IETF Logo Mail Archive

[pim] Re: IGMP v3 update - clarification about which router queries cause version fallback

Gyan Mishra <hayabusagsm@gmail.com> Sat, 17 August 2024 03:06 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3E03C151066 for <pim@ietfa.amsl.com>; Fri, 16 Aug 2024 20:06:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y5H8R9tWwOQs for <pim@ietfa.amsl.com>; Fri, 16 Aug 2024 20:06:39 -0700 (PDT)
Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B99FCC14F603 for <pim@ietf.org>; Fri, 16 Aug 2024 20:06:39 -0700 (PDT)
Received: by mail-pg1-x533.google.com with SMTP id 41be03b00d2f7-7163489149eso1926228a12.1 for <pim@ietf.org>; Fri, 16 Aug 2024 20:06:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723863999; x=1724468799; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=8eKxHlwPDId6v9HNOsBB4JGL0/2xBW309EMoE5ztoho=; b=lUf2jJqxUteA3/ryCEo5eyl5SGyKCWx67UvwBugy+E4EIWLNDA8SFwl44G8QW0cQ2L NZTSsEtCO7CBH+h9E5RLgzTSBuBsw/8mYUHMPFuubU8WQuKeLUBy+15WNkQ2rZIvdpvs SP13yfekUlJTQJFcjd+WAnQmXDPo6jPjTyZ4eHv+AIS2jl+ISKRzocRDiF83+/TuNm8U J1wb55/i8ZY6t0wH4uShL582pm/+KxwR0x9UFguMF3nfgiEd4t+1rU0rOFwcajZ12wzd rH6pS0TkvLYr8nvrLwkIc2KSyhmOuPx5PvoeTZAwGCgHW1iK2b1FVea27Ln8DeB+qVPU m4Bw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723863999; x=1724468799; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8eKxHlwPDId6v9HNOsBB4JGL0/2xBW309EMoE5ztoho=; b=ITbm9LLp5Ixc7Cg8Vn0bdRGemIsWMXWuoFZJ7T4saFda57r4HmylQhKtUO6TUAbEPU T4MVWoYkjlxuQrdNhJk4drhxatQSY4Z/ffKMU7ccMwaRyX2Z9/XyP+LZMoaD+VkDwtkQ qMqaiglXAurcv9BjqRP/1gxhlH1PV9kiPQkyxIBTvjy/ndsSV8GgklTgUVQ+zPoRcKGj GmSwK8QuPM3nVeHMhrLX91on7+AxuSt3g7eJU0rHad831Q39FJwcwMUAqoKpF2PhB9Yc cNJNNNhyb3PdDps1xTBevezYeKM5208lk3cKRKnQJcjQNn4+ALp1vec0Qh0ZxaKSj6oW DjZg==
X-Forwarded-Encrypted: i=1; AJvYcCV2blyBNLL/wlQd6EvxJl6d2WObbd85vwzlYSW4nDMfKhXyzYBxIxMg18oiMsSHykEdsaP2IqYJUNdOg/g=
X-Gm-Message-State: AOJu0YyrHap1j5+GZg48kvp9CWgY1QGCaghbnEfv+NKmWveWJZgTXALU FCbFOfzjLrAXCAY2WQOH0VoBr69Xih+0Br8R3niZgJpfIy62AlMPPAI1UVrJnVm2hxwmQUozr1h KSpkJ/lLnYYVPOY7xIM0si39q9Xg=
X-Google-Smtp-Source: AGHT+IEwo7cud/nuj83aDYqk3ZX38Aj+V05E8+J6d7v99Nw/QB5ed5worulforSj/3yJ7gj5/N7iitRC9QR3hYCPJRg=
X-Received: by 2002:a17:90b:4b47:b0:2ca:5a46:cbc8 with SMTP id 98e67ed59e1d1-2d3e00f01c2mr5440159a91.26.1723863999005; Fri, 16 Aug 2024 20:06:39 -0700 (PDT)
MIME-Version: 1.0
References: <9a4ab4e0-a5aa-4c9b-bf02-01fd070858a8@ka9q.net> <13f97817-2506-4ace-a44d-a7f8a8525c96@innovationslab.net> <D2183B0A-209E-40A6-AC3F-553D122AAF01@ka9q.net> <C61FF107-AD97-471E-AA2E-B6B570FC4E71@gmail.com> <3aae3037-7f75-4e1b-9d44-f664e752a7a2@innovationslab.net> <92E30006-1EFE-4060-A00D-DAB766BEEEED@gmail.com> <3db33494-b756-46b4-937d-bab213642207@innovationslab.net> <EEB67A81-A220-4560-AB84-D70491904CFC@gmail.com> <3d9cfade-8fca-4648-bc11-f84e23cd4b4a@ka9q.net>
In-Reply-To: <3d9cfade-8fca-4648-bc11-f84e23cd4b4a@ka9q.net>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Fri, 16 Aug 2024 23:06:27 -0400
Message-ID: <CABNhwV2bFg1DWQDoCdrbssadnezqUf4ikvMdHYbxdZr9fqkQYQ@mail.gmail.com>
To: Phil Karn <karn@ka9q.net>
Content-Type: multipart/alternative; boundary="0000000000004d4e11061fd85dc9"
Message-ID-Hash: FLBKH2JADXFE7IFIWRW7NJCDY3YCSYPF
X-Message-ID-Hash: FLBKH2JADXFE7IFIWRW7NJCDY3YCSYPF
X-MailFrom: hayabusagsm@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-pim.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Brian Haberman <brian@innovationslab.net>, pim@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [pim] Re: IGMP v3 update - clarification about which router queries cause version fallback
List-Id: Protocol Independent Multicast <pim.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/pcWLXAS66F90t5zjjkZfPbzwhKE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Owner: <mailto:pim-owner@ietf.org>
List-Post: <mailto:pim@ietf.org>
List-Subscribe: <mailto:pim-join@ietf.org>
List-Unsubscribe: <mailto:pim-leave@ietf.org>

Phil

I have seen this exact behavior and it’s very annoying that a single IGMPv2
host sending a query can drop the entire LAN from IGMPv3 to IGMPv2.

The workaround was to find the device and shut it down or upgrade it to
support IGMPv3.

This issue happens every time an older non standard devices placed on LAN
which can bring down LAN to V2 unfortunately.

We also had an issue where we had L2 switches on a LAN that had management
interface with PIM enabled however was missing IGMP v3 setting and that was
bringing LAN down to v2.  We had PIM as standard on all interfaces however
we should have had exception for L2 switches but we didn’t and that wreaked
havoc on every LAN with L2 switch that has PIM enabled was reverting the
LAN to V2.  What a nightmare that was to fix and troubleshoot.


If we do a bis or update to the spec I think there is a lot that can be
cleaned up.

Kind Regards

Gyan
On Fri, Aug 16, 2024 at 8:27 PM Phil Karn <karn@ka9q.net> wrote:

> I think it means an older version of IGMP. But hey, you can never be too
> explicit in these things. That's why we're discussing this in the first
> place.
>
> But if we want to start another, larger discussion on improved
> compatibility, we can do that too. IMHO, the timers are a kludge. Simply
> answer IGMPv2 queries with IGMPv2 responses, and IGMPv3 queries with
> IGMPv3 responses. A single host running an old version of IGMP shouldn't
> be able to drag its entire LAN down to its level. I mean, IGMPv3 is now
> what, 22 years old? When I was active in the IETF, I couldn't even
> conceive of having to worry about protocols 22+ years old. TCP/IP itself
> wasn't that old.
>
> Phil
>
> On 8/16/24 13:11, Dino Farinacci wrote:
> > But does "older" mean a previous received Query, or one with an older
> version where 1 < 2 < 3, and 1 is older than 2 and 3,
> > and 2 is older than 3?
> >
> > If it is version based, can a LAN go from v3 to v2 when the v3 Query
> doesn't arrive anymore?
> >
> > Dino
> >
> >> On Aug 16, 2024, at 6:40 AM, Brian Haberman <brian@innovationslab.net>
> wrote:
> >>
> >> So, I don't think we should drop "older" from the sentence. The
> paragraph immediately before that sentence says that Host Compatibility
> Mode changes based on receiving an even older version query or expiration
> of the timers.
> >>
> >> Paragraph 3 of 7.2.1:
> >> The Host Compatibility Mode of an interface changes whenever an older
> version query (than the current compatibility mode) is heard or when
> certain timer conditions occur. When the IGMPv1 Querier Present timer
> expires, a host switches to Host Compatibility mode of IGMPv2 if it has a
> running IGMPv2 Querier Present timer. If it does not have a running IGMPv2
> Querier Present timer then it switches to Host Compatibility of IGMPv3.
> When the IGMPv2 Querier Present timer expires, a host switches to Host
> Compatibility mode of IGMPv3.
> >>
> >> To me, that means the proposed edit is to make the following change in
> section 7.2.1
> >>
> >> OLD:
> >> The Host Compatibility Mode variable is based on whether an older
> version General query was heard in the last Older Version Querier Present
> Timeout seconds.
> >>
> >> NEW:
> >> The Host Compatibility Mode variable value MUST only be updated based
> on whether an older  General query was heard in the last Older Version
> Querier Present Timeout seconds.
> >>
> >> Thoughts?
> >>
> >> Brian
> >>
> >> On 8/15/24 3:39 PM, Dino Farinacci wrote:
> >>>> Hey Dino!
> >>> Hi!
> >>>>      We have a slim window to get something into 3376bis *if* we can
> clearly articulate that it is a clarification (the IESG approved 3376bis
> last week).
> >>> Well if its a bug, you DO NOT let the process stop you. Its important
> to fix. Taking a network down due to this issue is a showstopper bug.
> >>> Now, Phil, you got to get Apple to fix this. Stuart Cheshire may be
> able to help.
> >>>> So, section 7.2.1 says:
> >>>>
> >>>> The Host Compatibility Mode variable is based on whether an older
> version General query was heard in the last Older Version Querier Present
> Timeout seconds.
> >>> I wouldn't say "older" actually. If you "hear any different version
> than you did last time", then the new query version is what runs on the
> LAN. Because if IGMPv3 leaves the LAN, the LAN should operate in IGMPv2.
> >>>> AND
> >>>>
> >>>> If a host receives a query which causes its Querier Present timers to
> be updated and correspondingly its compatibility mode, it should switch
> compatibility modes immediately.
> >>> Right.
> >>>> I think a simple approach is to change the first sentence to use a
> MUST for changing mode based on a General query. So, something like:
> >>>>
> >>>> The Host Compatibility Mode variable value MUST only be updated based
> on whether an older version General query was heard...
> >>> Agree:
> >>> The Host Compatibility Mode variable value MUST only be updated based
> on whether a different version General query was heard, from the last one
> received, ...
> >>> Dino
> >>>> Thoughts?
> >>>>
> >>>> Brian
> >>>>
> >>>> On 8/15/24 2:41 PM, Dino Farinacci wrote:
> >>>>> Brian, this is a protocol design bug if this behavior was intended.
> Otherwise the RFC needs updating for clarity.
> >>>>> In either case, the RFC text MUST BE fixed.
> >>>>> Dino
> >>>>>> On Aug 14, 2024, at 9:41 PM, Phil Karn <karn@ka9q.net> wrote:
> >>>>>>
> >>>>>> I understand that part. My point was that Linux appears to reset
> the interface compatibility mode timer for IGMPv2 in response to a *group
> specific* membership query. My reading of the RFC is that this should be
> done only for *general* membership queries (no specific group). Even worse,
> MacOS stops responding entirely to IGMPv3 queries.
> >>>>>>
> >>>>>> As things stand now, if you have an iPhone on your LAN, IGMPv3 is
> unusable for everybody.. If you have a MacOS system on your LAN and the
> querier is IGMPv3, multicast will be broken for you. Permanently. Is that
> the intent of the RFC?
> >>>>>>
> >>>>>> if you see a group-specific query and you’re a member of that group
> (otherwise you probably wouldn’t see the query!) you should answer with the
> version used for that query, but reset the compatibility mode timer to
> IGMPv2 only if the next *general* query uses IGMPv2.
> >>>>>>
> >>>>>>> On Aug 14, 2024, at 13:35, Brian Haberman <
> brian@innovationslab.net> wrote:
> >>>>>>>
> >>>>>>> Hi Phi,
> >>>>>>>     3376 and 3376bis are pretty clear on this from my perspective.
> Section 7.2.1 says:
> >>>>>>>
> >>>>>>> In order to be compatible with older version routers, IGMPv3 hosts
> MUST operate in version 1 and version 2 compatibility modes. IGMPv3 hosts
> MUST keep state per local interface regarding the compatibility mode of
> each attached network. A host's compatibility mode is determined from the
> Host Compatibility Mode variable which can be in one of three states:
> IGMPv1, IGMPv2 or IGMPv3. This variable is kept per interface and is
> dependent on the version of General Queries heard on that interface as well
> as the Older Version Querier Present timers for the interface.
> >>>>>>>
> >>>>>>> Regards,
> >>>>>>> Brian
> >>>>>>>
> >>>>>>> On 7/30/24 12:54 AM, Phil Karn wrote:
> >>>>>>>> Hi. I'm been trying to figure out why Linux on my network keeps
> falling back to IGMPv2, and I've found out why. I may need a clarification
> to RFC3376.
> >>>>>>>> At first, all works fine. My snooping switch issues an IGMPv3
> general membership query and my Linux system answers with IGMPv3 membership
> messages. Great.
> >>>>>>>> Then my Linux system sees a IGMPv2 group-specific query for
> 224.0.0.251 (the multicast DNS group). Since I'm running avahi-daemon (the
> mDNS service daemon) this elicits an outgoing IGMPv2 membership report for
> 224.0.0.251. Then subsequent IGMPv3 general membership queries elicits
> IGMPv2 (not v3) membership reports for all my other multicast group
> memberships.
> >>>>>>>> I believe this is a bug in Linux, but I want to make sure RFC3376
> says what I think it says.
> >>>>>>>> RFC3376 says an IGMPv2 general query should change the interface
> version to IGMPv2 and start the IGMPv2 querier-present timer, after which
> the interface reverts to v3 if enough time goes by without another IGMPv2
> general query. But it does not explicitly say that ONLY a IGMPv2 GENERAL
> query should do this -- that a group-specific IGMPv2 query should NOT cause
> the interface to drop into IGMPv2 mode even if we're a member of that group.
> >>>>>>>> The problem is that buggy Apple devices frequently and
> gratuitously join and leave 224.0.0.251, and these devices don't speak
> IGMPv3. Whenever one leaves, the querier correctly issues a group-specific
> query to see if any other members are left -- and this group-specific query
> knocks Linux back to IGMPv2. Since these Apple devices gratuitously join
> and leave more rapidly than the IGMPv2-querier-present timer expires, the
> situation persists. IGMPv3 becomes unusable on my network.
> >>>>>>>> So is it the intent of RFC3376 that ONLY a *general* IGMPv2/v1
> query should trigger the version fallback logic, or should a group-specific
> IGMPv2 query do the same?
> >>>>>>>> To summarize:
> >>>>>>>> 1. RFC 3376 is arguably vague about exactly which membership
> queries should invoke a version fallback. All IGMPv2/v1 queries, or only
> general ones?
> >>>>>>>> 2. Linux interprets any IGMPv2 membership query - not just a
> general query - as triggering a fallback. Right now I don't know if this is
> correct behavior or an honest misunderstanding of a vague specification.
> >>>>>>>> 3. Apple really should get with the program and implement IGMPv3.
> It's only what, 22 years old?
> >>>>>>>> 4. Apple really should get with the program and stop explicitly
> joining a very popular link-local multicast address (224.0.0.251) that
> every host is supposed to be an implicit member of anyway.
> >>>>>>>> 5. Apple really should get with the program and stop gratuitously
> leaving and re-joining said link-local multicast group.
> >>>>>>>> But I'm only asking this list to address point #1. Should
> group-specific IGMPv2 membership queries trigger a version fallback until
> the IGMPv2 Querier Present timer expires? Or should only general queries do
> so?
> >>>>>>>> --Phil
> >>>>>>>> _______________________________________________
> >>>>>>>> pim mailing list -- pim@ietf.org
> >>>>>>>> To unsubscribe send an email to pim-leave@ietf.org
> >>>>>>> _______________________________________________
> >>>>>>> pim mailing list -- pim@ietf.org
> >>>>>>> To unsubscribe send an email to pim-leave@ietf.org
> >>>>>> _______________________________________________
> >>>>>> pim mailing list -- pim@ietf.org
> >>>>>> To unsubscribe send an email to pim-leave@ietf.org
>
> _______________________________________________
> pim mailing list -- pim@ietf.org
> To unsubscribe send an email to pim-leave@ietf.org
>

v2.39.1 | Report a Bug | By Email | System Status