tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Gloss.     Arch.     IMS     UICC    |    Misc.    |    search     info

RFC 3940


Negative-acknowledgment (NACK)-Oriented Reliable Multicast (NORM) Protocol

Part 3 of 3, p. 52 to 80
Prev RFC Part


prevText      Top      Up      ToC       Page 52 
5.  Detailed Protocol Operation

   This section describes the detailed interactions of senders and
   receivers participating in a NORM session.  A simple synopsis of
   protocol operation is given here:

Top      Up      ToC       Page 53 
   1) The sender periodically transmits NORM_CMD(CC) messages as needed
      to initialize and collect roundtrip timing and congestion control
      feedback from the receiver set.

   2) The sender transmits an ordinal set of NormObjects segmented in
      the form of NORM_DATA messages labeled with NormTransportIds and
      logically identified with FEC encoding block numbers and symbol
      identifiers.  NORM_INFO messages may optionally precede the
      transmission of data content for NORM transport objects.

   3) As receivers detect missing content from the sender, they initiate
      repair requests with NORM_NACK messages.  Note the receivers track
      the sender's most recent objectId::fecPayloadId transmit position
      and NACK _only_ for content ordinally prior to that transmit
      position.  The receivers schedule random backoff timeouts before
      generating NORM_NACK messages and wait an appropriate amount of
      time before repeating the NORM_NACK if their repair request is not

   4) The sender aggregates repair requests from the receivers and
      logically "rewinds" its transmit position to send appropriate
      repair messages.  The sender sends repairs for the earliest
      ordinal transmit position first and maintains this ordinal repair
      transmission sequence.  Previously untransmitted FEC parity
      content for the applicable FEC coding block is used for repair
      transmissions to the greatest extent possible.  If the sender
      exhausts its available FEC parity content on multiple repair
      cycles for the same coding block, it resorts to an explicit repair
      strategy (possibly using parity content) to complete repairs.
      (The use of explicit repair is expected to be an exception in
      general protocol operation, but the possibility does exist for
      extreme conditions).  The sender immediately assumes transmission
      of new content once it has sent pending repairs.

   5) The sender transmits NORM_CMD(FLUSH) messages when it reaches the
      end of enqueued transmit content and pending repairs.  Receivers
      respond to the NORM_CMD(FLUSH) messages with NORM_NACK
      transmissions (following the same suppression backoff timeout
      strategy as for data) if they require further repair.

   6) The sender transmissions are subject to rate control limits
      determined by congestion control mechanisms.  In the baseline
      NORM-CC operation, each sender in a NormSession maintains its own
      independent congestion control state.  Receivers provide
      congestion control feedback in NORM_NACK and NORM_ACK messages.
      NORM_ACK feedback for congestion control purposes is governed
      using a suppression mechanism similar to that for NORM_NACK

Top      Up      ToC       Page 54 
   While this overall concept is relatively simple, there are details to
   each of these aspects that need to be addressed for successful,
   efficient, robust, and scalable NORM protocol operation.

5.1.  Sender Initialization and Transmission

   Upon startup, the NORM sender immediately begins sending NORM_CMD(CC)
   messages to collect round trip timing and other information from the
   potential group.  If NORM-CC congestion control operation is enabled,
   the NORM-CC Rate header extension MUST be included in these messages.
   Congestion control operation SHALL be observed at all times when
   operating in the general Internet.  Even if congestion control
   operation is disabled at the sender, it may be desirable to use the
   NORM_CMD(CC) messaging to collect feedback from the group using the
   baseline NORM-CC feedback mechanisms.  This proactive feedback
   collection can be used to establish a GRTT estimate prior to data
   transmission and potential NACK operation.

   In some cases, applications may wish for the sender to also proceed
   with data transmission immediately.  In other cases, the sender may
   wish to defer data transmission until it has received some feedback
   or request from the receiver set indicating that receivers are indeed
   present.  Note, in some applications (e.g., web push), this
   indication may come out-of-band with respect to the multicast session
   via other means.  As noted, the periodic transmission of NORM_CMD(CC)
   messages may precede actual data transmission in order to have an
   initial GRTT estimate.

   With inclusion of the OPTIONAL NORM FEC Object Transmission
   Information Header Extension, the NORM protocol sender message
   headers can contain all information necessary to prepare receivers
   for subsequent reliable reception.  This includes FEC coding
   parameters, the sender NormSegmentSize, and other information.  If
   this header extension is not used, it is presumed that receivers have
   received the FEC Object Transmission Information via other means.
   Additionally, applications may leverage the use of NORM_INFO messages
   associated with the session data objects in the session to provide
   application-specific context information for the session and data
   being transmitted.  These mechanisms allow for operation with minimal
   pre-coordination among the senders and receivers.

   The NORM sender begins segmenting application-enqueued data into
   NORM_DATA segments and transmitting it to the group.  The
   segmentation algorithm is described in Section 5.1.1.  The rate of
   transmission is controlled via congestion control mechanisms or is a
   fixed rate if desired for closed network operations.  The receivers
   participating in the multicast group provide feedback to the sender
   as needed.  When the sender reaches the end of data it has enqueued

Top      Up      ToC       Page 55 
   for transmission or any pending repairs, it transmits a series of
   NORM_CMD(FLUSH) messages at a rate of one per 2*GRTT.  Receivers may
   respond to these NORM_CMD(FLUSH) messages with additional repair
   requests.  A protocol parameter "NORM_ROBUST_FACTOR" determines the
   number of flush messages sent.  If receivers request repair, the
   repair is provided and flushing occurs again at the end of repair
   transmission.  The sender may attach an OPTIONAL "acking_node_list"
   to NORM_CMD(FLUSH) containing the NormNodeIds for receivers from
   which it expects explicit positive acknowledgment of reception.  The
   NORM_CMD(FLUSH) message may be also used for this optional function
   any time prior to the end of data enqueued for transmission with the
   NORM_CMD(FLUSH) messages multiplexed with ongoing data transmissions.
   The OPTIONAL NORM positive acknowledgment procedure is described in
   Section 5.5.3.

5.1.1.  Object Segmentation Algorithm

   NORM senders and receivers must use a common algorithm for logically
   segmenting transport data into FEC encoding blocks and symbols so
   that appropriate NACKs can be constructed to request repair of
   missing data.  NORM FEC coding blocks are comprised of multi-byte
   symbols which are transmitted in the payload of NORM_DATA messages.
   Each NORM_DATA message contains one source or encoding symbol and the
   NormSegmentSize sender parameter defines the maximum symbol size in
   bytes.  The FEC encoding type and associated parameters govern the
   source block size (number of source symbols per coding block).  NORM
   senders and receivers use these FEC parameters, along with the
   NormSegmentSize and transport object size to compute the source block
   structure for transport objects.  These parameters are provided in
   the FEC Transmission Information for each object.  The algorithm
   given below is used to compute a source block structure such that all
   source blocks are as close to being equal length as possible.  This
   helps avoid the performance disadvantages of "short" FEC blocks.
   Note this algorithm applies only to the statically-sized
   NORM_OBJECT_DATA and NORM_OBJECT_FILE transport object types where
   the object size is fixed and predetermined.  For NORM_OBJECT_STREAM
   objects, the object is segmented according to the maximum source
   block length  given in the FEC Transmission Information, unless the
   FEC Payload ID indicates an alternative size for a given block.

   The NORM block segmentation algorithm is defined as follows.  For a
   transport object of a given length (L_obj) in bytes, a first number
   of FEC source blocks (N_large) is delineated of a larger block size
   (B_large), and a second number of source blocks (N_small) is
   delineated of a smaller block size (B_small).  Given the maximum FEC
   source block size (B_max) and the sender's NormSegmentSize, the block
   segmentation for a given NORM transport object is determined as

Top      Up      ToC       Page 56 

   B_max = Maximum source block length (i.e., maximum number of source
           symbols per source block)

   L_sym = Encoding symbol length in bytes (i.e., NormSegmentSize)

   L_obj = Object length in bytes


   N_total = The total number of source blocks into which the transport
             object is partitioned.

   N_large = Number of larger source blocks (first set of blocks)

   B_large = Size (in encoding symbols) of the larger source blocks

   N_small = Number of smaller source blocks (second set of blocks)

   B_small = Size (in encoding symbols) of the smaller source blocks

   L_final = Length (in bytes) of the last source symbol of the last
             source block (All other symbols are of length L_sym).


   1) The total number of source symbols in the transport object is
      computed as:  S_total = L_obj/L_sym [rounded up to the nearest

   2) The transport object is partitioned into N_total source blocks,
      where:  N_total = S_total/B_max [rounded up to the nearest

   3) The average length of a source block is computed as:  B_ave =
      S_total/N_total (this may be non-integer)

   4) The size of the first set of larger blocks is computed as:
      B_large = B_ave [rounded up to the nearest integer] (Note it will
      always be the case that B_large <= B_max)

   5) The size of the second set of smaller blocks is computed as:
      B_small = B_ave [rounded down to the nearest integer] (Note if
      B_ave is an integer B_small = B_large; otherwise B_small = B_large
      - 1)

Top      Up      ToC       Page 57 
   6) The fractional part of B_ave is computed as:  B_fraction = B_ave -

   7) The number of larger source blocks is computed as:  N_large =
      B_fraction * N_total (Note N_large is an integer in the range 0
      through N_total - 1)

   8) The number of smaller source blocks is computed as:  N_small =
      N_total - N_large

   9) Each of the first N_large source blocks consists of B_large source
      symbols.  Each of the remaining N_small source blocks consists of
      B_small source symbols.  All symbols are L_sym bytes in length
      except for the final source symbol of the final source block which
      is of length (in bytes):
      L_final = L_obj - (N_large*B_large + N_small*B_small - 1) * L_sym

5.2.  Receiver Initialization and Reception

   The NORM protocol is designed such that receivers may join and leave
   the group at will.  However, some applications may be constrained
   such that receivers need to be members of the group prior to start of
   data transmission.  NORM applications may use different policies to
   constrain the impact of new receivers joining the group in the middle
   of a session.  For example, a useful implementation policy is for new
   receivers joining the group to limit or avoid repair requests for
   transport objects already in progress.  The NORM sender
   implementation may wish to impose additional constraints to limit the
   ability of receivers to disrupt reliable multicast performance by
   joining, leaving, and rejoining the group often.  Different receiver
   "join policies" may be appropriate for different applications and/or
   scenarios.  For general purpose operation, default policy where
   receivers are allowed to request repair only for coding blocks with a
   NormTransportId and FEC coding block number greater than or equal to
   the first non-repair NORM_DATA or NORM_INFO message received upon
   joining the group is RECOMMENDED.  For objects of type
   NORM_OBJECT_STREAM it is RECOMMENDED that the join policy constrain
   receivers to start reliable reception at the current FEC coding block
   for which non-repair content is received.

5.3.  Receiver NACK Procedure

   When the receiver detects it is missing data from a sender's NORM
   transmissions, it initiates its NACKing procedure.  The NACKing
   procedure SHALL be initiated _only_ at FEC coding block boundaries,
   NormObject boundaries, and upon receipt of a NORM_CMD(FLUSH) message.

Top      Up      ToC       Page 58 
   The NACKing procedure begins with a random backoff timeout.  The
   duration of the backoff timeout is chosen using the "RandomBackoff"
   algorithm described in the NORM Building Block document [4] using
   (Ksender*GRTTsender) for the "maxTime" parameter and the sender
   advertised group size (GSIZEsender) as the "groupSize" parameter.
   NORM senders provide values for GRTTsender, Ksender and GSIZEsender
   via the "grtt", "backoff", and "gsize" fields of transmitted
   messages.  The GRTTsender value is determined by the sender based on
   feedback it has received from the group while the Ksender and
   GSIZEsender values may determined by application requirements and
   expectations or ancillary information.  The backoff factor "Ksender"
   MUST be greater than one to provide for effective feedback
   suppression.  A value of K = 4 is RECOMMENDED for the Any Source
   Multicast (ASM) model while a value of K = 6 is RECOMMENDED for
   Single Source Multicast (SSM) operation.


        T_backoff = RandomBackoff(Ksender*GRTTsender, GSIZEsender)

   To avoid the possibility of NACK implosion in the case of sender or
   network failure during SSM operation, the receiver SHALL
   automatically suppress its NACK and immediately enter the "holdoff"
   period described below when T_backoff is greater than (Ksender-
   1)*GRTTsender.  Otherwise, the backoff period is entered and the
   receiver MUST accumulate external pending repair state from NORM_NACK
   messages and NORM_CMD(REPAIR_ADV) messages received.  At the end of
   the backoff time, the receiver SHALL generate a NORM_NACK message
   only if the following conditions are met:

   1) The sender's current transmit position (in terms of
      objectId::fecPayloadId) exceeds the earliest repair position of
      the receiver.

   2) The repair state accumulated from NORM_NACK and
      NORM_CMD(REPAIR_ADV) messages do not equal or supersede the
      receiver's repair needs up to the sender transmission position at
      the time the NACK procedure (backoff timeout) was initiated.

   If these conditions are met, the receiver immediately generates a
   NORM_NACK message when the backoff timeout expires.  Otherwise, the
   receiver's NACK is considered to be "suppressed" and the message is
   not sent.  At this time, the receiver begins a "holdoff" period
   during which it constrains itself to not reinitiate the NACKing
   process.  The purpose of this timeout is to allow the sender worst-
   case time to respond to the repair needs before the receiver requests
   repair again.  The value of this "holdoff" timeout  (T_rcvrHoldoff)
   as described in [4] is:

Top      Up      ToC       Page 59 
                   T_rcvrHoldoff =(Ksender+2)*GRTTsender

   The NORM_NACK message contains repair request content beginning with
   lowest ordinal repair position of the receiver up through the coding
   block prior to the most recently heard ordinal transmission position
   for the sender.  If the size of the NORM_NACK content exceeds the
   sender's NormSegmentSize, the NACK content is truncated so that the
   receiver only generates a single NORM_NACK message per NACK cycle for
   a given sender.  In summary, a single NACK message is generated
   containing the receiver's lowest ordinal repair needs.

   For each partially-received FEC coding block requiring repair, the
   receiver SHALL, on its _first_ repair attempt for the block, request
   the parity portion of the FEC coding block beginning with the lowest
   ordinal _parity_ "encoding_symbol_id" (i.e., "encoding_symbol_id" =
   "source_block_len") and request the number of FEC symbols
   corresponding to its data segment erasure count for the block.  On
   _subsequent_ repair cycles for the same coding block, the receiver
   SHALL request only those repair symbols from the first set it has not
   yet received up to the remaining erasure count for that applicable
   coding block.  Note that the sender may have provided other
   different, additional parity segments for other receivers that could
   also be used to satisfy the local receiver's erasure-filling needs.
   In the case where the erasure count for a partially-received FEC
   coding block exceeds the maximum number of parity symbols available
   from the sender for the block (as indicated by the NORM_DATA
   "fec_num_parity" field), the receiver SHALL request all available
   parity segments plus the ordinally highest missing data segments
   required to satisfy its total erasure needs for the block.  The goal
   of this strategy is for the overall receiver set to request a lowest
   common denominator set of repair symbols for a given FEC coding
   block.  This allows the sender to construct the most efficient repair
   transmission segment set and enables effective NACK suppression among
   the receivers even with uncorrelated packet loss.  This approach also
   requires no synchronization among the receiver set in their repair
   requests for the sender.

   For FEC coding blocks or NormObjects missed in their entirety, the
   NORM receiver constructs repair requests with NORM_NACK_BLOCK or
   NORM_NACK_OBJECT flags set as appropriate.  The request for
   retransmission of NORM_INFO is accomplished by setting the
   NORM_NACK_INFO flag in a corresponding repair request.

5.4.  Sender NACK Processing and Response

   The principle goal of the sender is to make forward progress in the
   transmission of data its application has enqueued.  However, the
   sender must occasionally "rewind" its logical transmission point to

Top      Up      ToC       Page 60 
   satisfy the repair needs of receivers who have NACKed.  Aggregation
   of multiple NACKs is used to determine an optimal repair strategy
   when a NACK event occurs.  Since receivers initiate the NACK process
   on coding block or object boundaries, there is some loose degree of
   synchronization of the repair process even when receivers experience
   uncorrelated data loss.

5.4.1.  Sender Repair State Aggregation

   When a sender is in its normal state of transmitting new data and
   receives a NACK, it begins a procedure to accumulate NACK repair
   state from NORM_NACK messages before beginning repair transmissions.
   Note that this period of aggregating repair state does _not_
   interfere with its ongoing transmission of new data.

   As described in [4], the period of time during which the sender
   aggregates NORM_NACK messages is equal to:

                    T_sndrAggregate = (Ksender+1)*GRTT

   where "Ksender" is the same backoff scaling value used by the
   receivers, and "GRTT" is the sender's current estimate of the group's
   greatest round-trip time.

   When this period ends, the sender "rewinds" by incorporating the
   accumulated repair state into its pending transmission state and
   begins transmitting repair messages.  After pending repair
   transmissions are completed, the sender continues with new
   transmissions of any enqueued data.  Also, at this point in time, the
   sender begins a "holdoff" timeout during which time the sender
   constrains itself from initiating a new repair aggregation cycle,
   even if NORM_NACK messages arrive.  As described in [4], the value of
   this sender "holdoff" period is:

                         T_sndrHoldoff = (1*GRTT)

   If additional NORM_NACK messages are received during this sender
   "holdoff" period, the sender will immediately incorporate these "late
   messages" into its pending transmission state ONLY if the NACK
   content is ordinally greater than the sender's current transmission
   position.  This "holdoff" time allows worst case time for the sender
   to propagate its current transmission sequence position to the group,
   thus avoiding redundant repair transmissions.  After the holdoff
   timeout expires, a new NACK accumulation period can be begun (upon
   arrival of a NACK) in concert with the pending repair and new data
   transmission.  Recall that receivers are not to initiate the NACK
   repair process until the sender's logical transmission position
   exceeds the lowest ordinal position of their repair needs.  With the

Top      Up      ToC       Page 61 
   new NACK aggregation period, the sender repeats the same process of
   incorporating accumulated repair state into its transmission plan and
   subsequently "rewinding" to transmit the lowest ordinal repair data
   when the aggregation period expires.  Again, this is conducted in
   concert with ongoing new data and/or pending repair transmissions.

5.4.2.  Sender FEC Repair Transmission Strategy

   The NORM sender should leverage transmission of FEC parity content
   for repair to the greatest extent possible.  Recall that the
   receivers use a strategy to request a lowest common denominator of
   explicit repair (including parity content) in the formation of their
   NORM_NACK messages.  Before falling back to explicitly satisfying
   different receivers' repair needs, the sender can make use of the
   general erasure-filling capability of FEC-generated parity segments.
   The sender can determine the maximum erasure filling needs for
   individual FEC coding blocks from the NORM_NACK messages received
   during the repair aggregation period.  Then, if the sender has a
   sufficient number (less than or equal to the maximum erasure count)
   of previously unsent parity segments available for the applicable
   coding blocks, the sender can transmit these in lieu of the specific
   packets the receiver set has requested.  Only after exhausting its
   supply of "fresh" (unsent) parity segments for a given coding block
   should the sender resort to explicit transmission of the receiver
   set's repair needs.  In general, if a sufficiently powerful FEC code
   is used, the need for explicit repair will be an exception, and the
   fulfillment of reliable multicast can be accomplished quite
   efficiently.  However, the ability to resort to explicit repair
   allows the protocol to be reliable under even very extreme

   NORM_DATA messages sent as repair transmissions SHALL be flagged with
   the NORM_FLAG_REPAIR flag.  This allows receivers to obey any
   policies that limit new receivers from joining the reliable
   transmission when only repair transmissions have been received.
   Additionally, the sender SHOULD additionally flag NORM_DATA
   transmissions sent as explicit repair with the NORM_FLAG_EXPLICIT

   Although NORM end system receivers do not make use of the
   NORM_FLAG_EXPLICIT flag, this message transmission status could be
   leveraged by intermediate systems wishing to "assist" NORM protocol
   performance.  If such systems are properly positioned with respect to
   reciprocal reverse-path multicast routing, they need to sub-cast only
   a sufficient count of non-explicit parity repairs to satisfy a
   multicast routing sub-tree's erasure filling needs for a given FEC
   coding block.  When the sender has resorted to explicit repair, then
   the intermediate systems should sub-cast all of the explicit repair

Top      Up      ToC       Page 62 
   packets to those portions of the routing tree still requiring repair
   for a given coding block.  Note the intermediate systems will be
   required to conduct repair state accumulation for sub-routes in a
   manner similar to the sender's repair state accumulation in order to
   have sufficient information to perform the sub-casting.
   Additionally, the intermediate systems could perform additional
   NORM_NACK suppression/aggregation as it conducts this repair state
   accumulation for NORM repair cycles.  The detail of this type of
   operation are beyond the scope of this document, but this information
   is provided for possible future consideration.

5.4.3.  Sender NORM_CMD(SQUELCH) Generation

   If the sender receives a NORM_NACK message for repair of data it is
   no longer supporting, the sender generates a NORM_CMD(SQUELCH)
   message to advertise its repair window and squelch any receivers from
   additional NACKing of invalid data.  The transmission rate of
   NORM_CMD(SQUELCH) messages is limited to once per 2*GRTT.  The
   "invalid_object_list" (if applicable) of the NORM_CMD(SQUELCH)
   message SHALL begin with the lowest "object_transport_id" from the
   invalid NORM_NACK messages received since the last NORM_CMD(SQUELCH)
   transmission.  Lower ordinal invalid "object_transport_ids" should be
   included only while the NORM_CMD(SQUELCH) payload is less than the
   sender's NormSegmentSize parameter.

5.4.4.  Sender NORM_CMD(REPAIR_ADV) Generation

   When a NORM sender receives NORM_NACK messages from receivers via
   unicast transmission, it uses NORM_CMD(REPAIR_ADV) messages to
   advertise its accumulated repair state to the receiver set since the
   receiver set is not directly sharing their repair needs via multicast
   communication.  The NORM_CMD(REPAIR_ADV) message is multicast to the
   receiver set by the sender.  The payload portion of this message has
   content in the same format as the NORM_NACK receiver message payload.
   Receivers are then able to perform feedback suppression in the same
   manner as with NORM_NACK messages directly received from other
   receivers.  Note the sender does not merely retransmit NACK content
   it receives, but instead transmits a representation of its aggregated
   repair state.  The transmission of NORM_CMD(REPAIR_ADV) messages are
   subject to the sender transmit rate limit and NormSegmentSize
   limitation.  When the NORM_CMD(REPAIR_ADV) message is of maximum
   size, receivers SHALL consider the maximum ordinal transmission
   position value embedded in the message as the senders "current"
   transmission position and implicitly suppress requests for ordinally
   higher repair.  For congestion control operation, the sender may also
   need to provide information so that dynamic congestion control
   feedback can be suppressed as needed among receivers.  This document
   specifies the NORM-CC Feedback Header Extension that is applied for

Top      Up      ToC       Page 63 
   baseline NORM-CC operation.  If other congestion control mechanisms
   are used within a NORM implementation, other header extensions may be
   defined.  Whatever content format is used for this purpose should
   ensure that maximum possible suppression state is conveyed to the
   receiver set.

5.5.  Additional Protocol Mechanisms

   In addition to the principal function of data content transmission
   and repair, there are some other protocol mechanisms that help NORM
   to adapt to network conditions and play fairly with other coexistent

5.5.1.  Greatest Round-trip Time Collection

   For NORM receivers to appropriately scale backoff timeouts and the
   senders to use proper corresponding timeouts, the participants must
   agree on a common timeout basis.  Each NORM sender monitors the
   round-trip time of active receivers and determines the group greatest
   round-trip time (GRTT).  The sender advertises this GRTT estimate in
   every message it transmits so that receivers have this value
   available for scaling their timers.  To measure the current GRTT, the
   sender periodically sends NORM_CMD(CC) messages that contain a
   locally generated timestamp.  Receivers are expected to record this
   timestamp along with the time the NORM_CMD(CC) message is received.
   Then, when the receivers generate feedback messages to the sender, an
   adjusted version of the sender timestamp is embedded in the feedback
   message (NORM_NACK or NORM_ACK).  The adjustment adds the amount of
   time the receiver held the timestamp before generating its response.
   Upon receipt of this adjusted timestamp, the sender is able to
   calculate the round-trip time to that receiver.

   The round-trip time for each receiver is fed into an algorithm that
   weights and smoothes the values for a conservative estimate of the
   GRTT.  The algorithm and methodology are described in the NORM
   Building Block document [4] in the section entitled "One-to-Many
   Sender GRTT Measurement".  A conservative estimate helps feedback
   suppression at a small cost in overall protocol repair delay.  The
   sender's current estimate of GRTT is advertised in the "grtt" field
   found in all NORM sender messages.  The advertised GRTT is also
   limited to a minimum of the nominal inter-packet transmission time
   given the sender's current transmission rate and system clock
   granularity.  The reason for this additional limit is to keep the
   receiver somewhat "event driven" by making sure the sender has had
   adequate time to generate any response to repair requests from
   receivers given transmit rate limitations due to congestion control
   or configuration.

Top      Up      ToC       Page 64 
   When the NORM-CC Rate header extension is present in NORM_CMD(CC)
   messages, the receivers respond to NORM_CMD(CC) messages as described
   in Section 5.5.2, "NORM Congestion Control Operation".  The
   NORM_CMD(CC) messages are periodically generated by the sender as
   described for congestion control operation.  This provides for
   proactive, but controlled, feedback from the group in the form of
   NORM_ACK messages.  This provides for GRTT feedback even if no
   NORM_NACK messages are being sent.  If operating without congestion
   control in a closed network, the NORM_CMD(CC) messages may be sent
   periodically without the NORM-CC Rate header extension.  In this
   case, receivers will only provide GRTT measurement feedback when
   NORM_NACK messages are generated since no NORM_ACK messages are
   generated.  In this case, the NORM_CMD(CC) messages may be sent less
   frequently, perhaps as little as once per minute, to conserve network
   capacity.  Note that the NORM-CC Rate header extension may also be
   used proactively solicit RTT feedback from the receiver group per
   congestion control operation even though the sender may not be
   conducting congestion control rate adjustment.  NORM operation
   without congestion control should be considered only in closed

5.5.2.  NORM Congestion Control Operation

   This section describes baseline congestion control operation for the
   NORM protocol (NORM-CC).  The supporting NORM message formats and
   approach described here are an adaptation of the equation-based TCP-
   Friendly Multicast Congestion Control (TFMCC) approach described in
   [19].  This congestion control scheme is REQUIRED for operation
   within the general Internet unless the NORM implementation is adapted
   to use another IETF-sanctioned reliable multicast congestion control
   mechanism (e.g., PGMCC [20]).  With this TFMCC-based approach, the
   transmissions of NORM senders are controlled in a rate-based manner
   as opposed to window-based congestion control algorithms as in TCP.
   However, it is possible that the NORM protocol message set may
   alternatively be used to support a window-based multicast congestion
   control scheme such as PGMCC.  The details of that alternative may be
   described separately or in a future revision of this document.  In
   either case (rate-based TFMCC or window-based PGMCC), successful
   control of sender transmission depends upon collection of sender-to-
   receiver packet loss estimates and RTTs to identify the congestion
   control bottleneck path(s) within the multicast topology and adjust
   the sender rate accordingly.  The receiver with loss and RTT
   estimates that correspond to the lowest result transmission rate is
   identified as the "current limiting receiver" (CLR).

Top      Up      ToC       Page 65 
   As described in [21], a steady-state sender transmission rate, to be
   "friendly" with competing TCP flows can be calculated as:

Rsender = --------------------------------------------------------------
          tRTT * (sqrt((2/3)*p) + 12 * sqrt((3/8)*p) * p *
          (1 + 32*(p^2)))


   S = Nominal transmitted packet size. (In NORM, the "nominal"
       packet size can be determined by the sender as an
       exponentially weighted moving average (EWMA) of transmitted
       packet sizes to account for variable message sizes).

tRTT = The RTT estimate of the current "current limiting receiver"

   p = The loss event fraction of the CLR.

   To support congestion control feedback collection and operation, the
   NORM sender periodically transmits NORM_CMD(CC) command messages.
   NORM_CMD(CC) messages are multiplexed with NORM data and repair
   transmissions and serve several purposes:

   1) Stimulate explicit feedback from the general receiver set to
      collect congestion control information.

   2) Communicate state to the receiver set on the sender's current
      congestion control status including details of the CLR.

   3) Initiate rapid (immediate) feedback from the CLR in order to
      closely track the dynamics of congestion control for that current
      "worst path" in the group multicast topology.

   The format of the NORM_CMD(CC) message is describe in Section 4.2.3
   of this document.  The NORM_CMD(CC) message contains information to
   allow measurement of RTTs, to inform the group of the congestion
   control CLR, and to provide feedback of individual RTT measurements
   to the receivers in the group.  The NORM_CMD(CC) also provides for
   exciting feedback from OPTIONAL "potential limiting receiver" (PLR)
   nodes that may be determined administratively or possibly
   algorithmically based on congestion control feedback.  PLR nodes are
   receivers that have been identified to have potential for (perhaps
   soon) becoming the CLR and thus immediate, up-to-date feedback is
   beneficial for congestion control performance.  The details of PLR
   selection are not discussed in this document.

Top      Up      ToC       Page 66  NORM_CMD(CC) Transmission

   The NORM_CMD(CC) message is transmitted periodically by the sender
   along with its normal data transmission.  Note that the repeated
   transmission of NORM_CMD(CC) messages may be initiated some time
   before transmission of user data content at session startup.  This
   may be done to collect some estimation of the current state of the
   multicast topology with respect to group and individual RTT and
   congestion control state.

   A NORM_CMD(CC) message is immediately transmitted at sender startup.
   The interval of subsequent NORM_CMD(CC) message transmission is
   determined as follows:

   1) By default, the interval is set according to the current sender
      GRTT estimate.  A startup GRTT of 0.5 seconds is recommended when
      no feedback has yet been received from the group.

   2) If a CLR has been identified (based on previous receiver
      feedback), the interval is the RTT between the sender and CLR.

   3) Additionally, if the interval of nominal data message transmission
      is greater than the GRTT or RTT_clr interval, the NORM_CMD(CC)
      interval is set to this greater value.  This ensures that the
      transmission of this control message is not done to the exclusion
      of user data transmission.

   The NORM_CMD(CC) "cc_sequence" field is incremented with each
   transmission of a NORM_CMD(CC) command.  The greatest "cc_sequence"
   recently received by receivers is included in their feedback to the
   sender.  This allows the sender to determine the "age" of feedback to
   assist in congestion avoidance.

   The NORM-CC Rate Header Extension is applied to the NORM_CMD(CC)
   message and the sender advertises its current transmission rate in
   the "send_rate" field.  The rate information is used by receivers to
   initialize loss estimation during congestion control startup or

   The "cc_node_list" contains a list of entries identifying receivers
   and their current congestion control state (status "flags", "rtt" and
   "loss" estimates).  The list may be empty if the sender has not yet
   received any feedback from the group.  If the sender has received
   feedback, the list will minimally contain an entry identifying the
   CLR.  A NORM_FLAG_CC_CLR flag value is provided for the "cc_flags"
   field to identify the CLR entry.  It is RECOMMENDED that the CLR
   entry be the first in the list for implementation efficiency.
   Additional entries in the list are used to provide sender-measured

Top      Up      ToC       Page 67 
   individual RTT estimates to receivers in the group.  The number of
   additional entries in this list is dependent upon the percentage of
   control traffic the sender application is willing to send with
   respect to user data message transmissions.  More entries in the list
   may allow the sender to be more responsive to congestion control
   dynamics.  The length of the list may be dynamically determined
   according to the current transmission rate and scheduling of
   NORM_CMD(CC) messages.  The maximum length of the list corresponds to
   the sender's NormSegmentSize parameter for the session.  The
   inclusion of additional entries in the list based on receiver
   feedback are prioritized with following rules:

   1) Receivers that have not yet been provided RTT feedback get first
      priority.  Of these, those with the greatest loss fraction receive
      precedence for list inclusion.

   2) Secondly, receivers that have previously been provided RTT are
      included with receivers yielding the lowest calculated congestion
      rate getting precedence.

   There are "cc_flag" values in addition to NORM_FLAG_CC_CLR that are
   used for other congestion control functions.  The NORM_FLAG_CC_PLR
   flag value is used to mark additional receivers from that the sender
   would like to have immediate, non-suppressed feedback.  These may be
   receivers that the sender algorithmically identified as potential
   future CLRs or that have been pre-configured as potential congestion
   control points in the network.  The NORM_FLAG_CC_RTT indicates the
   validity of the "cc_rtt" field for the associated receiver node.
   Normally, this flag will be set since the receivers in the list will
   typically be receivers from which the sender has received feedback.
   However, in the case that the NORM sender has been pre-configured
   with a set of PLR nodes, feedback from those receivers may not yet
   have been collected and thus the "cc_rtt" and "cc_rate" fields do not
   contain valid values when this flag is not set.  NORM_CMD(CC) Feedback Response

   Receivers explicitly respond to NORM_CMD(CC) messages in the form of
   a NORM_ACK(RTT) message.  The goal of the congestion control feedback
   is to determine the receivers with the lowest congestion control
   rates.  Receivers that are marked as CLR or PLR nodes in the
   NORM_CMD(CC) "cc_node_list" immediately provide feedback in the form
   of a NORM_ACK to this message.  When a NORM_CMD(CC) is received,
   non-CLR or non-PLR nodes initiate random feedback backoff timeouts
   similar to that used when the receiver initiates a repair cycle (see
   Section 5.3) in response to detection of data loss.  The backoff
   timeout for the congestion control response is generated as follows:

Top      Up      ToC       Page 68 
           T_backoff = RandomBackoff(K*GRTTsender, GSIZEsender)

   The "RandomBackoff()" algorithm provides a truncated exponentially
   distributed random number and is described in the NORM Building Block
   document [4].  The same backoff factor K = Ksender MAY be used as
   with NORM_NACK suppression.  However, in cases where the application
   purposefully specifies a very small Ksender backoff factor to
   minimize the NACK repair process latency (trading off group size
   scalability), it may still be desirable to maintain a larger backoff
   factor for congestion control feedback, since there may often be a
   larger volume of congestion control feedback than NACKs in many cases
   and congestion control feedback latency may be tolerable where
   reliable delivery latency is not.  As previously noted, a backoff
   factor value of K = 4 is generally recommended for ASM operation and
   K = 6 for SSM operation.  A receiver SHALL cancel the backoff timeout
   and thus its pending transmission of a NORM_ACK(RTT) message under
   the following conditions:

   1) The receiver generates another feedback message (NORM_NACK or
      other NORM_ACK) before the congestion control feedback timeout

   2) A NORM_CMD(CC) or other receiver feedback with an ordinally
      greater "cc_sequence" field value is received before the
      congestion control feedback timeout expires (this is similar to
      the TFMCC feedback round number),

   3) When the T_backoff is greater than 1*GRTT.  This prevents NACK
      implosion in the event of sender or network failure,

   4) "Suppressing" congestion control feedback is heard from another
      receiver (in a NORM_ACK or NORM_NACK) or via a
      NORM_CMD(REPAIR_ADV) message from the sender.  The local
      receiver's feedback is "suppressed" if the rate of the competing
      feedback (Rfb) is sufficiently close to or less than the local
      receiver's calculated rate (Rcalc).  The local receiver's feedback
      is canceled when:

                             Rcalc > (0.9 * Rfb)

      Also note receivers that have not yet received an RTT measurement
      from the sender are suppressed only by other receivers that have
      not yet measured RTT.  Additionally, receivers whose RTT estimate
      has "aged" considerably (i.e., they haven't been included in the
      NORM_CMD(CC) "cc_node_list" in a long time) may wish to compete as
      a receiver with no prior RTT measurement after some expiration

Top      Up      ToC       Page 69 
   When the backoff timer expires, the receiver SHALL generate a
   NORM_ACK(RTT) message to provide feedback to the sender and group.
   This message may be multicast to the group for most effective
   suppression in ASM topologies or unicast to the sender depending upon
   how the NORM protocol is deployed and configured.

   Whenever any feedback is generated (including this NORM_ACK(RTT)
   message), receivers include an adjusted version of the sender
   timestamp from the most recently received NORM_CMD(CC) message and
   the "cc_sequence" value from that command in the applicable NORM_ACK
   or NORM_NACK message fields.  For NORM-CC operation, any generated
   feedback message SHALL also contain the NORM-CC Feedback header
   extension.  The receiver provides its current "cc_rate" estimate,
   "cc_loss" estimate, "cc_rtt" if known, and any applicable "cc_flags"
   via this header extension.

   During slow start (when the receiver has not yet detected loss from
   the sender), the receiver uses a value equal to two times its
   measured rate from the sender in the "cc_rate" field.  For steady-
   state congestion control operation, the receiver "cc_rate" value is
   from the equation-based value using its current loss event estimate
   and sender<->receiver RTT information.  (The GRTT is used when the
   receiver has not yet measured its individual RTT).

   The "cc_loss" field value reflects the receiver's current loss event
   estimate with respect to the sender in question.

   When the receiver has a valid individual RTT measurement, it SHALL
   include this value in the "cc_rtt" field.  The NORM_FLAG_CC_RTT MUST
   be set when the "cc_rtt" field is valid.

   After a congestion control feedback message is generated or when the
   feedback is suppressed, a non-CLR receiver begins a "holdoff" timeout
   period during which it will restrain itself from providing congestion
   control feedback, even if NORM_CMD(CC) messages are received from the
   sender (unless the receive becomes marked as a CLR or PLR node).  The
   value of this holdoff timeout (T_ccHoldoff) period is:

                          T_ccHoldoff = (K*GRTT)

   Thus, non-CLR receivers are constrained to providing explicit
   congestion control feedback once per K*GRTT intervals.  Note,
   however, that as the session progresses, different receivers will be
   responding to different NORM_CMD(CC) messages and there will be
   relatively continuous feedback of congestion control information
   while the sender is active.

Top      Up      ToC       Page 70  Congestion Control Rate Adjustment

   During steady-state operation, the sender will directly adjust its
   transmission rate to the rate indicated by the feedback from its
   currently selected CLR.  As noted in [19], the estimation of
   parameters (loss and RTT) for the CLR will generally constrain the
   rate changes possible within acceptable bounds.  For rate increases,
   the sender SHALL observe a maximum rate of increase of one packet per
   RTT at all times during steady-state operation.

   The sender processes congestion control feedback from the receivers
   and selects the CLR based on the lowest rate receiver.  Receiver
   rates are either determined directly from the slow start "cc_rate"
   provided by the receiver in the NORM-CC Feedback header extension or
   by performing the equation-based calculation using individual RTT and
   loss estimates ("cc_loss") as feedback is received.

   The sender can calculate a current RTT for a receiver (RTT_rcvrNew)
   using the "grtt_response" timestamp included in feedback messages.
   When the "cc_rtt" value in a response is not valid, the sender simply
   uses this RTT_rcvrNew value as the receiver's current RTT (RTT_rcvr).
   For non-CLR and non-PLR receivers, the sender can use the "cc_rtt"
   value provided in the NORM-CC Feedback header extension as the
   receiver's previous RTT measurement (RTT_rcvrPrev) to smooth
   according to:

             RTT_rcvr = 0.5 * RTT_rcvrPrev + 0.5 * RTT_rcvrNew

   For CLR receivers where feedback is received more regularly, the
   sender SHOULD maintain a more smoothed RTT estimate upon new feedback
   from the CLR where:

                RTT_clr = 0.9 * RTT_clr + 0.1 * RTT_clrNew

   "RTT_clrNew" is the new RTT calculated from the timestamp in the
   feedback message received from the CLR.  The RTT_clr is initialized
   to RTT_clrNew on the first feedback message received.  Note that the
   same procedure is observed by the sender for PLR receivers and that
   if a PLR is "promoted" to CLR status, the smoothed estimate can be

   There are some additional periods besides steady-state operation that
   need to be considered in NORM-CC operation.  These periods are:

   1) during session startup,

   2) when no feedback is received from the CLR, and

Top      Up      ToC       Page 71 
   3) when the sender has a break in data transmission.

   During session startup, the congestion control operation SHALL
   observe a "slow start" procedure to quickly approach its fair
   bandwidth share.  An initial sender startup rate is assumed where:

   Rinitial = MIN(NormSegmentSize / GRTT, NormSegmentSize) bytes/second.

   The rate is increased only when feedback is received from the
   receiver set.  The "slow start" phase proceeds until any receiver
   provides feedback indicating that loss has occurred.  Rate increase
   during slow start is applied as:

                             Rnew = Rrecv_min

   where "Rrecv_min" is the minimum reported receiver rate in the
   "cc_rate" field of congestion control feedback messages received from
   the group.  Note that during "slow start", receivers use two times
   their measured rate from the sender in the "cc_rate" field of their
   feedback.  Rate increase adjustment is limited to once per GRTT
   during slow start.

   If the CLR or any receiver intends to leave the group, it will set
   the NORM_FLAG_CC_LEAVE in its congestion control feedback message as
   an indication that the sender should not select it as the CLR.  When
   the CLR changes to a lower rate receiver, the sender should
   immediately adjust to the new lower rate.  The sender is limited to
   increasing its rate at one additional packet per RTT towards any new,
   higher CLR rate.

   The sender should also track the "age" of the feedback it has
   received from the CLR by comparing its current "cc_sequence" value
   (Seq_sender) to the last "cc_sequence" value received from the CLR
   (Seq_clr).  As the "age" of the CLR feedback increases with no new
   feedback, the sender SHALL begin reducing its rate once per RTT_clr
   as a congestion avoidance measure.

   The following algorithm is used to determine the decrease in sender
   rate (Rsender bytes/sec) as the CLR feedback, unexpectedly,
   excessively ages:

   Age = Seq_sender - Seq_clr;
   if (Age > 4) Rsender = Rsender * 0.5;

   This rate reduction is limited to the lower bound on NORM
   transmission rate.  After NORM_ROBUST_FACTOR consecutive NORM_CMD(CC)
   rounds without any feedback from the CLR, the sender SHOULD assume
   the CLR has left the group and pick the receiver with the next lowest

Top      Up      ToC       Page 72 
   rate as the new CLR.  Note this assumes that the sender does not have
   explicit knowledge that the CLR intentionally left the group.  If no
   receiver feedback is received, the sender MAY wish to withhold
   further transmissions of NORM_DATA segments and maintain NORM_CMD(CC)
   transmissions only until feedback is detected.  After such a CLR
   timeout, the sender will be transmitting with a minimal rate and
   should return to slow start as described here for a break in data

   When the sender has a break in its data transmission, it can continue
   to probe the group with NORM_CMD(CC) messages to maintain RTT
   collection from the group.  This will enable the sender to quickly
   determine an appropriate CLR upon data transmission restart.
   However, the sender should exponentially reduce its target rate to be
   used for transmission restart as time since the break elapses.  The
   target rate SHOULD be recalculated once per RTT_clr as:

                         Rsender = Rsender * 0.5;

   If the minimum NORM rate is reached, the sender should set the
   NORM_FLAG_START flag in its NORM_CMD(CC) messages upon restart and
   the group should observer "slow start" congestion control procedures
   until any receiver experiences a new loss event.

5.5.3.  NORM Positive Acknowledgment Procedure

   NORM provides options for the source application to request positive
   acknowledgment (ACK) of NORM_CMD(FLUSH) and NORM_CMD(ACK_REQ)
   messages from members of the group.  There are some specific
   acknowledgment requests defined for the NORM protocol and a range of
   acknowledgment request types that are left to be defined by the
   application.  One predefined acknowledgment type is the
   NORM_ACK_FLUSH type.  This acknowledgment is used to determine if
   receivers have achieved completion of reliable reception up through a
   specific logical transmission point with respect to the sender's
   sequence of transmission.  The NORM_ACK_FLUSH acknowledgment may be
   used to assist in application flow control when the sender has
   information on a portion of the receiver set.  Another predefined
   acknowledgment type is NORM_ACK(CC), which is used to explicitly
   provide congestion control feedback in response to NORM_CMD(CC)
   messages transmitted by the sender for NORM-CC operation.  Note the
   NORM_ACK(CC) response does NOT follow the positive acknowledgment
   procedure described here.  The NORM_CMD(ACK_REQ) and NORM_ACK
   messages contain an "ack_type" field to identify the type of
   acknowledgment requested and provided.  A range of "ack_type" values
   is provided for application-defined use.  While the application is
   responsible for initiating the acknowledgment request and interprets
   application-defined "ack_type" values, the acknowledgment procedure

Top      Up      ToC       Page 73 
   SHOULD be conducted within the protocol implementation to take
   advantage of timing and transmission scheduling information available
   to the NORM transport.

   The NORM positive acknowledgment procedure uses polling by the sender
   to query the receiver group for response.  Note this polling
   procedure is not intended to scale to very large receiver groups, but
   could be used in large group setting to query a critical subset of
   the group.  Either the NORM_CMD(ACK_REQ), or when applicable, the
   NORM_CMD(FLUSH) message is used for polling and contains a list of
   NormNodeIds for receivers that should respond to the command.  The
   list of receivers providing acknowledgment is determined by the
   source application with "a priori" knowledge of participating nodes
   or via some other application-level mechanism.

   The ACK process is initiated by the sender that generates
   NORM_CMD(FLUSH) or NORM_CMD(ACK_REQ) messages in periodic "rounds".
   For NORM_ACK_FLUSH requests, the NORM_CMD(FLUSH) contain a
   "object_transport_id" and "fec_payload_id" denoting the watermark
   transmission point for which acknowledgment is requested.  This
   watermark transmission point is "echoed" in the corresponding fields
   of the NORM_ACK(FLUSH) message sent by the receiver in response.
   NORM_CMD(ACK_REQ) messages contain an "ack_id" field which is
   similarly "echoed" in response so that the sender may match the
   response to the appropriate request.

   In response to the NORM_CMD(ACK_REQ), the listed receivers randomly
   spread NORM_ACK messages uniformly in time over a window of (1*GRTT).
   These NORM_ACK messages are typically unicast to the sender.  (Note
   that NORM_ACK(CC) messages SHALL be multicast or unicast in the same
   manner as NORM_NACK messages).

   The ACK process is self-limiting and avoids ACK implosion in that:

   1) Only a single NORM_CMD(ACK_REQ) message is generated once per
      (2*GRTT), and,

   2) The size of the "acking_node_list" of NormNodeIds from which
      acknowledgment is requested is limited to a maximum of the sender
      NormSegmentSize setting per round of the positive acknowledgment

   Because the size of the included list is limited to the sender's
   NormSegmentSize setting, multiple NORM_CMD(ACK_REQ) rounds may be
   required to achieve responses from all receivers specified.  The
   content of the attached NormNodeId list will be dynamically updated
   as this process progresses and NORM_ACK responses are received from
   the specified receiver set.  As the sender receives valid responses

Top      Up      ToC       Page 74 
   (i.e., matching watermark point or "ack_id") from receivers, it SHALL
   eliminate those receivers from the subsequent NORM_CMD(ACK_REQ)
   message "acking_node_list" and add in any pending receiver
   NormNodeIds while keeping within the NormSegmentSize limitation of
   the list size.  Each receiver is  queried a maximum number of times
   (NORM_ROBUST_FACTOR, by default).  Receivers not responding within
   this number of repeated requests are removed from the payload list to
   make room for other potential receivers pending acknowledgment.  The
   transmission of the NORM_CMD(ACK_REQ) is repeated until no further
   responses are required or until the repeat threshold is exceeded for
   all pending receivers.  The transmission of NORM_CMD(ACK_REQ) or
   NORM_CMD(FLUSH) messages to conduct the positive acknowledgment
   process is multiplexed with ongoing sender data transmissions.
   However, the NORM_CMD(FLUSH) positive acknowledgment process may be
   interrupted in response to negative acknowledgment repair requests
   (NACKs) received from receivers during the acknowledgment period.
   The NORM_CMD(FLUSH) positive acknowledgment process is restarted for
   receivers pending acknowledgment once any the repairs have been

   In the case of NORM_CMD(FLUSH) commands with an attached
   "acking_node_list", receivers will not ACK until they have received
   complete transmission of all data up to and including the given
   watermark transmission point.  All receivers SHALL interpret the
   watermark point provided in the request NACK for repairs if needed as
   for NORM_CMD(FLUSH) commands with no attached "acking_node_list".

5.5.4.  Group Size Estimate

   NORM sender messages contain a "gsize" field that is a representation
   of the group size and is used in scaling random backoff timer ranges.
   The use of the group size estimate within the NORM protocol does not
   require a precise estimation and works reasonably well if the
   estimate is within an order of magnitude of the actual group size.
   By default, the NORM sender group size estimate may be
   administratively configured.  Also, given the expected scalability of
   the NORM protocol for general use, a default value of 10,000 is
   recommended for use as the group size estimate.

   It is possible that group size may be algorithmically approximated
   from the volume of congestion control feedback messages which follow
   the exponentially weighted random backoff.  However, the
   specification of such an algorithm is currently beyond the scope of
   this document.

Top      Up      ToC       Page 75 
6.  Security Considerations

   The same security considerations that apply to the NORM, and FEC
   Building Blocks also apply to the NORM protocol.  In addition to
   vulnerabilities that any IP and IP multicast protocol implementation
   may be generally subject to, the NACK-based feedback of NORM may be
   exploited by replay attacks which force the NORM sender to
   unnecessarily transmit repair information.  This MAY be addressed by
   network layer IP security implementations that guard against this
   potential security exploitation.  It is RECOMMENDED that such IP
   security mechanisms be used when available.  Another possible
   approach is for NORM senders to use the "sequence" field from the
   NORM Common Message Header to detect replay attacks.  This can be
   accomplished if the NORM packets are cryptographically protected and
   the sender is willing to maintain state on receivers which are
   NACKing.  A cache of receiver state may provide some protection
   against replay attacks.  Note that the "sequence" field of NORM
   messages should be incremented with independent values for different
   destinations (e.g., group-addressed versus unicast-addressed messages
   versus "receiver" messages).  Thus, the congestion control loss
   estimation function of the "sequence" field can be preserved for
   sender messages when receiver messages are unicast to the sender.
   The NORM protocol is compatible with the use of the IP security
   (IPsec) architecture described in [22].  It is important to note that
   while NORM does leverage FEC-based repair for scalability, this does
   not alone guarantee integrity of received data.  Application-level
   integrity-checking of data content is highly RECOMMENDED.

7.  IANA Considerations

   No information in this specification is currently subject to IANA
   registration.  However, several Header Extensions are defined within
   this document.  If/when additional Header Extensions are developed,
   the first RFC MUST establish an IANA registry for them, with a
   "Specification Required" policy [6] and all Header Extensions,
   including those in the present document, MUST be registered
   thereafter.  Additionally, building blocks components used by NORM
   may introduce additional IANA considerations.  In particular, the FEC
   Building Block used by NORM does require IANA registration of the FEC
   codecs used.  The registration instructions for FEC codecs are
   provided in [5].

8.  Suggested Use

   The present NORM protocol is seen as useful tool for the  reliable
   data transfer over generic IP multicast  services.  It is not the
   intention of the authors to suggest it is suitable for  supporting
   all envisioned multicast reliability requirements.  NORM provides a

Top      Up      ToC       Page 76 
   simple and flexible framework for multicast applications with a
   degree of concern for network traffic implosion and protocol overhead
   efficiency.  NORM-like protocols have been successfully demonstrated
   within the MBone for bulk data dissemination applications, including
   weather satellite compressed imagery updates servicing a large group
   of receivers and a generic web content reliable "push" application.

   In addition, this framework approach has some design features making
   it attractive for bulk transfer in asymmetric and wireless
   internetwork applications.  NORM is capable of successfully operating
   independent of network structure and in environments with high packet
   loss, delay, and misordering.  Hybrid proactive/reactive FEC-based
   repairing improve protocol performance in some multicast scenarios.
   A sender-only repair approach often makes additional engineering
   sense in asymmetric networks.  NORM's unicast feedback capability may
   be suitable for use in asymmetric networks or in networks where only
   unidirectional multicast routing/delivery service exists.  Asymmetric
   architectures supporting multicast delivery are likely to make up an
   important portion of the future Internet structure (e.g.,
   DBS/cable/PSTN hybrids) and efficient, reliable bulk data transfer
   will be an important capability for servicing large groups of
   subscribed receivers.

9.  Acknowledgments (and these are not Negative)

   The authors would like to thank Rick Jones, Vincent Roca, Rod Walsh,
   Toni Paila, Michael Luby, and Joerg Widmer for their valuable input
   and comments on this document.  The authors would also like to thank
   the RMT working group chairs, Roger Kermode and Lorenzo Vicisano, for
   their support in development of this specification, and Sally Floyd
   for her early input into this document.

10.  References

10.1.  Normative References

   [1]  Kermode, R. and L. Vicisano, "Author Guidelines for Reliable
        Multicast Transport (RMT) Building Blocks and Protocol
        Instantiation documents", RFC 3269, April 2002.

   [2]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
        Levels", BCP 14, RFC 2119, March 1997.

   [3]  Deering, S., "Host Extensions for IP Multicasting", STD 5, RFC
        1112, August 1989.

Top      Up      ToC       Page 77 
   [4]  Adamson, B., Bormann, C., Handley, M., and J. Macker,
        "Negative-Acknowledgment (NACK)-Oriented Reliable Multicast
        (NORM) Building Blocks", RFC 3941, November 2004.

   [5]  Luby, M., Vicisano, L., Gemmell, J., Rizzo, L., Handley, M., and
        J. Crowcroft, "Forward Error Correction (FEC) Building Block",
        RFC 3452, December 2002.

   [6]  Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
        Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.

10.2.  Informative References

   [7]  Handley, M. and V. Jacobson, "SDP: Session Description
        Protocol", RFC 2327, April 1998.

   [8]  Handley, M., Perkins, C., and E. Whelan, "Session Announcement
        Protocol", RFC 2974, October 2000.

   [9]  S. Pingali, D. Towsley, J. Kurose, "A Comparison of Sender-
        Initiated and Receiver-Initiated Reliable Multicast Protocols",
        In Proc. INFOCOM, San Francisco CA, October 1993.

   [10] Luby, M., Vicisano, L., Gemmell, J., Rizzo, L., Handley, M., and
        J. Crowcroft, "The Use of Forward Error Correction (FEC) in
        Reliable Multicast", RFC 3453, December 2002.

   [11] Macker, J. and B. Adamson, "The Multicast Dissemination Protocol
        (MDP) Toolkit", Proc. IEEE MILCOM 99, October 1999.

   [12] Nonnenmacher, J. and E. Biersack, "Optimal Multicast Feedback",
        Proc. IEEE INFOCOMM, p. 964, March/April 1998.

   [13] J. Macker, B. Adamson, "Quantitative Prediction of Nack Oriented
        Reliable Multicast (NORM) Feedback", Proc. IEEE MILCOM 2002,
        October 2002.

   [14] H.W. Holbrook, "A Channel Model for Multicast", Ph.D.
        Dissertation, Stanford University, Department of Computer
        Science, Stanford, California, August 2001.

   [15] D. Gossink, J. Macker, "Reliable Multicast and Integrated Parity
        Retransmission with Channel Estimation", IEEE GLOBECOMM 98',
        September 1998.

   [16] Whetten, B., Vicisano, L., Kermode, R., Handley, M., Floyd, S.,
        and M. Luby, "Reliable Multicast Transport Building Blocks for
        One-to-Many Bulk-Data Transfer", RFC 3048, January 2001.

Top      Up      ToC       Page 78 
   [17] Mankin, A., Romanow, A., Bradner, S., and V. Paxson, "IETF
        Criteria for Evaluating Reliable Multicast Transport and
        Application Protocols", RFC 2357, June 1998.

   [18] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson,
        "RTP:  A Transport Protocol for Real-Time Applications", STD 64,
        RFC 3550, July 2003.

   [19] J. Widmer and M. Handley, "Extending Equation-Based Congestion
        Control to Multicast Applications", Proc ACM SIGCOMM 2001, San
        Diego, August 2001.

   [20] L. Rizzo, "pgmcc: A TCP-Friendly Single-Rate Multicast
        Congestion Control Scheme", Proc ACM SIGCOMM 2000, Stockholm,
        August 2000.

   [21] J. Padhye, V. Firoiu, D. Towsley, and J. Kurose, "Modeling TCP
        Throughput: A Simple Model and its Empirical Validation", Proc
        ACM SIGCOMM 1998.

   [22] Kent, S. and R. Atkinson, "Security Architecture for the
        Internet Protocol", RFC 2401, November 1998.

Top      Up      ToC       Page 79 
11.  Authors' Addresses

   Brian Adamson
   Naval Research Laboratory
   Washington, DC, USA, 20375


   Carsten Bormann
   Universitaet Bremen TZI
   Postfach 330440
   D-28334 Bremen, Germany


   Mark Handley
   Department of Computer Science
   University College London
   Gower Street
   WC1E 6BT


   Joe Macker
   Naval Research Laboratory
   Washington, DC, USA, 20375


Top      Up      ToC       Page 80 
Full Copyright Statement

   Copyright (C) The Internet Society (2004).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the IETF's procedures with respect to rights in IETF Documents can
   be found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at ietf-


   Funding for the RFC Editor function is currently provided by the
   Internet Society.