RFC 5740
NACK-Oriented Reliable Multicast (NORM) Transport Protocol
5.5. Additional Protocol Mechanisms
In addition to the principal function of data content transmission and repair, there are some other protocol mechanisms to help NORM to adapt to network conditions and play fairly with other coexistent protocols.5.5.1. Group Round-Trip Time (GRTT) Collection
For NORM receivers to appropriately scale backoff timeouts and the senders to use proper corresponding timeouts, the participants need
to use a common timeout basis. Each NORM sender monitors the round- trip time of active receivers and determines the greatest group round-trip time. The sender advertises this GRTT estimate in every message it transmits so receivers have this value available for scaling their timers. To measure the current GRTT, the sender periodically sends NORM_CMD(CC) messages containing a locally generated timestamp. Receivers are expected to record this timestamp along with the time the NORM_CMD(CC) message is received. Then, when the receivers generate feedback messages to the sender, an adjusted version of the sender timestamp is embedded in the feedback message (NORM_NACK or NORM_ACK). The adjustment adds the amount of time the receiver held the timestamp before generating its response. Upon receipt of this adjusted timestamp, the sender is able to calculate the round-trip time to that receiver. The round-trip time for each receiver is fed into an algorithm that assigns weights and smoothes the values for a conservative estimate of the GRTT. The algorithm and methodology are described in the Multicast NACK Building Block [RFC5401] document in the section entitled "One-to-Many Sender GRTT Measurement". A conservative estimate helps guarantee feedback suppression at a small cost in overall protocol repair delay. The sender's current estimate of GRTT is advertised in the "grtt" field found in all NORM sender messages. The advertised GRTT is also limited to a minimum of the nominal inter-packet transmission time given the sender's current transmission rate and system clock granularity. The reason for this additional limit is to keep the receiver somewhat event-driven by making sure the sender has had adequate time to generate any response to repair requests from receivers given transmit rate limitations due to congestion control or configuration. When the NORM-CC Rate header extension is present in NORM_CMD(CC) messages, the receivers respond to NORM_CMD(CC) messages as described in Section 5.5.2, "NORM Congestion Control Operation". The NORM_CMD(CC) messages are periodically generated by the sender as described for congestion control operation. This provides for proactive, but controlled, feedback from the group in the form of NORM_ACK messages. This provides for GRTT feedback even if no NORM_NACK messages are being sent. If operating without congestion control in a closed network, the NORM_CMD(CC) messages MAY be sent periodically without the NORM-CC Rate header extension. In this case, receivers will only provide GRTT measurement feedback when NORM_NACK messages are generated since no NORM_ACK messages are generated. In this case, the NORM_CMD(CC) messages MAY be sent less frequently, perhaps as little as once per minute, to conserve network capacity. Note the NORM-CC Rate header extension MAY also be used to proactively solicit RTT feedback from the receiver group per congestion control operation even when the sender is not conducting
congestion control rate adjustment. NORM operation without congestion control SHOULD be considered only in closed networks.5.5.2. NORM Congestion Control Operation
This section describes baseline congestion control operation for the NORM protocol (NORM-CC). The supporting NORM message formats and approach described here are an adaptation of the equation-based TCP- Friendly Multicast Congestion Control (TFMCC) approach [RFC4654]. This congestion control scheme is REQUIRED for operation within the general Internet unless the NORM implementation is adapted to use another IETF-sanctioned reliable multicast congestion control mechanism. With this TFMCC-based approach, the transmissions of NORM senders are controlled in a rate-based manner as opposed to window- based congestion control algorithms as in TCP. However, it is possible the NORM protocol message set MAY alternatively be used to support a window-based multicast congestion control scheme such as PGMCC. The details of such an alternative MAY be described separately or in a future revision of this document. In either case (rate-based TFMCC or window-based PGMCC), successful control of sender transmission depends upon collection of sender-to-receiver packet loss estimates and RTTs to identify the congestion control bottleneck path(s) within the multicast topology and adjust the sender rate accordingly. The receiver with loss and RTT estimates corresponding to the lowest resulting calculated transmission rate is identified as the "current limiting receiver" (CLR). In the case of a tie (where candidate CLRs are within 10% of the same calculated rate), the receiver with the largest RTT value SHOULD be designated as the CLR. As described in [TcpModel], a steady-state sender transmission rate, to be "friendly" with competing TCP flows, can be calculated as: S Rsender = ---------------------------------------------------------- T_rtt*(sqrt((2/3)*p) + 12*sqrt((3/8)*p) * p * (1 + 32*(p^2))) where S = nominal transmitted packet size. (In NORM, the "nominal" packet size can be determined by the sender as an exponentially weighted moving average (EWMA) of transmitted packet sizes to account for variable message sizes). T_rtt = RTT estimate of the current "current limiting receiver" (CLR). p = loss event fraction of the CLR.
To support congestion control feedback collection and operation, the
NORM sender periodically transmits NORM_CMD(CC) command messages.
NORM_CMD(CC) messages are multiplexed with NORM data and repair
transmissions and serve several purposes, they:
1. Stimulate explicit feedback from the general receiver set to
collect congestion control information.
2. Communicate state to the receiver set on the sender's current
congestion control status including details of the CLR.
3. Initiate rapid (immediate) feedback from the CLR in order to
closely track the dynamics of congestion control for the current
worst path in the group multicast topology.
The format of the NORM_CMD(CC) message is described in Section 4.2.3
of this document. The NORM_CMD(CC) message contains information to
allow measurement of RTTs, to inform the group of the congestion
control CLR, and to provide feedback of individual RTT measurements
to the receivers in the group. The NORM_CMD(CC) also provides for
exciting feedback from OPTIONAL "potential limiting receiver" (PLR)
nodes that might be determined administratively or possibly
algorithmically based upon congestion control feedback. PLR nodes
are receivers that have been identified to have potential for
(perhaps soon) becoming the CLR and thus immediate, up-to-date
feedback is beneficial for congestion control performance. The PLR
list MAY be populated with a small number of receivers the sender
identifies as approaching the CLR loss and delay conditions based on
feedback from the group.
5.5.2.1. NORM_CMD(CC) Transmission
The NORM_CMD(CC) message is transmitted periodically by the sender
along with its normal data transmission. Note the repeated
transmission of NORM_CMD(CC) messages MAY be initiated some time
before transmission of user data content at session startup. This
can be done to collect some estimation of the current state of the
multicast topology with respect to group and individual RTT and
congestion control state.
A NORM_CMD(CC) message is immediately transmitted at sender startup.
The interval of subsequent NORM_CMD(CC) message transmission is
determined as follows:
1. By default, the interval is set according to the current sender
GRTT estimate. A startup initial value of GRTT_sender = 0.5
seconds is RECOMMENDED when no feedback has yet been received
from the group.
2. Until a CLR has been identified (based on previous receiver
feedback) or when no data transmission is pending, the
NORM_CMD(CC) interval is doubled up from its current interval to
a maximum of once per 30 seconds. This results in a low duty
cycle for NORM_CMD(CC) probing when no CLR is identified or there
is no pending data to transmit.
3. When a CLR has been identified (based on receiver feedback) and
data transmission is pending, the probing interval is set to the
RTT between the sender and the CLR (RTT_clr).
4. Additionally, when the data transmission rate is low with respect
to the RTT_clr interval used for probing, the implementation
SHOULD ensure no more than one NORM_CMD(CC) message is sent per
NORM_DATA message when there is data pending transmission. This
ensures the transmission of this control message is not done to
the exclusion of user data transmission.
The NORM_CMD(CC) "cc_sequence" field is incremented with each
transmission of a NORM_CMD(CC) command. The greatest "cc_sequence"
recently received by receivers is included in their feedback to the
sender. This allows the sender to determine the age of feedback to
assist in congestion avoidance.
The NORM-CC Rate Header Extension is applied to the NORM_CMD(CC)
message and the sender advertises its current transmission rate in
the "send_rate" field. The rate information is used by receivers to
initialize loss estimation during congestion control startup or
restart.
The "cc_node_list" contains a list of entries identifying receivers
and their current congestion control state (status "flags", "rtt",
and "loss" estimates). The list will be empty if the sender has not
yet received any feedback from the group. If the sender has received
feedback, the list will minimally contain an entry identifying the
CLR. A NORM_FLAG_CC_CLR flag value is provided for the "cc_flags"
field to identify the CLR entry. It is RECOMMENDED the CLR entry be
the first in the list for implementation efficiency. Additional
entries in the list are used to provide sender-measured individual
RTT estimates to receivers in the group. The number of additional
entries in this list is dependent upon the percentage of control
traffic the sender application is willing to send with respect to
user data message transmissions. More entries in the list will allow
the sender to be more responsive to congestion control dynamics. The
length of the list can be dynamically determined according to the
current transmission rate and scheduling of NORM_CMD(CC) messages.
The maximum length of the list corresponds to the sender's
NormSegmentSize parameter for the session. The inclusion of
additional entries in the list based on receiver feedback is
prioritized with the following rules:
1. Receivers that have not yet been provided an RTT measurement get
first priority. Of these, those with the greatest loss fraction
receive precedence for list inclusion.
2. Secondly, receivers that have previously been provided an RTT
measurement are included with receivers yielding the lowest
calculated congestion rate getting precedence.
There are "cc_flag" values in addition to NORM_FLAG_CC_CLR used for
other congestion control functions. The NORM_FLAG_CC_PLR flag value
is used to mark additional receivers from which the sender would like
to have immediate, non-suppressed feedback. These can be receivers
the sender algorithmically identified as potential future CLRs or
have been pre-configured as potential congestion control points in
the network. The NORM_FLAG_CC_RTT indicates the validity of the
"cc_rtt" field for the associated receiver node. Normally, this flag
will be set since the receivers in the list will typically be
receivers from which the sender has received feedback. However, in
the case the NORM sender has been pre-configured with a set of PLR
nodes, feedback from those receivers might not have yet been
collected and thus the "cc_rtt" field does not contain a valid value
when this flag is not set. Similarly, a value of ZERO for the
"cc_rate" field here MUST be treated as an invalid value and be
ignored for the purposes of feedback suppression, etc.
5.5.2.2. NORM_CMD(CC) Feedback Response
Receivers explicitly respond to NORM_CMD(CC) messages in the form of
a NORM_ACK(RTT) message. The goal of the congestion control feedback
is to determine the receivers with the lowest congestion control
rates. Receivers marked as CLR or PLR nodes in the NORM_CMD(CC)
"cc_node_list" immediately provide feedback in the form of a NORM_ACK
to this message. When a NORM_CMD(CC) is received, non-CLR or non-PLR
nodes initiate random feedback backoff timeouts similar to those used
when the receiver initiates a repair cycle (see Section 5.3) in
response to detection of data loss. The backoff timeout for the
congestion control response is generated as follows:
T_backoff = RandomBackoff(K_backoff * GRTT_sender, GSIZE_sender)
The RandomBackoff() algorithm provides a truncated exponentially
distributed random number and is described in the Multicast NACK
Building Block [RFC5401] document. The same backoff factor,
K_backoff = K_sender, as used with NORM_NACK suppression is generally
RECOMMENDED. However, in cases where the application purposefully
specifies a very small K_sender backoff factor to minimize the NACK
repair process latency (trading off group size scalability), it is
RECOMMENDED a larger backoff factor for congestion control feedback
be maintained, since there can be a larger volume of congestion
control feedback than NACKs in many cases and some congestion control
feedback latency might be tolerable where reliable delivery latency
is not. As previously noted, a backoff factor value of K_sender = 4
is generally RECOMMENDED for ASM operation and K_sender = 6 for SSM
operation. A receiver SHALL cancel the backoff timeout and thus its
pending transmission of a NORM_ACK(RTT) message under the following
conditions:
1. The receiver generates another feedback message (NORM_NACK or
other NORM_ACK) before the congestion control feedback timeout
expires (these messages will convey the current congestion
control feedback information).
2. A NORM_CMD(CC) or other receiver feedback with an ordinally
greater "cc_sequence" field value is received before the
congestion control feedback timeout expires (this is similar to
the TFMCC feedback round number).
3. When the T_backoff is greater than 1*GRTT_sender. This prevents
NACK implosion in the event of sender or network failure.
4. "Suppressing" congestion control feedback is heard from another
receiver (in a NORM_ACK or NORM_NACK) or via a
NORM_CMD(REPAIR_ADV) message from the sender. The local
receiver's feedback is "suppressed" if the rate of the competing
feedback (Rfb) is sufficiently close to or less than the local
receiver's calculated rate (Rcalc). The local receiver's
feedback is canceled when Rcalc > (0.9 * Rfb). Also, note
receivers that have not yet received an RTT measurement from the
sender are suppressed only by other receivers that have not yet
measured RTT. Additionally, receivers whose RTT estimate has
aged considerably (i.e., they haven't been included in the
NORM_CMD(CC) "cc_node_list" in a long time) might wish to compete
as a receiver with no prior RTT measurement after some long-term
expiration period.
When the backoff timer expires, the receiver SHALL generate a
NORM_ACK(RTT) message to provide feedback to the sender and group.
This message MAY be multicast to the group for most effective
suppression in ASM topologies or unicast to the sender depending upon
how the NORM protocol is deployed and configured.
Whenever any feedback is generated (including this NORM_ACK(RTT)
message), receivers include an adjusted version of the sender
timestamp from the most recently received NORM_CMD(CC) message and
its "cc_sequence" value in the corresponding NORM_ACK or NORM_NACK
message fields. For NORM-CC operation, any generated feedback
message SHALL also contain the NORM-CC Feedback header extension.
The receiver provides its current "cc_rate" estimate, "cc_loss"
estimate, "cc_rtt" if known, and any applicable "cc_flags" via this
header extension.
During slow start (when the receiver has not yet detected loss from
the sender), the receiver uses a value equal to two times its
measured rate from the sender in the "cc_rate" field. For steady-
state congestion control operation, the receiver "cc_rate" value is
from the equation-based value using its current loss event estimate
and sender<->receiver RTT information. (The GRTT_sender is used when
the receiver has not yet measured its individual RTT.)
The "cc_loss" field value reflects the receiver's current loss event
estimate with respect to the sender in question.
When the receiver has a valid individual RTT measurement, it SHALL
include this value in the "cc_rtt" field. The NORM_FLAG_CC_RTT MUST
be set when the "cc_rtt" field is valid.
After a congestion control feedback message is generated or when the
feedback is suppressed, a non-CLR receiver begins a "holdoff" timeout
period during which it will restrain itself from providing congestion
control feedback, even if NORM_CMD(CC) messages are received from the
sender (unless the receive becomes marked as a CLR or PLR node). The
value of this holdoff timeout (T_ccHoldoff) period is:
T_ccHoldoff = (K_sender * GRTT_sender)
Thus, non-CLR receivers are constrained to providing explicit
congestion control feedback once per K_sender*GRTT_sender intervals.
However, as the session progresses, different receivers will be
responding to different NORM_CMD(CC) messages and there will be
relatively continuous feedback of congestion control information
while the sender is active.
5.5.2.3. Congestion Control Rate Adjustment
During steady-state operation, the sender will directly adjust its
transmission rate to the rate indicated by the feedback from its
currently selected CLR. As noted in [TfmccPaper], the estimation of
parameters (loss and RTT) for the CLR will generally constrain the
rate changes possible within acceptable bounds. For rate increases,
the sender SHALL observe a maximum rate of increase of one packet per
RTT at all times during steady-state operation.
The sender processes congestion control feedback from the receivers
and selects the CLR based on the lowest rate receiver. Receiver
rates are determined either directly from the slow start "cc_rate"
provided by the receiver in the NORM-CC Feedback header extension or
by performing the equation-based calculation using individual RTT and
loss estimates ("cc_loss") as feedback is received.
The sender can calculate a current RTT for a receiver (RTT_rcvrNew)
using the "grtt_response" timestamp included in feedback messages.
When the "cc_rtt" value in a response is not valid, the sender simply
uses this RTT_rcvrNew value as the receiver's current RTT (RTT_rcvr).
For non-CLR and non-PLR receivers, the sender SHOULD use the "cc_rtt"
provided in the NORM-CC Feedback header extension as the receiver's
previous RTT measurement (RTT_rcvrPrev) averaged with the current
measurement ("RTT_rcvrNew") as the receiver's RTT value:
RTT_rcvr = 0.5 * RTT_rcvrPrev + 0.5 * RTT_rcvrNew
For CLR receivers where feedback is received more regularly, the
sender SHOULD maintain a more smoothed RTT estimate upon new feedback
from the CLR where:
RTT_clr = 0.9 * RTT_clr + 0.1 * RTT_clrNew
RTT_clrNew is the new RTT calculated from the timestamp in the
feedback message received from the CLR. The RTT_clr is initialized
to RTT_clrNew on the first feedback message received. Note that the
same procedure is observed by the sender for PLR receivers, and if a
PLR is "promoted" to CLR status, the smoothed estimate can be
continued.
There are some additional periods besides steady-state operation to
be considered in NORM-CC operation. These periods are:
1. during session startup,
2. when no feedback is received from the CLR, and
3. when the sender has a break in data transmission.
During session startup, the congestion control operation SHALL
observe a "slow-start" procedure to quickly approach its fair
bandwidth share. An initial sender startup rate is assumed where:
Rinit = MIN(NormSegmentSize/GRTT_sender, NormSegmentSize) bytes/sec
The rate is increased only when feedback is received from the
receiver set. The "slow start" phase proceeds until any receiver
provides feedback indicating loss has occurred. Rate increase during
slow start is applied as:
Rnew = Rrecv_min
where Rrecv_min is the minimum reported receiver rate in the
"cc_rate" field of congestion control feedback messages received from
the group. Note during slow start, receivers use two times their
measured rate from the sender in the "cc_rate" field of their
feedback. Rate increase adjustment is limited to once per GRTT
during slow start.
If the CLR or any receiver intends to leave the group, it will set
the NORM_FLAG_CC_LEAVE in its congestion control feedback message as
an indication the sender SHOULD NOT select it as the CLR. When the
CLR changes to a lower rate receiver, the sender SHOULD immediately
adjust to the new lower rate. The sender is limited to increasing
its rate at one additional packet per RTT towards any new, higher CLR
rate.
The sender SHOULD also track the age of the feedback it has received
from the CLR by comparing its current "cc_sequence" value
(Seq_sender) to the last "cc_sequence" value received from the CLR
(Seq_clr). As the age of the CLR feedback increases with no new
feedback, the sender SHALL begin reducing its rate once per RTT_clr
as a congestion avoidance measure. The following algorithm is used
to determine the decrease in sender rate (Rsender bytes/sec) as the
CLR feedback, unexpectedly, excessively ages:
Age = Seq_sender - Seq_clr;
if (Age > 4) Rsender = Rsender * 0.5;
This rate reduction is limited to the lower bound on NORM
transmission rates. After NORM_ROBUST_FACTOR consecutive
NORM_CMD(CC) rounds without any feedback from the CLR, the sender
SHOULD assume the CLR has left the group and pick the receiver with
the next lowest rate as the new CLR. Note this assumes the sender
does not have explicit knowledge the CLR intentionally left the
group. If no receiver feedback is received, the sender MAY wish to
withhold further transmissions of NORM_DATA segments and maintain
NORM_CMD(CC) transmissions only until feedback is detected. After
such a CLR timeout, the sender will be transmitting with a minimal
rate and SHOULD return to slow start as described here for a break in
data transmission.
When the sender has a break in its data transmission, it can continue
to probe the group with NORM_CMD(CC) messages to maintain RTT
collection from the group. This will enable the sender to quickly
determine an appropriate CLR upon data transmission restart.
However, the sender SHOULD exponentially reduce its target rate to be
used for transmission restart as time since the break elapses. The
target rate SHOULD be recalculated once per RTT_clr as:
Rsender = Rsender * 0.5;
If the minimum NORM rate is reached, the sender SHOULD set the
NORM_FLAG_START flag in its NORM_CMD(CC) messages upon restart and
the group SHOULD observe slow-start congestion control procedures
until any receiver experiences a new loss event.
5.5.3. NORM Positive Acknowledgment Procedure
NORM provides options for the source application to request positive
acknowledgment (ACK) of NORM_CMD(FLUSH) and NORM_CMD(ACK_REQ)
messages from members of the group. There are some specific
acknowledgment requests defined for the NORM protocol and a range of
acknowledgment request types left to be defined by the application.
One predefined acknowledgment type is the NORM_ACK(FLUSH) type. This
acknowledgment is used to determine if receivers have achieved
completion of reliable reception up through a specific logical
transmission point with respect to the sender's sequence of
transmission. The NORM_ACK(FLUSH) acknowledgment MAY be used to
assist in application flow control when the sender has information on
a portion of the receiver set. Another predefined acknowledgment
type is NORM_ACK(CC) used to explicitly provide congestion control
feedback in response to NORM_CMD(CC) messages transmitted by the
sender for NORM-CC operation. Note the NORM_ACK(CC) response does
NOT follow the positive acknowledgment procedure described here. The
NORM_CMD(ACK_REQ) and NORM_ACK messages contain an "ack_type" field
to identify the type of acknowledgment requested and provided. A
range of "ack_type" values is provided for application-defined use.
While the application is responsible for initiating the
acknowledgment request and interprets application-defined "ack_type"
values, the acknowledgment procedure SHOULD be conducted within the
protocol implementation to take advantage of timing and transmission
scheduling information available to the NORM transport.
The NORM Positive Acknowledgment Procedure uses polling by the sender
to query the receiver group for response. Note this polling
procedure is not intended to scale to very large receiver groups, but
could be used in a large group setting to query a critical subset of
the group. Either the NORM_CMD(ACK_REQ), or when applicable, the
NORM_CMD(FLUSH) message is used for polling and contains a list of
NormNodeIds of the receivers expected to respond to the command. The
list of receivers providing acknowledgment is determined by the
source application with a priori knowledge of participating nodes or
via some other application-level mechanism.
The ACK process is initiated by the sender generating NORM_CMD(FLUSH)
or NORM_CMD(ACK_REQ) messages in periodic rounds. For
NORM_ACK(FLUSH) requests, the NORM_CMD(FLUSH) contains a
"object_transport_id" and "fec_payload_id" denoting the watermark
transmission point for which acknowledgment is requested. This
watermark transmission point is echoed in the corresponding fields of
the NORM_ACK(FLUSH) message sent by the receiver in response.
NORM_CMD(ACK_REQ) messages contain an "ack_id" field that is
similarly echoed in response so the sender can match the response to
the appropriate request.
In response to the NORM_CMD(ACK_REQ), the listed receivers randomly,
with a uniform distribution, transmit NORM_ACK messages over a time
window of (1*GRTT_sender). These NORM_ACK messages are typically
unicast to the sender. (Note NORM_ACK(CC) messages SHALL be
multicast or unicast in the same manner as NORM_NACK messages.)
The ACK process is self-limiting and avoids ACK implosion because:
1. Only a single NORM_CMD(ACK_REQ) message is generated once per
(2*GRTT_sender), and
2. The size of the "acking_node_list" of NormNodeIds from which
acknowledgment is requested is limited to a maximum of the sender
NormSegmentSize setting per round of the positive acknowledgment
process.
Because the size of the included list is limited to the sender's
NormSegmentSize setting, multiple NORM_CMD(ACK_REQ) rounds will
sometimes be necessary to achieve responses from all receivers
specified. The content of the attached NormNodeId list will be
dynamically updated as this process progresses and NORM_ACK responses
are received from the specified receiver set. As the sender receives
valid responses (i.e., matching watermark point or "ack_id") from
receivers, it SHALL eliminate those receivers from the subsequent
NORM_CMD(ACK_REQ) message "acking_node_list" and add in any pending
receiver NormNodeIds while keeping within the NormSegmentSize
limitation of the list size. Each receiver is queried a maximum
number of times (NORM_ROBUST_FACTOR, by default). Receivers not
responding within this number of repeated requests are removed from
the payload list to make room for other potential receivers pending
acknowledgment. The transmission of the NORM_CMD(ACK_REQ) is
repeated until no further responses are needed or until the repeat
threshold is exceeded for all pending receivers. The transmission of
NORM_CMD(ACK_REQ) or NORM_CMD(FLUSH) messages to conduct the positive
acknowledgment process is multiplexed with ongoing sender data
transmissions. However, the NORM_CMD(FLUSH) positive acknowledgment
process MAY be interrupted in response to negative acknowledgment
repair requests (NACKs) received from receivers during the acknowledgment period. The NORM_CMD(FLUSH) positive acknowledgment process is restarted for receivers pending acknowledgment once any the repairs have been transmitted. In the case of NORM_CMD(FLUSH) commands with an attached "acking_node_list", receivers will not ACK until they have received complete transmission of all data up to and including the given watermark transmission point. All receivers SHALL interpret the watermark point provided in the request NACK for repairs if needed as for NORM_CMD(FLUSH) commands with no attached "acking_node_list".5.5.4. Group Size Estimate
NORM sender messages contain a "gsize" field that is a representation of the group size and that is used in scaling random backoff timer ranges. The use of the group size estimate within the NORM protocol does not demand a precise estimation and works reasonably well if the estimate is within an order of magnitude of the actual group size. By default, the NORM sender group size estimate MAY be administratively configured. Also, given the expected scalability of the NORM protocol for general use, a default value of 10,000 is RECOMMENDED for use as the group size estimate. It is also possible the group size MAY be algorithmically approximated from the volume of congestion control feedback messages based on the exponentially weighted random backoff. However, the specification of such an algorithm is currently beyond the scope of this document.6. Configurable Elements
The NORM protocol supports a modest number of configurable parameters that control operation. Most of these need only be set at NORM sender(s) and the configuration information is communicated to the receiver set in NORM header and/or header extension fields. A notable exception to this is the NORM_ROBUST_FACTOR that is presumed to be a common value preset among senders and receivers for a given NORM session. The following table summarizes these configurable elements:
+--------------------+----------------------------------------------+
| Configurable | Purpose |
| Element | |
+--------------------+----------------------------------------------+
| Sender initial | Sender's initial estimate of greatest group |
| GRTT Estimate | round-trip time. Affects timing of feedback |
| (GRTT_sender) | suppression and sender command transmissions |
| | at sender startup. |
| Backoff Factor | Sender's scaling factor used for timer-based |
| (K_sender) | feedback suppression. |
| Group Size | Sender's rough estimate of receiver group |
| Estimate | size used in generation of random feedback |
| (GSIZE_sender) | backoff timeout. |
| NORM_ROBUST_FACTOR | Integer factor determining how persistently |
| | (i.e., robust) senders transmit repeated |
| | control messages and receivers self-initiate |
| | timeout-based NACKing in the absence of |
| | sender activity. |
| FEC Type | Sender FEC encoding type. |
| ("fec_id") | |
| Sender segment | Maximum size (in bytes) of the payload |
| size | portion of NORM_DATA and other messages. |
| (NormSegmentSize) | |
| NormNodeId | Unique identifiers pre-assigned to all NORM |
| | session participants. |
+--------------------+----------------------------------------------+
The sender-controlled GRTT estimate (referred to as GRTT_sender in
this document) is used to set and scale various timers associated
with NORM protocol operation. During steady-state operation, the
sender probes the receiver set, adapts to the group round-trip timing
state, and advertises its estimate to the receiver set in the "grtt"
field of relevant NORM protocol messages. However, an initial value
must be assumed at sender startup. A large initial estimate is
conservative and safer with regard to preventing feedback implosion
and starting up congestion control operation, but requires the sender
and receivers to allocate more buffering resources for a given
transmission rate (i.e., larger effective delay*bandwidth product) to
maintain efficient operation. A default initial value of GRTT_sender
= 0.5 seconds is RECOMMENDED.
The sender-controlled Backoff Factor (referred to a K_sender in this
document) is used to scale protocol timers and contributes to the
generation of the random backoff timeout value that facilitates
timer-based feedback suppression. The sender advertises its
configured Backoff Factor to the receiver set in the "backoff" field
of applicable NORM messages and thus no receiver configuration is
necessary. For ASM operation, a default value of K_sender = 4 is
RECOMMENDED; for SSM operation, a default value of K_sender = 6 is RECOMMENDED. The sender estimate of session Group Size (referred to as GSIZE_sender in this document) also plays a role in the random selection of feedback suppression timeout values. The sender advertises its configured Group Size estimate to the receiver set in the "gsize" field of applicable NORM messages; thus, no receiver configuration is necessary. Only a rough estimate (i.e., "order-of- magnitude") is needed for effective feedback suppression and a default value of GSIZE_sender = 10,000 is RECOMMENDED as a conservative estimate for most uses. The NORM_ROBUST_FACTOR is an integer parameter that determines how persistently NORM senders transmit control messages (NORM_CMD messages) such as end-of-transmission flushing, OPTIONAL positive acknowledgment requests, etc. Additionally, the receivers use their knowledge of NORM_ROBUST_FACTOR to determine when to consider a NORM sender inactive and MAY use the factor in determining how persistently to self-initiate repeated NACK repair requests upon such timeouts. This parameter is NOT communicated in NORM protocol message headers and is presumed to be preset to a consistent value among sender and receivers for a given NORM session. A default value of NORM_ROBUST_FACTOR = 20 is RECOMMENDED. Another NORM sender configuration element is the FEC type used to encode NORM_DATA message content. The FEC type is communicated from the sender to the receiver set in the "fec_id" field of relevant NORM message headers. The "fec_id" value corresponds to an IANA-assigned value identifying the FEC encoding type as described in the FEC Building Block [RFC5052] document. Typically, a sender SHOULD use a consistent FEC encoding for its participation in a session to simplify receiver state allocation and maintenance, but its implementations MAY vary the FEC encoding type on a per-object basis if necessary. The sender NormSegmentSize setting determines the maximum size of the payload portion of NORM_DATA and other messages that the sender transmits. Additionally, the payload size of feedback messages from receivers to a given sender is limited to that sender's NormSegmentSize. The NormSegmentSize SHOULD be configured to be compatible with expected network MTU limitations, given the added overhead of NORM, UDP, and IP protocol message headers. Additionally, MTU Discovery MAY be employed by the sender to determine an appropriate NormSegmentSize. The NormSegmentSize for a given sender can be determined by receivers from the FEC Object Transmission Information (FTI) provided either in applied EXT_FTI header extensions or pre-configured session information.
Although it is not technically a configurable element, the receivers MUST have FEC Object Transmission Information for transmitted NormObjects to properly buffer, decode, and reassemble the original content. For loosely organized NORM protocol sessions, the sender MAY apply the EXT_FTI Header Extension to NORM_DATA and NORM_INFO (if applicable) messages so that receivers can get this information without prior coordination. An implementation MAY also apply the EXT_FTI only to NORM_INFO messages for reduced overhead. Finally, applications MAY also provide the FTI out-of-band prior to sender transmission. Each participant in a NORM protocol session MUST be configured with a unique NormNodeId value. The NormNodeId value is used by receivers to identify the sender to which their NACK or other feedback messages are addressed, and senders use the NormNodeId to differentiate receivers for purposes of congestion control and OPTIONAL positive acknowledgment collection. Assignment of unique NormNodeId values can be done via a priori coordination and/or use of a deconfliction mechanism external to the NORM protocol itself. The values of NORM_NODE_NONE = 0x00000000 and NORM_NODE_ANY = 0xffffffff are reserved and MUST NOT be assigned to NORM participants.7. Security Considerations
The same security considerations that apply to the Multicast NACK [RFC5401], TFMCC [RFC4654], and FEC [RFC5052] Building Blocks also apply to the NORM protocol. In addition to the vulnerabilities to which any IP and IP multicast protocol implementation is subject, malicious hosts might engage in excessive NACKing in an attempt to prevent the NORM sender(s) from making forward progress in reliable transmission. Receiver "join" and "service" policy enforcement as described in Section 5.2 can be applied if such activity is detected. The use of cryptographic peer authentication, integrity checks, and/or confidentiality mechanisms can be used to provide a more effective degree of protection from objectionable transmissions from unauthorized hosts. But in some cases, even with authentication and integrity checks, the NACK-based feedback of NORM can be exploited by replay attacks forcing the NORM sender to unnecessarily transmit repair information. This MAY be addressed in part with network-layer IP security implementations that guard against this potential security exploitation or alternatively with a security mechanism using the EXT_AUTH header extension for similar purposes. Such security mechanisms SHOULD be deployed and used when available. Use of security mechanisms will impose additional "a priori" configuration upon the NORM deployment depending upon the techniques used. The NORM protocol is compatible with the use of IP security (IPsec)
[RFC4301], and the IPsec Encapsulating Security Payload (ESP) protocol or Authentication Header (AH) extension can be used to secure IP packets transmitted by NORM participants. A baseline approach to secure NORM operation using IPsec is described below. Compliant implementations of this specification are REQUIRED to be compatible with IPsec usage as described in Section 7.1. IPsec can be used to provide peer authentication, integrity protection, and/or encryption of packets containing NORM messages. Additionally, the EXT_AUTH header extension (HET = 1) is reserved for use by security mechanisms to provide alternatives to IPsec for the security of NORM messages. The format of this header extension and its processing is outside the scope of this document and is to be communicated out-of-band as part of the session description. It is possible an EXT_AUTH implementation MAY also provide for encryption of NORM message payloads as well as peer authentication and integrity protection. The use of this approach as compared to IPsec can allow for header compression techniques to be applied jointly to IP and NORM protocol headers. In cases where security analysis deems encryption of NORM protocol header content to be beneficial or necessary, the aforementioned use of IPsec ESP might be more appropriate. Additionally, the EXT_AUTH header extension can be utilized when NORM is implemented in a network with Network Address Translation (NAT) systems that are incompatible with use of the IPsec AH extension. If EXT_AUTH is present, whatever packet authentication or integrity checks that can be performed immediately upon reception of the packet MUST be performed before accepting the packet and performing any congestion-control-related action on it. Some packet authentication schemes impose a delay of several seconds between when a packet is received and when the packet can be fully authenticated. Any appropriate congestion control related action MUST NOT be postponed by any such packet security mechanism (i.e., security mechanisms MUST NOT result in poor congestion control behavior). Consideration MUST also be given to the potential for replay-attacks that would transplant authenticated packets from one NORM session to another to disrupt service. To avoid this potential, unique keys SHOULD be assigned on a per-session basis or NORM sender nodes SHOULD be configured to use unique "instance_id" identifiers managed as part of the security association for the sessions. Note NORM implementations can use the "sequence" field from the NORM common message header to detect replay attacks. This can be accomplished if the NORM sender maintains state on actively NACKing receivers. A cache of such receiver state can be used to provide protection against NACK replay attacks. NORM receivers MUST also maintain similar state for protection against possible replay of other receiver messages in ASM operation as well. For example, a
receiver could be suppressed from providing NACK or congestion control feedback by replay of certain receiver messages. For these reasons, authentication of NORM messages (e.g., via IPsec) SHOULD be applied for protection against similar attacks that use fabricated messages. Also, encryption of messages to provide confidentiality of application data and protect privacy of users MAY also be applied using IPsec or similar mechanisms. When applicable security measures are used, automated key management mechanisms such as those described in the Group Domain of Interpretation (GDOI) [RFC3547], Multimedia Internet KEYing (MIKEY) [RFC3830], or Group Secure Association Key Management Protocol (GSAKMP) [RFC4535] specifications SHOULD be applied. While NORM does leverage FEC-based repair for scalability, this alone does not guarantee integrity of received data. Application-level integrity-checking of received data content is highly RECOMMENDED. This recommendation also applies when the IPsec security approach described below is used for added assurance in data content integrity given the shared use of IPsec Security Association information among the group.7.1. Baseline Secure NORM Operation
This section describes a baseline mode of secure NORM protocol operation based on application of the IPsec security protocol. This approach is documented here to provide a baseline interoperable secure mode of operation. This particular approach represents one possible trade-off in the level of assurance that can be achieved and the scalability of multicast group-size given current IPsec mechanisms and the state required to support them. For example, this baseline approach specifies the use of a Security Association that is shared among the receiver set for feedback messages to the sender. This model requires that the receiver membership receiving the session keys is trusted and only provides protection from attacks that are external to the NORM group membership. More stateful and complex IPsec approaches and key management schemes may be applied for higher levels of assurance, but those are beyond the scope of this transport protocol specification. Additional approaches to NORM security, including other forms of IPsec application, MAY be specified in the future. For example, the use of the EXT_AUTH header extension could enable NORM-specific authentication or security encapsulation headers similar to those of IPsec to be specified and inserted into the NORM protocol message headers. This would allow header compression techniques to be applied to IP and NORM protocol headers when needed in a similar fashion to RTP [RFC3550] and as preserved in the specification for Secure Real Time Protocol (SRTP) [RFC3711].
The baseline approach described is applicable to NORM operation configured for SSM (or SSM-like) operation where there is a single sender and the receivers are providing unicast feedback. This form of NORM operation allows for IPsec to be used with a manageable number of security associations (SA).7.1.1. IPsec Approach
For NORM one-to-many SSM operation with unicast feedback from receivers, each node SHALL be configured with two transport mode IPsec security associations and corresponding Security Policy Database (SPD) entries. One entry will be used for sender-to-group multicast packet authentication and optionally encryption while the other entry will be used to provide security for the unicast feedback messaging from the receiver(s) to the sender. Note that this single SA for NORM receiver feedback messages is shared to protect traffic from possibly multiple receivers to the single sender. For each NormSession, the NORM sender SHALL use an IPsec SA configured for ESP protocol [RFC4303] operation with the option for data origin authentication enabled. It is also RECOMMENDED this IPsec ESP SA be also configured to provide confidentiality protection for IP packets containing NORM protocol messages. This is suggested to make the realization of complex replay attacks much more difficult. The encryption key for this SA SHALL be preplaced at the sender and receiver(s) prior to NORM protocol operation. Use of automated key management is RECOMMENDED as a rekey SHALL be REQUIRED prior to expiration of the sequence space for the SA. This is necessary so receivers can use the built-in IPsec replay attack protection possible for an IPsec SA with a single source (the NORM sender). Thus, the receivers SHALL enable replay attack protection for this SA used to secure NORM sender traffic. An IPsec SPD entry MUST be configured to process outbound packets to the session (destination) address and UDP port number of the applicable (NormSession). The NORM receiver(s) MUST be configured with the SA and SPD entry to properly process the IPsec-secured packets from the sender. The NORM receiver(s) SHALL also use a common, second IPsec SA (common Security Parameter Index (SPI) and encryption key) configured for ESP operation with the option for data origination authentication enabled. Similar to the NORM sender, is RECOMMENDED this IPsec ESP SA be also configured to provide confidentiality protection for IP packets containing NORM protocol messages. The receivers MUST have an IPsec SPD entry configured to process outbound NORM/UDP packets directed to the NORM sender source address and port number using this second SA. To support NORM unicast feedback, the sender's transmission port number SHOULD be selected to be distinct from the
multicast session port number to allow discrimination between unicast
and multicast feedback messages when access to the IP destination
address is not possible (e.g., a user-space NORM implementation).
For processing of packets from receivers, the NORM sender SHALL be
configured with this common, second SA (and the corresponding SPD
entry needed) in order to properly process messages from the
receiver.
Multiple receivers using a common IPsec SA for traffic directed to
the NORM sender (i.e., many-to-one) typically prevents the use of
built-in IPsec replay attack protection by the NORM sender with
current IPsec implementations. Thus the built-in IPsec replay attack
protection for this second SA at the sender MUST be disabled unless
the particular IPsec implementation manages its replay protection on
a per-source basis (which is not typical of existing IPsec
implementations). So, to support a fully secure mode of operation,
the NORM sender implementation MUST provide replay attack protection
based upon the "sequence" field of NORM protocol messages from
receivers. This can be accomplished with a high assurance of
security, even with the limited size (16-bits) of this field,
because:
1. NORM receiver NACK and non-CLR ACK feedback messages are sparse.
2. The more frequent NORM_ACK feedback from CLR or PLR nodes is only
a small set of receivers for which the sender needs to keep more
persistent replay attack state.
3. NORM_NACK feedback messages preceding the sender's current repair
window do not significantly impact protocol operation (generation
of NORM_CMD(SQUELCH) is limited) and could be in fact ignored.
This means the sender can prune any replay attack state that
precedes the current repair window.
4. NORM_ACK messages correspond to either a specific sender
"ack_id", the sender "cc_sequence" for ACKs sent in response to
NORM_CMD(CC), or the sender's current repair window in the case
of ACKs sent in response to NORM_CMD(FLUSH). Thus, the sender
can prune any replay attack state for receivers that precede the
current applicable sequence or repair window space.
The use of ESP confidentiality for secure NORM protocol operation
makes it more difficult for adversaries to conduct any form of replay
attacks. Additionally, a NORM sender implementation with access to
the full ESP protocol header could also use the ESP sequence
information to make replay attack protection even more robust by
maintaining the per-source ESP sequence state that existing IPsec
implementations typically do not provide. The design of this
baseline security approach for NORM intentionally places any more complex processing state or processing (e.g., replay attack protection given multiple receivers) at the NORM sender since NORM receiver implementations might often need to be less complex. This baseline approach can be used for NORM protocol sessions with multiple senders if the SA pairs described are established for each sender. For small-sized groups, it is even possible many-to-many (ASM) IPsec configuration could be achieved where each participant uses a unique SA (with a unique SPI). In this case, the sender(s) would maintain an SA for each other participant rather than a single, shared SA for receiver feedback messages. This does not scale to larger group sizes given the complex set of SA and SPD entries each participant would need to maintain. It is anticipated in early deployments of this baseline approach to NORM security that key management will be conducted out-of-band with respect to NORM protocol operation. In the case of one-to-many NORM operation, it is possible receivers will retrieve keying information from a central server as needed or otherwise conduct group key updates with a similar centralized approach. Alternatively, it is possible with some key management schemes for rekey messages to be transmitted to the group as a message or transport object within the NORM reliable transfer session. Similarly, for group-wise communication sessions, it is possible for potential group participants to request keying and/or rekeying as part of NORM communications. Additional specification is necessary to define an in-band key management scheme for NORM sessions perhaps using the mechanisms of the automated group key management specifications cited in this document. Additional specification outside of the scope of this document would be needed to provide an interoperable approach for key management in-band of a NORM reliable transport session.7.1.2. IPsec Requirements
In order to implement this secure mode of NORM protocol operation, the following IPsec capabilities are REQUIRED.7.1.2.1. Selectors
The implementation MUST be able to use the source address, destination address, protocol (UDP), and UDP port numbers as selectors in the SPD.7.1.2.2. Mode
IPsec in transport mode MUST be supported. The use of IPsec [RFC4301] processing for secure NORM traffic MUST be configured such
that unauthenticated packets are not received by the NORM protocol implementation.7.1.2.3. Key Management
An automated key management scheme for group key distribution and rekeying such as GDOI [RFC3547], GSAKMP [RFC4535], or MIKEY [RFC3830] is RECOMMENDED for use. Note it is possible for key update messages (e.g., the GDOI GROUPKEY-PUSH message) to be included as part of the NORM application reliable data transmission if appropriate interfaces are available between the NORM application and the key management daemon. Relatively short-lived NORM sessions MAY be able to use Manual Keying with a single, preplaced key, particularly if Extended Sequence Numbering (ESN) [RFC4303] is available in the IPsec implementation used. When manual keys are used, it is important that cryptographic algorithms suitable for manual key use are selected.7.1.2.4. Security Policy
Receivers MUST accept protocol messages only from the designated, authorized sender(s). Appropriate key management will provide authentication, integrity and/or encryption keys only to receivers authorized to participate in a designated session. The approach outlined here allows receiver sets to be controlled on a per-sender basis.7.1.2.5. Authentication and Encryption
Large NORM group sizes will necessitate some form of key management that does rely upon shared secrets. The GDOI and GSAKMP protocols mentioned here allow for certificate-based authentication. It is RECOMMENDED these certificates use IP addresses for authentication.7.1.2.6. Availability
The IPsec requirements profile outlined here is commonly available on many potential NORM hosts. Configuration and operation of IPsec typically requires privileged user authorization. Automated key management implementations are typically configured with the privileges necessary to affect system IPsec configuration.8. IANA Considerations
Values of NORM Header Extension Types, Stream Control Codes, and NORM_CMD message sub-types are subject to IANA registration. They are in the registry named "Reliable Multicast Transport (RMT) NORM Protocol Parameters" available from http://www.iana.org.
Note the reliable multicast building block components used by this specification also have their respective IANA considerations, and those documents SHOULD be consulted accordingly. In particular, the FEC Building Block used by NORM does REQUIRE IANA registration of the FEC codecs used. The registration instructions for FEC codecs are provided in RFC 5052. It is possible additional extensions of the NORM protocol might be specified in the future (e.g., additional NORM message types) and additional registries be established at that time with appropriate IETF standards action.8.1. Explicit IANA Assignment Guidelines
This document introduces three registries for the NORM Header Extension Types, Stream Control Codes, and NORM_CMD Message sub- types. This section describes explicit IANA assignment guidelines for each of these.8.1.1. NORM Header Extension Types
This document defines a registry for NORM Header Extensions named "NORM Header Extension Types". The NORM Header Extension Type field is an 8-bit value. The values of this field identify extended header content allowing the protocol functionality to be expanded to include additional features and operating modes. The values that can be assigned within the "NORM Header Extensions" registry are numeric indexes in the range {0, 255}, boundaries included. Values in the range {0,127} indicate variable-length extended header fields while values in the range {128,255} indicate extensions of a fixed 4-byte length. This specification registers the following NORM Header Extension Types: +-------+----------+--------------------+ | Value | Name | Reference | +-------+----------+--------------------+ | 1 | EXT_AUTH | This specification | | 3 | EXT_CC | This specification | | 64 | EXT_FTI | This specification | | 128 | EXT_RATE | This specification | +-------+----------+--------------------+ Requests for assignment of additional NORM Header Extension Type values are granted on a "Specification Required" basis as defined by IANA Guidelines [RFC5226]. Any such header extension specifications MUST include a description of protocol actions to be taken when the extension type is encountered by a protocol implementation not supporting that specific option. For example, it is often possible for protocol implementations to ignore unknown header extensions.
8.1.2. NORM Stream Control Codes
This document defines a registry for NORM Stream Control Codes named "NORM Stream Control Codes". NORM Stream Control Codes are 16-bit values that can be inserted within a NORM_OBJECT_STREAM delivery object to convey sequenced, out- of-band (with respect to the stream data) control signaling applicable to the referenced stream object. These control codes are to be delivered to the application or protocol implementation with reliable delivery, in-order with respect to the their inserted position within the stream. This specification registers the following NORM Stream Control Code: +-------+-----------------+--------------------+ | Value | Name | Reference | +-------+-----------------+--------------------+ | 0 | NORM_STREAM_END | This specification | +-------+-----------------+--------------------+ Additional NORM Stream Control Code value assignment requests are granted on a "Specification Required" basis as defined by IANA Guidelines [RFC5226]. The full 16-bit space outside of the value assigned in this specification are available for future assignment. In addition to describing the control code's expected interpretation, such specifications MUST include a description of protocol actions to be taken when the control code is encountered by a protocol implementation not supporting that specific option.8.1.3. NORM_CMD Message Sub-Types
This document defines a registry for NORM_CMD message sub-types named "NORM Command Message Sub-types". The NORM_CMD message "sub-type" field is an 8-bit value with valid values in the range of 1-255. Note the value 0 is reserved to indicate an invalid NORM_CMD message sub-type. The current specification defines a number of NORM_CMD message sub-types senders can use to signal the receivers in various aspects of NORM protocol operation. This specification registers the following NORM_CMD Message Sub-types:
+-------+-----------------------+--------------------+
| Value | Name | Reference |
+-------+-----------------------+--------------------+
| 0 | reserved | This specification |
| 1 | NORM_CMD(FLUSH) | This specification |
| 2 | NORM_CMD(EOT) | This specification |
| 3 | NORM_CMD(SQUELCH) | This specification |
| 4 | NORM_CMD(CC) | This specification |
| 5 | NORM_CMD(REPAIR_ADV) | This specification |
| 6 | NORM_CMD(ACK_REQ) | This specification |
| 7 | NORM_CMD(APPLICATION) | This specification |
+-------+-----------------------+--------------------+
Future specifications extending NORM MAY define additional NORM_CMD
messages to enhance protocol functionality. NORM_CMD message sub-
type value assignment requests are granted on a "Specification
Required" basis as defined by IANA Guidelines [RFC5226]. In addition
to describing the command sub-type's expected interpretation,
specifications MUST include a description of protocol actions to be
taken when the command is encountered by a protocol implementation
not supporting that specific option.
This specification already defines an "application-defined" NORM_CMD
message sub-type for use at the discretion of individual applications
using NORM for transport. These "application-defined" commands are
suitable for many application-specific purposes and do not involve
standards action. In any case, such additional messages SHALL be
subject to the same congestion control constraints as the existing
NORM sender message set.
9. Suggested Use
The present NORM protocol is seen as a useful tool for the reliable
data transfer over generic IP multicast services. It is not the
intention of the authors to suggest it is suitable for supporting all
envisioned multicast reliability requirements. NORM provides a
simple and flexible framework for multicast applications with a
degree of concern for network traffic implosion and protocol overhead
efficiency. NORM-like protocols have been successfully demonstrated
within the MBone for bulk data dissemination applications, including
weather satellite compressed imagery updates servicing a large group
of receivers and a generic web content reliable "push" application.
In addition, this framework approach has some design features making
it attractive for bulk transfer in asymmetric and wireless
internetwork applications. NORM is capable of successfully operating
independent of network structure and in environments with high packet
loss, delay, and out-of-order delivery. Hybrid proactive/reactive
FEC-based repairing improve protocol performance in some multicast scenarios. A sender-only repair approach often makes additional engineering sense in asymmetric networks. NORM's unicast feedback capability is suitable for use in asymmetric networks or in networks where only unidirectional multicast routing/delivery service exists. Asymmetric architectures supporting multicast delivery are likely to make up an important portion of the future Internet structure (e.g., direct broadcast satellite (DBS) or cable and public-switched telephone network (PSTN) hybrids, etc.) and efficient, reliable bulk data transfer will be an important capability for servicing large groups of subscribed receivers.10. Changes from RFC 3940
This section lists the changes between the Experimental version of this specification, RFC 3940, and this version: 1. Removal of the NORM_FLAG_MSG_START for NORM_OBJECT_STREAM, replacing it with the "payload_msg_start" field in the FEC- encoded preamble of the NORM_OBJECT_STREAM NORM_DATA payload. 2. Definition of IANA registry for header extension and other assignments. 3. Removal of file blocking scheme description now specified in the FEC Building Block document [RFC5052]. 4. Removal of restriction of NORM receiver feedback message rate to local NORM sender rate (this caused congestion control failures in high speed operation. The extremely low feedback rate of the NORM protocol as compared to TCP avoids any resultant impact to the network as shown in [Mdpcc].) 5. Correction of errors in some message format descriptions. 6. Correction of inconsistency in specification of the inactivity timeout. 7. Addition of IPsec secure mode description with IPsec requirements. 8. Addition of the EXT_AUTH header extension definition. 9. Clarification of interpretation of "Source Block Length" when FEC codes are arbitrarily shortened by the sender.
11. Acknowledgments
(and these are not Negative) The authors would like to thank Rick Jones, Vincent Roca, Rod Walsh, Toni Paila, Michael Luby, and Joerg Widmer for their valuable input and comments on this document. The authors would also like to thank the RMT working group chairs, Roger Kermode and Lorenzo Vicisano, for their support in development of this specification, and Sally Floyd for her early input into this document.12. References
12.1. Normative References
[RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5, RFC 1112, August 1989. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC4301] Kent, S. and K. Seo, "Security Architecture for the Internet Protocol", RFC 4301, December 2005. [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", RFC 4303, December 2005. [RFC4607] Holbrook, H. and B. Cain, "Source-Specific Multicast for IP", RFC 4607, August 2006. [RFC4654] Widmer, J. and M. Handley, "TCP-Friendly Multicast Congestion Control (TFMCC): Protocol Specification", RFC 4654, August 2006. [RFC5052] Watson, M., Luby, M., and L. Vicisano, "Forward Error Correction (FEC) Building Block", RFC 5052, August 2007. [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008. [RFC5401] Adamson, B., Bormann, C., Handley, M., and J. Macker, "Multicast Negative-Acknowledgment (NACK) Building Blocks", RFC 5401, November 2008.
12.2. Informative References
[FecHybrid] Gossink, D. and J. Macker, "Reliable Multicast and Integrated Parity Retransmission with Channel Estimation", IEEE GLOBECOMM, 1998. [McastFeedback] Nonnenmacher, J. and E. Biersack, "Optimal Multicast Feedback", IEEE INFOCOM, p. 964, March/April 1998. [MdpToolkit] Macker, J. and B. Adamson, "The Multicast Dissemination Protocol (MDP) Toolkit", Proc. IEEE MILCOM, October 1999. [Mdpcc] Adamson, B. and J. Macker, "A TCP-Friendly, Rate- based Mechanism for NACK-Oriented Reliable Multicast Congestion Control", Proc. IEEE GLOBECOMM, November 2001. [NormFeedback] Adamson, B. and J. Macker, "Quantitative Prediction of NACK-Oriented Reliable Multicast (NORM) Feedback", IEEE MILCOM, October 2002. [PgmccPaper] Rizzo, L., "pgmcc: A TCP-Friendly Single-Rate Multicast Congestion Control Scheme", ACM SIGCOMM, August 2000. [RFC2357] Mankin, A., Romanov, A., Bradner, S., and V. Paxson, "IETF Criteria for Evaluating Reliable Multicast Transport and Application Protocols", RFC 2357, June 1998. [RFC2974] Handley, M., Perkins, C., and E. Whelan, "Session Announcement Protocol", RFC 2974, October 2000. [RFC3048] Whetten, B., Vicisano, L., Kermode, R., Handley, M., Floyd, S., and M. Luby, "Reliable Multicast Transport Building Blocks for One-to-Many Bulk-Data Transfer", RFC 3048, January 2001. [RFC3269] Kermode, R. and L. Vicisano, "Author Guidelines for Reliable Multicast Transport (RMT) Building Blocks and Protocol Instantiation documents", RFC 3269, April 2002. [RFC3453] Luby, M., Vicisano, L., Gemmell, J., Rizzo, L., Handley, M., and J. Crowcroft, "The Use of Forward Error Correction (FEC) in Reliable Multicast", RFC 3453, December 2002.
[RFC3547] Baugher, M., Weis, B., Hardjono, T., and H. Harney, "The Group Domain of Interpretation", RFC 3547, July 2003. [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications", STD 64, RFC 3550, July 2003. [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. Norrman, "The Secure Real-time Transport Protocol (SRTP)", RFC 3711, March 2004. [RFC3830] Arkko, J., Carrara, E., Lindholm, F., Naslund, M., and K. Norrman, "MIKEY: Multimedia Internet KEYing", RFC 3830, August 2004. [RFC3940] Adamson, B., Bormann, C., Handley, M., and J. Macker, "Negative-acknowledgment (NACK)-Oriented Reliable Multicast (NORM) Protocol", RFC 3940, November 2004. [RFC4535] Harney, H., Meth, U., Colegrove, A., and G. Gross, "GSAKMP: Group Secure Association Key Management Protocol", RFC 4535, June 2006. [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session Description Protocol", RFC 4566, July 2006. [RFC5445] Watson, M., "Basic Forward Error Correction (FEC) Schemes", RFC 5445, March 2009. [RmComparison] Pingali, S., Towsley, D., and J. Kurose, "A Comparison of Sender-Initiated and Receiver- Initiated Reliable Multicast Protocols", Proc. INFOCOMM, San Francisco CA, October 1993. [TcpModel] Padhye, J., Firoiu, V., Towsley, D., and J. Kurose, "Modeling TCP Throughput: A Simple Model and its Empirical Validation", ACM SIGCOMM, 1998. [TfmccPaper] Widmer, J. and M. Handley, "Extending Equation-Based Congestion Control to Multicast Applications", ACM SIGCOMM, August 2001.
Authors' Addresses
Brian Adamson Naval Research Laboratory Washington, DC 20375 USA EMail: adamson@itd.nrl.navy.mil Carsten Bormann Universitaet Bremen TZI Postfach 330440 D-28334 Bremen Germany EMail: cabo@tzi.org Mark Handley University College London Gower Street London WC1E 6BT UK EMail: M.Handley@cs.ucl.ac.uk Joe Macker Naval Research Laboratory Washington, DC 20375 USA EMail: macker@itd.nrl.navy.mil