Independent Submission A. McKenzie Request for Comments: 6529 S. Crocker Category: Historic April 2012 ISSN: 2070-1721 Host/Host Protocol for the ARPA NetworkAbstract
This document reproduces the Host/Host Protocol developed by the ARPA Network Working Group during 1969, 1970, and 1971. It describes a protocol used to manage communication between processes residing on independent Hosts. It addresses issues of multiplexing multiple streams of communication (including addressing, flow control, connection establishment/disestablishment, and other signaling) over a single hardware interface. It was the official protocol of the ARPA Network from January 1972 until the switch to TCP/IP in January 1983. It is offered as an RFC at this late date to help complete the historical record available through the RFC series. Status of This Memo This document is not an Internet Standards Track specification; it is published for the historical record. This document defines a Historic Document for the Internet community. This is a contribution to the RFC Series, independent of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6529.
Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.Table of Contents
1. Introduction ....................................................3 2. A Few Comments on Nomenclature and Key Concepts .................4 3. Host/Host Protocol Document .....................................5 (with its own table of contents on page 7) 4. Security Considerations ........................................34
1. Introduction
The Host/Host Protocol for the ARPA Network was created during 1969, 1970, and 1971 by the Network Working Group, chaired by Steve Crocker, a graduate student at UCLA. Many of the RFCs with numbers less than 72, plus RFCs 102, 107, 111, 124, 132, 154, and 179 dealt with the development of this protocol. The first official document defining the protocol was issued by Crocker on August 3, 1970 as "Host-Host Protocol Document No. 1" (see citation in RFC 65), which was based on RFC 54 by Crocker, Postel, Newkirk, and Kraley. Revision of Document No. 1 began in mid-February 1971, as discussed in RFC 102. Although McKenzie is listed as the author of the January 1972 document, which superseded Document No. 1, it is more correct to say McKenzie was the person who compiled and edited the document. Most or all of the ideas in the document originated with others. At the time "Host-Host Protocol Document No. 1" was issued it was not given an RFC number because it was not to be viewed as a "request for comments" but as a standard for implementation. It was one of a set of such standards maintained as a separate set of documentation by the Network Information Center (NIC) at Stanford Research Institute (SRI). The January 1972 version (NIC 8246) reproduced here also followed that approach. It has been noted by many that all subsequent standards were issued as RFCs, and the absence of the Host/Host Protocol specification from the RFC series creates a curious gap in the historical record. It is to fill that gap that this RFC is offered. In 1972, most ARPA Network documents, RFCs and others, were prepared and distributed in hard copy. The Host/Host Protocol document was typed on a typewriter (probably an IBM Selectric), which had interchangeable print elements, and used both italic and boldface fonts in addition to the regular font. Diagrams were drawn by a graphic artist and pasted into the typed document. Since RFCs are constrained to use a single typeface, we have tried to indicate boldface by the use of either all capitals or by a double underline, and to indicate italics by the use of underscores around words in place of spaces. The resulting document is a bit more difficult to read, but preserves the emphases of the original. Of course, the pagination has changed, and we hope we have correctly modified all of the page numbers. There were three footnotes in the original document and we have moved these into the text, set off by indentation and square brackets. A .pdf image of the original document can be found at http://www.cbi.umn.edu/hostedpublications/pdf/McKenzieNCP1972.pdf.
2. A Few Comments on Nomenclature and Key Concepts
In the protocol definition, "RFC" is used to mean "Request for Connection", which refers to either a "Sender to Receiver" or a "Receiver to Sender" request to initiate a connection. In retrospect, this seems like an unnecessarily confusing choice of terminology. At the time this protocol was defined, it was given the undistinguished name "Host-Host Protocol." The acronym "NCP" meant "Network Control Program" and referred to the code that had to be added to the operating system within each host to enable it to interact with its Interface Message Processor (IMP) and manage multiple connections. Over time, and particularly in the context of the change from this protocol to TCP/IP, this protocol was commonly called "NCP" and the expansion changed to "Network Control Protocol." This protocol was superseded by TCP. In this document, the protocol is referred to as a second layer (or "level") protocol, whereas in current writings TCP is usually referred to as a layer 4 protocol. When this protocol was created, it was expected that over time new layers would be created on top of, below, and even in between existing layers. This protocol used a separate channel (the control link) to manage connections. This was abandoned in future protocols. In this design, there was no checksum or other form of error control except for the RST. There had been in earlier versions, but it was removed at the insistence of the IMP designers who argued vigorously that the underlying network of IMPs would never lose a packet or deliver one with errors. Although the IMP network was generally quite reliable, there were instances where the interface between the IMP and the host could drop bits, and, of course, experience with congestion control as the network was more heavily used made it clear that the host layer would have to deal with occasional losses in transmission. These changes were built into TCP. Uncertainty about timing constraints in the design of protocols is evident in this document and remains a source of ambiguity, limitation, and error in today's design processes.
3. Host/Host Protocol Document
Host/Host Protocol for the ARPA Network Prepared for the Network Working Group by Alex McKenzie BBN January 1972
PREFACE This document specifies a protocol for use in communication between Host computers on the ARPA Network. In particular, it provides for connection of independent processes in different Hosts, control of the flow of data over established connections, and several ancillary functions. Although basically self-contained, this document specifies only one of several ARPA Network protocols; all protocol specifications are collected in the document _Current_Network_Protocols,_ NIC #7104. This document supersedes NIC #7147 of the same title. Principal differences between the documents include: - prohibition of spontaneous RET, ERP, and RRP commands - a discussion of the problem of unanswered CLS commands (page 16) - a discussion of the implications of queueing and not queueing RFCs (page 14) - the strong recommendation that received ERR commands be logged, and some additional ERR specifications. In addition to the above, several minor editorial changes have been made. Although there are many individuals associated with the network who are knowledgeable about protocol issues, individuals with questions pertaining to Network protocols should initially contact one of the following: Steve Crocker Advanced Research Projects Agency 1400 Wilson Boulevard Arlington, Virginia 22209 (202) 694-5921 or 5922 Alex McKenzie Bolt Beranek and Newman Inc. 50 Moulton Street Cambridge, Massachusetts 02133 (617) 491-1350 ext. 441 Jon Postel University of California at Los Angeles Computer Science Department 3732 Boelter Hall Los Angeles, California 90024 (213) 325-2363
TABLE OF CONTENTS I. INTRODUCTION..................................................8 An overview of the multi-leveled protocol structure in the ARPA Network. II. COMMUNICATION CONCEPTS.......................................10 Definitions of terminology and a description of the overall strategy used in Host-to-Host communication. III. NCP FUNCTIONS................................................13 The meat of the document for the first-time reader. Host-to- Host "commands" are introduced with descriptions of conditions of their use, discussion of possible problems, and other background material. Connection Establishment..........................13 Connection Termination............................15 Flow Control......................................17 Interrupts........................................20 Test Inquiry......................................20 Reinitialization..................................21 IV. DECLARATIVE SPECIFICATIONS...................................23 Details for the NCP implementer. A few additional "commands" are introduced, and those described in Section III are reviewed. Formats and code and link assignments are specified. Message Format....................................23 Link Assignment...................................25 Control Messages..................................25 Control Commands..................................25 Opcode Assignment.................................31 Control Command Summary...........................31
I. INTRODUCTION The ARPA Network provides a capability for geographically separated computers, called Hosts, to communicate with each other. The Host computers typically differ from one another in type, speed, word length, operating system, etc. Each Host computer is connected into the network through a local small computer called an _Interface_ _Message_Processor_(IMP)._ The complete network is formed by interconnecting these IMPs, all of which are virtually identical, through wideband communications lines supplied by the telephone company. Each IMP is programmed to store and forward messages to the neighboring IMPs in the network. During a typical operation, a Host passes a message to its local IMP; the first 32 bits of this message include the "network address" of a destination Host. The message is passed from IMP to IMP through the Network until it finally arrives at the destination IMP, which in turn passes it along to the destination Host. Specifications for the physical and logical message transfer between a Host and its local IMP are contained in Bolt Beranek and Newman (BBN) Report No. 1822. These specifications are generally called the _first_level_protocol_ or Host/IMP Protocol. This protocol is not by itself, however, sufficient to specify meaningful communication between processes running in two dissimilar Hosts. Rather, the processes must have some agreement as to the method of initiating communication, the interpretation of transmitted data, and so forth. Although it would be possible for such agreements to be reached by each pair of Hosts (or processes) interested in communication, a more general arrangement is desirable in order to minimize the amount of implementation necessary for Network-wide communication. Accordingly, the Host organizations formed a Network Working Group (NWG) to facilitate an exchange of ideas and to formulate additional specifications for Host-to-Host communications. The NWG has adopted a "layered" approach to the specification of communications protocol. The inner layer is the Host/IMP protocol. The next layer specifies methods of establishing communications paths, managing buffer space at each end of a communications path, and providing a method of "interrupting" a communications path. This protocol, which will be used by all higher-level protocols, is known as the _second_level_protocol,_ or Host/Host protocol. (It is worth noting that, although the IMP sub-network provides a capability for _message_switching,_ the Host/Host protocol is based on the concept of _line_switching._) Examples of further layers of protocol currently developed or anticipated include:
1) An _Initial_Connection_Protocol_ (ICP) which provides a convenient standard method for several processes to gain simultaneous access to some specific process (such as the "logger") at another Host. 2) A _Telecommunication_Network_ (TELNET) protocol which provides for the "mapping" of an arbitrary keyboard-printer terminal into a Network Virtual Terminal (NVT), to facilitate communication between a terminal user at one Host site and a terminal-serving process at some other site which "expects" to be connected to a (local) terminal logically different from the (remote) terminal actually in use. The TELNET protocol specifies use of the ICP to establish the communication path between the terminal user and the terminal-service process. 3) A _Data_Transfer_ protocol to specify standard methods of formatting data for shipment through the network. 4) A _File_Transfer_ protocol to specify methods for reading, writing, and updating files stored at a remote Host. The File Transfer protocol specifies that the actual transmission of data should be performed in accordance with the Data Transfer protocol. 5) A _Graphics_ protocol to specify the means for exchanging graphics display information. 6) A _Remote_Job_Service_ (RJS) protocol to specify methods for submitting input to, obtaining output from, and exercising control over Hosts which provide batch processing facilities. The remainder of this document describes and specifies the Host/Host, or second level, protocol as formulated by the Network Working Group.
II. COMMUNICATION CONCEPTS The IMP sub-network imposes a number of physical restrictions on communications between Hosts; these restrictions are presented in BBN Report Number 1822. In particular, the concepts of leaders, messages, padding, links, and message types are of interest to the design of Host/Host protocol. The following discussion assumes that the reader is familiar with these concepts. Although there is little uniformity among the Hosts in either hardware or operating systems, the notion of multiprogramming dominates most of the systems. These Hosts can each concurrently support several users, with each user running one or more processes. Many of these processes may want to use the network concurrently, and thus a fundamental requirement of the Host/Host protocol is to provide for process-to-process communication over the network. Since the first level protocol only takes cognizance of Hosts, and since the several processes in execution within a Host are usually independent, it is necessary for the second level protocol to provide a richer addressing structure. Another factor which influenced the Host/Host protocol design is the expectation that typical process-to-process communication will be based, not on a solitary message, but rather upon a sequence of messages. One example is the sending of a large body of information, such as a data base, from one process to another. Another example is an interactive conversation between two processes, with many exchanges. These considerations led to the introduction of the notions of connections, a Network Control Program, a "control link", "control commands", connection byte size, message headers, and sockets. A _connection_ is an extension of a link. A connection couples two processes so that output from one process is input to the other. Connections are defined to be simplex (i.e., unidirectional), so two connections are necessary if a pair of processes are to converse in both directions. Processes within a Host are envisioned as communicating with the rest of the network through a _Network_Control_Program_ (NCP), resident in that Host, which implements the second level protocol. The primary function of the NCP is to establish connections, break connections, and control data flow over the connections. We will describe the NCP as though it were part of the operating system of a Host supporting multiprogramming, although the actual method of implementing the NCP may be different in some Hosts.
In order to accomplish its tasks, the NCP of one Host must communicate with the NCPs of other Hosts. To this end, a particular link between each pair of Hosts has been designated as the _control_link._ Messages transmitted over the control link are called _control_messages_*, and must always be interpreted by an NCP as a sequence of one or more _control_commands_. For example, one kind of control command is used to initiate a connection, while another kind carries notification that a connection has been terminated. [*Note that in BBN Report Number 1822, messages of non-zero type are called control messages, and are used to control the flow of information between a Host and its IMP. In this document, the term "control message" is used for a message of type zero transmitted over the control link. The IMPs take no special notice of these messages.] The concept of a message, as used above, is an artifact of the IMP sub-network; network message boundaries may have little intrinsic meaning to communicating processes. Accordingly, it has been decided that the NCP (rather than each transmitting process) should be responsible for segmenting interprocess communication into network messages. Therefore, it is a principal of the second level protocol that no significance may be inferred from message boundaries by a receiving process. _The_only_exception_to_this_principle_is_in_ _control_messages,_each_of_which_must_contain_an_integral_number_of_ _control_commands._ Since message boundaries are selected by the transmitting NCP, the receiving NCP must be prepared to concatenate successive messages from the network into a single (or differently divided) transmission for delivery to the receiving process. The fact that Hosts have different word sizes means that a message from the network might end in the middle of a word at the receiving end, and thus the concatenation of the next message might require the receiving Host to carry out extensive bit-shifting. Because bit-shifting is typically very costly in terms of computer processing time, the protocol includes the notions of connection byte size and message headers. As part of the process of establishing a connection, the processes involved must agree on a _connection_byte_size._ Each message sent over the connection must then contain an integral number of bytes of this size. Thus the pair of processes involved in a connection can choose a mutually convenient byte size, for example, the least common multiple of their Host word lengths. It is important to note that the ability to choose a byte size _must_ be available to the processes involved in the connection; an NCP is prohibited from imposing an arbitrary byte size on any process running in its own
Host. In particular, an outer layer of protocol may specify a byte size to be used by that protocol. If some NCP is unable to handle that byte size, then the outer layer of protocol will not be implementable on that Host. The IMP sub-network requires that the first 32 bits of each message (called the leader) contain addressing information, including destination Host address and link number. The second level protocol extends the required information at the beginning of each message to a total of 72 bits; these 72 bits are called the _message_header._ A length of 72 bits is chosen since most Hosts either can work conveniently with 8-bit units of data or have word lengths of 18 or 36 bits; 72 is the least common multiple of these lengths. Thus, the length chosen for the message header should reduce bit-shifting problems for many Hosts. In addition to the leader, the message header includes a field giving the byte size used in the message, a field giving the number of bytes in the message, and "filler" fields. The format of the message header is fully described in Section IV. Another major concern of the second level protocol is a method for reference to processes in other Hosts. Each Host has some internal scheme for naming processes, but these various schemes are typically different and may even be incompatible. Since it is not practical to impose a common internal process naming scheme, a standard intermediate name space is used, with a separate portion of the name space allocated to each Host. Each Host must have the ability to map internal process identifiers into its portion of this name space. The elements of the name space are called _sockets._ A socket forms one end of a connection, and a connection is fully specified by a pair of sockets. A socket is identified by a Host number and a 32-bit socket number. The same 32-bit number in different Hosts represents different sockets. A socket is either a _receive_socket_ or a _send_socket,_ and is so marked by its low-order bit (0 = receive; 1 = send). This property is called the socket's _gender._ The sockets at either end of a connection must be of opposite gender. Except for the gender, second level protocol places no constraints on the assignment of socket numbers within a Host.
III. NCP FUNCTIONS The functions of the NCP are to establish connections, terminate connections, control flow, transmit interrupts, and respond to test inquiries. These functions are explained in this section, and control commands are introduced as needed. In Section IV the formats of all control commands are presented together. Connection Establishment ======================== The commands used to establish a connection are STR (sender-to- receiver) and RTS (receiver- to-sender). 8* 32 32 8 +----------------------------------------------+ | STR | send socket | receive socket | size | +----------------------------------------------+ [*The number shown above each control command field is the length of that field in bits.] 8 32 32 8 +----------------------------------------------+ | RTS | receive socket | send socket | link | +----------------------------------------------+ The STR command is sent from a prospective sender to a prospective receiver, and the RTS from a prospective receiver to a prospective sender. The send socket field names a socket local to the prospective sender; the receive socket field names a socket local to the prospective receiver. In the STR command, the "size" field contains an unsigned binary number (in the range 1 to 255; zero is prohibited) specifying the byte size to be used for all messages over the connection. In the RTS command, the "link" field specifies a link number; all messages over the connection must be sent over the link specified by this number. These two commands are referred to as requests-for-connection (RFCs). An STR and an RTS match if the receive socket fields match and the send socket fields match. A connection is established when a matching pair of RFCs have been exchanged. _Hosts_are_prohibited_from_establishing_more_than_one_ _connection_to_any_local_socket._ With respect to a particular connection, the Host containing the send socket is called the _sending_Host_ and the Host containing the receive socket is called the _receiving_Host._ A Host may connect one of its receive sockets to one of its send sockets, thus becoming both the sending Host and the receiving Host for that connection.
These terms apply only to data flow; control messages will, in general, be transmitted in both directions. A Host sends an RFC either to request a connection, or to accept a foreign Host's request. Since RFC commands are used both for requesting and for accepting the establishment of a connection, it is possible for either of two cooperating processes to initiate connection establishment. As a consequence, a family of processes may be created with connection-initiating actions built-in, and the processes within this family may be started up (in different Hosts) in arbitrary order provided that appropriate queueing is performed by the Hosts involved (see below). _There_is_no_prescribed_lifetime_for_an_RFC._ A Host is permitted to queue incoming RFCs and withhold a response for an arbitrarily long time, or, alternatively, to reject requests (see Connection Termination below) immediately if it does not have a matching RFC outstanding. It may be reasonable, for example, for an NCP to queue an RFC that refers to some currently unused socket until a local process takes control of that socket number and tells the NCP to accept or reject the request. Of course, the Host which sent the RFC may be unwilling to wait for an arbitrarily long time, so it may abort the request. On the other hand, some NCP implementations may not include any space for queueing RFCs, and thus can be expected to reject RFCs unless the RFC sequence was initiated locally. _Queueing_Considerations_ The decision to queue, or not queue, incoming RFCs has important implications which NCP implementers must not ignore. Each RFC which is queued, of course, requires a small amount of memory in the Host doing the queueing. If each incoming RFC is queued until a local process seizes the local socket and accepts (or rejects) the RFC, but no local process ever seizes the socket, the RFC must be queued "forever." Theoretically this could occur infinitely many times (there is no reason not to queue several RFCs for a single local socket, letting the local process decide which, if any, to accept) thus requiring infinite storage for the RFC queue. On the other hand, if no queueing is performed the cooperating processes described above will be able to establish a desired connection only by accident (when they are started up such that one issues its RFC while the RFC of the other is in transit in the network -- clearly an unlikely occurrence). Perhaps the most reasonable solution to the problems posed above is for _each_ NCP to give processes running in its own Host two options for attempting to initiate connections. The first option would allow a process to cause an RFC to be sent to a specified remote socket;
with the NCP notifying the process as to whether the RFC were accepted or rejected by the remote Host. The second option would allow a process to tell _its_own_ NCP to "listen" for an RFC to a specified local socket from some remote socket (the process might also specify the particular remote socket and/or Host it wishes to communicate with) and to accept the RFC (i.e., return a matching RFC) if and when it arrives. Note that this also involves queueing (of "listen" requests), but it is internal queueing which is susceptible to reasonable management by the local Host. If this implementation were available, one of two cooperating processes could "listen" while the other process caused a series of RFCs to be sent to the "listening" socket until one was accepted. Thus, no queueing of incoming RFCs would be required, although it would do no harm. _It_is_the_intent_of_the_protocol_that_each_NCP_should_provide_ _either_the_"listen"_option_described_above_or_a_SUBSTANTIAL_ _queueing_facility._ This is not, however, an absolute requirement of the protocol. Connection Termination ====================== The command used to terminate a connection is CLS (close). 8 32 32 +-----+-------------+-------------+ | CLS | my socket | your socket | +-----+-------------+-------------+ The "my socket" field contains the socket local to the sender of the CLS command. The "your socket" field contains the socket local to the receiver of the CLS command. _Each_side_must_send_and_receive_a_ _CLS_command_before_connection_termination_is_completed_and_the_ _sockets_are_free_to_participate_in_other_connections._ It is not necessary for a connection to be established (i.e., for _both_ RFCs to be exchanged) before connection termination begins. For example, if a Host wishes to refuse a request for connection, it sends back a CLS instead of a matching RFC. The refusing Host then waits for the initiating Host to acknowledge the refusal by returning a CLS. Similarly, if a Host wishes to abort its outstanding request for a connection, it sends a CLS command. The foreign Host is obliged to acknowledge the CLS with its own CLS. Note that even though the connection was never established, CLS commands must be exchanged before the sockets are free for other use. After a connection is established, CLS commands sent by the receiver
and sender have slightly different effects. CLS commands sent by the sender indicate that no more messages will be sent over the connection. _This_command_must_not_be_sent_if_there_is_a_message_ _in_transit_over_the_connection._ A CLS command sent by the receiver acts as a demand on the sender to terminate transmission. However, since there is a delay in getting the CLS command to the sender, the receiver must expect more input. A Host should "quickly" acknowledge an incoming CLS so the foreign Host can purge its tables. However, _there_is_no_prescribed_time_ _period_in_which_a_CLS_must_be_acknowledged._ Because the CLS command is used both to initiate closing, aborting and refusing a connection, and to acknowledge closing, aborting and refusing a connection, race conditions can occur. However, they do not lead to ambiguous or erroneous results, as illustrated in the following examples. EXAMPLE 1: Suppose that Host A sends Host B a request for connection, and then A sends a CLS to Host B because it is tired of waiting for a reply. However, just when A sends its CLS to B, B sends a CLS to A to refuse the connection. A will "believe" B is acknowledging the abort, and B will "believe" A is acknowledging its refusal, but the outcome will be correct. EXAMPLE 2: Suppose that Host A sends Host B an RFC followed by a CLS as in example 1. In this case, however, B sends a matching RFC to A just when A sends its CLS. Host A may "believe" that the RFC is an attempt (on the part of B) to establish a new connection or may understand the race condition; in either case it can discard the RFC since its socket is not yet free. Host B will "believe" that the CLS is breaking an _established_ connection, but the outcome is correct since a matching CLS is the required response, and both A and B will then terminate the connection. Every NCP implementation is faced with the problem of what to do if a matching CLS is not returned "quickly" by a foreign Host (i.e., if the foreign Host appears to be violating protocol in this respect). One naive answer is to hold the connection in a partially closed state "forever" waiting for a matching CLS. There are two difficulties with this solution. First, the socket involved may be a "scarce resource" such as the "logger" socket specified by an Initial Connection Protocol (see NIC # 7101) which the local Host cannot afford to tie up indefinitely. Second, a partially broken (or malicious) process in a foreign Host may send an unending stream of RFCs which the local Host wishes to refuse by sending CLS commands and waiting for a match. This could, in worst cases, require 2^32 ! socket pairs to be stored before duplicates began to appear.
Clearly, no Host is prepared to store (or search) this much information. A second possibility sometimes suggested is for the Host which is waiting for matching CLS commands (Host A) to send a RST (see page 20) to the offending Host (Host B), thus allowing all tables to be reinitialized at both ends. This would be rather unsatisfactory to any user at Host A who happened to be performing useful work on Host B via network connections, since these connections would also be broken by the RST. Most implementers, recognizing these problems, have adopted some unofficial timeout period after which they "forget" a connection even if a matching CLS has not been received. The danger with such an arrangement is that if a second connection between the same pair of sockets is later established, and a CLS finally arrives for the first connection, the second connection is likely to be closed. This situation can only arise, however, if one Host violates protocol in two ways; first by failing to respond quickly to an incoming CLS, and second by permitting establishment of a connection involving a socket which it believes is already in use. It has been suggested that the network adopt some standard timeout period, but the NWG has been unable to arrive at a period which is both short enough to be useful and long enough to be acceptable to every Host. Timeout periods in current use seem to range between approximately one minute and approximately five minutes. _It_must_be_emphasized_that_all_timeout_ _periods,_although_they_are_relatively_common,_reasonably_safe,_and_ _quite_useful,_are_in_violation_of_the_protocol_since_their_use_can_ _lead_to_connection_ambiguities._ Flow Control ============ After a connection is established, the sending Host sends messages over the agreed-upon link to the receiving Host. The receiving NCP accepts messages from its IMP and queues them for its various processes. Since it may happen that the messages arrive faster than they can be processed, some mechanism is required which permits the receiving Host to quench the flow from the sending Host. The flow control mechanism requires the receiving Host to allocate buffer space for each connection and to notify the sending Host of how much space is available. The sending Host keeps track of how much room is available and never sends more data than it believes the receiving Host can accept. To implement this mechanism, the sending Host keeps two counters
associated with each connection, a _message_counter_ and a _bit_counter._ Each counter is initialized to zero when the connection is established and is increased by allocate (ALL) control commands sent from the receiving Host as described below. When sending a message, the NCP of the sending Host subtracts one from the message counter and the _text_length_ (defined below) from the bit counter. The sender is prohibited from sending if either counter would be decremented below zero. The sending Host may also return all or part of the message or bit space allocation with a return (RET) command upon receiving a give-back (GVB) command from the receiving Host (see below). The _text_length_ of a message is defined as the product of the connection byte size and the byte count for the message; both of these quantities appear in the message header. Messages with a zero byte count, hence a zero text length, are specifically permitted. Messages with zero text length do not use bit space allocation, but do use message space allocation. The flow control mechanisms do not pertain to the control link, since connections are never explicitly established over this link. The control command used to increase the sender's bit counter and message counter is ALL (allocate). 8 8 16 32 +------------------------------------+ | ALL | link | msg space | bit space | +------------------------------------+ This command is sent only from the receiving Host to the sending Host, and is legal only when a connection using the link number appearing in the "link" field is established. The "msg space" field and the "bit space" field are defined to be unsigned binary integers specifying the amounts by which the sender's message counter and bit counter (respectively) are to be incremented. The receiver is prohibited from incrementing the sender's counter above (2^16 - 1), or the sender's bit counter above (2^32 - 1). In general, this rule will require the receiver to maintain counters which are incremented and decremented according to the same rules as the sender's counters. The receiving Host may request that the sending Host return all or part of its current allocation. The control command for this request is GVB (give-back). 8 8 8 8 +----------------------+ | GVB | link | fm | fb | +----------------------+
This command is sent only from the receiving Host to the sending Host, and is legal only when a connection using the link number in the "link" field is established. The fields fm and fb are defined as the fraction (in 128ths) of the current message space allocation and bit space allocation (respectively) to be returned. If either of the fractions is equal to or greater than one, _all_ of the corresponding allocation must be returned. Fractions are used since, with messages in transit, the sender and receiver may not agree on the actual allocation at every point in time. Upon receiving a GVB command, the sending Host must return _at_ _least_* the requested portions of the message and bit space allocations. (A sending Host is prohibited from spontaneously returning portions of the message and bit space allocations.) The control command for performing this function is RET (return). [*In particular, fractional returns must be rounded up, not truncated.] 8 8 16 32 +------------------------------------+ | RET | link | msg space | bit space | +------------------------------------+ This command is sent only from the sending Host to the receiving Host, and is legal only when a connection using the link number in the "link" field is established and a GVB command has been received from the receiving Host. The "msg space" field and the "bit space" field are defined as unsigned binary integers specifying the amounts by which the sender's message counter and bit counter (respectively) have been decremented due to the RET activity (i.e., the amounts of message and bit space allocation being returned). NCPs are obliged to answer a GVB with a RET "quickly"; however, there is _no_ prescribed time period in which the answering RET must be sent. Some Hosts will allocate only as much space as they can guarantee for each link. These Hosts will tend to use the GVB command only to reclaim space which is being filled very slowly or not at all. Other Hosts will allocate more space than they have, so that they may use their space more efficiently. Such a Host will then need to use the GVB command when the input over a particular link comes faster than it is being processed. Interrupts ========== The second level protocol has included a mechanism by which the transmission over a connection may be "interrupted." The meaning of
the "interrupt" is not defined at this level, but is made available for use by outer layers of protocol. The interrupt command sent from the receiving Host to the sending Host is INR (interrupt-by- receiver). 8 8 +------------+ | INR | link | +------------+ The interrupt command sent from the sending Host to the receiving Host is INS (interrupt-by-sender). 8 8 +------------+ | INS | link | +------------+ The INR and INS commands are legal only when a connection using the link number in the "link" field is established. Test Inquiry ============ It may sometimes be useful for one Host to determine if some other Host is capable of carrying on network conversations. The control command to be used for this purpose is ECO (echo). 8 8 +------------+ | ECO | data | +------------+ The "data" field may contain any bit configuration chosen by the Host sending the ECO. Upon receiving an ECO command an NCP must respond by returning the data to the sender in an ERP (echo-reply) command. 8 8 +------------+ | ERP | data | +------------+ A Host should "quickly" respond (with an ERP command) to an incoming ECO command. However, there is no prescribed time period, after the receipt of an ECO, in which the ERP must be returned. A Host is prohibited from sending an ERP when no ECO has been received, or from sending an ECO to a Host while a previous ECO to that Host remains
"unanswered." Any of the following constitute an "answer" to an ECO: information from the local IMP that the ECO was discarded by the network (e.g., IMP/Host message type 7 - Destination Dead), ERP, RST, or RRP (see below). Reinitialization ================ Occasionally, due to lost control messages, system "crashes", NCP errors, or other factors, communication between two NCPs will be disrupted. One possible effect of any such disruption might be that neither of the involved NCPs could be sure that its stored information regarding connections with the other Host matched the information stored by the NCP of the other Host. In this situation, an NCP may wish to reinitialize its tables and request that the other Host do likewise; for this purpose the protocol provides the pair of control commands RST (reset) and RRP (reset-reply). 8 +-----+ | RST | +-----+ 8 +-----+ | RRP | +-----+ The RST command is to be interpreted by the Host receiving it as a signal to purge its NCP tables of any entries which arose from communication with the Host which sent the RST. The Host sending the RST should likewise purge its NCP tables of any entries which arise from communication with the Host to which the RST was sent. The Host receiving the RST should acknowledge receipt by returning an RRP. _Once_the_first_Host_has_sent_an_RST_to_the_second_Host,_the_first_ _Host_is_not_obliged_to_communicate_with_the_second_Host_(except_for_ _responding_to_RST)_until_the_second_Host_returns_an_RRP._ In fact, to avoid synchronization errors, the first Host _should_not_ communicate with the second until the RST is answered. Of course, if the IMP subnetwork returns a "Destination Dead" (type 7) message in response to the control message containing the RST, an RRP should not be expected. If both NCPs decide to send RSTs at approximately the same time, then each Host will receive an RST and each must answer with an RRP, even though its own RST has not yet been answered. Some Hosts may choose to "broadcast" RSTs to the entire network when they "come up." One method of accomplishing this would be to send an
RST command to each of the 256 possible Host addresses; the IMP subnetwork would return a "Destination Dead" (type 7) message for each non-existent Host, as well as for each Host actually "dead." _However,_no_Host_is_ever_obliged_to_transmit_an_RST_command._ Hosts are prohibited from sending an RRP when no RST has been received. Further, Hosts may send only one RST in a single control message and should wait a "reasonable time" before sending another RST to the same Host. Under these conditions, a single RRP constitutes an "answer" to _all_ RSTs sent to that Host, and any other RRPs arriving from that Host should be discarded.
IV. DECLARATIVE SPECIFICATIONS Message Format ============== All Host-to-Host messages (i.e., messages of type zero) shall have a header 72 bits long consisting of the following fields (see Figure 1): Bits 1-32 Leader - The contents of this field must be constructed according to the specifications contained in BBN Report Number 1822. Bits 33-40 Field M1 - Must be zero. Bits 41-48 Field S - Connection byte size. This size must be identical to the byte size in the STR used in establishing the connection. If this message is being transmitted over the control link the connection byte size must be 8. Bits 49-64 Field C - Byte Count. This field specifies the number of bytes in the text portion of the message. A zero value in the C field is explicitly permitted. Bits 65-72 Field M2 - Must be zero. Following the header, the message shall consist of a text field of C bytes, where each byte is S bits in length. Following the text there will be field M3 followed by padding. The M3 field is zero or more bits long and must be all zero; this field may be used to fill out a message to a word boundary.
|<---------------------------32 bits--------------------------->| |<----8 bits--->|<----8 bits--->|<-----------16 bits----------->| +---------------------------------------------------------------+ | | | LEADER | | | +---------------------------------------------------------------| | | | | | FIELD M1 | FIELD S | FIELD C | | | | | +---------------+---------------+-------------------------------+ | | ^ | | FIELD M2 | | | | | | | +---------------+ | | | | | | | | | | | | | | | TEXT | | | | | | | | | | | | | | | +--------------------+ | | | | | | | FIELD M3 | | V | | +-----------------------------------+------+--------------------+ | | | 10-----------------0 |<-------PADDING | | +-----------------------------------+ Figure 1 ======== The message header must, among other things, enable the NCP at the receiving Host to identify correctly the connection over which the message was sent. Given a set of messages from Host A to Host B, the only field in the header under the control of the NCP at Host B is the link number (assigned via the RTS control command). Therefore, each NCP must insure that, at a given point in time, for each connection for which it is the receiver, a unique link is assigned. Recall that the link is specified by the sender's address and the link number; thus a unique link number must be assigned to each connection to a given Host.
Link Assignment =============== Links are assigned as follows: Link number Assignment =========== ========== 0 Control link 2-71 Available for connections 1, 72-190 Reserved - not for current use 191 To be used only for measurement work under the direction of the Network Measurement Center at UCLA 192-255 Available for private experimental use. Control Messages ================ Messages sent over the control link have the same format as other Host-to-Host messages. The connection byte size (Field S in the message header) must be 8. Control messages may not contain more than 120 bytes of text; thus the value of the byte count (Field C in the message header) must be less than or equal to 120. Control messages must contain an integral number of control commands. A single control command may not be split into parts which are transmitted in different control messages. Control Commands ================ Each control command begins with an 8-bit _opcode._ These opcodes have values of 0, 1, ... to permit table lookup upon receipt. Private experimental protocols should be tested using opcodes of 255, 254, ... Most of the control commands are more fully explained in Section III.
NOP - No operation ================== 8 +-----+ | NOP | +-----+ The NOP command may be sent at any time and should be discarded by the receiver. It may be useful for formatting control messages. RST - Reset =========== 8 +-----+ | RST | +-----+ The RST command is used by one Host to inform another that all information regarding previously existing connections, including partially terminated connections, between the two Hosts should be purged from the NCP tables of the Host receiving the RST. Except for responding to RSTs, the Host which sent the RST is not obliged to communicate further with the other Host until an RRP is received in response. RRP - Reset reply ================= 8 +-----+ | RRP | +-----+ The RRP command must be sent in reply to an RST command. RTS - Request connection, receiver to sender ============================================ 8 32 32 8 +----------------------------------------------+ | RTS | receive socket | send socket | link | +----------------------------------------------+ The RTS command is used to establish a connection and is sent from the Host containing the receive socket to the Host containing the send socket. The link number for message transmission over the
connection is assigned with this command; the "link" field must be between 2 and 71, inclusive. STR - Request connection, sender to receiver ============================================ 8 32 32 8 +----------------------------------------------+ | STR | send socket | receive socket | size | +----------------------------------------------+ The STR command is used to establish a connection and is sent from the Host containing the send socket to the Host containing the receive socket. The connection byte size is assigned with this command; the size must be between 1 and 255, inclusive. CLS - Close =========== 8 32 32 +-----+-------------+-------------+ | CLS | my socket | your socket | +-----+-------------+-------------+ The CLS command is used to terminate a connection. A connection need not be completely established before a CLS is sent. ALL - Allocate ============== 8 8 16 32 +------------------------------------+ | ALL | link | msg space | bit space | +------------------------------------+ The ALL command is sent from a receiving Host to a sending Host to increase the sending Host's space counters. This command may be sent only while the connection is established. The receiving Host is prohibited from incrementing the Host's message counter above (2^16 - 1) or bit counter above (2^32 - 1).
GVB - Give back =============== 8 8 8 8 +----------------------+ | GVB | link | fm | fb | +----------------------+ ^ ^ | +--- bit fraction +-------- message fraction The GVB command is sent from a receiving Host to a sending Host to request that the sending Host return all or part of its message space and/or bit space allocations. The "fractions" specify what portion (in 128ths) of each allocation must be returned. This command may be sent only while the connection is established. RET - Return ============ 8 8 16 32 +------------------------------------+ | RET | link | msg space | bit space | +------------------------------------+ The RET command is sent from the sending Host to the receiving Host to return all or a part of its message space and/or bit space allocations in response to a GVB command. This command may be sent only while the connection is established. INR - Interrupt by receiver =========================== 8 8 +------------+ | INR | link | +------------+ The INR command is sent from the receiving Host to the sending Host when the receiving process wants to interrupt the sending process. This command may be sent only while the connection is established.
INS - Interrupt by sender ========================= 8 8 +------------+ | INS | link | +------------+ The INS command is sent from the sending Host to the receiving Host when the sending process wants to interrupt the receiving process. This command may be sent only while the connection is established. ECO - Echo request ================== 8 8 +------------+ | ECO | data | +------------+ The ECO command is used only for test purposes. The data field may be any bit configuration convenient to the Host sending the ECO command. ERP - Echo reply ================ 8 8 +------------+ | ERP | data | +------------+ The ERP command must be sent in reply to an ECO command. The data field must be identical to the data field in the incoming ECO command. ERR - Error detected ==================== 8 8 80 +-----+------+---------------------------- ~ -------------+ | ERR | code | data | +-----+------+---------------------------- ~ -------------+ The ERR command may be sent whenever a second level protocol error is detected in the input from another Host. In the case that the error condition has a predefined error code, the "code" field specifies the specific error, and the data field gives parameters. For other
errors the code field is zero and the data field is idiosyncratic to the sender. Implementers of Network Control Programs are expected to publish timely information on their ERR commands. The usefulness of the ERR command is compromised if it is merely discarded by the receiver. Thus, sites are urged to record incoming ERRs if possible, and to investigate their cause in conjunction with the sending site. The following codes are defined. Additional codes may be defined later. a. Undefined (Error code = 0) The "data" field is idiosyncratic to the sender. b. Illegal opcode (Error code = 1) An illegal opcode was detected in a control message. The "data" field contains the ten bytes of the control message beginning with the byte containing the illegal opcode. If the remainder of the control message contains less than ten bytes, fill will be necessary; the value of the fill is zeros. c. Short parameter space (Error code = 2) The end of a control message was encountered before all the required parameters of the control command being decoded were found. The "data" field contains the command in error; the value of any fill necessary is zeros. d. Bad parameters (Error code = 3) Erroneous parameters were found in a control command. For example, two receive or two send sockets in an STR, RTS, or CLS; a link number outside the range 2 to 71 (inclusive); an ALL containing a space allocation too large. The "data" field contains the command in error; the value of any fill necessary is zeros. e. Request on a non-existent socket (Error code = 4) A request other than STR or RTS was made for a socket (or link) for which no RFC has been transmitted in either direction. This code is meant to indicate to the NCP receiving it that functions are being performed out of order. The "data" field contains the command in error; the value of any fill necessary is zeros. f. Socket (link) not connected (Error code = 5) There are two cases: 1. A control command other than STR or RTS refers to a socket (or link) which is not part of an established connection. This code would be used when one RFC had been transmitted, but the matching RFC had not. It is meant to indicate the
failure of the NCP receiving it to wait for a response to an RFC. The "data" field contains the command in error; the value of any fill necessary is zeros. 2. A message was received over a link which is not currently being used for any connection. The contents of the "data" field are the message header followed by the first eight bits of text (if any) or zeros. Opcode Assignment ================= Opcodes are defined to be eight-bit unsigned binary numbers. The values assigned to opcodes are: NOP = 0 RTS = 1 STR = 2 CLS = 3 ALL = 4 GVB = 5 RET = 6 INR = 7 INS = 8 ECO = 9 ERP = 10 ERR = 11 RST = 12 RRP = 13 Control Command Summary ======================= 8 +-----+ | NOP | +-----+ 8 32 32 8 +----------------------------------------------+ | RTS | receive socket | send socket | link | +----------------------------------------------+ 8 32 32 8 +----------------------------------------------+ | STR | send socket | receive socket | size | +----------------------------------------------+
8 32 32 +-----+-------------+-------------+ | CLS | my socket | your socket | +-----+-------------+-------------+ 8 8 16 32 +------------------------------------+ | ALL | link | msg space | bit space | +------------------------------------+ 8 8 8 8 +----------------------+ | GVB | link | fm | fb | +----------------------+ 8 8 16 32 +------------------------------------+ | RET | link | msg space | bit space | +------------------------------------+ 8 8 +------------+ | INR | link | +------------+ 8 8 +------------+ | INS | link | +------------+ 8 8 +------------+ | ECO | data | +------------+ 8 8 +------------+ | ERP | data | +------------+ 8 8 80 +-----+------+---------------------------- ~ -------------+ | ERR | code | data | +-----+------+---------------------------- ~ -------------+
8 +-----+ | RST | +-----+ 8 +-----+ | RRP | +-----+ [ This is the end of the January 1972 document. ]
4. Security Considerations
This document does not discuss any security considerations.Authors' Addresses
Alexander McKenzie PMB #4334, PO Box 2428 Pensacola, FL 32513 USA EMail: amckenzie3@yahoo.com Steve Crocker 5110 Edgemoor Lane Bethesda, MD 20814 USA EMail: steve@stevecrocker.com