountered is the
     one that is reported, i.e. all "note forwarding code N" should be
     interpreted as "if forwarding code is not already set, set forwarding forward-
     ing code to N".

     1.  Insert a new response block into the packet and fill in the
         Query Arrival Time, Outgoing Interface Address, Output Packet
         Count, and FwdTTL.

     2.  Attempt to determine the forwarding information for the source
         and group specified, using the same mechanisms as would be used
         when a packet is received from the source destined for the
         group.  State need not be instantiated, it can be "phantom"
         state created only for the purpose of the trace.

     3.  If no forwarding information can be determined, an error code
         of 0x05 NO_ROUTE is inserted in the Forwarding Code field, the
         remaining fields that have not yet been filled in are set to
         zero, and the packet is forwarded to the requester as described
         in "Forwarding Traceroute Requests".

     4.  Fill in the Incoming Interface Address, Previous-Hop Router
         Address, Input Packet Count, Total Number of Packets, Routing
         Protocol, S, and Src Mask from the forwarding information that
         was determined.

     5.  If traceroute is administratively prohibited or the previous
         hop router does not understand traceroute requests, note the
         appropriate forwarding code. code (ADMIN_PROHIB or OLD_ROUTER).  If
         traceroute is administratively prohibited and any of the fields
         as filled in step 4 is are considered private information, zero
         out the applicable fields.  Then the packet is forwarded to the
         requester as described in "Forwarding Traceroute Requests".

     6.  If the reception interface is not enabled for multicast, note
         forwarding code 0xA. NO_MULTICAST.  If the reception interface is
         the interface from which the router would expect data to arrive
         from the source, a forwarding code of 0x9 RPF_IF is noted.  Otherwise,  Other-
         wise, if the reception interface is not one to which the router
         would forward data from the source, a forwarding code of 0x1
         WRONG_IF is noted.

     7.  If the group is subject to administrative scoping on either the
         Outgoing or Incoming interfaces, a forwarding code of 0x4 SCOPED is
         noted.

     8.  If this router is the Rendez-vous Point or Core for the group,
         a forwarding code of 0x8 REACHED_RP is noted.  (NOTE: should
               this be earlier?)

     9.  If this router has sent a prune upstream which applies to the
         source and group in the traceroute Request, it notes forwarding
         code 0x2. PRUNE_SENT.  If the router has stopped forwarding downstream down-
         stream in response to a prune sent by the next hop router, it
         notes forwarding code 0x3. PRUNE_RCVD.  If the router should normally nor-
         mally forward traffic for this source and group downstream but
         is not, it notes forwarding code
               0x7. NOT_FORWARDING.

     10. The packet is then sent on to the previous hop or the requester
         as described in "Forwarding Traceroute Requests".

     7.3.

6.3.  Traceroute response

     A router must forward all traceroute response packets normally,
     with no special processing.  If a router has initiated a traceroute
     with a Query or Request message, it may listen for Responses to
     that traceroute but MUST still forward them as well.

     7.4.

6.4.  Forwarding Traceroute Requests

     If the Previous-hop router is known for the source and group (or,
     if no group is specified, the previous-hop router for the source,
     or if no source is specified, the previous-hop router for the
     group) and the number of response blocks is less than the number
     requested, the packet is sent to that router.  If the Incoming
     Interface is known but the Previous-hop router is not known, the
     packet is sent to an appropriate multicast address on the Incoming
     Interface.  The appropriate multicast address may depend on the
     routing protocol in use, MUST be a link-scoped group (i.e.
     224.0.0.x), MUST NOT be ALL-
          SYSTEMS.MCAST.NET ALL-SYSTEMS.MCAST.NET (224.0.0.1) and may
     be ALL-ROUTERS.MCAST.NET (224.0.0.2) if the routing protocol in use
     does not define a more appropriate group.  Otherwise, it is sent to
     the Response Address in the header, as described in "Sending
     Traceroute Responses".

     7.5.

6.5.  Sending Traceroute Responses

     7.5.1.

6.5.1.  Destination Address

     A traceroute response must be sent to the Response Address in the
     traceroute header.

     7.5.2.

6.5.2.  TTL

     If the Response Address is unicast, the router inserts its normal
     unicast TTL in the IP header.  If the Response Address is multicast, multi-
     cast, the router copies the Response TTL from the traceroute header
     into the IP header.

     7.5.3.

6.5.3.  Source Address

     If the Response Address is unicast, the router may use any of its
     interface addresses as the source address.  Since some multicast
     routing protocols forward based on source address, if the Response
     Address is multicast, the router MUST use an address that is known
     in the multicast routing table if it can make that determination.

     7.5.4.

6.5.4.  Sourcing Multicast Responses

     When a router sources a multicast response, the response packet
     MUST be sent on a single interface, then forwarded as if it were
     received on that interface.  It MUST NOT source the response packet
     individually on each interface, since that causes duplicate packets.

     8. pack-
     ets.

7.  Using multicast traceroute

     <<Need a

7.1.  Sample Client

This section on expected client describes the behavior (one or two attempts
     with high hop count, then a search of some kind, then statistics
     later)>> Several problems may arise when attempting to use an example multicast traceroute.

     8.1.  Last hop router

          The traceroute querier may not know which
client.

7.1.1.  Sending Initial Query

     When the destination of the trace is the last hop
          router, or that router may machine running the
     client, the traceroute Query packet can be behind a firewall that blocks
          unicast packets but passes multicast packets.  In these cases,
          the traceroute request should be multicasted sent to the ALL-ROUTERS
     multicast group
          being traced (since (224.0.0.2).  This will ensure that the last hop packet is
     received by the last-hop router listens on the subnet.  Otherwise, if the
     proper last-hop router is known for the trace destination, the
     Query could be unicasted to that
          group).  All routers except router.  Otherwise, the correct last hop router Query
     packet should
          ignore any multicast traceroute request received via
          multicast.  Traceroute requests which are be multicasted to the group being traced must include queried; if the Router Alert IP option
          [Katz97].

          Another alternative is to unicast to
     destination of the trace destination.
          Traceroute requests which are unicasted is a member of the group this will get the
     Query to the trace
          destination must include proper last-hop router.  In this final case, the
     packet should contain the Router Alert IP option [Katz97],
          in order option, to make sure that the last-hop router is aware
     routers that are not members of the packet.

          If multicast group notice the traceroute querier is attached to
     packet.  See also section 8.2 on determining the same router as last-hop router.

7.1.2.  Determining the destination Path

     The client could send a small number of the request, the traceroute request may be
          multicasted Initial Query messages with
     a large "# hops" field, in order to 224.0.0.2 (ALL-ROUTERS.MCAST.NET) if the last-
          hop router is not known.

     8.2.  First hop router

          The traceroute querier may not be unicast reachable from try to trace the
          first hop router.  In full path.  If
     this case, attempt fails, one strategy is to perform a linear search (as
     the querier should traditional unicast traceroute program does); set the
          traceroute response address "#hops"
     field to a multicast address, 1 and should
          set the response TTL try to get a value sufficient for the response, then 2, and so on.  If no
     response
          from is received at a certain hop, the first hop router to reach count can continue
     past the querier.  It non-responding hop, in the hopes that further hops may be
          appropriate
     respond.  These attempts should continue until a user-defined time-
     out has occurred.

     See also section 8.3 and 8.4 on receiving the results of a trace.

7.1.3.  Collecting Statistics

     After a client has determined that it has traced the whole path or
     as much as it can expect to start with (see section 8.5), it might collect
     statistics by waiting a small TTL short time and increase in
          subsequent attempts until performing a sufficient TTL second trace.
     If the path is reached, up to
          an appropriate maximum (such the same in the two traces, statistics can be dis-
     played as 192). described in section 9.3 and 9.4.

Details of performing a multicast traceroute:

7.2.  Last hop router

     The IANA has assigned 224.0.1.32, MTRACE.MCAST.NET, as traceroute querier may not know which is the
          default last hop router,
     or that router may be behind a firewall that blocks unicast packets
     but passes multicast packets.  In these cases, the traceroute
     request should be multicasted to the group for being traced (since the
     last hop router listens to that group).  All routers except the
     correct last hop router should ignore any multicast traceroute responses.
          Other groups may be used if needed, e.g. when using mtrace
     request received via multicast.  Traceroute requests which are mul-
     ticasted to
          diagnose problems with the IANA-assigned group.

     8.3.  Broken intermediate group being traced must include the Router Alert IP
     option [Katz97].

     Another alternative is to unicast to the trace destination.
     Traceroute requests which are unicasted to the trace destination
     must include the Router Alert IP option [Katz97], in order that the
     last-hop router

          A broken intermediate is aware of the packet.

     If the traceroute querier is attached to the same router might simply as the
     destination of the request, the traceroute request may be multicas-
     ted to 224.0.0.2 (ALL-ROUTERS.MCAST.NET) if the last-hop router is
     not known.

7.3.  First hop router

     The traceroute querier may not be unicast reachable from the first
     hop router.  In this case, the querier should set the traceroute
     response address to a multicast address, and should set the
     response TTL to a value sufficient for the response from the first
     hop router to reach the querier.  It may be appropriate to start
     with a small TTL and increase in subsequent attempts until a suffi-
     cient TTL is reached, up to an appropriate maximum (such as 192).

     The IANA has assigned 224.0.1.32, MTRACE.MCAST.NET, as the default
     multicast group for multicast traceroute responses.  Other groups
     may be used if needed, e.g. when using mtrace to diagnose problems
     with the IANA-assigned group.

7.4.  Broken intermediate router

     A broken intermediate router might simply not understand traceroute packets,
     packets, and drop them.  The querier would then get no response at
     all from its traceroute requests.  It should then perform a hop-by-
     hop search by setting the number of responses field until it gets a
     response (both linear and binary search are options, but binary is
     likely to be slower because a failure requires waiting for a time-
     out).

7.5.  Trace termination

     When performing an expanding hop-by-hop trace, it is necessary to
     determine when to stop expanding.

7.5.1.  Arriving at source

     A trace can be determined to have arrived at the source if the
     Incoming Interface of the last router in the trace is non-zero, but
     the Previous Hop router is zero.

7.5.2.  Fatal Error

     A trace has encountered a fatal error if the last Forwarding Error
     in the trace has the 0x80 bit set.

7.5.3.  No Previous Hop

     A trace can not continue if the last Previous Hop in the trace is
     set to 0.

7.5.4.  Trace shorter than requested

     If the trace that is returned is shorter than requested (i.e. the
     number of Response blocks is smaller than the "# hops" field), the
     trace encountered an error and could not continue.

7.6.  Continuing after an error

     When the NO_SPACE error occurs, the client might try to continue
     the trace by starting it at the last hop in the trace.  It can do
     this by unicasting to this router's outgoing interface address,
     keeping all fields the same.  If this results in a single hop and a
     "WRONG_IF" error, the client may try setting the trace destination
     to the same outgoing interface address.

     If a trace times out, it is likely to be because a router in the
     middle of the path does not support multicast traceroute.  That
     router's address will be in the Previous Hop field of the last
     entry in the last reply packet received.  A client may be able to
     determine (via mrinfo[Pusa98] or SNMP[Thal98a,Thal98b]) a list of
     neighbors of the non-responding router.  If desired, each of those
     neighbors could be probed to determine the remainder of the path.
     Unfortunately, this heuristic may end up with multiple paths, since
     there is no way of knowing what the non-responding router's algo-
     rithm for choosing a previous-hop router is.  However, if all paths
     but one flow back towards the non-responding router, it is possible
     to be sure that this is the correct path.

7.7.  Multicast Traceroute and shared-tree routing protocols

     When using shared-tree routing protocols like PIM-SM and CBT, it is
     still possible to use multicast traceroute to determine paths.

7.7.1.  PIM-SM

When a multicast traceroute reaches a PIM-SM RP and drop them.  The querier would then get the RP does not for-
ward the trace on, it means that the RP has not performed a source-spe-
cific join so there is no response at all from its traceroute requests.  It should
          then more state to trace.  However, the path that
traffic would use if the RP did perform a hop-by-hop search source-specific join can be
traced by setting the number of
          responses field until it gets a response (both linear trace destination to the RP, the trace source to
the traffic source, and
          binary search are options, but binary is likely the trace group to 0.  This trace Query may be slower
          because
unicasted to the RP.

7.7.2.  CBT

When a failure requires waiting for multicast traceroute reaches a timeout).

     8.4.  Trace termination

          When performing an expanding hop-by-hop trace, CBT Core, it is necessary
          to determine when to must simply stop expanding.

     8.4.1.  Arriving at source

          A
since CBT does not have source-specific state.  However, a second trace
can be determined performed, setting the trace destination to have arrived at the source if traffic source,
the
          Incoming Interface of trace group to the last router in group being traced, and the trace is non-
          zero, but source to the Previous Hop router is zero.  (XXX Need
Core (or to
          actually check if this heuristic really works) <<Maybe a
          "previous hop" of 0xffffffff needs 0, since CBT does not have source-specific state).  This
trace Query may be unicasted to mean "arrived at
          source">> <<or just a forwarding code>>

     8.4.2.  Fatal Error

          A the Core.  There are two possibilities
when combining the two traces:

7.7.2.1.  No overlap

     If there is no overlap between the two traces, the second trace has encountered a fatal error if can
     be reversed and appended to the last Forwarding
          Error in first trace.  This composite trace
     shows the full path from the source to the trace has destination.

7.7.2.2.  Overlapping paths

     If there is a portion of the 0x80 bit set.

     8.4.3.  No Previous Hop

          A trace can not continue if path that is common to the last Previous Hop ends of the
     two traces, that portion is removed from both traces.  Then, as in
     the no overlap case, the second trace is set reversed and appended to 0.

     9.
     the first trace, and the composite trace again contains the full
     path.

This algorithm works whether the source has joined the CBT tree or not.

8.  Problem Diagnosis

     9.1.

8.1.  Forwarding Inconsistencies

     The forwarding error code can tell if a group is unexpectedly
     pruned or administratively scoped.

     9.2.

8.2.  TTL problems

     By taking the maximum of (hops from source + forwarding TTL
          threshold) thresh-
     old) over all hops, you can discover the TTL required for the
     source to reach the destination.

     9.3.

8.3.  Congestion

     By taking two traces, you can find packet loss information by
          comparing com-
     paring the difference in input packet counts to the difference in
     output packet counts at the previous hop.  On a point-to-point
     link, any difference in these numbers implies packet loss.  Since
     the packet counts may be changing as the trace query is propagating, propagat-
     ing, there may be small errors (off by 1 or 2) in these statistics.
     However, these errors will not accumulate if multiple traces are
     taken to expand the measurement period.  On a shared link, the
     count of input packets can be larger than the number of output
     packets at the previous hop, due to other routers or hosts on the
     link injecting packets.  This appears as "negative loss" which may
     mask real packet loss.

     In addition to the counts of input and output packets for all
          multicast mul-
     ticast traffic on the interfaces, the response data includes a
     count of the packets forwarded by a node for the specified source-group source-
     group pair.  Taking the difference in this count between two traces
     and then comparing those differences between two hops gives a measure mea-
     sure of packet loss just for traffic from the specified source to
     the specified receiver via the specified group.  This measure is
     not affected by shared links.

     On a point-to-point link that is a multicast tunnel, packet loss is
     usually due to congestion in unicast routers along the path of that
     tunnel.  On native multicast links, loss is more likely in the output out-
     put queue of one hop, perhaps due to priority dropping, or in the
     input queue at the next hop.  The counters in the response data do
     not allow these cases to be distinguished.  Differences in packet
     counts between the incoming and outgoing interfaces on one node
     cannot generally be used to measure queue overflow in the node
     because some packets may be routed only to or from other interfaces
     on that node.

     In the multicast extensions for SunOS 4.1.x from Xerox PARC, both
     the output packet count and the packet forwarding count for the
     source-group pair are incremented before priority dropping for rate
     limiting occurs and before the packets are put onto the interface
     output queue which may overflow.  These drops will appear as (positive) (posi-
     tive) loss on the link even though they occur within the router.

     In release 3.3/3.4 of the UNIX multicast extensions, a multicast
     packet generated on a router will be counted as having come in an
     interface even though it did not.  This can create the appearance
     of negative loss even on a point-to-
          point point-to-point link.

     In releases up through 3.5/3.6, packets were not counted as input
     on an interface if the reverse-path forwarding check decided that
     the packets should be dropped.  That causes the packets to appear
     as lost on the link if they were output by the upstream hop.  This
     situation can arise when two routers on the path for the group
     being traced are connected by a shared link, and the path for some
     other group does not flow between those two routers because the
     downstream router receives packets for the other group on another
     interface, but the upstream router is the elected forwarder to
     other routers or hosts on the shared link.

     9.4.

8.4.  Link Utilization

     Again, with two traces, you can divide the difference in the input
     or output packet counts at some hop by the difference in time
     stamps from the same hop to obtain the packet rate over the link.
     If the average packet size is known, then the link utilization can
     also be estimated to see whether packet loss may be due to the rate
     limit or the physical capacity on a particular link being exceeded.

     9.5.

8.5.  Time delay

     If the routers have synchronized clocks, it is possible to estimate
     propagation and queueing delay from the differences between the
     timestamps at successive hops.

     10.

9.  Acknowledgments

This specification started largely as a transcription of Van Jacobson's
slides from the 30th IETF, and the implementation in mrouted 3.3 by Ajit
Thyagarajan.  Van's original slides credit Steve Casner, Steve Deering,
Dino Farinacci and Deb Agrawal.  A multicast traceroute client, mtrace,

has been implemented by Ajit Thyagarajan, Steve Casner and Bill Fenner.

The idea of unicasting a multicast traceroute Query to the destination
of the trace with RA Router Alert set is due to Tony Ballardie.  The idea
of the "S" bit to allow statistics for a source subnet is due to Tom
Pusateri.

     11.

10.  IANA Considerations

     11.1.

10.1.  Routing Protocols

          Should the

     The IANA be is responsible for allocating new Routing Protocol codes?

     11.2.  Forwarding Codes

          Should codes.
     The Routing Protocol code is somewhat problematic, since in the IANA
     case of protocols like CBT and PIM it must encode both a unicast
     routing algorithm and a multicast tree-building protocol.  The
     space was not divided into two fields because it was already small
     and some combinations (e.g. DVMRP) would be responsible wasted.

     Routing Protocol codes should be allocated for allocating new any combination of
     protocols that are in common use in the Internet.

10.2.  Forwarding
          Codes?

     12. Codes

     New Forwarding codes must only be created by an RFC that modifies
     this document's section 7, fully describing the conditions under
     which the new forwarding code is used.  The IANA may act as a cen-
     tral repository so that there is a single place to look up forward-
     ing codes and the document in which they are defined.

11.  Security Considerations

     12.1.

11.1.  Topology discovery

     mtrace can be used to discover any actively-used topology.  If your
     network topology is a secret, you should restrict mtrace may be restricted at the border bor-
     der of your domain.

     12.2. domain, using the ADMIN_PROHIB forwarding code.

11.2.  Traffic rates

     mtrace can be used to discover what sources are sending to what
     groups and at what rates.  If this information is a secret, you should restrict mtrace
     may be restricted at the border of your
          domain.

      ...more...

     13. domain, using the
     ADMIN_PROHIB forwarding code.

11.3.  Unicast replies

     The "Response address" field may be used to send a single packet
     (the traceroute Reply packet) to an arbitrary unicast address.  It
     is possible to use this facility as a packet amplifier, as a small
     multicast traceroute Query may turn into a large Reply packet.

12.  References

Brad88         Braden, B., D. Borman, C. Partridge, "Computing the
               Internet Checksum", RFC 1071, ISI, September 1988.

Bradner97      Bradner, S., "Key words for use in RFCs to Indicate
               Requirement Levels", RFC 2119/BCP 14, Harvard University,
               March 1997.

Katz97         Katz, D., "IP Router Alert Option," RFC 2113, Cisco
                    Systems, Sys-
               tems, February 1997.

     14.

13.  Authors' Addresses

     William C. Fenner
     Xerox PARC
     3333 Coyote Hill Road
     Palo Alto, CA 94304

     Phone: +1 650 812 4816

     Email: fenner@parc.xerox.com

     Stephen L. Casner
        Precept Software, Inc.
     Cisco Systems
     1072 Arastradero Road
     Palo Alto, CA 94304

     Email: casner@precept.com