tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search     info

RFC 5740

 
 
 

NACK-Oriented Reliable Multicast (NORM) Transport Protocol

Part 4 of 4, p. 65 to 96
Prev RFC Part

 


prevText      Top      Up      ToC       Page 65 
5.5.  Additional Protocol Mechanisms

   In addition to the principal function of data content transmission
   and repair, there are some other protocol mechanisms to help NORM to
   adapt to network conditions and play fairly with other coexistent
   protocols.

5.5.1.  Group Round-Trip Time (GRTT) Collection

   For NORM receivers to appropriately scale backoff timeouts and the
   senders to use proper corresponding timeouts, the participants need

Top      Up      ToC       Page 66 
   to use a common timeout basis.  Each NORM sender monitors the round-
   trip time of active receivers and determines the greatest group
   round-trip time.  The sender advertises this GRTT estimate in every
   message it transmits so receivers have this value available for
   scaling their timers.  To measure the current GRTT, the sender
   periodically sends NORM_CMD(CC) messages containing a locally
   generated timestamp.  Receivers are expected to record this timestamp
   along with the time the NORM_CMD(CC) message is received.  Then, when
   the receivers generate feedback messages to the sender, an adjusted
   version of the sender timestamp is embedded in the feedback message
   (NORM_NACK or NORM_ACK).  The adjustment adds the amount of time the
   receiver held the timestamp before generating its response.  Upon
   receipt of this adjusted timestamp, the sender is able to calculate
   the round-trip time to that receiver.

   The round-trip time for each receiver is fed into an algorithm that
   assigns weights and smoothes the values for a conservative estimate
   of the GRTT.  The algorithm and methodology are described in the
   Multicast NACK Building Block [RFC5401] document in the section
   entitled "One-to-Many Sender GRTT Measurement".  A conservative
   estimate helps guarantee feedback suppression at a small cost in
   overall protocol repair delay.  The sender's current estimate of GRTT
   is advertised in the "grtt" field found in all NORM sender messages.
   The advertised GRTT is also limited to a minimum of the nominal
   inter-packet transmission time given the sender's current
   transmission rate and system clock granularity.  The reason for this
   additional limit is to keep the receiver somewhat event-driven by
   making sure the sender has had adequate time to generate any response
   to repair requests from receivers given transmit rate limitations due
   to congestion control or configuration.

   When the NORM-CC Rate header extension is present in NORM_CMD(CC)
   messages, the receivers respond to NORM_CMD(CC) messages as described
   in Section 5.5.2, "NORM Congestion Control Operation".  The
   NORM_CMD(CC) messages are periodically generated by the sender as
   described for congestion control operation.  This provides for
   proactive, but controlled, feedback from the group in the form of
   NORM_ACK messages.  This provides for GRTT feedback even if no
   NORM_NACK messages are being sent.  If operating without congestion
   control in a closed network, the NORM_CMD(CC) messages MAY be sent
   periodically without the NORM-CC Rate header extension.  In this
   case, receivers will only provide GRTT measurement feedback when
   NORM_NACK messages are generated since no NORM_ACK messages are
   generated.  In this case, the NORM_CMD(CC) messages MAY be sent less
   frequently, perhaps as little as once per minute, to conserve network
   capacity.  Note the NORM-CC Rate header extension MAY also be used to
   proactively solicit RTT feedback from the receiver group per
   congestion control operation even when the sender is not conducting

Top      Up      ToC       Page 67 
   congestion control rate adjustment.  NORM operation without
   congestion control SHOULD be considered only in closed networks.

5.5.2.  NORM Congestion Control Operation

   This section describes baseline congestion control operation for the
   NORM protocol (NORM-CC).  The supporting NORM message formats and
   approach described here are an adaptation of the equation-based TCP-
   Friendly Multicast Congestion Control (TFMCC) approach [RFC4654].
   This congestion control scheme is REQUIRED for operation within the
   general Internet unless the NORM implementation is adapted to use
   another IETF-sanctioned reliable multicast congestion control
   mechanism.  With this TFMCC-based approach, the transmissions of NORM
   senders are controlled in a rate-based manner as opposed to window-
   based congestion control algorithms as in TCP.  However, it is
   possible the NORM protocol message set MAY alternatively be used to
   support a window-based multicast congestion control scheme such as
   PGMCC.  The details of such an alternative MAY be described
   separately or in a future revision of this document.  In either case
   (rate-based TFMCC or window-based PGMCC), successful control of
   sender transmission depends upon collection of sender-to-receiver
   packet loss estimates and RTTs to identify the congestion control
   bottleneck path(s) within the multicast topology and adjust the
   sender rate accordingly.  The receiver with loss and RTT estimates
   corresponding to the lowest resulting calculated transmission rate is
   identified as the "current limiting receiver" (CLR).  In the case of
   a tie (where candidate CLRs are within 10% of the same calculated
   rate), the receiver with the largest RTT value SHOULD be designated
   as the CLR.

   As described in [TcpModel], a steady-state sender transmission rate,
   to be "friendly" with competing TCP flows, can be calculated as:
                                    S
   Rsender = ----------------------------------------------------------
           T_rtt*(sqrt((2/3)*p) + 12*sqrt((3/8)*p) * p * (1 + 32*(p^2)))

   where

   S = nominal transmitted packet size.  (In NORM, the "nominal" packet
   size can be determined by the sender as an exponentially weighted
   moving average (EWMA) of transmitted packet sizes to account for
   variable message sizes).

   T_rtt = RTT estimate of the current "current limiting receiver"
   (CLR).

   p = loss event fraction of the CLR.

Top      Up      ToC       Page 68 
   To support congestion control feedback collection and operation, the
   NORM sender periodically transmits NORM_CMD(CC) command messages.
   NORM_CMD(CC) messages are multiplexed with NORM data and repair
   transmissions and serve several purposes, they:

   1.  Stimulate explicit feedback from the general receiver set to
       collect congestion control information.

   2.  Communicate state to the receiver set on the sender's current
       congestion control status including details of the CLR.

   3.  Initiate rapid (immediate) feedback from the CLR in order to
       closely track the dynamics of congestion control for the current
       worst path in the group multicast topology.

   The format of the NORM_CMD(CC) message is described in Section 4.2.3
   of this document.  The NORM_CMD(CC) message contains information to
   allow measurement of RTTs, to inform the group of the congestion
   control CLR, and to provide feedback of individual RTT measurements
   to the receivers in the group.  The NORM_CMD(CC) also provides for
   exciting feedback from OPTIONAL "potential limiting receiver" (PLR)
   nodes that might be determined administratively or possibly
   algorithmically based upon congestion control feedback.  PLR nodes
   are receivers that have been identified to have potential for
   (perhaps soon) becoming the CLR and thus immediate, up-to-date
   feedback is beneficial for congestion control performance.  The PLR
   list MAY be populated with a small number of receivers the sender
   identifies as approaching the CLR loss and delay conditions based on
   feedback from the group.

5.5.2.1.  NORM_CMD(CC) Transmission

   The NORM_CMD(CC) message is transmitted periodically by the sender
   along with its normal data transmission.  Note the repeated
   transmission of NORM_CMD(CC) messages MAY be initiated some time
   before transmission of user data content at session startup.  This
   can be done to collect some estimation of the current state of the
   multicast topology with respect to group and individual RTT and
   congestion control state.

   A NORM_CMD(CC) message is immediately transmitted at sender startup.
   The interval of subsequent NORM_CMD(CC) message transmission is
   determined as follows:

   1.  By default, the interval is set according to the current sender
       GRTT estimate.  A startup initial value of GRTT_sender = 0.5
       seconds is RECOMMENDED when no feedback has yet been received
       from the group.

Top      Up      ToC       Page 69 
   2.  Until a CLR has been identified (based on previous receiver
       feedback) or when no data transmission is pending, the
       NORM_CMD(CC) interval is doubled up from its current interval to
       a maximum of once per 30 seconds.  This results in a low duty
       cycle for NORM_CMD(CC) probing when no CLR is identified or there
       is no pending data to transmit.

   3.  When a CLR has been identified (based on receiver feedback) and
       data transmission is pending, the probing interval is set to the
       RTT between the sender and the CLR (RTT_clr).

   4.  Additionally, when the data transmission rate is low with respect
       to the RTT_clr interval used for probing, the implementation
       SHOULD ensure no more than one NORM_CMD(CC) message is sent per
       NORM_DATA message when there is data pending transmission.  This
       ensures the transmission of this control message is not done to
       the exclusion of user data transmission.

   The NORM_CMD(CC) "cc_sequence" field is incremented with each
   transmission of a NORM_CMD(CC) command.  The greatest "cc_sequence"
   recently received by receivers is included in their feedback to the
   sender.  This allows the sender to determine the age of feedback to
   assist in congestion avoidance.

   The NORM-CC Rate Header Extension is applied to the NORM_CMD(CC)
   message and the sender advertises its current transmission rate in
   the "send_rate" field.  The rate information is used by receivers to
   initialize loss estimation during congestion control startup or
   restart.

   The "cc_node_list" contains a list of entries identifying receivers
   and their current congestion control state (status "flags", "rtt",
   and "loss" estimates).  The list will be empty if the sender has not
   yet received any feedback from the group.  If the sender has received
   feedback, the list will minimally contain an entry identifying the
   CLR.  A NORM_FLAG_CC_CLR flag value is provided for the "cc_flags"
   field to identify the CLR entry.  It is RECOMMENDED the CLR entry be
   the first in the list for implementation efficiency.  Additional
   entries in the list are used to provide sender-measured individual
   RTT estimates to receivers in the group.  The number of additional
   entries in this list is dependent upon the percentage of control
   traffic the sender application is willing to send with respect to
   user data message transmissions.  More entries in the list will allow
   the sender to be more responsive to congestion control dynamics.  The
   length of the list can be dynamically determined according to the
   current transmission rate and scheduling of NORM_CMD(CC) messages.
   The maximum length of the list corresponds to the sender's
   NormSegmentSize parameter for the session.  The inclusion of

Top      Up      ToC       Page 70 
   additional entries in the list based on receiver feedback is
   prioritized with the following rules:

   1.  Receivers that have not yet been provided an RTT measurement get
       first priority.  Of these, those with the greatest loss fraction
       receive precedence for list inclusion.

   2.  Secondly, receivers that have previously been provided an RTT
       measurement are included with receivers yielding the lowest
       calculated congestion rate getting precedence.

   There are "cc_flag" values in addition to NORM_FLAG_CC_CLR used for
   other congestion control functions.  The NORM_FLAG_CC_PLR flag value
   is used to mark additional receivers from which the sender would like
   to have immediate, non-suppressed feedback.  These can be receivers
   the sender algorithmically identified as potential future CLRs or
   have been pre-configured as potential congestion control points in
   the network.  The NORM_FLAG_CC_RTT indicates the validity of the
   "cc_rtt" field for the associated receiver node.  Normally, this flag
   will be set since the receivers in the list will typically be
   receivers from which the sender has received feedback.  However, in
   the case the NORM sender has been pre-configured with a set of PLR
   nodes, feedback from those receivers might not have yet been
   collected and thus the "cc_rtt" field does not contain a valid value
   when this flag is not set.  Similarly, a value of ZERO for the
   "cc_rate" field here MUST be treated as an invalid value and be
   ignored for the purposes of feedback suppression, etc.

5.5.2.2.  NORM_CMD(CC) Feedback Response

   Receivers explicitly respond to NORM_CMD(CC) messages in the form of
   a NORM_ACK(RTT) message.  The goal of the congestion control feedback
   is to determine the receivers with the lowest congestion control
   rates.  Receivers marked as CLR or PLR nodes in the NORM_CMD(CC)
   "cc_node_list" immediately provide feedback in the form of a NORM_ACK
   to this message.  When a NORM_CMD(CC) is received, non-CLR or non-PLR
   nodes initiate random feedback backoff timeouts similar to those used
   when the receiver initiates a repair cycle (see Section 5.3) in
   response to detection of data loss.  The backoff timeout for the
   congestion control response is generated as follows:

      T_backoff = RandomBackoff(K_backoff * GRTT_sender, GSIZE_sender)

   The RandomBackoff() algorithm provides a truncated exponentially
   distributed random number and is described in the Multicast NACK
   Building Block [RFC5401] document.  The same backoff factor,
   K_backoff = K_sender, as used with NORM_NACK suppression is generally
   RECOMMENDED.  However, in cases where the application purposefully

Top      Up      ToC       Page 71 
   specifies a very small K_sender backoff factor to minimize the NACK
   repair process latency (trading off group size scalability), it is
   RECOMMENDED a larger backoff factor for congestion control feedback
   be maintained, since there can be a larger volume of congestion
   control feedback than NACKs in many cases and some congestion control
   feedback latency might be tolerable where reliable delivery latency
   is not.  As previously noted, a backoff factor value of K_sender = 4
   is generally RECOMMENDED for ASM operation and K_sender = 6 for SSM
   operation.  A receiver SHALL cancel the backoff timeout and thus its
   pending transmission of a NORM_ACK(RTT) message under the following
   conditions:

   1.  The receiver generates another feedback message (NORM_NACK or
       other NORM_ACK) before the congestion control feedback timeout
       expires (these messages will convey the current congestion
       control feedback information).

   2.  A NORM_CMD(CC) or other receiver feedback with an ordinally
       greater "cc_sequence" field value is received before the
       congestion control feedback timeout expires (this is similar to
       the TFMCC feedback round number).

   3.  When the T_backoff is greater than 1*GRTT_sender.  This prevents
       NACK implosion in the event of sender or network failure.

   4.  "Suppressing" congestion control feedback is heard from another
       receiver (in a NORM_ACK or NORM_NACK) or via a
       NORM_CMD(REPAIR_ADV) message from the sender.  The local
       receiver's feedback is "suppressed" if the rate of the competing
       feedback (Rfb) is sufficiently close to or less than the local
       receiver's calculated rate (Rcalc).  The local receiver's
       feedback is canceled when Rcalc > (0.9 * Rfb).  Also, note
       receivers that have not yet received an RTT measurement from the
       sender are suppressed only by other receivers that have not yet
       measured RTT.  Additionally, receivers whose RTT estimate has
       aged considerably (i.e., they haven't been included in the
       NORM_CMD(CC) "cc_node_list" in a long time) might wish to compete
       as a receiver with no prior RTT measurement after some long-term
       expiration period.

   When the backoff timer expires, the receiver SHALL generate a
   NORM_ACK(RTT) message to provide feedback to the sender and group.
   This message MAY be multicast to the group for most effective
   suppression in ASM topologies or unicast to the sender depending upon
   how the NORM protocol is deployed and configured.

   Whenever any feedback is generated (including this NORM_ACK(RTT)
   message), receivers include an adjusted version of the sender

Top      Up      ToC       Page 72 
   timestamp from the most recently received NORM_CMD(CC) message and
   its "cc_sequence" value in the corresponding NORM_ACK or NORM_NACK
   message fields.  For NORM-CC operation, any generated feedback
   message SHALL also contain the NORM-CC Feedback header extension.
   The receiver provides its current "cc_rate" estimate, "cc_loss"
   estimate, "cc_rtt" if known, and any applicable "cc_flags" via this
   header extension.

   During slow start (when the receiver has not yet detected loss from
   the sender), the receiver uses a value equal to two times its
   measured rate from the sender in the "cc_rate" field.  For steady-
   state congestion control operation, the receiver "cc_rate" value is
   from the equation-based value using its current loss event estimate
   and sender<->receiver RTT information.  (The GRTT_sender is used when
   the receiver has not yet measured its individual RTT.)

   The "cc_loss" field value reflects the receiver's current loss event
   estimate with respect to the sender in question.

   When the receiver has a valid individual RTT measurement, it SHALL
   include this value in the "cc_rtt" field.  The NORM_FLAG_CC_RTT MUST
   be set when the "cc_rtt" field is valid.

   After a congestion control feedback message is generated or when the
   feedback is suppressed, a non-CLR receiver begins a "holdoff" timeout
   period during which it will restrain itself from providing congestion
   control feedback, even if NORM_CMD(CC) messages are received from the
   sender (unless the receive becomes marked as a CLR or PLR node).  The
   value of this holdoff timeout (T_ccHoldoff) period is:

                   T_ccHoldoff = (K_sender * GRTT_sender)

   Thus, non-CLR receivers are constrained to providing explicit
   congestion control feedback once per K_sender*GRTT_sender intervals.
   However, as the session progresses, different receivers will be
   responding to different NORM_CMD(CC) messages and there will be
   relatively continuous feedback of congestion control information
   while the sender is active.

5.5.2.3.  Congestion Control Rate Adjustment

   During steady-state operation, the sender will directly adjust its
   transmission rate to the rate indicated by the feedback from its
   currently selected CLR.  As noted in [TfmccPaper], the estimation of
   parameters (loss and RTT) for the CLR will generally constrain the
   rate changes possible within acceptable bounds.  For rate increases,
   the sender SHALL observe a maximum rate of increase of one packet per
   RTT at all times during steady-state operation.

Top      Up      ToC       Page 73 
   The sender processes congestion control feedback from the receivers
   and selects the CLR based on the lowest rate receiver.  Receiver
   rates are determined either directly from the slow start "cc_rate"
   provided by the receiver in the NORM-CC Feedback header extension or
   by performing the equation-based calculation using individual RTT and
   loss estimates ("cc_loss") as feedback is received.

   The sender can calculate a current RTT for a receiver (RTT_rcvrNew)
   using the "grtt_response" timestamp included in feedback messages.
   When the "cc_rtt" value in a response is not valid, the sender simply
   uses this RTT_rcvrNew value as the receiver's current RTT (RTT_rcvr).
   For non-CLR and non-PLR receivers, the sender SHOULD use the "cc_rtt"
   provided in the NORM-CC Feedback header extension as the receiver's
   previous RTT measurement (RTT_rcvrPrev) averaged with the current
   measurement ("RTT_rcvrNew") as the receiver's RTT value:

             RTT_rcvr = 0.5 * RTT_rcvrPrev + 0.5 * RTT_rcvrNew

   For CLR receivers where feedback is received more regularly, the
   sender SHOULD maintain a more smoothed RTT estimate upon new feedback
   from the CLR where:

                 RTT_clr = 0.9 * RTT_clr + 0.1 * RTT_clrNew

   RTT_clrNew is the new RTT calculated from the timestamp in the
   feedback message received from the CLR.  The RTT_clr is initialized
   to RTT_clrNew on the first feedback message received.  Note that the
   same procedure is observed by the sender for PLR receivers, and if a
   PLR is "promoted" to CLR status, the smoothed estimate can be
   continued.

   There are some additional periods besides steady-state operation to
   be considered in NORM-CC operation.  These periods are:

   1.  during session startup,

   2.  when no feedback is received from the CLR, and

   3.  when the sender has a break in data transmission.

   During session startup, the congestion control operation SHALL
   observe a "slow-start" procedure to quickly approach its fair
   bandwidth share.  An initial sender startup rate is assumed where:

    Rinit = MIN(NormSegmentSize/GRTT_sender, NormSegmentSize) bytes/sec

   The rate is increased only when feedback is received from the
   receiver set.  The "slow start" phase proceeds until any receiver

Top      Up      ToC       Page 74 
   provides feedback indicating loss has occurred.  Rate increase during
   slow start is applied as:
                              Rnew = Rrecv_min

   where Rrecv_min is the minimum reported receiver rate in the
   "cc_rate" field of congestion control feedback messages received from
   the group.  Note during slow start, receivers use two times their
   measured rate from the sender in the "cc_rate" field of their
   feedback.  Rate increase adjustment is limited to once per GRTT
   during slow start.

   If the CLR or any receiver intends to leave the group, it will set
   the NORM_FLAG_CC_LEAVE in its congestion control feedback message as
   an indication the sender SHOULD NOT select it as the CLR.  When the
   CLR changes to a lower rate receiver, the sender SHOULD immediately
   adjust to the new lower rate.  The sender is limited to increasing
   its rate at one additional packet per RTT towards any new, higher CLR
   rate.

   The sender SHOULD also track the age of the feedback it has received
   from the CLR by comparing its current "cc_sequence" value
   (Seq_sender) to the last "cc_sequence" value received from the CLR
   (Seq_clr).  As the age of the CLR feedback increases with no new
   feedback, the sender SHALL begin reducing its rate once per RTT_clr
   as a congestion avoidance measure.  The following algorithm is used
   to determine the decrease in sender rate (Rsender bytes/sec) as the
   CLR feedback, unexpectedly, excessively ages:

                   Age = Seq_sender - Seq_clr;
                   if (Age > 4) Rsender = Rsender * 0.5;

   This rate reduction is limited to the lower bound on NORM
   transmission rates.  After NORM_ROBUST_FACTOR consecutive
   NORM_CMD(CC) rounds without any feedback from the CLR, the sender
   SHOULD assume the CLR has left the group and pick the receiver with
   the next lowest rate as the new CLR.  Note this assumes the sender
   does not have explicit knowledge the CLR intentionally left the
   group.  If no receiver feedback is received, the sender MAY wish to
   withhold further transmissions of NORM_DATA segments and maintain
   NORM_CMD(CC) transmissions only until feedback is detected.  After
   such a CLR timeout, the sender will be transmitting with a minimal
   rate and SHOULD return to slow start as described here for a break in
   data transmission.

   When the sender has a break in its data transmission, it can continue
   to probe the group with NORM_CMD(CC) messages to maintain RTT
   collection from the group.  This will enable the sender to quickly
   determine an appropriate CLR upon data transmission restart.

Top      Up      ToC       Page 75 
   However, the sender SHOULD exponentially reduce its target rate to be
   used for transmission restart as time since the break elapses.  The
   target rate SHOULD be recalculated once per RTT_clr as:

                          Rsender = Rsender * 0.5;

   If the minimum NORM rate is reached, the sender SHOULD set the
   NORM_FLAG_START flag in its NORM_CMD(CC) messages upon restart and
   the group SHOULD observe slow-start congestion control procedures
   until any receiver experiences a new loss event.

5.5.3.  NORM Positive Acknowledgment Procedure

   NORM provides options for the source application to request positive
   acknowledgment (ACK) of NORM_CMD(FLUSH) and NORM_CMD(ACK_REQ)
   messages from members of the group.  There are some specific
   acknowledgment requests defined for the NORM protocol and a range of
   acknowledgment request types left to be defined by the application.
   One predefined acknowledgment type is the NORM_ACK(FLUSH) type.  This
   acknowledgment is used to determine if receivers have achieved
   completion of reliable reception up through a specific logical
   transmission point with respect to the sender's sequence of
   transmission.  The NORM_ACK(FLUSH) acknowledgment MAY be used to
   assist in application flow control when the sender has information on
   a portion of the receiver set.  Another predefined acknowledgment
   type is NORM_ACK(CC) used to explicitly provide congestion control
   feedback in response to NORM_CMD(CC) messages transmitted by the
   sender for NORM-CC operation.  Note the NORM_ACK(CC) response does
   NOT follow the positive acknowledgment procedure described here.  The
   NORM_CMD(ACK_REQ) and NORM_ACK messages contain an "ack_type" field
   to identify the type of acknowledgment requested and provided.  A
   range of "ack_type" values is provided for application-defined use.
   While the application is responsible for initiating the
   acknowledgment request and interprets application-defined "ack_type"
   values, the acknowledgment procedure SHOULD be conducted within the
   protocol implementation to take advantage of timing and transmission
   scheduling information available to the NORM transport.

   The NORM Positive Acknowledgment Procedure uses polling by the sender
   to query the receiver group for response.  Note this polling
   procedure is not intended to scale to very large receiver groups, but
   could be used in a large group setting to query a critical subset of
   the group.  Either the NORM_CMD(ACK_REQ), or when applicable, the
   NORM_CMD(FLUSH) message is used for polling and contains a list of
   NormNodeIds of the receivers expected to respond to the command.  The
   list of receivers providing acknowledgment is determined by the
   source application with a priori knowledge of participating nodes or
   via some other application-level mechanism.

Top      Up      ToC       Page 76 
   The ACK process is initiated by the sender generating NORM_CMD(FLUSH)
   or NORM_CMD(ACK_REQ) messages in periodic rounds.  For
   NORM_ACK(FLUSH) requests, the NORM_CMD(FLUSH) contains a
   "object_transport_id" and "fec_payload_id" denoting the watermark
   transmission point for which acknowledgment is requested.  This
   watermark transmission point is echoed in the corresponding fields of
   the NORM_ACK(FLUSH) message sent by the receiver in response.
   NORM_CMD(ACK_REQ) messages contain an "ack_id" field that is
   similarly echoed in response so the sender can match the response to
   the appropriate request.

   In response to the NORM_CMD(ACK_REQ), the listed receivers randomly,
   with a uniform distribution, transmit NORM_ACK messages over a time
   window of (1*GRTT_sender).  These NORM_ACK messages are typically
   unicast to the sender.  (Note NORM_ACK(CC) messages SHALL be
   multicast or unicast in the same manner as NORM_NACK messages.)

   The ACK process is self-limiting and avoids ACK implosion because:

   1.  Only a single NORM_CMD(ACK_REQ) message is generated once per
       (2*GRTT_sender), and

   2.  The size of the "acking_node_list" of NormNodeIds from which
       acknowledgment is requested is limited to a maximum of the sender
       NormSegmentSize setting per round of the positive acknowledgment
       process.

   Because the size of the included list is limited to the sender's
   NormSegmentSize setting, multiple NORM_CMD(ACK_REQ) rounds will
   sometimes be necessary to achieve responses from all receivers
   specified.  The content of the attached NormNodeId list will be
   dynamically updated as this process progresses and NORM_ACK responses
   are received from the specified receiver set.  As the sender receives
   valid responses (i.e., matching watermark point or "ack_id") from
   receivers, it SHALL eliminate those receivers from the subsequent
   NORM_CMD(ACK_REQ) message "acking_node_list" and add in any pending
   receiver NormNodeIds while keeping within the NormSegmentSize
   limitation of the list size.  Each receiver is queried a maximum
   number of times (NORM_ROBUST_FACTOR, by default).  Receivers not
   responding within this number of repeated requests are removed from
   the payload list to make room for other potential receivers pending
   acknowledgment.  The transmission of the NORM_CMD(ACK_REQ) is
   repeated until no further responses are needed or until the repeat
   threshold is exceeded for all pending receivers.  The transmission of
   NORM_CMD(ACK_REQ) or NORM_CMD(FLUSH) messages to conduct the positive
   acknowledgment process is multiplexed with ongoing sender data
   transmissions.  However, the NORM_CMD(FLUSH) positive acknowledgment
   process MAY be interrupted in response to negative acknowledgment

Top      Up      ToC       Page 77 
   repair requests (NACKs) received from receivers during the
   acknowledgment period.  The NORM_CMD(FLUSH) positive acknowledgment
   process is restarted for receivers pending acknowledgment once any
   the repairs have been transmitted.

   In the case of NORM_CMD(FLUSH) commands with an attached
   "acking_node_list", receivers will not ACK until they have received
   complete transmission of all data up to and including the given
   watermark transmission point.  All receivers SHALL interpret the
   watermark point provided in the request NACK for repairs if needed as
   for NORM_CMD(FLUSH) commands with no attached "acking_node_list".

5.5.4.  Group Size Estimate

   NORM sender messages contain a "gsize" field that is a representation
   of the group size and that is used in scaling random backoff timer
   ranges.  The use of the group size estimate within the NORM protocol
   does not demand a precise estimation and works reasonably well if the
   estimate is within an order of magnitude of the actual group size.
   By default, the NORM sender group size estimate MAY be
   administratively configured.  Also, given the expected scalability of
   the NORM protocol for general use, a default value of 10,000 is
   RECOMMENDED for use as the group size estimate.  It is also possible
   the group size MAY be algorithmically approximated from the volume of
   congestion control feedback messages based on the exponentially
   weighted random backoff.  However, the specification of such an
   algorithm is currently beyond the scope of this document.

6.  Configurable Elements

   The NORM protocol supports a modest number of configurable parameters
   that control operation.  Most of these need only be set at NORM
   sender(s) and the configuration information is communicated to the
   receiver set in NORM header and/or header extension fields.  A
   notable exception to this is the NORM_ROBUST_FACTOR that is presumed
   to be a common value preset among senders and receivers for a given
   NORM session.  The following table summarizes these configurable
   elements:

Top      Up      ToC       Page 78 
   +--------------------+----------------------------------------------+
   | Configurable       | Purpose                                      |
   | Element            |                                              |
   +--------------------+----------------------------------------------+
   | Sender initial     | Sender's initial estimate of greatest group  |
   | GRTT Estimate      | round-trip time.  Affects timing of feedback |
   | (GRTT_sender)      | suppression and sender command transmissions |
   |                    | at sender startup.                           |
   | Backoff Factor     | Sender's scaling factor used for timer-based |
   | (K_sender)         | feedback suppression.                        |
   | Group Size         | Sender's rough estimate of receiver group    |
   | Estimate           | size used in generation of random feedback   |
   | (GSIZE_sender)     | backoff timeout.                             |
   | NORM_ROBUST_FACTOR | Integer factor determining how persistently  |
   |                    | (i.e., robust) senders transmit repeated     |
   |                    | control messages and receivers self-initiate |
   |                    | timeout-based NACKing in the absence of      |
   |                    | sender activity.                             |
   | FEC Type           | Sender FEC encoding type.                    |
   | ("fec_id")         |                                              |
   | Sender segment     | Maximum size (in bytes) of the payload       |
   | size               | portion of NORM_DATA and other messages.     |
   | (NormSegmentSize)  |                                              |
   | NormNodeId         | Unique identifiers pre-assigned to all NORM  |
   |                    | session participants.                        |
   +--------------------+----------------------------------------------+

   The sender-controlled GRTT estimate (referred to as GRTT_sender in
   this document) is used to set and scale various timers associated
   with NORM protocol operation.  During steady-state operation, the
   sender probes the receiver set, adapts to the group round-trip timing
   state, and advertises its estimate to the receiver set in the "grtt"
   field of relevant NORM protocol messages.  However, an initial value
   must be assumed at sender startup.  A large initial estimate is
   conservative and safer with regard to preventing feedback implosion
   and starting up congestion control operation, but requires the sender
   and receivers to allocate more buffering resources for a given
   transmission rate (i.e., larger effective delay*bandwidth product) to
   maintain efficient operation.  A default initial value of GRTT_sender
   = 0.5 seconds is RECOMMENDED.

   The sender-controlled Backoff Factor (referred to a K_sender in this
   document) is used to scale protocol timers and contributes to the
   generation of the random backoff timeout value that facilitates
   timer-based feedback suppression.  The sender advertises its
   configured Backoff Factor to the receiver set in the "backoff" field
   of applicable NORM messages and thus no receiver configuration is
   necessary.  For ASM operation, a default value of K_sender = 4 is

Top      Up      ToC       Page 79 
   RECOMMENDED; for SSM operation, a default value of K_sender = 6 is
   RECOMMENDED.

   The sender estimate of session Group Size (referred to as
   GSIZE_sender in this document) also plays a role in the random
   selection of feedback suppression timeout values.  The sender
   advertises its configured Group Size estimate to the receiver set in
   the "gsize" field of applicable NORM messages; thus, no receiver
   configuration is necessary.  Only a rough estimate (i.e., "order-of-
   magnitude") is needed for effective feedback suppression and a
   default value of GSIZE_sender = 10,000 is RECOMMENDED as a
   conservative estimate for most uses.

   The NORM_ROBUST_FACTOR is an integer parameter that determines how
   persistently NORM senders transmit control messages (NORM_CMD
   messages) such as end-of-transmission flushing, OPTIONAL positive
   acknowledgment requests, etc.  Additionally, the receivers use their
   knowledge of NORM_ROBUST_FACTOR to determine when to consider a NORM
   sender inactive and MAY use the factor in determining how
   persistently to self-initiate repeated NACK repair requests upon such
   timeouts.  This parameter is NOT communicated in NORM protocol
   message headers and is presumed to be preset to a consistent value
   among sender and receivers for a given NORM session.  A default value
   of NORM_ROBUST_FACTOR = 20 is RECOMMENDED.

   Another NORM sender configuration element is the FEC type used to
   encode NORM_DATA message content.  The FEC type is communicated from
   the sender to the receiver set in the "fec_id" field of relevant NORM
   message headers.  The "fec_id" value corresponds to an IANA-assigned
   value identifying the FEC encoding type as described in the FEC
   Building Block [RFC5052] document.  Typically, a sender SHOULD use a
   consistent FEC encoding for its participation in a session to
   simplify receiver state allocation and maintenance, but its
   implementations MAY vary the FEC encoding type on a per-object basis
   if necessary.

   The sender NormSegmentSize setting determines the maximum size of the
   payload portion of NORM_DATA and other messages that the sender
   transmits.  Additionally, the payload size of feedback messages from
   receivers to a given sender is limited to that sender's
   NormSegmentSize.  The NormSegmentSize SHOULD be configured to be
   compatible with expected network MTU limitations, given the added
   overhead of NORM, UDP, and IP protocol message headers.
   Additionally, MTU Discovery MAY be employed by the sender to
   determine an appropriate NormSegmentSize.  The NormSegmentSize for a
   given sender can be determined by receivers from the FEC Object
   Transmission Information (FTI) provided either in applied EXT_FTI
   header extensions or pre-configured session information.

Top      Up      ToC       Page 80 
   Although it is not technically a configurable element, the receivers
   MUST have FEC Object Transmission Information for transmitted
   NormObjects to properly buffer, decode, and reassemble the original
   content.  For loosely organized NORM protocol sessions, the sender
   MAY apply the EXT_FTI Header Extension to NORM_DATA and NORM_INFO (if
   applicable) messages so that receivers can get this information
   without prior coordination.  An implementation MAY also apply the
   EXT_FTI only to NORM_INFO messages for reduced overhead.  Finally,
   applications MAY also provide the FTI out-of-band prior to sender
   transmission.

   Each participant in a NORM protocol session MUST be configured with a
   unique NormNodeId value.  The NormNodeId value is used by receivers
   to identify the sender to which their NACK or other feedback messages
   are addressed, and senders use the NormNodeId to differentiate
   receivers for purposes of congestion control and OPTIONAL positive
   acknowledgment collection.  Assignment of unique NormNodeId values
   can be done via a priori coordination and/or use of a deconfliction
   mechanism external to the NORM protocol itself.  The values of
   NORM_NODE_NONE = 0x00000000 and NORM_NODE_ANY = 0xffffffff are
   reserved and MUST NOT be assigned to NORM participants.

7.  Security Considerations

   The same security considerations that apply to the Multicast NACK
   [RFC5401], TFMCC [RFC4654], and FEC [RFC5052] Building Blocks also
   apply to the NORM protocol.  In addition to the vulnerabilities to
   which any IP and IP multicast protocol implementation is subject,
   malicious hosts might engage in excessive NACKing in an attempt to
   prevent the NORM sender(s) from making forward progress in reliable
   transmission.  Receiver "join" and "service" policy enforcement as
   described in Section 5.2 can be applied if such activity is detected.
   The use of cryptographic peer authentication, integrity checks,
   and/or confidentiality mechanisms can be used to provide a more
   effective degree of protection from objectionable transmissions from
   unauthorized hosts.  But in some cases, even with authentication and
   integrity checks, the NACK-based feedback of NORM can be exploited by
   replay attacks forcing the NORM sender to unnecessarily transmit
   repair information.  This MAY be addressed in part with network-layer
   IP security implementations that guard against this potential
   security exploitation or alternatively with a security mechanism
   using the EXT_AUTH header extension for similar purposes.  Such
   security mechanisms SHOULD be deployed and used when available.  Use
   of security mechanisms will impose additional "a priori"
   configuration upon the NORM deployment depending upon the techniques
   used.

   The NORM protocol is compatible with the use of IP security (IPsec)

Top      Up      ToC       Page 81 
   [RFC4301], and the IPsec Encapsulating Security Payload (ESP)
   protocol or Authentication Header (AH) extension can be used to
   secure IP packets transmitted by NORM participants.  A baseline
   approach to secure NORM operation using IPsec is described below.
   Compliant implementations of this specification are REQUIRED to be
   compatible with IPsec usage as described in Section 7.1.  IPsec can
   be used to provide peer authentication, integrity protection, and/or
   encryption of packets containing NORM messages.

   Additionally, the EXT_AUTH header extension (HET = 1) is reserved for
   use by security mechanisms to provide alternatives to IPsec for the
   security of NORM messages.  The format of this header extension and
   its processing is outside the scope of this document and is to be
   communicated out-of-band as part of the session description.  It is
   possible an EXT_AUTH implementation MAY also provide for encryption
   of NORM message payloads as well as peer authentication and integrity
   protection.  The use of this approach as compared to IPsec can allow
   for header compression techniques to be applied jointly to IP and
   NORM protocol headers.  In cases where security analysis deems
   encryption of NORM protocol header content to be beneficial or
   necessary, the aforementioned use of IPsec ESP might be more
   appropriate.  Additionally, the EXT_AUTH header extension can be
   utilized when NORM is implemented in a network with Network Address
   Translation (NAT) systems that are incompatible with use of the IPsec
   AH extension.  If EXT_AUTH is present, whatever packet authentication
   or integrity checks that can be performed immediately upon reception
   of the packet MUST be performed before accepting the packet and
   performing any congestion-control-related action on it.  Some packet
   authentication schemes impose a delay of several seconds between when
   a packet is received and when the packet can be fully authenticated.
   Any appropriate congestion control related action MUST NOT be
   postponed by any such packet security mechanism (i.e., security
   mechanisms MUST NOT result in poor congestion control behavior).

   Consideration MUST also be given to the potential for replay-attacks
   that would transplant authenticated packets from one NORM session to
   another to disrupt service.  To avoid this potential, unique keys
   SHOULD be assigned on a per-session basis or NORM sender nodes SHOULD
   be configured to use unique "instance_id" identifiers managed as part
   of the security association for the sessions.

   Note NORM implementations can use the "sequence" field from the NORM
   common message header to detect replay attacks.  This can be
   accomplished if the NORM sender maintains state on actively NACKing
   receivers.  A cache of such receiver state can be used to provide
   protection against NACK replay attacks.  NORM receivers MUST also
   maintain similar state for protection against possible replay of
   other receiver messages in ASM operation as well.  For example, a

Top      Up      ToC       Page 82 
   receiver could be suppressed from providing NACK or congestion
   control feedback by replay of certain receiver messages.  For these
   reasons, authentication of NORM messages (e.g., via IPsec) SHOULD be
   applied for protection against similar attacks that use fabricated
   messages.  Also, encryption of messages to provide confidentiality of
   application data and protect privacy of users MAY also be applied
   using IPsec or similar mechanisms.

   When applicable security measures are used, automated key management
   mechanisms such as those described in the Group Domain of
   Interpretation (GDOI) [RFC3547], Multimedia Internet KEYing (MIKEY)
   [RFC3830], or Group Secure Association Key Management Protocol
   (GSAKMP) [RFC4535] specifications SHOULD be applied.

   While NORM does leverage FEC-based repair for scalability, this alone
   does not guarantee integrity of received data.  Application-level
   integrity-checking of received data content is highly RECOMMENDED.
   This recommendation also applies when the IPsec security approach
   described below is used for added assurance in data content integrity
   given the shared use of IPsec Security Association information among
   the group.

7.1.  Baseline Secure NORM Operation

   This section describes a baseline mode of secure NORM protocol
   operation based on application of the IPsec security protocol.  This
   approach is documented here to provide a baseline interoperable
   secure mode of operation.  This particular approach represents one
   possible trade-off in the level of assurance that can be achieved and
   the scalability of multicast group-size given current IPsec
   mechanisms and the state required to support them.  For example, this
   baseline approach specifies the use of a Security Association that is
   shared among the receiver set for feedback messages to the sender.
   This model requires that the receiver membership receiving the
   session keys is trusted and only provides protection from attacks
   that are external to the NORM group membership.  More stateful and
   complex IPsec approaches and key management schemes may be applied
   for higher levels of assurance, but those are beyond the scope of
   this transport protocol specification.  Additional approaches to NORM
   security, including other forms of IPsec application, MAY be
   specified in the future.  For example, the use of the EXT_AUTH header
   extension could enable NORM-specific authentication or security
   encapsulation headers similar to those of IPsec to be specified and
   inserted into the NORM protocol message headers.  This would allow
   header compression techniques to be applied to IP and NORM protocol
   headers when needed in a similar fashion to RTP [RFC3550] and as
   preserved in the specification for Secure Real Time Protocol (SRTP)
   [RFC3711].

Top      Up      ToC       Page 83 
   The baseline approach described is applicable to NORM operation
   configured for SSM (or SSM-like) operation where there is a single
   sender and the receivers are providing unicast feedback.  This form
   of NORM operation allows for IPsec to be used with a manageable
   number of security associations (SA).

7.1.1.  IPsec Approach

   For NORM one-to-many SSM operation with unicast feedback from
   receivers, each node SHALL be configured with two transport mode
   IPsec security associations and corresponding Security Policy
   Database (SPD) entries.  One entry will be used for sender-to-group
   multicast packet authentication and optionally encryption while the
   other entry will be used to provide security for the unicast feedback
   messaging from the receiver(s) to the sender.  Note that this single
   SA for NORM receiver feedback messages is shared to protect traffic
   from possibly multiple receivers to the single sender.

   For each NormSession, the NORM sender SHALL use an IPsec SA
   configured for ESP protocol [RFC4303] operation with the option for
   data origin authentication enabled.  It is also RECOMMENDED this
   IPsec ESP SA be also configured to provide confidentiality protection
   for IP packets containing NORM protocol messages.  This is suggested
   to make the realization of complex replay attacks much more
   difficult.  The encryption key for this SA SHALL be preplaced at the
   sender and receiver(s) prior to NORM protocol operation.  Use of
   automated key management is RECOMMENDED as a rekey SHALL be REQUIRED
   prior to expiration of the sequence space for the SA.  This is
   necessary so receivers can use the built-in IPsec replay attack
   protection possible for an IPsec SA with a single source (the NORM
   sender).  Thus, the receivers SHALL enable replay attack protection
   for this SA used to secure NORM sender traffic.  An IPsec SPD entry
   MUST be configured to process outbound packets to the session
   (destination) address and UDP port number of the applicable
   (NormSession).

   The NORM receiver(s) MUST be configured with the SA and SPD entry to
   properly process the IPsec-secured packets from the sender.  The NORM
   receiver(s) SHALL also use a common, second IPsec SA (common Security
   Parameter Index (SPI) and encryption key) configured for ESP
   operation with the option for data origination authentication
   enabled.  Similar to the NORM sender, is RECOMMENDED this IPsec ESP
   SA be also configured to provide confidentiality protection for IP
   packets containing NORM protocol messages.  The receivers MUST have
   an IPsec SPD entry configured to process outbound NORM/UDP packets
   directed to the NORM sender source address and port number using this
   second SA.  To support NORM unicast feedback, the sender's
   transmission port number SHOULD be selected to be distinct from the

Top      Up      ToC       Page 84 
   multicast session port number to allow discrimination between unicast
   and multicast feedback messages when access to the IP destination
   address is not possible (e.g., a user-space NORM implementation).
   For processing of packets from receivers, the NORM sender SHALL be
   configured with this common, second SA (and the corresponding SPD
   entry needed) in order to properly process messages from the
   receiver.

   Multiple receivers using a common IPsec SA for traffic directed to
   the NORM sender (i.e., many-to-one) typically prevents the use of
   built-in IPsec replay attack protection by the NORM sender with
   current IPsec implementations.  Thus the built-in IPsec replay attack
   protection for this second SA at the sender MUST be disabled unless
   the particular IPsec implementation manages its replay protection on
   a per-source basis (which is not typical of existing IPsec
   implementations).  So, to support a fully secure mode of operation,
   the NORM sender implementation MUST provide replay attack protection
   based upon the "sequence" field of NORM protocol messages from
   receivers.  This can be accomplished with a high assurance of
   security, even with the limited size (16-bits) of this field,
   because:

   1.  NORM receiver NACK and non-CLR ACK feedback messages are sparse.

   2.  The more frequent NORM_ACK feedback from CLR or PLR nodes is only
       a small set of receivers for which the sender needs to keep more
       persistent replay attack state.

   3.  NORM_NACK feedback messages preceding the sender's current repair
       window do not significantly impact protocol operation (generation
       of NORM_CMD(SQUELCH) is limited) and could be in fact ignored.
       This means the sender can prune any replay attack state that
       precedes the current repair window.

   4.  NORM_ACK messages correspond to either a specific sender
       "ack_id", the sender "cc_sequence" for ACKs sent in response to
       NORM_CMD(CC), or the sender's current repair window in the case
       of ACKs sent in response to NORM_CMD(FLUSH).  Thus, the sender
       can prune any replay attack state for receivers that precede the
       current applicable sequence or repair window space.

   The use of ESP confidentiality for secure NORM protocol operation
   makes it more difficult for adversaries to conduct any form of replay
   attacks.  Additionally, a NORM sender implementation with access to
   the full ESP protocol header could also use the ESP sequence
   information to make replay attack protection even more robust by
   maintaining the per-source ESP sequence state that existing IPsec
   implementations typically do not provide.  The design of this

Top      Up      ToC       Page 85 
   baseline security approach for NORM intentionally places any more
   complex processing state or processing (e.g., replay attack
   protection given multiple receivers) at the NORM sender since NORM
   receiver implementations might often need to be less complex.

   This baseline approach can be used for NORM protocol sessions with
   multiple senders if the SA pairs described are established for each
   sender.  For small-sized groups, it is even possible many-to-many
   (ASM) IPsec configuration could be achieved where each participant
   uses a unique SA (with a unique SPI).  In this case, the sender(s)
   would maintain an SA for each other participant rather than a single,
   shared SA for receiver feedback messages.  This does not scale to
   larger group sizes given the complex set of SA and SPD entries each
   participant would need to maintain.

   It is anticipated in early deployments of this baseline approach to
   NORM security that key management will be conducted out-of-band with
   respect to NORM protocol operation.  In the case of one-to-many NORM
   operation, it is possible receivers will retrieve keying information
   from a central server as needed or otherwise conduct group key
   updates with a similar centralized approach.  Alternatively, it is
   possible with some key management schemes for rekey messages to be
   transmitted to the group as a message or transport object within the
   NORM reliable transfer session.  Similarly, for group-wise
   communication sessions, it is possible for potential group
   participants to request keying and/or rekeying as part of NORM
   communications.  Additional specification is necessary to define an
   in-band key management scheme for NORM sessions perhaps using the
   mechanisms of the automated group key management specifications cited
   in this document.  Additional specification outside of the scope of
   this document would be needed to provide an interoperable approach
   for key management in-band of a NORM reliable transport session.

7.1.2.  IPsec Requirements

   In order to implement this secure mode of NORM protocol operation,
   the following IPsec capabilities are REQUIRED.

7.1.2.1.  Selectors

   The implementation MUST be able to use the source address,
   destination address, protocol (UDP), and UDP port numbers as
   selectors in the SPD.

7.1.2.2.  Mode

   IPsec in transport mode MUST be supported.  The use of IPsec
   [RFC4301] processing for secure NORM traffic MUST be configured such

Top      Up      ToC       Page 86 
   that unauthenticated packets are not received by the NORM protocol
   implementation.

7.1.2.3.  Key Management

   An automated key management scheme for group key distribution and
   rekeying such as GDOI [RFC3547], GSAKMP [RFC4535], or MIKEY [RFC3830]
   is RECOMMENDED for use.  Note it is possible for key update messages
   (e.g., the GDOI GROUPKEY-PUSH message) to be included as part of the
   NORM application reliable data transmission if appropriate interfaces
   are available between the NORM application and the key management
   daemon.  Relatively short-lived NORM sessions MAY be able to use
   Manual Keying with a single, preplaced key, particularly if Extended
   Sequence Numbering (ESN) [RFC4303] is available in the IPsec
   implementation used.  When manual keys are used, it is important that
   cryptographic algorithms suitable for manual key use are selected.

7.1.2.4.  Security Policy

   Receivers MUST accept protocol messages only from the designated,
   authorized sender(s).  Appropriate key management will provide
   authentication, integrity and/or encryption keys only to receivers
   authorized to participate in a designated session.  The approach
   outlined here allows receiver sets to be controlled on a per-sender
   basis.

7.1.2.5.  Authentication and Encryption

   Large NORM group sizes will necessitate some form of key management
   that does rely upon shared secrets.  The GDOI and GSAKMP protocols
   mentioned here allow for certificate-based authentication.  It is
   RECOMMENDED these certificates use IP addresses for authentication.

7.1.2.6.  Availability

   The IPsec requirements profile outlined here is commonly available on
   many potential NORM hosts.  Configuration and operation of IPsec
   typically requires privileged user authorization.  Automated key
   management implementations are typically configured with the
   privileges necessary to affect system IPsec configuration.

8.  IANA Considerations

   Values of NORM Header Extension Types, Stream Control Codes, and
   NORM_CMD message sub-types are subject to IANA registration.  They
   are in the registry named "Reliable Multicast Transport (RMT) NORM
   Protocol Parameters" available from http://www.iana.org.

Top      Up      ToC       Page 87 
   Note the reliable multicast building block components used by this
   specification also have their respective IANA considerations, and
   those documents SHOULD be consulted accordingly.  In particular, the
   FEC Building Block used by NORM does REQUIRE IANA registration of the
   FEC codecs used.  The registration instructions for FEC codecs are
   provided in RFC 5052.  It is possible additional extensions of the
   NORM protocol might be specified in the future (e.g., additional NORM
   message types) and additional registries be established at that time
   with appropriate IETF standards action.

8.1.  Explicit IANA Assignment Guidelines

   This document introduces three registries for the NORM Header
   Extension Types, Stream Control Codes, and NORM_CMD Message sub-
   types.  This section describes explicit IANA assignment guidelines
   for each of these.

8.1.1.  NORM Header Extension Types

   This document defines a registry for NORM Header Extensions named
   "NORM Header Extension Types".

   The NORM Header Extension Type field is an 8-bit value.  The values
   of this field identify extended header content allowing the protocol
   functionality to be expanded to include additional features and
   operating modes.  The values that can be assigned within the "NORM
   Header Extensions" registry are numeric indexes in the range {0,
   255}, boundaries included.  Values in the range {0,127} indicate
   variable-length extended header fields while values in the range
   {128,255} indicate extensions of a fixed 4-byte length.  This
   specification registers the following NORM Header Extension Types:

                 +-------+----------+--------------------+
                 | Value | Name     | Reference          |
                 +-------+----------+--------------------+
                 | 1     | EXT_AUTH | This specification |
                 | 3     | EXT_CC   | This specification |
                 | 64    | EXT_FTI  | This specification |
                 | 128   | EXT_RATE | This specification |
                 +-------+----------+--------------------+

   Requests for assignment of additional NORM Header Extension Type
   values are granted on a "Specification Required" basis as defined by
   IANA Guidelines [RFC5226].  Any such header extension specifications
   MUST include a description of protocol actions to be taken when the
   extension type is encountered by a protocol implementation not
   supporting that specific option.  For example, it is often possible
   for protocol implementations to ignore unknown header extensions.

Top      Up      ToC       Page 88 
8.1.2.  NORM Stream Control Codes

   This document defines a registry for NORM Stream Control Codes named
   "NORM Stream Control Codes".

   NORM Stream Control Codes are 16-bit values that can be inserted
   within a NORM_OBJECT_STREAM delivery object to convey sequenced, out-
   of-band (with respect to the stream data) control signaling
   applicable to the referenced stream object.  These control codes are
   to be delivered to the application or protocol implementation with
   reliable delivery, in-order with respect to the their inserted
   position within the stream.  This specification registers the
   following NORM Stream Control Code:

             +-------+-----------------+--------------------+
             | Value | Name            | Reference          |
             +-------+-----------------+--------------------+
             | 0     | NORM_STREAM_END | This specification |
             +-------+-----------------+--------------------+

   Additional NORM Stream Control Code value assignment requests are
   granted on a "Specification Required" basis as defined by IANA
   Guidelines [RFC5226].  The full 16-bit space outside of the value
   assigned in this specification are available for future assignment.
   In addition to describing the control code's expected interpretation,
   such specifications MUST include a description of protocol actions to
   be taken when the control code is encountered by a protocol
   implementation not supporting that specific option.

8.1.3.  NORM_CMD Message Sub-Types

   This document defines a registry for NORM_CMD message sub-types named
   "NORM Command Message Sub-types".

   The NORM_CMD message "sub-type" field is an 8-bit value with valid
   values in the range of 1-255.  Note the value 0 is reserved to
   indicate an invalid NORM_CMD message sub-type.  The current
   specification defines a number of NORM_CMD message sub-types senders
   can use to signal the receivers in various aspects of NORM protocol
   operation.  This specification registers the following NORM_CMD
   Message Sub-types:

Top      Up      ToC       Page 89 
          +-------+-----------------------+--------------------+
          | Value | Name                  | Reference          |
          +-------+-----------------------+--------------------+
          | 0     | reserved              | This specification |
          | 1     | NORM_CMD(FLUSH)       | This specification |
          | 2     | NORM_CMD(EOT)         | This specification |
          | 3     | NORM_CMD(SQUELCH)     | This specification |
          | 4     | NORM_CMD(CC)          | This specification |
          | 5     | NORM_CMD(REPAIR_ADV)  | This specification |
          | 6     | NORM_CMD(ACK_REQ)     | This specification |
          | 7     | NORM_CMD(APPLICATION) | This specification |
          +-------+-----------------------+--------------------+

   Future specifications extending NORM MAY define additional NORM_CMD
   messages to enhance protocol functionality.  NORM_CMD message sub-
   type value assignment requests are granted on a "Specification
   Required" basis as defined by IANA Guidelines [RFC5226].  In addition
   to describing the command sub-type's expected interpretation,
   specifications MUST include a description of protocol actions to be
   taken when the command is encountered by a protocol implementation
   not supporting that specific option.

   This specification already defines an "application-defined" NORM_CMD
   message sub-type for use at the discretion of individual applications
   using NORM for transport.  These "application-defined" commands are
   suitable for many application-specific purposes and do not involve
   standards action.  In any case, such additional messages SHALL be
   subject to the same congestion control constraints as the existing
   NORM sender message set.

9.  Suggested Use

   The present NORM protocol is seen as a useful tool for the reliable
   data transfer over generic IP multicast services.  It is not the
   intention of the authors to suggest it is suitable for supporting all
   envisioned multicast reliability requirements.  NORM provides a
   simple and flexible framework for multicast applications with a
   degree of concern for network traffic implosion and protocol overhead
   efficiency.  NORM-like protocols have been successfully demonstrated
   within the MBone for bulk data dissemination applications, including
   weather satellite compressed imagery updates servicing a large group
   of receivers and a generic web content reliable "push" application.

   In addition, this framework approach has some design features making
   it attractive for bulk transfer in asymmetric and wireless
   internetwork applications.  NORM is capable of successfully operating
   independent of network structure and in environments with high packet
   loss, delay, and out-of-order delivery.  Hybrid proactive/reactive

Top      Up      ToC       Page 90 
   FEC-based repairing improve protocol performance in some multicast
   scenarios.  A sender-only repair approach often makes additional
   engineering sense in asymmetric networks.  NORM's unicast feedback
   capability is suitable for use in asymmetric networks or in networks
   where only unidirectional multicast routing/delivery service exists.
   Asymmetric architectures supporting multicast delivery are likely to
   make up an important portion of the future Internet structure (e.g.,
   direct broadcast satellite (DBS) or cable and public-switched
   telephone network (PSTN) hybrids, etc.) and efficient, reliable bulk
   data transfer will be an important capability for servicing large
   groups of subscribed receivers.

10.  Changes from RFC 3940

   This section lists the changes between the Experimental version of
   this specification, RFC 3940, and this version:

   1.  Removal of the NORM_FLAG_MSG_START for NORM_OBJECT_STREAM,
       replacing it with the "payload_msg_start" field in the FEC-
       encoded preamble of the NORM_OBJECT_STREAM NORM_DATA payload.

   2.  Definition of IANA registry for header extension and other
       assignments.

   3.  Removal of file blocking scheme description now specified in the
       FEC Building Block document [RFC5052].

   4.  Removal of restriction of NORM receiver feedback message rate to
       local NORM sender rate (this caused congestion control failures
       in high speed operation.  The extremely low feedback rate of the
       NORM protocol as compared to TCP avoids any resultant impact to
       the network as shown in [Mdpcc].)

   5.  Correction of errors in some message format descriptions.

   6.  Correction of inconsistency in specification of the inactivity
       timeout.

   7.  Addition of IPsec secure mode description with IPsec
       requirements.

   8.  Addition of the EXT_AUTH header extension definition.

   9.  Clarification of interpretation of "Source Block Length" when FEC
       codes are arbitrarily shortened by the sender.

Top      Up      ToC       Page 91 
11.  Acknowledgments

   (and these are not Negative)

   The authors would like to thank Rick Jones, Vincent Roca, Rod Walsh,
   Toni Paila, Michael Luby, and Joerg Widmer for their valuable input
   and comments on this document.  The authors would also like to thank
   the RMT working group chairs, Roger Kermode and Lorenzo Vicisano, for
   their support in development of this specification, and Sally Floyd
   for her early input into this document.

12.  References

12.1.  Normative References

   [RFC1112]        Deering, S., "Host extensions for IP multicasting",
                    STD 5, RFC 1112, August 1989.

   [RFC2119]        Bradner, S., "Key words for use in RFCs to Indicate
                    Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC4301]        Kent, S. and K. Seo, "Security Architecture for the
                    Internet Protocol", RFC 4301, December 2005.

   [RFC4303]        Kent, S., "IP Encapsulating Security Payload (ESP)",
                    RFC 4303, December 2005.

   [RFC4607]        Holbrook, H. and B. Cain, "Source-Specific Multicast
                    for IP", RFC 4607, August 2006.

   [RFC4654]        Widmer, J. and M. Handley, "TCP-Friendly Multicast
                    Congestion Control (TFMCC): Protocol Specification",
                    RFC 4654, August 2006.

   [RFC5052]        Watson, M., Luby, M., and L. Vicisano, "Forward
                    Error Correction (FEC) Building Block", RFC 5052,
                    August 2007.

   [RFC5226]        Narten, T. and H. Alvestrand, "Guidelines for
                    Writing an IANA Considerations Section in RFCs",
                    BCP 26, RFC 5226, May 2008.

   [RFC5401]        Adamson, B., Bormann, C., Handley, M., and J.
                    Macker, "Multicast Negative-Acknowledgment (NACK)
                    Building Blocks", RFC 5401, November 2008.

Top      Up      ToC       Page 92 
12.2.  Informative References

   [FecHybrid]      Gossink, D. and J. Macker, "Reliable Multicast and
                    Integrated Parity Retransmission with Channel
                    Estimation", IEEE GLOBECOMM, 1998.

   [McastFeedback]  Nonnenmacher, J. and E. Biersack, "Optimal Multicast
                    Feedback", IEEE INFOCOM, p. 964, March/April 1998.

   [MdpToolkit]     Macker,  J. and B. Adamson, "The Multicast
                    Dissemination Protocol (MDP) Toolkit", Proc.
                    IEEE MILCOM, October 1999.

   [Mdpcc]          Adamson,  B. and J. Macker, "A TCP-Friendly, Rate-
                    based Mechanism for NACK-Oriented Reliable Multicast
                    Congestion Control", Proc. IEEE GLOBECOMM,
                    November 2001.

   [NormFeedback]   Adamson, B. and J. Macker, "Quantitative Prediction
                    of NACK-Oriented Reliable Multicast (NORM)
                    Feedback", IEEE MILCOM, October 2002.

   [PgmccPaper]     Rizzo, L., "pgmcc: A TCP-Friendly Single-Rate
                    Multicast Congestion Control Scheme", ACM SIGCOMM,
                    August 2000.

   [RFC2357]        Mankin, A., Romanov, A., Bradner, S., and V. Paxson,
                    "IETF Criteria for Evaluating Reliable Multicast
                    Transport and Application Protocols", RFC 2357,
                    June 1998.

   [RFC2974]        Handley, M., Perkins, C., and E. Whelan, "Session
                    Announcement Protocol", RFC 2974, October 2000.

   [RFC3048]        Whetten, B., Vicisano, L., Kermode, R., Handley, M.,
                    Floyd, S., and M. Luby, "Reliable Multicast
                    Transport Building Blocks for One-to-Many Bulk-Data
                    Transfer", RFC 3048, January 2001.

   [RFC3269]        Kermode, R. and L. Vicisano, "Author Guidelines for
                    Reliable Multicast Transport (RMT) Building Blocks
                    and Protocol Instantiation documents", RFC 3269,
                    April 2002.

   [RFC3453]        Luby, M., Vicisano, L., Gemmell, J., Rizzo, L.,
                    Handley, M., and J. Crowcroft, "The Use of Forward
                    Error Correction (FEC) in Reliable Multicast",
                    RFC 3453, December 2002.

Top      Up      ToC       Page 93 
   [RFC3547]        Baugher, M., Weis, B., Hardjono, T., and H. Harney,
                    "The Group Domain of Interpretation", RFC 3547,
                    July 2003.

   [RFC3550]        Schulzrinne, H., Casner, S., Frederick, R., and V.
                    Jacobson, "RTP: A Transport Protocol for Real-Time
                    Applications", STD 64, RFC 3550, July 2003.

   [RFC3711]        Baugher, M., McGrew, D., Naslund, M., Carrara, E.,
                    and K. Norrman, "The Secure Real-time Transport
                    Protocol (SRTP)", RFC 3711, March 2004.

   [RFC3830]        Arkko, J., Carrara, E., Lindholm, F., Naslund, M.,
                    and K. Norrman, "MIKEY: Multimedia Internet KEYing",
                    RFC 3830, August 2004.

   [RFC3940]        Adamson, B., Bormann, C., Handley, M., and J.
                    Macker, "Negative-acknowledgment (NACK)-Oriented
                    Reliable Multicast (NORM) Protocol", RFC 3940,
                    November 2004.

   [RFC4535]        Harney, H., Meth, U., Colegrove, A., and G. Gross,
                    "GSAKMP: Group Secure Association Key Management
                    Protocol", RFC 4535, June 2006.

   [RFC4566]        Handley, M., Jacobson, V., and C. Perkins, "SDP:
                    Session Description Protocol", RFC 4566, July 2006.

   [RFC5445]        Watson, M., "Basic Forward Error Correction (FEC)
                    Schemes", RFC 5445, March 2009.

   [RmComparison]   Pingali, S., Towsley, D., and J. Kurose, "A
                    Comparison of Sender-Initiated and Receiver-
                    Initiated Reliable Multicast Protocols", Proc.
                    INFOCOMM, San Francisco CA, October 1993.

   [TcpModel]       Padhye,  J., Firoiu, V., Towsley, D., and J. Kurose,
                    "Modeling TCP Throughput: A Simple Model and its
                    Empirical Validation", ACM SIGCOMM, 1998.

   [TfmccPaper]     Widmer, J. and M. Handley, "Extending Equation-Based
                    Congestion Control to Multicast Applications",
                    ACM SIGCOMM, August 2001.

Top      Up      ToC       Page 94 
Authors' Addresses

   Brian Adamson
   Naval Research Laboratory
   Washington, DC  20375
   USA

   EMail: adamson@itd.nrl.navy.mil


   Carsten Bormann
   Universitaet Bremen TZI
   Postfach 330440
   D-28334 Bremen
   Germany

   EMail: cabo@tzi.org


   Mark Handley
   University College London
   Gower Street
   London  WC1E 6BT
   UK

   EMail: M.Handley@cs.ucl.ac.uk


   Joe Macker
   Naval Research Laboratory
   Washington, DC  20375
   USA

   EMail: macker@itd.nrl.navy.mil