PIM Null-Register packingVMware3401 Hillview AvePalo AltoCA 94304USAvkamath@vmware.comCisco Systems, Inc.Tasman DriveSan JoseCA 95134USAramaksun@cisco.comApstra333 Middlefield Rd STE 200Menlo ParkCA 94025USArbanthia@apstra.comCisco Systems, Inc.Tasman DriveSan JoseCA 95134USAananygop@cisco.com
Routing
Multicast
In PIM-SM networks PIM Register messages are sent by the Designated Router (DR)
to the Rendezvous Point (RP) to signal the presence of Multicast sources in
the network. There are periodic PIM Null-Registers sent from the DR
to the RP to keep the state alive at the RP as long as the source is active.
The PIM Null-Register message carries information about a single Multicast
source and group.
This document defines a standard to send multiple multicast source and group
information in a single PIM Null-Register message, in a packed format.
This document also discusses the interoperability between
the PIM routers which do not understand the packed message format with
multiple multicast source and group details.
PIM Null-Registers are sent by the DR periodically for Multicast
streams to keep the states active on the RP, as long as the multicast source is
alive. As the number of multicast sources increases, the number of PIM Null-Register
messages that are sent also increases. This results in more PIM
packet processing at the RP and the DR.
The control plane policing (COPP), monitors the packets that are processed by the
control plane. The high rate at which Null-Registers are received at the RP can
lead to COPP drops of Multicast PIM Null-Register messages.
This draft proposes a method to efficiently pack multiple PIM Null-Registers [ (Section 4.4)] and
Register-Stops [ (Section 3.2)] into a single message as these packets anyway do not contain encapsulated data.
The draft also discusses interoperability with PIM routers that do not understand the new
packet format.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP 14
when, and only when,
they appear in all capitals, as shown here.
Rendezvous Point
Designated Router
A router (DR) can decide to pack multiple Null-Register messages based on the capability received from the RP as part of Register-Stop.
This ensures compatibility with routers that do not support processing of the new format.
The capability information can be indicated by the RP via the PIM Register-Stop message sent to the DR.
Thus a DR will switch to the new format only when it learns that the RP is capable of handling the packed Null-Register messages.
Conversely, a DR that does not support the new format can continue generating the PIM Null-Register the current way.
To exchange the capability information in the Register-Stop message, the "reserved" field can be used to indicate this capability in those Register-Stop messages.
One bit of the reserved field is used to indicate the "packing" capability (P bit). The rest of the bits in the "Reserved" field will be retained for future use.
Same as (Section 4.9.4)
Capability bit (flag bit 7) used to indicate support for the
Packed Null-Register Capability
PIM Packed Null-Register message format includes a count to indicate
the number of Null-Register records in the message.
Same as (Section 4.9.3)
The new packed Null-Register Type and SubType values TBD.
The number of packed Null-Register records. A record
consists of a Group Address and Source Address pair.
Same as (Section 4.9.4)
The PIM Packed Register-Stop message includes a count to indicate the number of
records that are present in the message.
Same as (Section 4.9.4)
The new Register Stop Type and SubType values TBD
The number of packed Register-Stop records. A record
consists of a Group Address and Source Address pair.
Same as (Section 4.9.4)
The following combinations exist -
DR and RP both support the PIM Packed Null-Register format
As specified in [], the DR sends PIM Register messages
towards the RP when a new source is detected.An RP supporting this specification MUST set
the P-bit in the corresponding Register-Stop messages.When a Register-Stop message with the P-bit set is received,
the DR MAY send Packed Null-Register messages (Section 3)
to the RP instead of multiple Register messages with the
N-bit set ([]). The RP, after receiving a Packed Null-Register message MAY
start sending Packed Register-Stop messages (Section 4)
to the corresponding DR instead of individual
Register-Stop messages. DR supports but RP does not support PIM Packed Null-Register format
As specified in [], DR sends PIM Register towards the RP. RP sends a normal Register-Stop without any capability
information.DR then sends Null-Registers in the old format. [] RP supports but DR doesn't support the new PIM Packed Null-Register format
As specified in [], DR sends the PIM Register towards
the RP.P sends a PIM Packed Register-Stop towards the DR that
includes capability information.Since DR does not support the new format, it sends
Null-Registers in the old format. [] The PIM Packed Null-Register format should be enabled only if it is
supported by all PIM Anycast RP [] members in the RP set for
the RP address.
Consider a PIM RP router that supports PIM Register Packing and then downgrades to a software version which does not support PIM Register Packing.
The DR that sends the PIM Packed Null-Register message will not get a PIM Register-Stop message back. In such scenarios the DR can send an unpacked PIM Null-Register and check the PIM Register-Stop to see if the capability bit (P-bit) for PIM Packed Null-Register is set or not. If it is not set then the DR will continue sending unpacked PIM Null-Register messages.
When building a PIM Packed Null-Register message or PIM Packed Register-Stop message, a router should include as many records as possible based on the path MTU towards RP, if path MTU discovery is done. Otherwise, the number of records should be limited by the MTU of the outgoing interface.
General Register messages security considerations from RFC7761 apply.
As mentioned in RFC7761, PIM Null-Register messages and Register-Stop messages are forwarded by
intermediate routers to their destination using normal IP forwarding.
Without data origin authentication, an attacker who is located
anywhere in the network may be able to forge a Null-Register or
Register-Stop message. We next consider the effect of a forgery of
each of these messages.
By forging a Register message, an attacker can cause the RP to
inject forged traffic onto the shared multicast tree.
By forging a Register-Stop message, an attacker can prevent a
legitimate DR from registering packets to the RP. This can
prevent local hosts on that LAN from sending multicast packets.
The above two PIM messages are not changed by intermediate routers
and need only be examined by the intended receiver. Thus, these
messages can be authenticated end-to-end. Attacks on Register and
Register-Stop messages do not apply to a PIM-SSM-only implementation,
as these messages are not used in PIM-SSM.
There is another case where a spoofed Register-Stop can be sent to make it appear that is from the RP,
and that the RP supports this new packed capability when it does not. This can cause Null-Registers to be sent to an RP that doesnt support this packed format.
But standard methods to prevent spoofing should take care of this case. For example, uRPF can be used to filter out packets coming from the outside
from addresses that belong to routers inside.
This document requires the assignment of Capability bit (P-bit), flag bit 7
in the PIM Register-Stop message. This document requires the assignment of 2 new PIM message types for the
PIM Packed Null-Register and PIM Packed Register-Stop.
The authors would like to thank Stig Venaas, Anish Peter, Zheng Zhang and Umesh Dudani for their helpful comments on the draft.