draft-ietf-mboned-ssmping-08.txt   draft-ietf-mboned-ssmping-09.txt 
Network Working Group S. Venaas Network Working Group S. Venaas
Internet-Draft UNINETT Internet-Draft cisco Systems
Intended status: Standards Track March 4, 2010 Intended status: Standards Track October 5, 2011
Expires: September 5, 2010 Expires: April 7, 2012
Multicast Ping Protocol Multicast Ping Protocol
draft-ietf-mboned-ssmping-08.txt draft-ietf-mboned-ssmping-09.txt
Abstract Abstract
The Multicast Ping Protocol specified in this document allows for The Multicast Ping Protocol specified in this document allows for
checking whether an endpoint can receive multicast, both Source- checking whether an endpoint can receive multicast, both Source-
Specific Multicast (SSM) and Any-Source Multicast (ASM). It can also Specific Multicast (SSM) and Any-Source Multicast (ASM). It can also
be used to obtain additional multicast-related information such as be used to obtain additional multicast-related information such as
multicast tree setup time. This protocol is based on an multicast tree setup time. This protocol is based on an
implementation of tools called ssmping and asmping. implementation of tools called ssmping and asmping.
Requirements Language Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF). Note that other groups may also distribute
other groups may also distribute working documents as Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at This Internet-Draft will expire on April 7, 2012.
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 5, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Architecture . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Architecture . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Protocol Specification . . . . . . . . . . . . . . . . . . . . 6 3. Protocol Specification . . . . . . . . . . . . . . . . . . . . 6
3.1. Option Format . . . . . . . . . . . . . . . . . . . . . . 7 3.1. Option Format . . . . . . . . . . . . . . . . . . . . . . 7
3.2. Defined Options . . . . . . . . . . . . . . . . . . . . . 7 3.2. Defined Options . . . . . . . . . . . . . . . . . . . . . 7
3.3. Packet Format . . . . . . . . . . . . . . . . . . . . . . 12 3.3. Packet Format . . . . . . . . . . . . . . . . . . . . . . 13
3.4. Message Types and Options . . . . . . . . . . . . . . . . 13 3.4. Message Types and Options . . . . . . . . . . . . . . . . 13
3.5. Rate Limiting . . . . . . . . . . . . . . . . . . . . . . 14 3.5. Rate Limiting . . . . . . . . . . . . . . . . . . . . . . 15
4. Client Behaviour . . . . . . . . . . . . . . . . . . . . . . . 15 3.5.1. Message Rate Variables . . . . . . . . . . . . . . . . 16
5. Server Behaviour . . . . . . . . . . . . . . . . . . . . . . . 16 4. Client Behaviour . . . . . . . . . . . . . . . . . . . . . . . 16
6. Recommendations for Implementers . . . . . . . . . . . . . . . 17 5. Server Behaviour . . . . . . . . . . . . . . . . . . . . . . . 17
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18 6. Recommendations for Implementers . . . . . . . . . . . . . . . 19
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 19
9. Security Considerations . . . . . . . . . . . . . . . . . . . 19 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 9. Security Considerations . . . . . . . . . . . . . . . . . . . 21
10.1. Normative References . . . . . . . . . . . . . . . . . . . 20 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23
10.2. Informative References . . . . . . . . . . . . . . . . . . 20 10.1. Normative References . . . . . . . . . . . . . . . . . . . 23
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 20 10.2. Informative References . . . . . . . . . . . . . . . . . . 23
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 23
1. Introduction 1. Introduction
The Multicast Ping Protocol specified in this document allows for The Multicast Ping Protocol specified in this document allows for
checking multicast connectivity. In addition to checking reception checking multicast connectivity. In addition to checking reception
of multicast (SSM or ASM), the protocol can provide related of multicast (SSM or ASM), the protocol can provide related
information such as multicast tree setup time, the number of hops the information such as multicast tree setup time, the number of hops the
packets have traveled, as well as packet delay and loss. This packets have traveled, as well as packet delay and loss. This
functionality resembles, in part, the ICMP Echo Request/Reply functionality resembles, in part, the ICMP Echo Request/Reply
mechanism [RFC0792], but uses UDP [RFC0768] and requires both a mechanism [RFC0792], but uses UDP [RFC0768] and requires both a
skipping to change at page 3, line 27 skipping to change at page 3, line 27
This protocol is based on the current implementation of the ssmping This protocol is based on the current implementation of the ssmping
and asmping tools [impl] which are widely used by the Internet and asmping tools [impl] which are widely used by the Internet
community to conduct multicast connectivity tests. community to conduct multicast connectivity tests.
2. Architecture 2. Architecture
Before describing the protocol in detail, we provide a brief overview Before describing the protocol in detail, we provide a brief overview
of how the protocol may be used and what information it may provide. of how the protocol may be used and what information it may provide.
The protocol is used between clients and servers. A server may be The protocol is used between clients and servers to check multicast
configured with a set of ranges of multicast addresses that can be connectivity. Servers are multicast sources and clients are
used for testing, or it may use some implementation defaults. multicast receivers. A server may be configured with a set of ranges
Depending on the server configuration or the implementation it may of multicast addresses that can be used for testing, or it may use
control which clients (which unicast addresses) are allowed to use some implementation defaults. Depending on the server configuration
different group ranges, and also whether clients can select a group or the implementation it may control which clients (which unicast
address, or if the group address is selected by the server. It also addresses) are allowed to use different group ranges, and also
depends on configuration and/or implementation whether several whether clients can select a group address, or if the group address
clients are allowed to simultaneously use the same multicast address. is selected by the server. It also depends on configuration and/or
implementation whether several clients are allowed to simultaneously
use the same multicast address.
In addition to the above state, a server normally has runtime soft In addition to the above state, a server normally has runtime soft
state. The server must generally perform rate limiting to restrict state. The server must generally perform rate limiting to restrict
the number of client requests it handles. This rate limiting is per the number of client requests it handles. This rate limiting is per
client IP address. This state need only be maintained for a few client IP address. This state need usually only be maintained for a
seconds (normally to have an average rate of maximum one request per few seconds, depending on the limit used. If the server provides
second). If the server provides unique multicast addresses to unique multicast addresses to clients, it must also have soft state
clients, it must also have soft state tracking which multicast tracking which multicast addresses are used by which client IP
addresses are used by which client IP address. This state should address. This state should expire if the server has not received
expire if the server has not received requests within a few minutes. requests within a few minutes. The exact timeout should ideally be
The exact timeout should ideally be configurable to cope with configurable to cope with different environments. If a client is
different environments. If a client is expected to perform multicast expected to perform multicast ping checks continuously for a long
ping checks continuously for a long period of time, and to cope with period of time, and to cope with requests not reaching the client for
requests not reaching the client for several minutes, then this several minutes, then this timeout needs to be extended. In order to
timeout needs to be extended. In order to verify the client IP verify the client IP address, the server should perform a return
address, the server should perform a return routability check by routability check by giving the client a non-predictable session ID.
giving the client a non-predictable session ID. This would then also This would then also be part of the server soft-state for that
be part of the server soft-state for that client. client.
A client must before it can perform a multicast ping test, know the A client must before it can perform a multicast ping test, know the
unicast address of a server. In addition it may be configured with a unicast address of a server. In addition it may be configured with a
multicast address or range to use. In that case the client will tell multicast address or range to use. In that case the client will tell
the server which group or range it wishes to use. If not, the server the server which group or range it wishes to use. If not, the server
is left to decide the group. Normally a client sends one request per is left to decide the group. Normally a client sends Default-Client-
second. It may however be configured to use another rate. Request-Rate requests per second. It may however be configured to
use another rate. See definition of Default-Client-Request-Rate in
Section 3.5.1. Note that the value can be less than 1.
At runtime, a client generates a client ID that is unique for the At runtime, a client generates a client ID that is unique for the
ping test. This ID is included in all messages sent by the client. ping test. This ID is included in all messages sent by the client.
Further, if not supplied with a specific group address, the client Further, if not supplied with a specific group address, the client
will receive a group address from the server, that is used for the will receive a group address from the server, that is used for the
ping requests. It may also receive a Session ID from the server. ping requests. It may also receive a Session ID from the server.
The client ID, group address and Session ID (if received) will then The client ID, group address and Session ID (if received) will then
be fixed for all ping requests in this session. When a client be fixed for all ping requests in this session. When a client
receives replies from a server, it will verify the client ID in the receives replies from a server, it will verify the client ID in the
reply, and ignore it if not matching what it used in the requests. reply, and ignore it if not matching what it used in the requests.
skipping to change at page 4, line 48 skipping to change at page 5, line 4
group to use, or an error if no group is available. group to use, or an error if no group is available.
Next, for ASM, the client joins an ASM group G, while for SSM it Next, for ASM, the client joins an ASM group G, while for SSM it
joins a channel (S,G), where G is the multicast group address joins a channel (S,G), where G is the multicast group address
specified by the server, and S is the unicast address used to specified by the server, and S is the unicast address used to
reach the server. reach the server.
After joining the group/channel, the client unicasts multicast After joining the group/channel, the client unicasts multicast
ping requests to the server. The requests are sent using UDP with ping requests to the server. The requests are sent using UDP with
the destination port set to the standardised multicast ping port the destination port set to the standardised multicast ping port
[TBD]. The requests are sent periodically, perhaps once per
second, to the server. These requests contain a sequence number, [TBD]. The requests are sent periodically to the server. The
and typically a timestamp. The requests are echoed by the server, rate is by default Default-Client-Request-Rate Section 3.5.1
requests per second, but the client may be configured to use
another rate. These requests contain a sequence number, and
typically a timestamp. The requests are echoed by the server,
which may add a few options. which may add a few options.
For each request, the server sends two replies. One reply is For each request, the server sends two replies. One reply is
unicast to the source IP address and source UDP port of the unicast to the source IP address and source UDP port of the
requesting client. The other reply is multicast to the requested requesting client. The other reply is multicast to the requested
multicast group G and the source UDP port of the requesting multicast group G and the source UDP port of the requesting
client. client.
Both replies are sent from the same port on which the request was Both replies are sent from the same port on which the request was
received. The server should specify the TTL (IPv4 time-to-live or received. The server should specify the TTL (IPv4 time-to-live or
skipping to change at page 6, line 18 skipping to change at page 6, line 23
messages are used for the actual measurements. An Init message messages are used for the actual measurements. An Init message
SHOULD be used to initialise a ping session and negotiate which group SHOULD be used to initialise a ping session and negotiate which group
to use. Finally a Server Response message that is mainly used in to use. Finally a Server Response message that is mainly used in
response to the Init message. The messages MUST always be in network response to the Init message. The messages MUST always be in network
byte order. UDP checksums MUST always be used. byte order. UDP checksums MUST always be used.
The messages share a common format: one octet specifying the message The messages share a common format: one octet specifying the message
type, followed by a number of options in TLV (Type, Length and Value) type, followed by a number of options in TLV (Type, Length and Value)
format. This makes the protocol easily extendible. format. This makes the protocol easily extendible.
Message types in the range 0-191 are reserved and available for Message types in the range 0-253 are reserved and available for
allocation in an IANA Registry. Message types in the range 192-255 allocation in an IANA Registry. Message types 254 and 255 are not
are not registered and are freely available for experimental use. registered and are freely available for experimental use. See
See Section 8. Section 8.
The Init message generally contains some prefix options asking the The Init message generally contains some prefix options asking the
server for a group from one of the specified prefixes. The server server for a group from one of the specified prefixes. The server
responds with a Server Response message that contains the group responds with a Server Response message that contains the group
address to use, or possibly prefix options describing what multicast address to use, or possibly prefix options describing what multicast
groups the server may be able to provide. groups the server may be able to provide.
For an Echo Request the client generally includes a number of For an Echo Request the client includes a number of options, and a
options, and a server MAY simply echo the contents (only changing the server MAY simply echo the contents (only changing the message type)
message type) without inspecting the options if it does not support without inspecting the options if it does not support any options.
any options. This might be true for a simple Multicast Ping Protocol This might be true for a simple Multicast Ping Protocol server, but
server, but it severly limits what information a client can obtain, it severly limits what information a client can obtain, and hence
and hence makes the protocol less useful. However, the server SHOULD makes the protocol less useful. However, the server SHOULD add a TTL
add a TTL option (allowing the client to determine the number of option (allowing the client to determine the number of router hops a
router hops a reply has traversed), and there are other options that reply has traversed), and there are other options that a server
a server implementation MAY support, e.g., the client may ask for implementation MAY support, e.g., the client may ask for certain
certain information or a specific behaviour from the server. The information or a specific behaviour from the server. The Echo
Echo Replies (one unicast and one multicast) MUST first contain the Replies (one unicast and one multicast) MUST first contain the exact
exact options from the request (in the same order), and then, options from the request (in the same order), and then, immediately
immediately following, any options appended by the server. A server following, any options appended by the server. A server MUST NOT
MUST NOT process unknown options, but they MUST still be included in process unknown options, but they MUST still be included in the Echo
the Echo Reply. A client MUST ignore any unknown options. Reply. A client MUST ignore any unknown options.
The size of the protocol messages is generally smaller than the Path The size of the protocol messages is generally smaller than the Path
MTU and fragmentation is not a concern. There may however be cases MTU and fragmentation is not a concern. There may however be cases
where the Path MTU is really small, or that a client sends large where the Path MTU is really small, or that a client sends large
requests in order to verify that it can receive fragmented multicast requests in order to verify that it can receive fragmented multicast
datagrams. This document does not specify whether Path MTU Discovery datagrams. This document does not specify whether Path MTU Discovery
should be performed, etc. A possible extension could be an option should be performed, etc. A possible extension could be an option
where a client requests Path MTU Discovery and receives the current where a client requests Path MTU Discovery and receives the current
Path MTU from the server. Path MTU from the server.
skipping to change at page 7, line 42 skipping to change at page 7, line 49
Value must always be of the specified length. See the respective Value must always be of the specified length. See the respective
option definitions for possible values. If the length is 0, the option definitions for possible values. If the length is 0, the
value field is not included. value field is not included.
3.2. Defined Options 3.2. Defined Options
This document defines the following options: Version (0), Client ID This document defines the following options: Version (0), Client ID
(1), Sequence Number (2), Client Timestamp (3), Multicast Group (4), (1), Sequence Number (2), Client Timestamp (3), Multicast Group (4),
Option Request Option (5), Server Information (6), TTL (9), Multicast Option Request Option (5), Server Information (6), TTL (9), Multicast
Prefix (10), Session ID (11) and Server Timestamp (12). Values 7 and Prefix (10), Session ID (11) and Server Timestamp (12). Values 7 and
8 are reserved. The options are defined below. 8 are deprecated and must not be allocated by any future document.
The options are defined below.
Option types in the range 0-49151 are reserved and available for Option types in the range 0-65531 are reserved and available for
allocation in an IANA Registry. Option types in the range 49152- allocation in an IANA Registry. Option types in the range 65532-
65535 are not registered and are freely available for experimental 65535 are not registered and are freely available for experimental
use. See Section 8. use. See Section 8.
Version, type 0 Version, type 0
Length MUST be 1. This option MUST always be included in all Length MUST be 1. This option MUST always be included in all
messages, and for the current specified protocol this value messages, and for the current specified protocol this value
MUST be set to 2 (in decimal). Note that there are MUST be set to 2 (in decimal). Note that there are
implementations of older revisions of this protocol that only implementations of older revisions of this protocol that only
partly follow this specification. They can be regarded as partly follow this specification. They can be regarded as
version 1 and do not use this option. If a server receives a version 1 and do not use this option. If a server receives a
message with a version other than 2 (or missing), the server message with a version other than 2 (or missing), the server
SHOULD (unless it supports the particular version) send a SHOULD (unless it supports the particular version) send a
Server Response message back with version set to 2. This tells Server Response message back with version set to 2. This tells
the client that the server expects version 2 messages. Client the client that the server expects version 2 messages. Client
ID and Sequence Number options SHOULD be echoed if present, so ID and Sequence Number options MUST be echoed if present, so
that a client can be certain it is a response to one of its that a client can be certain it is a response to one of its
messages, and exactly which message. The server SHOULD NOT messages, and exactly which message. The server SHOULD NOT
include any other options. A client receiving a response with include any other options. A client receiving a response with
a version other than 2 MUST stop sending requests to the server a version other than 2 MUST stop sending requests to the server
(unless it supports the particular version). (unless it supports the particular version).
Client ID, type 1 Client ID, type 1
Length MUST be non-zero. A client SHOULD always include this Length MUST be non-zero. A client SHOULD always include this
option in all messages (both Init and Echo Request). The option in all messages (both Init and Echo Request). The
client may use any value it likes to detect whether a reply is client may use any value it likes to detect whether a reply is
a reply to its Init/Echo Request or not. A server should treat a reply to its Init/Echo Request or not. A server should treat
this as opaque data, and MUST echo this option back in the this as opaque data, and MUST echo this option back in the
reply if present (both Server Response and Echo Reply). The reply if present (both Server Response and Echo Reply). The
value might be a randomised string that is likely to be unique, value might be a pseudo random byte string that is likely to be
possibly combined with the client IP address. This is used by unique, possibly combined with the client IP address.
the client to ensure that server messages are in response to Predictability is not a big concern here. This is used by the
its requests. In some cases a client may receive multicast client to ensure that server messages are in response to its
requests. In some cases a client may receive multicast
responses to queries from other clients. It is left to the responses to queries from other clients. It is left to the
client implementer how to use this option. client implementer how to use this option.
Sequence Number, type 2 Sequence Number, type 2
Length MUST be 4. A client MUST always include this in Echo Length MUST be 4. A client MUST always include this in Echo
Request messages and MUST NOT include it in Init messages. A Request messages and MUST NOT include it in Init messages. A
server replying to an Echo Request message MUST copy it into server replying to an Echo Request message MUST copy it into
the Echo Reply (or Server Response message on error). The the Echo Reply (or Server Response message on error). The
sequence number is a 32-bit integer. Values typically start at sequence number is a 32-bit integer. Values typically start at
1 and increase by one for each Echo Request in a sequence. 1 and increase by one for each Echo Request in a sequence.
Client Timestamp, type 3 Client Timestamp, type 3
Length MUST be 8 bytes. A client SHOULD include this in Echo Length MUST be 8. A client SHOULD include this in Echo Request
Request messages and MUST NOT include it in Init messages. A messages and MUST NOT include it in Init messages. A server
server replying to an Echo Request message MUST copy it into replying to an Echo Request message MUST copy it into the Echo
the Echo Reply. The timestamp specifies the time when the Echo Reply. The timestamp specifies the time when the Echo Request
Request message is sent. The first 4 bytes specify the number message is sent. The first 4 bytes specify the number of
of seconds since the Epoch (0000 UTC Jan 1, 1970). The next 4 seconds since the Epoch (0000 UTC Jan 1, 1970). The next 4
bytes specify the number of microseconds since the second bytes specify the number of microseconds since the second
specified in the first 4 bytes. This option would typically be specified in the first 4 bytes. This option would typically be
used by a client to compute round trip times. used by a client to compute round trip times.
Note that while this protocol uses the above 32 bit format, it
would have been better to use another format, such as the one
defined in NTPv4 [RFC5905]. This should be considered for
future extensions of the protocol.
Multicast Group, type 4 Multicast Group, type 4
Length MUST be greater than 2. It MAY be used in Server Length MUST be greater than 2. It MAY be used in Server
Response messages to tell the client what group to use in Response messages to tell the client what group to use in
subsequent Echo Request messages. It MUST be used in Echo subsequent Echo Request messages. It MUST be used in Echo
Request messages to tell the server what group address to Request messages to tell the server what group address to
respond to (this group would typically be previously obtained respond to (this group would typically be previously obtained
in a Server Response message). It MUST be used in Echo Reply in a Server Response message). It MUST be used in Echo Reply
messages (copied from the Echo Request message). It MUST NOT messages (copied from the Echo Request message). It MUST NOT
be used in Init messages. The format of the option value is as be used in Init messages. The format of the option value is as
skipping to change at page 9, line 38 skipping to change at page 10, line 4
IPv4, and 18 for IPv6. IPv4, and 18 for IPv6.
Option Request Option, type 5 Option Request Option, type 5
Length MUST be greater than 1. This option MAY be used in Length MUST be greater than 1. This option MAY be used in
client messages (Init and Echo Request messages). A server client messages (Init and Echo Request messages). A server
MUST NOT send this option, except that if it is present in an MUST NOT send this option, except that if it is present in an
Echo Request message, the server MUST echo it in replies (Echo Echo Request message, the server MUST echo it in replies (Echo
Reply message) to the Echo Request. This option contains a Reply message) to the Echo Request. This option contains a
list of option types for options that the client is requesting list of option types for options that the client is requesting
from the server. Support for this option is optional for both from the server. Support for this option is OPTIONAL for both
clients and servers. The length of this option will be a non- clients and servers. The length of this option will be a non-
zero even number, since it contains one or more option types zero even number, since it contains one or more option types
that are two octets each. The format of the option value is as that are two octets each. The format of the option value is as
below. below.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option Type | Option Type | | Option Type | Option Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 10, line 21 skipping to change at page 10, line 35
containing the Option Request Option. The server may, containing the Option Request Option. The server may,
according to implementation or local configuration, not according to implementation or local configuration, not
necessarily include all the requested options, or possibly necessarily include all the requested options, or possibly
none. Any options included are appended to the echoed options, none. Any options included are appended to the echoed options,
similar to other options included by the server. similar to other options included by the server.
Server Information, type 6 Server Information, type 6
Length MUST be non-zero. It MAY be used in Server Response Length MUST be non-zero. It MAY be used in Server Response
messages and MUST NOT be used in other messages. Support for messages and MUST NOT be used in other messages. Support for
this option is optional. A server supporting this option this option is OPTIONAL. A server supporting this option
SHOULD add it in Server Response messages if and only if SHOULD add it in Server Response messages if and only if
requested by the client. The value is a UTF-8 string that requested by the client. The value is a UTF-8 [RFC3629] string
might contain vendor and version information for the server that might contain vendor and version information for the
implementation. It may also contain information on which server implementation. It may also contain information on
options the server supports. An interactive client MAY support which options the server supports. An interactive client MAY
this option, and SHOULD then allow a user to request this support this option, and SHOULD then allow a user to request
string and display it. Although support for this is optional, this string and display it. Although support for this is
we say that a server SHOULD return it if requested, since this OPTIONAL, we say that a server SHOULD return it if requested,
may be helpful to a user running the client. It is however since this may be helpful to a user running the client. It is
purely informational, it is not needed for the protocol to however purely informational, it is not needed for the protocol
function. to function.
Reserved, type 7 Deprecated, type 7
This option code value was used by early implementations for an This option code value was used by implementations of version 1
option that is now deprecated. This option should no longer be of this protocol, and is not used in this version. Servers
used. Clients MUST NOT use this option. Servers MUST treat it MUST treat it as an unknown option (not process it if received,
as an unknown option (not process it if received, but if but if received in an Echo Request message, it MUST be echoed
received in an Echo Request message, it MUST be echoed in the in the Echo Reply message).
Echo Reply message).
Reserved, type 8 Deprecated, type 8
This option code value was used by early implementations for an This option code value was used by implementations of version 1
option that is now deprecated. This option should no longer be of this protocol, and is not used in this version. Servers
used. Clients MUST NOT use this option. Servers MUST treat it MUST treat it as an unknown option (not process it if received,
as an unknown option (not process it if received, but if but if received in an Echo Request message, it MUST be echoed
received in an Echo Request message, it MUST be echoed in the in the Echo Reply message).
Echo Reply message).
TTL, type 9 TTL, type 9
Length MUST be 1. This option contains a single octet Length MUST be 1. This option contains a single octet
specifying the TTL of an Echo Reply message. Every time a specifying the TTL of an Echo Reply message. Every time a
server sends a unicast or multicast Echo Reply message, it server sends a unicast or multicast Echo Reply message, it
SHOULD include this option specifying the TTL. This is used by SHOULD include this option specifying the TTL. This is used by
clients to determine the number of hops the messages have clients to determine the number of hops the messages have
traversed. It MUST NOT be used in other messages. A server traversed. It MUST NOT be used in other messages. A server
SHOULD specify this option if it knows what the TTL of the Echo SHOULD specify this option if it knows what the TTL of the Echo
Reply will be. In general the server can specify a specific Reply will be. In general the server can specify a specific
TTL to the host stack. Note that the TTL is not necessarily TTL to the host stack. Note that the TTL is not necessarily
the same for unicast and multicast. Also note that this option the same for unicast and multicast. Also note that this option
SHOULD be included even when not requested by the client. The SHOULD be included even when not requested by the client. The
protocol will work even if this option is not included, but it protocol will work even if this option is not included, but it
limits what information a client can obtain. limits what information a client can obtain.
If the server did not include this TTL option, there is no
reliable way for the client to know the initial TTL of the Echo
Reply, and therefore the client SHOULD NOT attempt to calculate
the number of hops the message has traversed.
Multicast Prefix, type 10 Multicast Prefix, type 10
Length MUST be greater than 2. It MAY be used in Init messages Length MUST be greater than 2. It MAY be used in Init messages
to request a group within the prefix(es) and it MAY be used in to request a group within the prefix(es) and it MAY be used in
Server Response messages to tell the client what prefix(es) it Server Response messages to tell the client what prefix(es) it
may try to obtain a group from. It MUST NOT be used in Echo may try to obtain a group from. It MUST NOT be used in Echo
Request/Reply messages. Note that this option MAY be included Request/Reply messages. Note that this option MAY be included
multiple times to specify multiple prefixes. multiple times to specify multiple prefixes.
0 1 2 3 0 1 2 3
skipping to change at page 12, line 4 skipping to change at page 12, line 19
multicast address from that family is acceptable. This is what multicast address from that family is acceptable. This is what
we call "wildcard." The group address need only contain enough we call "wildcard." The group address need only contain enough
octets to cover the prefix length bits (i.e., the group address octets to cover the prefix length bits (i.e., the group address
would have to be 3 octets long if the prefix length is 17-24, would have to be 3 octets long if the prefix length is 17-24,
and there need be no group address for the wildcard with prefix and there need be no group address for the wildcard with prefix
length 0). Any bits past the prefix length MUST be ignored. length 0). Any bits past the prefix length MUST be ignored.
For IPv4, the option value length will be 4-7, while for IPv6, For IPv4, the option value length will be 4-7, while for IPv6,
it will be 4-19, and for the wildcard, it will be 3. it will be 4-19, and for the wildcard, it will be 3.
Session ID, type 11 Session ID, type 11
Length MUST be non-zero. A server SHOULD include this in
Length MUST be 4 or larger. A server SHOULD include this in
Server Response messages. If a client receives this option in Server Response messages. If a client receives this option in
a message, the client MUST echo the Session ID option in a message, the client MUST echo the Session ID option in
subsequent Echo Request messages, with the exact same value. subsequent Echo Request messages, with the exact same value.
The Session ID may help the server in keeping track of clients The Session ID may help the server in keeping track of clients
and possibly manage per client state. The value of a new and possibly manage per client state. The value of a new
Session ID SHOULD be chosen pseudo randomly so that it is hard Session ID SHOULD be a pseudo random byte string that is hard
to predict. The Session ID can be used to prevent spoofing of to predict, see [RFC4086]. The string MUST be at least 4 bytes
the source address of Echo Request messages. We say that this long. The Session ID can be used to mitigate spoofing of the
source address of Echo Request messages. We say that this
option SHOULD be used, because it is important for security option SHOULD be used, because it is important for security
reasons. There may however be environments where this is not reasons. There may however be environments where this is not
required. See the Security Considerations for details. required. See the Security Considerations for details.
Server Timestamp, type 12 Server Timestamp, type 12
Length MUST be 8 bytes. A server supporting this option, Length MUST be 8 bytes. A server supporting this option,
SHOULD include it in Echo Reply messages, if requested by the SHOULD include it in Echo Reply messages, if requested by the
client. The timestamp specifies the time when the Echo Reply client. The timestamp specifies the time when the Echo Reply
message is sent. The first 4 bytes specify the number of message is sent. The first 4 bytes specify the number of
seconds since the Epoch (0000 UTC Jan 1, 1970). The next 4 seconds since the Epoch (0000 UTC Jan 1, 1970). The next 4
bytes specify the number of microseconds since the second bytes specify the number of microseconds since the second
specified in the first 4 bytes. If this option is not specified in the first 4 bytes. If this option is not
included, the protocol will still work, but it makes it included, the protocol will still work, but it makes it
impossible for a client to compute one way delay. impossible for a client to compute one way delay.
Note that while this protocol uses the above 32 bit format, it
would have been better to use another format, such as the one
defined in NTPv4 [RFC5905]. This should be considered for
future extensions of the protocol.
3.3. Packet Format 3.3. Packet Format
The format of all messages is a one octet message type, followed by a The format of all messages is a one octet message type, followed by a
variable number of options. variable number of options.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Options ... | | Type | Options ... |
+-+-+-+-+-+-+-+-+ . | +-+-+-+-+-+-+-+-+ . |
skipping to change at page 13, line 37 skipping to change at page 14, line 12
This message is sent by a server, either as a response to an This message is sent by a server, either as a response to an
Init, or in response to an Echo Request. When responding to Init, or in response to an Echo Request. When responding to
Init, it may provide the client with a multicast group (if Init, it may provide the client with a multicast group (if
requested by the client), or it may provide other server requested by the client), or it may provide other server
information. In response to an Echo Request, the message tells information. In response to an Echo Request, the message tells
the client to stop sending Echo Requests. The Version option the client to stop sending Echo Requests. The Version option
MUST always be included. Client ID and Sequence Number options MUST always be included. Client ID and Sequence Number options
are echoed if present in the client message. When providing a are echoed if present in the client message. When providing a
group to the client, it includes a Multicast Group option. It group to the client, it includes a Multicast Group option. It
SHOULD include Server Information and Prefix options if SHOULD include Server Information and Prefix options if
requested. requested. It SHOULD also include the Session ID option.
Echo Request, type 81 Echo Request, type 81
This message is sent by a client, asking the server to send This message is sent by a client, asking the server to send
unicast and multicast Echo Replies. It MUST include Version, unicast and multicast Echo Replies. It MUST include Version,
Sequence Number and Multicast Group options. If a Session ID Sequence Number and Multicast Group options. If a Session ID
was received in a Server Response message, then the Session ID was received in a Server Response message, then the Session ID
MUST be included. It SHOULD include Client ID and Client MUST be included. It SHOULD include Client ID and Client
Timestamp options. It MAY include an Option Request option. Timestamp options. It MAY include an Option Request option.
skipping to change at page 14, line 24 skipping to change at page 15, line 15
\ Message Type | Init | Server | Echo | Echo | \ Message Type | Init | Server | Echo | Echo |
Option \ | | Response | Request | Reply | Option \ | | Response | Request | Reply |
-----------------------+--------+----------+---------+--------+ -----------------------+--------+----------+---------+--------+
Version (0) | MUST | MUST | MUST | ECHO | Version (0) | MUST | MUST | MUST | ECHO |
Client ID (1) | SHOULD | ECHO | SHOULD | ECHO | Client ID (1) | SHOULD | ECHO | SHOULD | ECHO |
Sequence Number (2) | NOT | ECHO | MUST | ECHO | Sequence Number (2) | NOT | ECHO | MUST | ECHO |
Client Timestamp (3) | NOT | NOT | SHOULD | ECHO | Client Timestamp (3) | NOT | NOT | SHOULD | ECHO |
Multicast Group (4) | NOT | MAY | MUST | ECHO | Multicast Group (4) | NOT | MAY | MUST | ECHO |
Option Request (5) | MAY | NOT | MAY | ECHO | Option Request (5) | MAY | NOT | MAY | ECHO |
Server Information (6) | NOT | RQ | NOT | NOT | Server Information (6) | NOT | RQ | NOT | NOT |
Reserved (7) | NOT | NOT | NOT | ECHO | Deprecated (7) | NOT | NOT | NOT | ECHO |
Reserved (8) | NOT | NOT | NOT | ECHO | Deprecated (8) | NOT | NOT | NOT | ECHO |
TTL (9) | NOT | NOT | NOT | SHOULD | TTL (9) | NOT | NOT | NOT | SHOULD |
Multicast Prefix (10) | MAY | MAY | NOT | NOT | Multicast Prefix (10) | MAY | MAY | NOT | NOT |
Session ID (11) | NOT | SHOULD | ECHO | NOT | Session ID (11) | NOT | SHOULD | ECHO | NOT |
Server Timestamp (12) | NOT | NOT | NOT | RQ | Server Timestamp (12) | NOT | NOT | NOT | RQ |
-----------------------+--------+----------+---------+--------+ -----------------------+--------+----------+---------+--------+
NOT means that the option MUST NOT be included. ECHO for a server NOT means that the option MUST NOT be included. ECHO for a server
means that if the option is specified by the client, then the server means that if the option is specified by the client, then the server
MUST echo the option in the response, with the exact same option MUST echo the option in the response, with the exact same option
value. ECHO for a client only applies to the Session ID option. If value. ECHO for a client only applies to the Session ID option. If
it is present in the Server Response, then it MUST be present with it is present in the Server Response, then it MUST be present with
the exact same option value in the following Echo Requests. RQ means the exact same option value in the following Echo Requests. RQ means
that the server SHOULD include the option in the response, when that the server SHOULD include the option in the response, when
requested by the client using the Option Request option. requested by the client using the Option Request option.
3.5. Rate Limiting 3.5. Rate Limiting
Clients MUST by default send at most one Echo Request per second. Clients MUST by default send at most Default-Client-Request-Rate
Servers MUST by default perform rate limiting, to guard against this Section 3.5.1 Echo Requests per second. Note that the value can be
protocol being used for DoS attacks. The server MUST by default for less than 1. Servers MUST by default perform rate limiting, to guard
a given client, respond to on average at most one Echo Request against this protocol being used for DoS attacks. A server MUST by
message per second. Server implementations should provide default limit the number of clients that can be served at the same
configuration options allowing certain clients to perform more rapid time, and a server MUST also by default for a given client, respond
Echo Requests. If higher rates are allowed for specific client IP to on average at most Default-Server-Rate-Limit (see Section 3.5.1)
addresses, then Init messages and the Session ID option MUST be used Echo Request messages per second. Note that the value can be less
to help prevent spoofing. than 1. Server implementations should provide configuration options
allowing certain clients to perform more rapid Echo Requests. If
higher rates are allowed for specific client IP addresses, then Init
messages and the Session ID option MUST be used to help mitigate
spoofing.
Implementers of applications/tools using this protocol SHOULD Implementers of applications/tools using this protocol SHOULD
consider the UDP guidelines [RFC5405], in particular if clients are consider the UDP guidelines [RFC5405], in particular if clients are
to send, or servers are to accept, Echo Requests at rates exceeding to send, or servers are to accept, Echo Requests at rates exceeding
one per second. See Section 9, "Security Considerations", for the defaults given in this document. See Section 9, "Security
additional discussion. Considerations", for additional discussion.
3.5.1. Message Rate Variables
There are two variables that control message rates. They are defined
as follows.
Default-Client-Request-Rate
This variable defines the default client echo request rate,
specifying the number of requests per second. Note that the
value may be less than one. E.g., a value of 0.1 means one
packet per 10 seconds. The value 1 is RECOMMENDED, but the
value might be too small or large depending on the type of
network the client is deployed in. The value 1 is chosen
because it should be safe in most deployments, and it is
similar to what is typically used for the common tool "ping"
for ICMP Echo Requests.
Default-Server-Rate-Limit
This variable defines the default per client rate limit that a
server uses for responding to Echo Request messages. The
average rate of replies, MUST NOT exceed Default-Server-Rate-
Limit per second. Note that the value may be less than one.
E.g., a value of 0.1 means an average of one packet per 10
seconds. The value 1 is RECOMMENDED, but the value might be
too small or large depending on the type of network the client
is deployed in. The value 1 is chosen because it should be
safe in most deployments. This value SHOULD be high enough to
accept the value chosen for the Default-Client-Request-Rate.
4. Client Behaviour 4. Client Behaviour
We will consider how a typical interactive client using the above We will consider how a typical interactive client using the above
protocol would behave. protocol would behave.
A client only requires a user to specify the unicast address of the A client only requires a user to specify the unicast address of the
server. It can then send an Init message with a prefix option server. It can then send an Init message with a prefix option
containing the desired address family and zero prefix length containing the desired address family and zero prefix length
(wildcard entry). The server can then decide which group, from the (wildcard entry). The server can then decide which group, from the
skipping to change at page 15, line 41 skipping to change at page 17, line 17
If the client receives a Server Response message containing a group If the client receives a Server Response message containing a group
address it can start sending Echo Request messages, see the next address it can start sending Echo Request messages, see the next
paragraph. If there is no group address option, the client would paragraph. If there is no group address option, the client would
typically exit with an error message. The server may have included typically exit with an error message. The server may have included
some prefix options in the Server Response. The client may use this some prefix options in the Server Response. The client may use this
to provide the user some feedback on what prefixes or scopes are to provide the user some feedback on what prefixes or scopes are
available. available.
Assuming the client got a group address in a Server Response, it can Assuming the client got a group address in a Server Response, it can
start the multicast pings, after letting the user know which group is start the multicast pings, after letting the user know which group is
being used. Normally, a client should send at most one Echo Request being used. Normally, a client should send at most Default-Client-
per second. Request-Rate Section 3.5.1 Echo Requests per second.
When sending the Echo Requests, the client must always include the When sending the Echo Requests, the client must always include the
group option. If the Server Response contained a Session ID, then it group option. If the Server Response contained a Session ID, then it
must also include that, with the exact same value, in the Echo must also include that, with the exact same value, in the Echo
Requests. If a client receives a Server Response message in response Requests. If a client receives a Server Response message in response
to an Echo Request (that is, a Server Response message containing a to an Echo Request (that is, a Server Response message containing a
sequence number), this means there is an error and it should stop sequence number), this means there is an error and it should stop
sending Echo Requests. This could happen after server restart. sending Echo Requests. This could happen after server restart.
The client may allow the user to request server information. If the The client may allow the user to request server information. If the
skipping to change at page 16, line 43 skipping to change at page 18, line 19
fixed group. A server could possibly decide whether to include site fixed group. A server could possibly decide whether to include site
scoped group ranges based on the client's IP address. It is left to scoped group ranges based on the client's IP address. It is left to
the server to decide whether it should allow the same address to be the server to decide whether it should allow the same address to be
used simultaneously by multiple clients. used simultaneously by multiple clients.
If the server finds a suitable group address, it returns this in a If the server finds a suitable group address, it returns this in a
group option in a Server Response message. The server should group option in a Server Response message. The server should
additionally include a Session ID. This may help the server if it is additionally include a Session ID. This may help the server if it is
to keep some state, for instance to make sure the client uses the to keep some state, for instance to make sure the client uses the
group it got assigned. A good Session ID would be a pseudo random group it got assigned. A good Session ID would be a pseudo random
byte string that is hard to predict. If the server cannot find a byte string that is hard to predict, see [RFC4086]. If the server
suitable group address, or if there were no prefixes in the Init cannot find a suitable group address, or if there were no prefixes in
message, it may send a Server Response message containing prefix the Init message, it may send a Server Response message containing
options listing what prefixes may be available to the client. prefix options listing what prefixes may be available to the client.
Finally, if the Init message requests the Server Information option, Finally, if the Init message requests the Server Information option,
the server should include that. the server should include that.
When the server receives an Echo Request message, it may first check When the server receives an Echo Request message, it must first check
that the group address and Session ID (if provided) are valid. If that the group address and Session ID (if provided) are valid. If
the server is satisfied, it will send a unicast Echo Reply message the server is satisfied, it will send a unicast Echo Reply message
back to the client, and also a multicast Echo Reply message to the back to the client, and also a multicast Echo Reply message to the
group address. The Echo Reply messages contain the exact options group address. The Echo Reply messages contain the exact options
(but no Session ID) and in the same order, as in the Echo Request, (but no Session ID) and in the same order, as in the Echo Request,
and after that the server adds a TTL option and additional options if and after that the server adds a TTL option and additional options if
needed. For example, it may add a timestamp if requested by the needed. For example, it may add a timestamp if requested by the
client. If the server is not happy with the Echo Request (such as client. If the server is not happy with the Echo Request (such as
bad group address or Session ID, request is too large), it may send a bad group address or Session ID, request is too large), it may send a
Server Response message asking the client to stop. This Server Server Response message asking the client to stop. This Server
Response must echo the sequence number from the Echo Request. This Response must echo the sequence number from the Echo Request. This
Server Response may contain group prefixes from which a client can Server Response may contain group prefixes from which a client can
try to request a group address. The unicast and multicast Echo Reply try to request a group address. The unicast and multicast Echo Reply
messages have identical UDP payload apart from possibly TTL and messages have identical UDP payload apart from possibly TTL and
timestamp option values. timestamp option values.
Note that the server may receive Echo Request messages with no prior Note that the server may receive Echo Request messages with no prior
Init message. This may happen when the server restarts or if a Init message. This may happen when the server restarts or if a
client sends an Echo Request with no prior Init message. The server client sends an Echo Request with no prior Init message. The server
may go ahead and respond if it is okay with the group used. If the may go ahead and respond if it is okay with the group and Session ID
group is not okay, the server sends back a Server Response. (if included) used. If it is not okay, the server sends back a
Server Response.
6. Recommendations for Implementers 6. Recommendations for Implementers
The protocol as specified is fairly flexible and leaves a lot of The protocol as specified is fairly flexible and leaves a lot of
freedom for implementers. In this section we present some freedom for implementers. In this section we present some
recommendations. recommendations.
Server administrators should be able to configure one or multiple Server administrators should be able to configure one or multiple
group prefixes in a server implementation. When deploying servers on group prefixes in a server implementation. When deploying servers on
the Internet and in other environments, the server administrator the Internet and in other environments, the server administrator
should be able to restrict the server to respond to only a few should be able to restrict the server to respond to only a few
multicast groups which should not be currently used by multicast multicast groups which should not be currently used by multicast
applications. A server implementation should also provide applications. A server implementation should also provide
flexibility for an administrator to apply various policies to provide flexibility for an administrator to apply various policies to provide
one or multiple group prefixes to specific clients, e.g., site scoped one or multiple group prefixes to specific clients, e.g., site scoped
addresses for clients that are inside the site. addresses for clients that are inside the site.
As specified in Section 3.5, a server must by default for a given As specified in Section 3.5, a server must by default for a given
client, respond to at most one Echo Request message per second. A client, respond to at most an average rate of Default-Server-Rate-
leaky bucket algorithm is suggested, where the rate can be higher for Limit Echo Request messages per second. A leaky bucket algorithm is
a few seconds, but the average rate should by default be limited to a suggested, where the rate can be higher for a few seconds, but the
message per client per second. Server implementations should provide average rate should by default be limited to Default-Server-Rate-
administrative control of which client IP addresses to serve, and may Limit messages per per client per second. Server implementations
also allow certain clients to perform more rapid Echo Requests. should provide administrative control of which client IP addresses to
serve, and may also allow certain clients to perform more rapid Echo
Requests.
If a server uses different policies for different IP addresses, it If a server uses different policies for different IP addresses, it
should require clients to send Init messages and return an should require clients to send Init messages and return an
unpredictable Session ID to help prevent spoofing. This is an unpredictable Session ID to help mitigate spoofing. This is an
absolute requirement if exceeding the default rate limit. See absolute requirement if exceeding the default rate limit. See
specification in Section 3.5. specification in Section 3.5.
7. Acknowledgments 7. Acknowledgments
The ssmping concept was proposed by Pavan Namburi, Kamil Sarac and The ssmping concept was proposed by Pavan Namburi, Kamil Sarac and
Kevin C. Almeroth in the paper SSM-Ping: A Ping Utility for Source Kevin C. Almeroth in the paper SSM-Ping: A Ping Utility for Source
Specific Multicast, and also the Internet Draft Specific Multicast, and also the Internet Draft
draft-sarac-mping-00.txt. Mickael Hoerdt has contributed with draft-sarac-mping-00.txt. Mickael Hoerdt has contributed with
several ideas. Alexander Gall, Nicholas Humfrey, Nick Lamb and Dave several ideas. Alexander Gall, Nicholas Humfrey, Nick Lamb and Dave
skipping to change at page 18, line 34 skipping to change at page 20, line 15
of input on several revisions of the draft. of input on several revisions of the draft.
8. IANA Considerations 8. IANA Considerations
IANA is requested to assign a UDP user-port in the range 1024-49151 IANA is requested to assign a UDP user-port in the range 1024-49151
for use by this protocol, and also to provide registries for message for use by this protocol, and also to provide registries for message
and option types. The string "[TBD]" in this document should be and option types. The string "[TBD]" in this document should be
replaced with the assigned port. replaced with the assigned port.
There should be a message types registry. Message types are in the There should be a message types registry. Message types are in the
range 0-255. Message types 0-191 require specification (an RFC or range 0-255. Message types 0-253 are registered following the
other permanent and readily available reference), while types 192-255 procedures for Specification Required from RFC 5226 [RFC5226], while
are for experimental use and are not registered. The registry should types 254 and 255 are for experimental use and are not registered.
include the messages defined in Section 3.4. A message specification The registry should include the messages defined in Section 3.4. A
must describe the behaviour with known option types as well as the message specification MUST describe the behaviour with known option
default behaviour with unknown ones. types as well as the default behaviour with unknown ones.
There should also be an option type registry. Option types 0-49151 There should also be an option type registry. Option types 0-65531
require specification (an RFC or other permanent and readily are registered following the procedures for Specification Required
available reference), while types 49152-65535 are for experimental from RFC 5226 [RFC5226], while types 65532-65535 are for experimental
use and are not registered. The registry should include the options use and are not registered. The registry should include the options
defined in Section 3.2. An option specification must describe how defined in Section 3.2. An option specification must describe how
the option may be used with the known message types. This includes the option may be used with the known message types. This includes
which message types the option may be used with. which message types the option may be used with.
The initial registry definitions are as follows: The initial registry definitions are as follows:
Multicast Ping Protocol Parameters: Multicast Ping Protocol Parameters:
Registry Name: Multicast Ping Protocol Message Types Registry Name: Multicast Ping Protocol Message Types
Reference: [this doc] Reference: [this doc]
Registration Procedures: Specification Required Registration Procedures: Specification Required
Registry: Registry:
Type Name Reference Type Name Reference
----------- ------------------------------------ ---------- ----------- ------------------------------------ ----------
65 Echo Reply [this doc] 65 Echo Reply [this doc]
73 Init [this doc] 73 Init [this doc]
81 Echo Request [this doc] 81 Echo Request [this doc]
83 Server Response [this doc] 83 Server Response [this doc]
192-255 Experimental 254-255 Experimental
Registry Name: Multicast Ping Protocol Option Types Registry Name: Multicast Ping Protocol Option Types
Reference: [this doc] Reference: [this doc]
Registration Procedures: Specification Required Registration Procedures: Specification Required
Registry: Registry:
Type Name Reference Type Name Reference
----------- ------------------------------------ ---------- ----------- ------------------------------------ ----------
0 Version [this doc] 0 Version [this doc]
1 Client ID [this doc] 1 Client ID [this doc]
2 Sequence Number [this doc] 2 Sequence Number [this doc]
3 Client Timestamp [this doc] 3 Client Timestamp [this doc]
4 Multicast Group [this doc] 4 Multicast Group [this doc]
5 Option Request Option [this doc] 5 Option Request Option [this doc]
6 Server Information [this doc] 6 Server Information [this doc]
7 Reserved [this doc] 7 Deprecated [this doc]
8 Reserved [this doc] 8 Deprecated [this doc]
9 TTL [this doc] 9 TTL [this doc]
10 Multicast Prefix [this doc] 10 Multicast Prefix [this doc]
11 Session ID [this doc] 11 Session ID [this doc]
12 Server Timestamp [this doc] 12 Server Timestamp [this doc]
49152-65535 Experimental 65532-65535 Experimental
9. Security Considerations 9. Security Considerations
There are some security issues to consider. One is that a host may There are some security issues to consider. One is that a host may
send an Echo Request with an IP source address of another host, and send an Echo Request with an IP source address of another host, and
make an arbitrary multicast ping server on the Internet send packets make an arbitrary multicast ping server on the Internet send packets
to this other host. This behaviour is fairly harmless. The worst to this other host. This behaviour is fairly harmless. The worst
case is if the host receiving the unicast Echo Replies also happens case is if the host receiving the unicast Echo Replies also happens
to be joined to the multicast group used. In this case, there would to be joined to the multicast group used. This is less of a problem
be an amplification effect where the host receives twice as many for SSM where also the source address of the server must match the
replies as there are requests sent. See below for how spoofing can address joined. In this case, there would be an amplification effect
be prevented. where the host receives twice as many replies as there are requests
sent. See below for how spoofing can be mitigated.
For ASM (Any-Source Multicast) a host could also make a multicast For ASM (Any-Source Multicast) a host could also make a multicast
ping server send multicast packets to a group that is used for ping server send multicast packets to a group that is used for
something else, possibly disturbing other uses of that group. something else, possibly disturbing other uses of that group.
However, server implementations should allow administrators to However, server implementations should allow administrators to
restrict which groups a server responds to. The main concern is restrict which groups a server responds to. The administrator should
bandwidth. To limit the bandwidth used, a server MUST by default then try to configure a set of groups that are not used for other
perform rate limiting, responding to at most one Echo Request per purposes. Another concern is bandwidth. To limit the bandwidth
second. used, a server MUST by default limit the number of clients that can
be served at the same time, and a server MUST also by default perform
per client rate limiting.
In order to help prevent spoofing, a server SHOULD require the client In order to help mitigate spoofing, a server SHOULD require the
to send an Init message, and return an unpredictable Session ID in client to send an Init message, and return an unpredictable Session
the response. The ID should be associated with the IP address and ID in the response. The ID should be associated with the IP address
have a limited lifetime. The server SHOULD then only respond to Echo and have a limited lifetime. The server SHOULD then only respond to
Request messages that have a valid Session ID associated with the Echo Request messages that have a valid Session ID associated with
source IP address of the Echo Request. the source IP address of the Echo Request. Note however that a
server is replying with a Server Response message if the Session ID
is invalid. This is used to tell the client that something is wrong
and that is should stop sending requests, and start over if
necessary. This means however, that someone may spoof a client
request, and have the server send a message back to the client
address. One solution here would be for the server to have a very
low rate limit for the Server Responses.
10. References Note that the use of a Session ID only to some degree helps mitigate
spoofing. An attacker that is on the path between a client and a
server, may eavesdrop the traffic, learn a valid Session ID, and
generate Echo Requests using this ID. The server will respond as
long as the Session ID remains valid.
This protocol may be used to establish a covert channel between a
multicast ping client and other hosts listening to a multicast group.
A client can for instance send an Echo Request containing an
undefined option with arbitrary data. The server would echo this
back in an Echo Reply that may reach other hosts listening to that
group. One solution to this which should be considered for future
protocol versions, is to reply with a hash of the data, rather than
simply a copy of the same data.
10. References
10.1. Normative References 10.1. Normative References
[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
August 1980. August 1980.
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, September 1981. RFC 792, September 1981.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003.
[RFC4086] Eastlake, D., Schiller, J., and S. Crocker, "Randomness
Requirements for Security", BCP 106, RFC 4086, June 2005.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008.
[addrfamily] [addrfamily]
"IANA, Address Family Numbers", "IANA, Address Family Numbers",
<http://www.iana.org/assignments/address-family-numbers>. <http://www.iana.org/assignments/address-family-numbers>.
10.2. Informative References 10.2. Informative References
[RFC5405] Eggert, L. and G. Fairhurst, "Unicast UDP Usage Guidelines [RFC5405] Eggert, L. and G. Fairhurst, "Unicast UDP Usage Guidelines
for Application Designers", BCP 145, RFC 5405, for Application Designers", BCP 145, RFC 5405,
November 2008. November 2008.
[RFC5905] Mills, D., Martin, J., Burbank, J., and W. Kasch, "Network
Time Protocol Version 4: Protocol and Algorithms
Specification", RFC 5905, June 2010.
[impl] "ssmping implementation", [impl] "ssmping implementation",
<http://software.uninett.no/ssmping/>. <http://software.uninett.no/ssmping/>.
Author's Address Author's Address
Stig Venaas Stig Venaas
UNINETT cisco Systems
Trondheim NO-7465 Tasman Drive
Norway San Jose, CA 95134
USA
Email: venaas@uninett.no Email: stig@cisco.com
 End of changes. 56 change blocks. 
181 lines changed or deleted 277 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/