IETF Logo Mail Archive

[pim] Re: IGMP v3 update - clarification about which router queries cause version fallback

Phil Karn <karn@ka9q.net> Sat, 17 August 2024 00:18 UTC

Return-Path: <karn@ka9q.net>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38EDEC180B6D for <pim@ietfa.amsl.com>; Fri, 16 Aug 2024 17:18:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ka9q-net.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id USI_Yr0-KUHx for <pim@ietfa.amsl.com>; Fri, 16 Aug 2024 17:18:53 -0700 (PDT)
Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E0A8C180B63 for <pim@ietf.org>; Fri, 16 Aug 2024 17:18:53 -0700 (PDT)
Received: by mail-pf1-x434.google.com with SMTP id d2e1a72fcca58-70d2ae44790so1991944b3a.2 for <pim@ietf.org>; Fri, 16 Aug 2024 17:18:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ka9q-net.20230601.gappssmtp.com; s=20230601; t=1723853933; x=1724458733; darn=ietf.org; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:from:to:cc:subject:date:message-id:reply-to; bh=bFTlCV1anI612bSZE+/rSHHe3VQblu6gMxj+FJRWtyY=; b=YKXv2WnofTF7p5O26rBREVbDYMQ0kaivjS7lIGa+pTsXuAdHv/n+xoH0nLDAqvLXJm HBWJVayQ0UTIsrrkfhTPPjVuydiSM427l0S8vsT96Wq11viae+49v1aHCBbXxpuuGb62 fb3IiLSp8wAns2wBCP96GdcC/gsVydqOzzMkGPf1fiTh2f4VtE44N7WOq01BmdJVqnTl n6T0P1yqYjILVHxTuj3LKVnW1M/hVfj8MnTYUb8vWujBniWshZkwlWGqLDwNxOa255zv 04TgOZS00V93ud071LjbETh6MBtM/GzRE0Ckx9ntgC5XG52XJ8a4eVgdly+zzukl4IHG Uvtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723853933; x=1724458733; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=bFTlCV1anI612bSZE+/rSHHe3VQblu6gMxj+FJRWtyY=; b=KHPTgUCfEBJTgtNUtaITGUbd7DUUC8LZ2H6LXSeGFR6ZTCKxU1IWSqkWELd8DcTRuh qmvJ991L4zdM+HzT3STQ8M5ZOmtxLJ10fwVLcpE32WA8MppZ4jZBzmjBF05fZEYEGiF2 ZG7bNW29TaQIab+wXLDd8fgttp/wWWEEw7TKg9yolxD3X9zAohOmfDFpDgjam8ywVUQm 3M091nwWaW/MgrMi/Sn+NR2DWCVVWsm6564FQNK2hgHp8cRecNR2HyNtr+29cqv7h9QW VHJ8EJJyOl6pLegp2NW7g5NzWuq4niA7NfdL9g/qo5PU8A1ySRYNowpnB2W4l7BR2WwG MRXQ==
X-Gm-Message-State: AOJu0YydrceQHCopkKAuIQhqWlvoAHJZRizi5WUh0+koxhNMm1voltii XT6Bbxfi+hKfAM70FiC0gI+dmGgoZmlLIZ5dUqxiRotJvoK7fCYf7CjJ5G1ymg==
X-Google-Smtp-Source: AGHT+IFqSTWGbWg2tDcDR6jXgep8as4WaU9UCuh6o8F6hyU+HfPyF2lv0tlZbhNSKFo/oiSC9a+JyA==
X-Received: by 2002:a05:6a00:a8d:b0:706:3329:5533 with SMTP id d2e1a72fcca58-713c4ed1987mr5164975b3a.24.1723853932419; Fri, 16 Aug 2024 17:18:52 -0700 (PDT)
Received: from ?IPV6:2603:8001:5900:6e22:3880:16c9:7e50:1047? ([2603:8001:5900:6e22:3880:16c9:7e50:1047]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7127af16635sm3258605b3a.147.2024.08.16.17.18.50 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 16 Aug 2024 17:18:51 -0700 (PDT)
Message-ID: <616e48d2-af89-4f39-8552-08448ea131bd@ka9q.net>
Date: Fri, 16 Aug 2024 17:18:49 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Brian Haberman <brian@innovationslab.net>, Dino Farinacci <farinacci@gmail.com>
References: <9a4ab4e0-a5aa-4c9b-bf02-01fd070858a8@ka9q.net> <13f97817-2506-4ace-a44d-a7f8a8525c96@innovationslab.net> <D2183B0A-209E-40A6-AC3F-553D122AAF01@ka9q.net> <C61FF107-AD97-471E-AA2E-B6B570FC4E71@gmail.com> <3aae3037-7f75-4e1b-9d44-f664e752a7a2@innovationslab.net> <92E30006-1EFE-4060-A00D-DAB766BEEEED@gmail.com> <3db33494-b756-46b4-937d-bab213642207@innovationslab.net> <fa398bc2-1b97-47e0-9aff-8599ad2e967d@ka9q.net> <53a9d513-de34-457d-b8f6-fc29da9332fe@innovationslab.net>
Content-Language: en-US
From: Phil Karn <karn@ka9q.net>
Autocrypt: addr=karn@ka9q.net; keydata= xsBNBEw2mJ4BCADELiPsLFHDwapoSU7d2xNHxmwzzrFUCZWhO34kM6G5+o9GUNmGgMQ0BmXp I6hx77HHnrj9FC6kWh/bxBt3+o8HW+NTWzJSvf6kW7ThaNt7v9iewkS23JOMarAZs4qy6MhT 1RW1/yWY7RimWxrmkKPTKKa0Ad4CWT6fcP3t+doqGslSQIeoTh0C33ZT+LY59Wcr224iXohN 4Uu/nFe4yAHjtA+4Sesveo3Tyi8cbOgkcO6vij+pXesCcuhtGMlnE2dxRqbenrfVGLUVxNug LkQdLWezaGGm+dcjWYk1xjtaDnsCpVaYCMsfYNADQPJAjAFu37pVdoXhseVXfzOUN2EXABEB AAHNGVBoaWwgS2FybiA8a2FybkBrYTlxLm5ldD7CwHgEEwECACIFAkw2mJ4CGwMGCwkIBwMC BhUIAgkKCwQWAgMBAh4BAheAAAoJEPFOQ1TtRjRGU98H/Atsb/N4lNbzNdzdIRcHD9XgCEa1 UdR4mxgjwvLxS1nYRNdHwfTxvA5nxWfMx/0CB26VaNFdI3lkg/S0vYsSUu6M7l8Zb8v4JMyU 4B4yvkFHZ3II5oilzIMa3e2cMfDz7TSwO1JcXyI5y9vHnvH65/LQF+QojDgzf3vXKiNdTXJp 3nEa5IgMAB0rcSNsXFx8xbHi8s5niL9+1I7XTPvVMeXrMe8h4AG1nM/dK96WwmV+tLyXKYXn xVeb9F4X9CNQbkn/xAH+egvKHHT3V7K9cAhrDfu9Qwpo7zKk/akBpLWG2kmkTOfhXjm3UQhv MVgDmpeQIYa1HgAsKrsDQMzrIFnOwE0ETDaYngEIAJmFdm0MmENzLEosD1FvGPJleWDYb0ah 8dOk4XUug1RhW40f7AsugT75pKs9PolXt92920GdU727X3Jpgdj4kLDtIQA0KZrOXiEOZjIZ WcROAyvTGyMs/P7Um1AGNM161Ga6/Wtlc076FN7EUQtzPbthH26M3lGWUX0Ccls/8Ep4qbnF IrMRBxjaxKbqfKPTeU10pDykzA7s5hiNe7qaegvqD6YLseZ+6FqCn988YnLiIaFeNbWxUY5G spjAsfesnAmpn5vhUqAGiizkNlAMIN31xvpLd93oM4/vORszIuN1UP2RlxL3s30BncZl2XOd Mk1/59Sy70zVqF1ANyMrA18AEQEAAcLAXwQYAQIACQUCTDaYngIbDAAKCRDxTkNU7UY0Rszt B/9ZPH9xw47lPkVJRbhgf0G7fdsxsyiuouAqOKklUNFSy4+qeGomjwE6YvdMybwGtaUGla7t 2mDzrva+7Gzb0inXIgmahQPmM16F3GVxGoFL+QJ+7gD8Hco6e0/2kju7ZREDE7SOEwKb3lhD eNLccfX2AqAHfCT/LVLbgBpMRmwUJQThM+33Z2L9BqIM3awj2mOTmeDumpxiDfroU90mGc9c pXe4YrNIkL/N8eMzLe1bpu+mpPCiIrEO+dFA7N8jjVcOCQ4Lr8sU6cOsEdkaACZiNFKT99eb NkKigK8sEkDZc/AKhPCEsnaZpwBZPScOL88LLi7FHj9Osznt+uhWfbLe
In-Reply-To: <53a9d513-de34-457d-b8f6-fc29da9332fe@innovationslab.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: DE5WA4BJOHV5QKIKUO7EHMMJF2TQG7AY
X-Message-ID-Hash: DE5WA4BJOHV5QKIKUO7EHMMJF2TQG7AY
X-MailFrom: karn@ka9q.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-pim.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: pim@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [pim] Re: IGMP v3 update - clarification about which router queries cause version fallback
List-Id: Protocol Independent Multicast <pim.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/iRirfLy-dwfLWhrHyRsMH0FzNEU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Owner: <mailto:pim-owner@ietf.org>
List-Post: <mailto:pim@ietf.org>
List-Subscribe: <mailto:pim-join@ietf.org>
List-Unsubscribe: <mailto:pim-leave@ietf.org>

That's good too. It's just that really explicit language makes it easier 
to convince the code maintainers that they have to fix something.

Phil

On 8/16/24 10:49, Brian Haberman wrote:
> Hi Phil,
>      From a language perspective, I think that is simply a repetition 
> of the same rule since there are only two types of query messages. If 
> you think the MUST NOT approach makes it more explicit, I would suggest:
>
> The Host Compatibility Mode variable is based on whether an older 
> version General query was heard in the last Older Version Querier 
> Present Timeout seconds. The Host Compatibility mode variable value 
> MUST NOT be changed by an older version of a group-specific query.
>
> Regards,
> Brian
>
> On 8/16/24 1:42 PM, Phil Karn wrote:
>> Why not make it more explicit?
>>
>> The Host Compatibility Mode variable value MUST only be updated based 
>> on whether an older  General query was heard in the last Older 
>> Version Querier Present Timeout seconds. The Host Compatibility mode 
>> variable value MUST NOT be changed by an older version of a 
>> group-specific query.
>>
>> On 8/16/24 06:40, Brian Haberman wrote:
>>> So, I don't think we should drop "older" from the sentence. The 
>>> paragraph immediately before that sentence says that Host 
>>> Compatibility Mode changes based on receiving an even older version 
>>> query or expiration of the timers.
>>>
>>> Paragraph 3 of 7.2.1:
>>> The Host Compatibility Mode of an interface changes whenever an 
>>> older version query (than the current compatibility mode) is heard 
>>> or when certain timer conditions occur. When the IGMPv1 Querier 
>>> Present timer expires, a host switches to Host Compatibility mode of 
>>> IGMPv2 if it has a running IGMPv2 Querier Present timer. If it does 
>>> not have a running IGMPv2 Querier Present timer then it switches to 
>>> Host Compatibility of IGMPv3. When the IGMPv2 Querier Present timer 
>>> expires, a host switches to Host Compatibility mode of IGMPv3.
>>>
>>> To me, that means the proposed edit is to make the following change 
>>> in section 7.2.1
>>>
>>> OLD:
>>> The Host Compatibility Mode variable is based on whether an older 
>>> version General query was heard in the last Older Version Querier 
>>> Present Timeout seconds.
>>>
>>> NEW:
>>> The Host Compatibility Mode variable value MUST only be updated 
>>> based on whether an older  General query was heard in the last Older 
>>> Version Querier Present Timeout seconds.
>>>
>>> Thoughts?
>>>
>>> Brian
>>>
>>> On 8/15/24 3:39 PM, Dino Farinacci wrote:
>>>>> Hey Dino!
>>>>
>>>> Hi!
>>>>
>>>>>      We have a slim window to get something into 3376bis *if* we 
>>>>> can clearly articulate that it is a clarification (the IESG 
>>>>> approved 3376bis last week).
>>>>
>>>> Well if its a bug, you DO NOT let the process stop you. Its 
>>>> important to fix. Taking a network down due to this issue is a 
>>>> showstopper bug.
>>>>
>>>> Now, Phil, you got to get Apple to fix this. Stuart Cheshire may be 
>>>> able to help.
>>>>
>>>>> So, section 7.2.1 says:
>>>>>
>>>>> The Host Compatibility Mode variable is based on whether an older 
>>>>> version General query was heard in the last Older Version Querier 
>>>>> Present Timeout seconds.
>>>>
>>>> I wouldn't say "older" actually. If you "hear any different version 
>>>> than you did last time", then the new query version is what runs on 
>>>> the LAN. Because if IGMPv3 leaves the LAN, the LAN should operate 
>>>> in IGMPv2.
>>>>
>>>>> AND
>>>>>
>>>>> If a host receives a query which causes its Querier Present timers 
>>>>> to be updated and correspondingly its compatibility mode, it 
>>>>> should switch compatibility modes immediately.
>>>>
>>>> Right.
>>>>
>>>>> I think a simple approach is to change the first sentence to use a 
>>>>> MUST for changing mode based on a General query. So, something like:
>>>>>
>>>>> The Host Compatibility Mode variable value MUST only be updated 
>>>>> based on whether an older version General query was heard...
>>>>
>>>> Agree:
>>>>
>>>> The Host Compatibility Mode variable value MUST only be updated 
>>>> based on whether a different version General query was heard, from 
>>>> the last one received, ...
>>>>
>>>> Dino
>>>>
>>>>>
>>>>> Thoughts?
>>>>>
>>>>> Brian
>>>>>
>>>>> On 8/15/24 2:41 PM, Dino Farinacci wrote:
>>>>>> Brian, this is a protocol design bug if this behavior was 
>>>>>> intended. Otherwise the RFC needs updating for clarity.
>>>>>> In either case, the RFC text MUST BE fixed.
>>>>>> Dino
>>>>>>> On Aug 14, 2024, at 9:41 PM, Phil Karn <karn@ka9q.net> wrote:
>>>>>>>
>>>>>>> I understand that part. My point was that Linux appears to reset 
>>>>>>> the interface compatibility mode timer for IGMPv2 in response to 
>>>>>>> a *group specific* membership query. My reading of the RFC is 
>>>>>>> that this should be done only for *general* membership queries 
>>>>>>> (no specific group). Even worse, MacOS stops responding entirely 
>>>>>>> to IGMPv3 queries.
>>>>>>>
>>>>>>> As things stand now, if you have an iPhone on your LAN, IGMPv3 
>>>>>>> is unusable for everybody.. If you have a MacOS system on your 
>>>>>>> LAN and the querier is IGMPv3, multicast will be broken for you. 
>>>>>>> Permanently. Is that the intent of the RFC?
>>>>>>>
>>>>>>> if you see a group-specific query and you’re a member of that 
>>>>>>> group (otherwise you probably wouldn’t see the query!) you 
>>>>>>> should answer with the version used for that query, but reset 
>>>>>>> the compatibility mode timer to IGMPv2 only if the next 
>>>>>>> *general* query uses IGMPv2.
>>>>>>>
>>>>>>>> On Aug 14, 2024, at 13:35, Brian Haberman 
>>>>>>>> <brian@innovationslab.net> wrote:
>>>>>>>>
>>>>>>>> Hi Phi,
>>>>>>>>     3376 and 3376bis are pretty clear on this from my 
>>>>>>>> perspective. Section 7.2.1 says:
>>>>>>>>
>>>>>>>> In order to be compatible with older version routers, IGMPv3 
>>>>>>>> hosts MUST operate in version 1 and version 2 compatibility 
>>>>>>>> modes. IGMPv3 hosts MUST keep state per local interface 
>>>>>>>> regarding the compatibility mode of each attached network. A 
>>>>>>>> host's compatibility mode is determined from the Host 
>>>>>>>> Compatibility Mode variable which can be in one of three 
>>>>>>>> states: IGMPv1, IGMPv2 or IGMPv3. This variable is kept per 
>>>>>>>> interface and is dependent on the version of General Queries 
>>>>>>>> heard on that interface as well as the Older Version Querier 
>>>>>>>> Present timers for the interface.
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Brian
>>>>>>>>
>>>>>>>> On 7/30/24 12:54 AM, Phil Karn wrote:
>>>>>>>>> Hi. I'm been trying to figure out why Linux on my network 
>>>>>>>>> keeps falling back to IGMPv2, and I've found out why. I may 
>>>>>>>>> need a clarification to RFC3376.
>>>>>>>>> At first, all works fine. My snooping switch issues an IGMPv3 
>>>>>>>>> general membership query and my Linux system answers with 
>>>>>>>>> IGMPv3 membership messages. Great.
>>>>>>>>> Then my Linux system sees a IGMPv2 group-specific query for 
>>>>>>>>> 224.0.0.251 (the multicast DNS group). Since I'm running 
>>>>>>>>> avahi-daemon (the mDNS service daemon) this elicits an 
>>>>>>>>> outgoing IGMPv2 membership report for 224.0.0.251. Then 
>>>>>>>>> subsequent IGMPv3 general membership queries elicits IGMPv2 
>>>>>>>>> (not v3) membership reports for all my other multicast group 
>>>>>>>>> memberships.
>>>>>>>>> I believe this is a bug in Linux, but I want to make sure 
>>>>>>>>> RFC3376 says what I think it says.
>>>>>>>>> RFC3376 says an IGMPv2 general query should change the 
>>>>>>>>> interface version to IGMPv2 and start the IGMPv2 
>>>>>>>>> querier-present timer, after which the interface reverts to v3 
>>>>>>>>> if enough time goes by without another IGMPv2 general query. 
>>>>>>>>> But it does not explicitly say that ONLY a IGMPv2 GENERAL 
>>>>>>>>> query should do this -- that a group-specific IGMPv2 query 
>>>>>>>>> should NOT cause the interface to drop into IGMPv2 mode even 
>>>>>>>>> if we're a member of that group.
>>>>>>>>> The problem is that buggy Apple devices frequently and 
>>>>>>>>> gratuitously join and leave 224.0.0.251, and these devices 
>>>>>>>>> don't speak IGMPv3. Whenever one leaves, the querier correctly 
>>>>>>>>> issues a group-specific query to see if any other members are 
>>>>>>>>> left -- and this group-specific query knocks Linux back to 
>>>>>>>>> IGMPv2. Since these Apple devices gratuitously join and leave 
>>>>>>>>> more rapidly than the IGMPv2-querier-present timer expires, 
>>>>>>>>> the situation persists. IGMPv3 becomes unusable on my network.
>>>>>>>>> So is it the intent of RFC3376 that ONLY a *general* IGMPv2/v1 
>>>>>>>>> query should trigger the version fallback logic, or should a 
>>>>>>>>> group-specific IGMPv2 query do the same?
>>>>>>>>> To summarize:
>>>>>>>>> 1. RFC 3376 is arguably vague about exactly which membership 
>>>>>>>>> queries should invoke a version fallback. All IGMPv2/v1 
>>>>>>>>> queries, or only general ones?
>>>>>>>>> 2. Linux interprets any IGMPv2 membership query - not just a 
>>>>>>>>> general query - as triggering a fallback. Right now I don't 
>>>>>>>>> know if this is correct behavior or an honest misunderstanding 
>>>>>>>>> of a vague specification.
>>>>>>>>> 3. Apple really should get with the program and implement 
>>>>>>>>> IGMPv3. It's only what, 22 years old?
>>>>>>>>> 4. Apple really should get with the program and stop 
>>>>>>>>> explicitly joining a very popular link-local multicast address 
>>>>>>>>> (224.0.0.251) that every host is supposed to be an implicit 
>>>>>>>>> member of anyway.
>>>>>>>>> 5. Apple really should get with the program and stop 
>>>>>>>>> gratuitously leaving and re-joining said link-local multicast 
>>>>>>>>> group.
>>>>>>>>> But I'm only asking this list to address point #1. Should 
>>>>>>>>> group-specific IGMPv2 membership queries trigger a version 
>>>>>>>>> fallback until the IGMPv2 Querier Present timer expires? Or 
>>>>>>>>> should only general queries do so?
>>>>>>>>> --Phil
>>>>>>>>> _______________________________________________
>>>>>>>>> pim mailing list -- pim@ietf.org
>>>>>>>>> To unsubscribe send an email to pim-leave@ietf.org
>>>>>>>> _______________________________________________
>>>>>>>> pim mailing list -- pim@ietf.org
>>>>>>>> To unsubscribe send an email to pim-leave@ietf.org
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> pim mailing list -- pim@ietf.org
>>>>>>> To unsubscribe send an email to pim-leave@ietf.org
>>>>

v2.37.1 | Report a Bug | By Email | System Status