RMT Working Group                                         Brian Whetten
Internet Engineering Task Force                              Consultant
Internet Draft                                            Dah Ming Chiu
Document: draft-ietf-rmt-bb-track-02.txt                Miriam Kadansky
November 2002                                          Sun Microsystems
Expires May 2003                                           Seok Joo Koh
                                                                   ETRI
                                                         Gursel Taskale
                                                                  TIBCO


         Reliable Multicast Transport Building Block for TRACK
                    <draft-ietf-rmt-bb-track-02.txt>


Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.
   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet- Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt
   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

Abstract

   This document describes the TRACK Building Block.  It contains
   functions relating to positive acknowledgments and hierarchical tree
   construction and maintenance.  It is primarily meant to be used as
   part of the TRACK Protocol Instantiation.  It is also designed to be
   useful as part of overlay multicast systems that wish to offer
   efficient confirmed delivery of multicast messages.

Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC-2119.

1. Introduction



Whetten                   Expires - May 2003                  [Page 1]


                         TRACK BUILDING BLOCK            November 2002



   One of the protocol instantiations the RMT WG is chartered to create
   is a TRee-based ACKnowledgement protocol (TRACK).  Rather than create
   a set of monolithic protocol specifications, the RMT WG has chosen to
   break the reliable multicast protocols into Building Blocks (BB) and
   Protocol Instantiations (PI).  A Building Block is a specification of
   the algorithms of a single component, with an abstract interface to
   other BBs and PIs.  A PI combines a set of BBs, adds in the
   additional required functionality not specified in any BB, and
   specifies the specific instantiation of the protocol. For more
   information, see the Reliable Multicast Transport Building Blocks and
   Reliable Multicast Design Space documents [2][3].

   As specified in [2], there are two primary reliability requirements
   for a transport protocol, ensuring goodput, and confirming delivery
   to the Sender.  The NORM and ALC PIs are responsible solely for
   ensuring goodput.  TRACK is designed to offer application level
   confirmed delivery, aggregation of control traffic and Receiver
   statistics, local recovery, automatic tree building, and enhanced
   flow and congestion control.

   Whereas the NORM and ALC PIs run only over other building blocks, the
   TRACK PI has a more difficult integration task.  To run in
   conjunction with NORM, it must either re-implement the functionality
   in the NORM PI, or integrate directly with the NORM PI.  In addition,
   in order to have reasonable commercial applicability, TRACK needs to
   be able to run over other protocols in addition to NORM.  To meet
   both of these challenges, the TRACK PI is designed to integrate with
   other transport layer protocols, including NORM, PGM [20], ALC [19],
   UDP, or an overlay multicast system.  In order to accomplish this,
   there can be multiple TRACK PIs, one for each transport protocol it
   is specified to integrate with.  The vast majority of the protocol
   functionality exists in this document, the TRACK BB, which in turn
   references the automatic tree building block [16].  For more details
   on the specific functionality of TRACK, please see the reference
   TRACK PI[21].

   TRACK is organized around a Data Channel and a Control Channel.  The
   Data Channel is responsible for multicast data from the Sender to all
   other nodes in a TRACK session.  In order to integrate with NORM and
   other goodput-ensuring transport protocols, these protocols are used
   as the Data Channel for a given Data Session.  This Data Channel MAY
   also provide congestion control.  Otherwise, congestion control MUST
   be provided by the TRACK PI, through using the TFMCC or other
   approved congestion control building block.

   This document describes the TRACK Building Block.  It contains
   functions relating to positive acknowledgments and hierarchical tree
   construction and maintenance.  While named as a building block, this


Whetten                   Expires - May 2003                  [Page 2]


                         TRACK BUILDING BLOCK            November 2002


   document describes more functionality than the PI documents.  With
   the exception of congestion control, almost all of the functionality
   is encapsulated in this document or the BBs it references.  The TRACK
   PIs are then primarily responsible for instantiating packet formats
   in conjunction with the other transport protocols it uses as its Data
   Channel.

   The TRACK BB assumes that there is an Automatic Tree Building BB [16]
   which provides the list of parents (known as Service Nodes within the
   Tree BB) each node should join to.  If Receivers are used that may
   also serve as Repair Heads, the TRACK BB assumes the Auto Tree BB is
   also responsible for selecting the role of each Receiver as either
   Receiver or Repair Head.  However, the TRACK BB may specify that a
   particular node may not operate as a Repair Head.

   The TRACK BB also assumes that a separate session advertisement
   protocol notifies the Receivers as to when to join a session, the
   data multicast address for the session, and the control parameters
   for the session.  This functionality MAY be provided in a TRACK PI
   document.

   The TRACK BB provides the following detailed functionality.

   ...    .Hierarchical Session Creation and Maintenance.  This set of
     functionality is responsible for creating and maintaining (but not
     configuring) a hierarchical tree of Repair Heads and Receivers.
        - Bind.  When a child knows the parent it wishes to join to for
          a given Data Session, it binds to that parent.
        - Unbind.  When a child wishes to leave a Data Session, either
          because the session is over or because the application is
          finished with the session, it initiates an unbind operation
          with its parent.
        - Eject.  A parent can also force a child to unbind.  This
          happens if the parent needs to leave the session, if the child
          is not behaving correctly, or if the parent wants to move the
          child to another parent as part of tree configuration
          maintenance.
        - Fault Detection.  In order to verify liveness, parents and
          children send regular heartbeat messages between themselves.
          The Sender also sends regular null data messages to the group,
          if it has no data to send.
        - Fault Recovery.  When a child detects that its parent is no
          longer reachable, it may switch to another parent.  When a
          parent detects that one of its children is no longer
          reachable, it removes that child from its membership list and
          reports this up the tree to the Sender of the Data Session.
        - Distributed Membership.  Each Parent is responsible for
          maintaining a local list of the children attached to it.



Whetten                   Expires - May 2003                  [Page 3]


                         TRACK BUILDING BLOCK            November 2002


   - Data Sessions.  This functionality is responsible for the reliable,
     ordered transmission of a set of data messages, which together
     constitute a Data Session.  These are initially transmitted using
     another transport protocol, the Data Channel Protocol, which has
     primary responsibility for ensuring goodput and congestion control.
        - Data Transmission.  The Sender takes sequenced data messages
          from the application, and passes them to the Data Channel
          Protocol for multicast transmission.  It delays passing them
          to the Data Channel Protocol if it is presently flow
          controlled.
        - Flow Control and Buffer Management.  Receivers and Repair
          Heads MAY maintain a set of buffers that are at least as large
          as the Senders transmission window.  The Receivers pass their
          reception status up to the Sender as part of their TRACK
          messages.  This MAY be used to advance the buffer windows at
          each node and limit the Senders window advancement to the
          speed of the slowest Receiver.
        - Retransmission Requests.  While primary responsibility for
          goodput rests with the Data Channel Protocol, Receivers MAY
          request retransmission of lost messages from their parents.
        - Local Recovery.  Repair heads keep track of retransmission
          requests from their children, and provide repairs to them.  If
          a Repair Head cannot fulfill a retransmission request, it
          forwards it up the tree.
        - End of Stream.  When a Data Session is completed, this is
          signaled as an End of Stream condition.

   ...TRACK Generation and Aggregation.  This set of functionality is
     responsible for periodically generating TRACK messages from all
     Receivers and aggregating them at Repair Heads.  These messages
     provide updated flow control window information, roundtrip time
     measurements, and congestion control statistics.  They OPTIONALLY
     acknowledge receipt of data, OPTIONALLY report missing messages,
     and OPTIONALLY provide group statistics.  The algorithms include:
        - TRACK Timing.  In order to avoid ACK implosion, the Receivers
          and Repair Heads use timing algorithms to control the speed at
          which TRACK messages are sent.
        - TRACK Aggregation. In order to provide the highest levels of
          scalability and reliability, interior tree nodes provide
          aggregation of control traffic flowing up the tree.  The
          aggregated feedback information includes that used for end-to-
          end confirmed delivery, flow control, congestion control, and
          group membership monitoring and management.
        - Statistics Request.  A Sender may prompt Receivers to generate
          and report a set of statistics back to the Sender.  These
          statistics are self-describing data types, and may be defined
          by either the TRACK PI or the application.




Whetten                   Expires - May 2003                  [Page 4]


                         TRACK BUILDING BLOCK            November 2002


        - Statistics Aggregation. In addition to the predefined
          aggregation types, aggregation of self-describing data may
          also be performed on Receiver statistics flowing up the tree.

   . Application Level Confirmed Delivery.  Senders can issue requests
     for application level confirmation of data up to a given message.
     Receivers reply to this request, and the confirmations are reliably
     forwarded up the tree.

   - Distributed RTT Calculations.  One of the primary challenges of
     congestion control is efficient RTT calculations.  TRACK provides
     two methods to perform these calculations.
        - Sender Per-Message RTT Calculations.  On demand, a Sender
          stamps outgoing messages with a timestamp.  As each TRACK is
          passed up the tree, the amount of dally time spent waiting at
          each node is accumulated.  The lowest measurements are passed
          up the tree, and the dally time is subtracted from the
          original measurement.
        - Local Per-Level RTT Calculations.  Each parent measures the
          local RTT to each of its children as part of the keep-alive
          messages used for failure detection.


2. Applicability Statement

   The primary objective of TRACK is to provide additional functionality
   in conjunction with a receiver reliable protocol.  These functions
   MAY include application layer reliability, enhanced congestion
   control, flow control, statistics reporting, local recovery, and
   automatic tree building.  It is designed to do this while still
   offering scalability in the range of 10,000s of Receivers per Data
   Session.  The primary corresponding design tradeoffs are additional
   complexity, and lower isolation of nodes in the face of network and
   host failures.

   There is a fundamental tradeoff between reliability and real-time
   performance in the face of failures.  There are two primary types of
   single layer reliability that have been proposed to deal with this:
   Sender reliable and Receiver reliable delivery.  Sender reliable
   delivery is similar to TCP, where the Sender knows the identity of
   the Receivers in a Data Session, and is notified when any of them
   fails to receive all the data messages.  Receiver reliable delivery
   limits knowledge of group membership and failures to only the actual
   Receivers.  Senders do not have any knowledge of the membership of a
   group, and do not require Receivers to explicitly join or leave a
   Data Session.  Receiver reliable protocols scale better in the face
   of networks that have frequent failures, and have very high isolation
   of failures between Receivers.  This TRACK BB provides Sender



Whetten                   Expires - May 2003                  [Page 5]


                         TRACK BUILDING BLOCK            November 2002


   reliable delivery, typically in conjunction with a Receiver reliable
   system.

   This BB is specified according to the guidelines in [21].  It
   specifies all communication between entities in terms of messages,
   rather than packets.  A message is an abstract communication unit,
   which may be part of, or all of, a given packet.  It does not have a
   specific format, although it does contain a list of fields, some of
   which may be optional, and some of which may have fixed lengths
   associated with them.  It is up to each protocol instantiation to
   combine the set of messages in this BB, with those in other
   components, and create the actual set of packet formats that will be
   used.

   As mentioned in the introduction, this BB assumes the existence of a
   separate Auto Tree Configuration BB.  It also assumes that Data
   Sessions are advertised to all Receivers as part of an external BB or
   other component.

   Except where noted, this applicability statement is applicable both
   to the TRACK BB and to the TRACK PIs.

2.1 Application Types

   TRACK is designed to support a wide range of applications that
   require one to many bulk data transfer and application layer
   confirmed delivery.  Examples of applications that fit into the one-
   to-many data dissemination model are: real time financial news and
   market data distribution, electronic software distribution, audio
   video streaming, distance learning, software updates and server
   replication.

   Historically, financial applications have had the most stringent
   reliability requirements, while audio video streaming have had the
   least stringent.  For applications that do not require this level of
   reliability, or that demand the lowest levels of latency and the
   highest levels of failure isolation, TRACK may be less applicable.

   TRACK is designed to work in conjunction with a receiver reliable
   protocol such as NORM, to allow applications to select this tradeoff
   on a dynamic basis.

2.2 Network Infrastructure

   TRACK is designed to work over almost all multicast and broadcast
   capable network infrastructures.  It is specifically designed to be
   able to support both asymmetrical and single source multicast
   environments.



Whetten                   Expires - May 2003                  [Page 6]


                         TRACK BUILDING BLOCK            November 2002


   Asymmetric networks with very low upbound bandwidth and a very low
   loss Data Channel may be better served solely through NACK based
   protocols, particularly if high reliability is not required.  A good
   example is some satellite networks.

   Networks that have very high loss rates, and regularly experience
   partial network partitions, router flapping, or other persistent
   faults, may be better served through NACK only protocols.  Some
   wireless networks fall in to this category.

2.3 Private and Public Networks

   TRACK is designed to work in private networks, controlled networks
   and in the public Internet.  A controlled network typically has a
   single administrative domain, has more homogenous network bandwidth,
   and is more easily managed and controlled.  These networks have the
   fewest barriers to IP multicast deployment and the most immediate
   need for reliable multicast services.  Deployment in the Internet
   requires a protocol to span multiple administrative domains, over
   vastly heterogeneous networks.

2.4 Manual vs. Automatic Controls

   Some networks can take advantage of manual or centralized tools for
   configuring and controlling the usage of a reliable multicast group.
   In the public Internet the tools have to span multiple administrative
   domains where policies may be inconsistent.  Hence, it is preferable
   to design tools that are fully distributed and automatic.  To address
   these requirements, TRACK provides automatic configuration, but can
   also support manual configuration options.

2.5 Heterogeneous Networks

   While the majority of controlled networks are symmetrical and support
   many-to-many multicast, in designing a protocol for the Internet, we
   must deal with virtually all major network types.  These include
   asymmetrical networks, satellite networks, networks where only a
   single node may send to a multicast group, and wireless networks.
   TRACK takes this into account by not requiring any many-to-many
   multicast services.  TRACK does not assume that the topology used for
   sending control messages has any congruence to the topology of the
   multicast address used for sending data messages.

2.6 Use of Network Infrastructure

   TRACK is designed to run in either single level or hierarchical
   configurations.  In a single level, there is no need for specialized
   network infrastructure.  In hierarchical configurations, special



Whetten                   Expires - May 2003                  [Page 7]


                         TRACK BUILDING BLOCK            November 2002


   nodes called Repair Heads are defined, which may run either as part
   of a distributed application, or as part of dedicated server
   software.  TRACK does not specifically support or require Generic
   Router Assist or other router level assist.


2.7 Deployment Constraints
   The two primary tradeoffs TRACK has, for the functionality it
   provides, are additional complexity, and decreased failure isolation.
   Hence, if target applications are to be deployed in networks with
   high rates of persistent failures, and isolation of failed Receivers
   from affecting other Receivers is of high importance, TRACK may not
   be appropriate.  Similarly, if simplicity is paramount, TRACK may not
   be appropriate.

2.8 Target Scalability

   The target scalability of TRACK is tens of thousands of simultaneous
   Receivers per Data Session.  Dedicated Repair Heads are targeted to
   be able to support thousands of simultaneous Data Sessions.

2.9 Known Failure Modes

   If a hierarchical Control Tree is misconfigured, so that loop-free,
   contiguous connection is not provided, failure will occur.  This
   failure is designed to occur gracefully, at the initialization of a
   Data Session.

   If the configuration parameters on control traffic are poorly chosen
   on an asymmetrical network, where there is much less control channel
   bandwidth available than data channel bandwidth, there may be a very
   high rate of control traffic.  This control traffic is not
   dynamically congestion controlled like the data traffic, and so could
   potentially cause congestion collapse.

   This potential control channel overload could be exacerbated by an
   application that makes overly heavy use of the application level
   confirmation or statistics gathering functions.

2.10 Potential Conflicts With Other Components

   None are known of at this time.


3. Architecture Definition

3.1 TRACK Entities

3.1.1 Node Types


Whetten                   Expires - May 2003                  [Page 8]


                         TRACK BUILDING BLOCK            November 2002



   TRACK divides the operation of the protocol into three major
   entities:  Sender, Receiver, and Repair Head.  The Repair Head
   corresponds to the Service Node described in the Tree Building draft.
   It is assumed that Senders and Receivers typically run as part of an
   application on an end host client. Repair Heads MAY be components in
   the network infrastructure, managed by different network managers as
   part of different administrative domains, or MAY run on an end host
   client, in which case they function as both Receivers and Repair
   Heads.  Absent of any automatic tree configuration, it is assumed
   that the Infrastructure Repair Heads have relatively static
   configurations, which consist of a list of nearby possible Repair
   Heads.  Senders and Receivers, on the other hand, are transient
   entities, which typically only exist for the duration of a single
   Data Session. In addition to these core components, applications that
   use TRACK are expected to interface with other services that reside
   in other network entities, such as multicast address allocation,
   session advertisement, network management consoles, DHCP, DNS,
   overlay networking, application level multicast, and multicast key
   management.

3.1.2 Multicast Group Address

   A Multicast Group Address is a logical address that is used to
   address a set of TRACK nodes.  It is RECOMMENDED to consist of a pair
   consisting of an IP multicast address and a UDP port number.  In this
   case, it may optionally have a Time To Live (TTL) value, although
   this value MUST only be used for providing a global scope to a Data
   Session, and not for scoping of local retransmissions. Data Multicast
   Addresses are Multicast Group Addresses.

   TRACK MAY be used with an overlay multicast or application layer
   multicast system.  In this case, a Multicast Group Address MAY have a
   different format.  The TRACK PI is responsible for specifying the
   format of a Multicast Group Address.

3.1.3 Data Session

   A Data Session is the unit of reliable delivery of TRACK.  It
   consists of a sequence of sequentially numbered Data messages, which
   are sent by a single Sender over a single Data Multicast Address.
   They are delivered reliably, with acknowledgements and
   retransmissions occurring over the Control Tree.  A Data Session ID
   uniquely identifies it.  A given Data Session is received by a set of
   zero or more Receivers, and a set of zero or more Repair Heads.  One
   or more Data Sessions MAY share the same Data Multicast Address
   (although this is NOT RECOMMENDED).  Each TRACK node can
   simultaneously participate in multiple Data Sessions.  A Receiver



Whetten                   Expires - May 2003                  [Page 9]


                         TRACK BUILDING BLOCK            November 2002


   MUST join all the Data Multicast Addresses and Control Trees
   corresponding to the Data Sessions it wishes to receive.

3.1.4 Data Channel

   A Data Session is multicast over a Data Channel.  The Data Channel is
   responsible for efficiently delivering the Data messages to the
   members of a Data Session, and providing statistical reliability
   guarantees on this delivery.  It does this by employing a Data
   Channel Protocol, such as NORM, ALC, PGM, or Overlay Multicast.
   TRACK is then responsible for providing application level, Sender
   based reliability, by confirming delivery to all Receivers, and
   optionally retransmitting lost messages that did not get correctly
   delivered by the Data Channel.  A common scenario would be to use
   TRACK to provide application level confirmation of delivery, and
   recover from persistent failures in the network that are beyond the
   scope of the Data Channel Protocol.

3.1.5 Data Channel Protocol

   This is the transport protocol used by a TRACK PI to ensure goodput
   and statistical reliability on a Data Channel.

3.1.6 Data Multicast Address

   This is the Multicast Group Address used by the Data Channel
   Protocol, to efficiently deliver Data messages to all Receivers and
   Repair Heads.  All Data Multicast Addresses used by TRACK are assumed
   to be unidirectional and only support a single Sender.

3.1.7 Control Tree

   A Control Tree is a hierarchical communication path used to send
   control information from a set of Receivers, through zero or more
   Repair Heads (RHs), to a Sender.  Information from lower nodes is
   aggregated as the information is relayed to higher nodes closer to
   the Sender.  Each Data Session uses a Control Tree.  It is acceptable
   to have a degenerate Control Tree with no Repair Heads, which
   connects all of the Receivers directly to the Sender.

   Each RH in the Control Tree uses a separate Local Control Channel for
   communicating with its children.  It is RECOMMENDED that each Local
   Control Channel correspond to a separate Multicast Group Address.
   Optionally, these RH multicast addresses MAY be the same as the Data
   Multicast Address.

3.1.8 Local Control Channel




Whetten                   Expires - May 2003                 [Page 10]


                         TRACK BUILDING BLOCK            November 2002


   A Local Control Channel is a unidirectional multicast path from a
   Repair Head or Sender to its children.  It uses a Multicast Group
   Address for this communication.

3.1.9 Host ID

   With the widespread deployment of network address translators,
   creating a short globally unique ID for a host is a challenge.  By
   default, TRACK uses a 48 bit long Host ID field, filled with the low-
   order 48 bits of the MD5 signature of the DNS name of the source.  A
   TRACK PI, to match up with the goodput-ensuring protocol that TRACK
   PI uses as its Data Channel Protocol, MAY redefine the length and
   contents of this identifier.

3.1.10 Data Session ID

   A Data Session ID is a globally unique identifier for a Data Session.
   It may either be selected by the Data Channel Protocol (i.e. NORM) or
   by TRACK.  By default, it is the combination of the Host ID for the
   Sender, combined with the 16 bit port number used for the Data
   Session at the Sender.  This identifier is included in every TRACK
   message.

3.1.11 Child ID

   All members in a TRACK Data Session, besides the Sender, are
   identified by the combination of their Host ID, and the port number
   with which they send IP packets to their parent.

3.1.12 Message Sequence Numbers

   A Message Sequence Number is a 32 bit number in the range from 1
   through 2^32 û 1, which is used to specify the sequential order of a
   Data message in a Data Stream.  A Sender node assigns consecutive
   Sequence Numbers to the Data messages provided by the Sender
   application.  By default, zero is reserved to indicate that the Data
   Session has not yet started.  A TRACK PI MAY redefine this.  Message
   Sequence Numbers may wrap around, and so Sequence Number arithmetic
   MUST be used to compare any two Sequence Numbers.

3.1.13 Data Queue

   A Data Queue is a buffer, maintained by a Sender or a Repair Head,
   for transmission and retransmission of the Data messages provided by
   the Sender application.  New Data messages are added to the Data
   Queue as they arrive from the sending application, up to a specified
   buffer limit.  The admission rate of messages to the network is
   controlled by the flow and congestion control algorithms.  Once a



Whetten                   Expires - May 2003                 [Page 11]


                         TRACK BUILDING BLOCK            November 2002


   message has been received by the Receivers of a Data Stream, it may
   be deleted from the buffer.

   At the Sender, A TRACK PI may integrate the Data Queue with the
   buffer used by the Data Channel Protocol.

3.2 Basic Operation of the Protocol

   For each Data Session, TRACK provides sequenced, reliable delivery of
   data from a single Sender to up to tens of thousands of Receivers.  A
   TRACK Data Session consists of a network that has exactly one Sender
   node, zero or more Receiver nodes and zero or more Repair Heads.

   The figure below illustrates a TRACK Data Session with multiple
   Repair Heads.

   Before a Data Session starts, a session advertisement MUST be
   received by all members of the Data Session, notifying them to join
   the group, and the appropriate configuration information for the Data
   Session.  This MAY be provided directly by the application, by an
   external service, or by the TRACK PI.

   A Sender joins the Control Tree and a Data Channel Protocol.  It
   multicasts Data messages on the Data Multicast Address, using the
   Data Channel Protocol.  All of the nodes in the session subscribe to
   the Data Multicast Address and join the Data Channel Protocol.

   There is no assumption of congruence between the topology of the Data
   Multicast Address and the topology of the Control Tree.

                          -------> SD (Sender node)----->|
                         ^^^                             |
                       /  |  \    Control                |
              TRACKs /    |    \    Tree                 |
                   /      |      \                       |
                 /        |        \     (Repair         |
               /          |          \    Head           |
             /            |            \  nodes)         v
           RH             RH            RH  <------------|
           ^^            ^^^            ^^               | Data
          / |           / | \           | \              | Channel
         /  |          /  |  \          |  \             |
        /   |         /   |   \         |   \            v
       R    R        R    R    R        R    R  <---------
                           (Receiver Nodes)

   A Receiver joins the appropriate Data Channel Protocol, and the Data
   Multicast Address used by that protocol, in order to receive Data.  A
   Receiver periodically informs its parent about the messages that it


Whetten                   Expires - May 2003                 [Page 12]


                         TRACK BUILDING BLOCK            November 2002


   has received by unicasting a TRACK message to the parent.  It MAY
   also request retransmission of lost messages in this TRACK.  Each
   parent node aggregates the TRACKs from its child nodes and (if it is
   not the Sender) unicasts a single aggregated TRACK to its parent.

   The Sender and each Repair Head have a multicast Local Control
   Channel to their children.  This is used for transmitting Heartbeat
   messages that inform their child nodes that the parent node is still
   functioning.  This channel is also used to perform local
   retransmission of lost Data messages to just these children.  TRACK
   MUST still provide correct operation even if multicast addresses are
   reused across multiple Data Sessions or multiple Local Control
   Channels.  It is NOT RECOMMENDED to use the same multicast address
   for multiple Local Control Channels serving any given Data Session.

   The communication path forms a loop from the Sender to the Receivers,
   through the Repair Heads back to the Sender.  Original data (ODATA),
   Retransmission (RDATA) and NullData messages regularly exercise the
   downward data direction.  Heartbeat messages exercise the downward
   control direction.  TRACK messages regularly exercise the Control
   Tree in the upward direction.  This combination constantly checks
   that all of the nodes in the tree are still functioning correctly,
   and initiates fault recovery when required.

   This hierarchical infrastructure allows TRACK to provide a number of
   functions in a scaleable way.  Application level confirmation of
   delivery and statistics aggregation both operate in a request-reply
   mode.  A sender issues a request for application level confirmation
   or statistics reporting, and the receivers report back the
   appropriate information in their TRACK messages.  This information is
   aggregated by the Repair Heads, and passed back up to the Sender.
   Since TRACK messages are not delivered with the reliability of data
   messages, Receivers and Repair Heads transmit this information
   redundantly.

   TRACK also gathers control information that is useful for improving
   the performance of flow and congestion control algorithms, including
   scaleable round trip time measurements.

   Normally, goodput in ensured by lower level protocols, such as the
   NACKs and FEC algorithms in NORM and PGM. However, TRACKs MAY also
   include optional retransmission requests, in the form of selective
   bitmaps indicating which messages need to be retransmitted.  The RH
   is then responsible for retransmitting these messages on the Local
   Control Channel to its children.

3.3 Component Relationships




Whetten                   Expires - May 2003                 [Page 13]


                         TRACK BUILDING BLOCK            November 2002


   TRACK is primarily designed to run in conjunction with another
   transport protocol that is responsible for ensuring goodput.  It is
   RECOMMENDED that this Data Channel Protocol also be responsible for
   congestion control, although the TRACK PI MAY provide this congestion
   control function instead, and MAY pass the congestion control
   statistics it collects to the Data Channel Protocol, in order to
   enhance the performance of the congestion control algorithms.

   The primary Data Channel Protocol that TRACK is designed to work with
   is NORM.  In this case, the NORM PI is responsible for interfacing
   with the NACK BB, the FEC BB, the Generic Router Assist BB, and the
   appropriate congestion control BB.

   TRACK then adds additional functionality that complements this
   receiver-reliable protocol, such as application level confirmed
   delivery, retransmission in the face of persistent failures,
   statistics aggregation, and collection of extra information for
   congestion control.

   The TRACK BB is responsible for specifying all of the TRACK-specific
   functionality.  It interfaces with the Automatic Tree Building Block.
   The TRACK PI is then responsible for instantiating a complete
   protocol that includes all of the other components.  It is expected
   that there will be multiple TRACK PIs, one for each Data Channel
   Protocol that it is specified to work with.

   The following figure illustrates this, for the case where NORM is the
   Data Channel Protocol.

                            +----------+
                            |          |
                            |  TRACK   |
                            |    PI    |
                            |          |
                            +----------+
                               /     \
                             /         \
                           /             \
                   +---------+         +---------+
                   |         |         |         |
                   |  TRACK  |         |  NORM   |  Data Channel
                   |   BB    |         |   PI    |  Protocol
                   |         |         |         |
                   +---------+         +---------+
                        |                    |
                        |                    |
                        |                    |
                   +---------+         +-----------------------+
                   |         |         |                       |


Whetten                   Expires - May 2003                 [Page 14]


                         TRACK BUILDING BLOCK            November 2002


                   |   Tree  |         |  FEC, CC, GRA, NACK   |
                   |    BB   |         |    Building Blocks    |
                   |         |         |                       |
                   +---------+         +-----------------------+

   For more details on integration, please see the example TRACK PI over
   UDP [17].


4. TRACK Functionality

4.1 Hierarchical Session Creation and Maintenance

4.1.1 Overview of Tree Configuration

   Before a Data Session starts reliably delivering data, the tree for
   the Data Session needs to be created.  This process binds each
   Receiver to either a Repair Head or the Sender, and binds the
   participating Repair Heads into a loop-free tree structure with the
   Sender as the root of the tree.  This process requires tree
   configuration knowledge, which can be provided with some combination
   of manual and/or automatic configuration.  The algorithms for
   automatic tree configuration are part of the Automatic Tree
   Configuration BB.  They return to each node the address of the parent
   it should bind to, as well as zero or more backup parents to use if
   the primary parent fails.

   In addition to receiving the tree configuration information, the
   Receivers all receive a Session Advertisement message from the
   Senders, informing them of the Data Multicast Address and other
   session configuration information.  This advertisement may contain
   other relevant session information such as whether or not Repair
   Heads should be used, whether manual or automatic tree configuration
   should be used, the time at which the session will start, and other
   protocol settings.  This advertisement is created as part of either
   the TRACK PI or as part of an external service.  In this way, the
   Sender enforces a set of uniform session configuration parameters on
   all members of the session.

   As described in the automatic tree configuration BB, the general
   algorithm for a given node in tree creation is as follows.
   1) Get advertisement that a session is starting
   2) Get a list of neighbor candidates using the getSNs Tree BB
      interface, and OPTIONALLY contact them
   3) Select best neighbor as parent in a loop free manner
   4) Bind to parent
   5) Optionally, later rebind to another parent




Whetten                   Expires - May 2003                 [Page 15]


                         TRACK BUILDING BLOCK            November 2002


   When a child finishes step 4, it is up to automatic tree
   configuration to, if necessary, continue building the tree in order
   to connect the node back to the Sender.  After the session is
   created, children can unbind from their parents and bind again to new
   parents.  This happens when faults occur, or as part of a tree
   optimization process.  Steps 1 through 3 are external to the TRACK
   BB.  Step 4 is performed as part of session creation.  Step 5 is
   performed as part of session maintenance in conjunction with
   automatic tree building, as either an Unbind or Eject, combined with
   another Bind operation.

   Once steps 1 through 3 are completed, Receivers join the Data
   Multicast Address, and attempt to Bind to either the Sender or a
   local Repair Head.  A Receiver will attempt to bind to the first node
   in the tree configuration list returned by step 3, and if this fails,
   it will move to the next one.  A Receiver only binds to a single
   Repair Head or Sender, at a time, for each Data Session.

   The automatic tree building BB ensures that the tree is formed
   without loops.  As part of this, when a Repair Head has a Receiver
   attempt to bBnd to it for a given Data Session, it may not at first
   be able to accept the connection, until it is able to join the tree
   itself.  Because of this, a Receiver will sometimes have to
   repeatedly attempt to Bind to a given parent before succeeding.

   Once the Sender initiates tree building, it is also free to start
   sending Data messages on the Data Multicast Address.  Repair Heads
   and Receivers may start receiving these messages, but may not request
   retransmission or deliver data to the application until they receive
   confirmation that they have successfully bound to the tree.

4.1.2 Bind

4.1.2.1 Input Parameters

   In order to join a Data Session and Bind to the tree, the following
   nodes need the following parameters.

   A Repair Head requires the following parameters.

   - Session:  the unique identifier for the Data Session to join,
   received from the session advertisement algorithm specified in the
   PI.

   - ParentAddress:  the address and port of the parent node to which
   the node should connect, received from the Auto Tree BB.





Whetten                   Expires - May 2003                 [Page 16]


                         TRACK BUILDING BLOCK            November 2002


   - UDPListenPort:  the number of the port on which the node will
   listen for its childrens control messages.  This parameter is
   configured by the application.

   - RepairAddr:  the multicast address, UDP port, and TTL on which this
   node sends control messages to its children.  This parameter is
   configured by the application.

   A Sender requires the above parameters, except for the ParentAddress.
   A Receiver requires the above parameters, except for the
   UDPListenPort and RepairAddr.

4.1.2.2 Bind Algorithm

   A Bind operation happens when a child wishes to join a parent in the
   distribution tree for a given Data Session.  The Receivers initiate
   the first Bind protocols to their parents, which then cause recursive
   binding by each parent, up to the Sender.  Each Receiver sends a
   separate BindRequest message for each of the streams that it would
   like to join.  At the discretion of the PI, multiple BindRequest
   messages may be bundled together in a single message.

   A node sends a BindRequest message to its automatically selected or
   manually configured parent node.  The parent node sends either a
   BindConfirm message or a BindReject message.  Reception of a
   BindConfirm message terminates the algorithm successfully, while
   receipt of a BindReject message causes the node to either retry the
   same parent or restart the Bind algorithm with its next parent
   candidate (depending on the BindReject reason code), or if it has
   none, to declare a REJECTED_BY_PARENT error.  Once the node is
   accepted by a Repair head, it informs the Tree BB using the setSN
   interface.

   Reliability is achieved through the use of a standard request-
   response protocol.  At the beginning of the algorithm, the child
   initializes TimeMaxBindResponse to the constant
   TIMEOUT_PARENT_RESPONSE and initializes NumBindResponseFailures to 0.
   Every time it sends a BindRequest message, it waits
   TimeMaxBindResponse for a response from the parent node.  If no
   response is received, the node doubles its value for
   TimeMaxBindResponse, but limits TimeMaxBindResponse to be no larger
   than MAX_TIMEOUT_PARENT_RESPONSE.  It also
   increments NumBindResponseFailures, and retransmits the BindRequest
   message.  If NumBindResponseFailures reaches NUM_MAX_PARENT_ATTEMPTS,
   it reports a PARENT_UNREACHABLE error.

   When a parent receives a BindRequest message, it first consults the
   automatic tree building BB for approval (using the acceptChild Tree
   BB interface), for instance to ensure that accepting the BindRequest


Whetten                   Expires - May 2003                 [Page 17]


                         TRACK BUILDING BLOCK            November 2002


   will not cause a loop in the tree. Then the parent checks to be sure
   that it does not have more than MaxChildren children already bound to
   it for this session.  If it can accept the child, it sends back a
   BindConfirm message.  Otherwise, it sends the node a BindReject
   message. Then the parent checks to see if it is already a member of
   this Data Session.  If it is not yet a member of this session, it
   attempts to join the tree itself.

   The BindConfirm message contains the lowest Sequence Number that the
   Repair Head has available.  If this number is 0, then the Repair Head
   has all of the data available from the start of the session.
   Otherwise, the requesting node is attempting a late join, and can
   only use this Repair Head if late join was allowed by the PI.  If
   late join is not allowed, the node may try another Repair Head, or
   give up.

   Similarly, if a failure recovery occurs, when a node tries to bind to
   a new Repair Head, it must follow the same rules as for a late join.
   See Fault Recovery, below.

4.1.3 Unbind

   A child may decide to leave a Data Session for the following reasons.
   1) It detects that the Data Session is finished.  2) The application
   requests to leave the Data Session.  3) It is not able to keep up
   with the data rate of the Data Session.  When any of these conditions
   occurs, it initiates an Unbind process.

   An Unbind is, like the Bind function, a simple request-reply
   protocol.  Unlike the Bind function, it only has a single response,
   UnbindConfirm.   With this exception, the Unbind operation uses the
   same state variables and reliability algorithms as the Bind function.

   When a child receives an UnbindConfirm message from its parent, it
   reports a LEFT_DATA_SESSION_GRACEFULLY event.  If it does not receive
   this message after NUM_MAX_PARENT_ATTEMPTS, then it reports a
   LEFT_DATA_SESSION_ABNORMALLY event.  Unbinds are reported to the Tree
   BB using the lostSN interface.

4.1.4 Eject

   A parent may decide to remove one or more of its children from a data
   stream for the following reasons.  1) The parent needs to leave the
   group due to application reasons.  2) The Repair Head detects an
   unrecoverable failure with either its parent or the Sender.  3) The
   parent detects that the child is not able to keep up with the speed
   of the data stream.  4) The parent is not able to handle the load of
   its children and needs some of them to move to another parent.  In
   the first two cases, the parent needs to multicast the advertisement


Whetten                   Expires - May 2003                 [Page 18]


                         TRACK BUILDING BLOCK            November 2002


   of the termination of one or more Data Sessions to all of its
   children.  In the second two cases, it needs to send one or more
   unicast notifications to one or more of its children.

   Consequently, an Eject can be done either with a repeated multicast
   advertisement message to all children, or a set of unicast request-
   reply messages to the subset of children that it needs to go to.

   For the multicast version of Eject, the parent sends a multicast
   UnbindRequest message to all of its children for a given Data
   Session, on its Local Multicast Channel.  It is only necessary to
   provide statistical reliability on this message, since children will
   detect the parents failure even if the message is not received.
   Therefore, the UnbindRequest message is sent
   FAILURE_DETECTION_REDUNDANCY times.

   For the unicast version of Eject, the parent sends a unicast
   UnbindRequest message to all of its children.  Each of them responds
   with an EjectConfirm.  Reliability is ensured through the same
   request-reply mechanism as the Bind operation.

   Ejections are reported to the Tree BB using the removeChild
   interface.

4.1.5 Fault Detection

   There are three cases where fault detection is needed.  1) Detection
   (by a child) that a parent has failed.  2) Detection (by a parent)
   that a child has failed.  3) Detection (by either a Repair Head or
   Receiver) that a Sender has failed.

   In order to be scaleable and efficient, fault detection is primarily
   accomplished by periodic keep-alive messages, combined with the
   existing TRACK messages.  Nodes expect to see keep-alive messages
   every set period of time.  If more than a fixed number of periods go
   by, and no keep-alive messages of a given type are received, the node
   declares a preliminary failure.  The detecting node may then ping the
   potentially failed node before declaring it failed, or it can just
   declare it failed.

   Failures are detected through three keep-alive messages:  Heartbeat,
   TRACK, and NullData.  The Heartbeat message is multicast periodically
   from a parent to its children on its Local Control Channel.  NullData
   messages are multicast by a Sender on the Data Control Channel when
   it has no data to send.  TRACK messages are generated periodically,
   even if no data is being sent to a Data Session, as described in
   section 7.2.




Whetten                   Expires - May 2003                 [Page 19]


                         TRACK BUILDING BLOCK            November 2002


   Heartbeat messages are multicast every HeartbeatPeriod seconds, from
   a parent to its children.  Every time that a parent sends a
   Retransmission message or a Heartbeat message (as well as at
   initialization time), it resets a timer for HeartbeatPeriod seconds.
   If the timer goes off, a Heartbeat is sent.  The HeatbeatPeriod is
   dynamically computed as follows:

           interval = AckWindow / MessageRate

           HeartbeatPeriod = 2 * interval

   Global configuration parameters ConstantHeartbeatPeriod and
   MinimumHeartbeatPeriod can be used to either set HeartbeatPeriod to a
   constant, or give HeartbeatPeriod a lower bound, globally.

   Similarly, a NullData message is multicast by the Sender to all Data
   Session members, every NULL_DATA_PERIOD.  The NullData timer is set
   to NULL_DATA_PERIOD, and is reset every time that a Data or NullData
   message is sent by the Sender.

   The key parameter for failure detection is the global tree parameter
   FAILURE_DETECTION_REDUNDANCY.  The higher the value for this
   parameter, the more keep-alive messages that must be missed before a
   failure is declared.

   A major goal of failure detection is for children to detect parent
   failures fast enough that there is a high probability they can rejoin
   the stream at another parent, before flow control has advanced the
   buffer window to a point where the child can not recover all lost
   messages in the stream.  In order to attempt to do this, children
   detect a failure of a parent if FAILURE_DETECTION_REDUNDANCY *
   HeartbeatPeriod time goes by without any heartbeats.  As part of
   buffer window advancement, all parents MAY choose to buffer all
   messages for a minimum of FAILURE_DETECTION_REDUNDANCY * 2 *
   HeartbeatPeriod seconds, which gives children a period of time to
   find a new parent before the buffers are freed.  Children report
   parent failures to the Tree BB using the lostSN interface.

   A parent detects a preliminary failure of one of its children if it
   does not receive any TRACK messages from that child in
   FAILURE_DETECTION_REDUNDANCY * TrackTimeout seconds (see discussion
   of how TrackTimeout is computed below).  Because a failed child can
   slow down the groups progress, it is very important that a parent
   resolve the childs status quickly.  Once a parent declares a
   preliminary failure of a child, it issues a set of up to
   FAILURE_DETECTION_REDUNDANCY Heartbeat messages that are unicast (or
   multicast) to the failed Receiver(s).  These messages are spaced
   apart by 2*LocalRTT, where LocalRTT is the round trip time that has
   been measured to the child in question (see below for description of


Whetten                   Expires - May 2003                 [Page 20]


                         TRACK BUILDING BLOCK            November 2002


   how LocalRTT is measured).  These Heartbeat messages contain a
   ChildrenList field that contains the children who are requested to
   send a TRACK immediately.

   Whenever a child receives a Heartbeat message where the child is
   identified in the ChildrenList field, it immediately sends a TRACK to
   its parent.  If a parent does not receive a TRACK message from a
   child after waiting a period of 2*LocalRTT after the last Heartbeat
   message to that child, it declares the child failed, and removes it
   from the parents child membership list.  It informs the Tree BB using
   the removeChild interface.

   A child or a Repair Head detects the failure of a Sender if it does
   not receive a Data or NullData message from a Sender in
   FAILURE_DETECTION_REDUNDANCY * NULL_DATA_PERIOD.

   Note that the more Receivers there are in a tree, and the higher the
   loss rate, the larger FAILURE_DETECTION_REDUNDANCY must be, in order
   to give the same probability that erroneous failures wont be
   declared.

4.1.6 Fault Notification

   When a parent detects the failure of a child, it adds a failure
   notification field to the next TRANSMISSION_REDUNDANCY TRACK messages
   that it sends up the tree.  It sends this notification multiple times
   because TRACKs are not delivered reliably.  A failure notification
   field includes the failure code, as well as a list of one or more
   failed nodes.  Failure notifications are aggregated up the tree and
   delivered to the Sender.  A failure notification is not a definitive
   report of a node failure, as the child may have detected a
   communication failure with its parent and moved to a different Repair
   Head.

4.1.7 Fault Recovery

   The Fault Recovery algorithms require a list of one or more addresses
   of alternate parents that can be bound to, and that still provide
   loop free operation.

   If a child detects the failure of its parent, it then re-runs the
   Bind operation to a new parent candidate, in order to rejoin the
   tree.  A node may perform a late join, i.e. binding with a Repair
   Head which cannot provide all the necessary repair data, only if
   allowed by the PI.

4.1.8 Distributed Membership.




Whetten                   Expires - May 2003                 [Page 21]


                         TRACK BUILDING BLOCK            November 2002


   Each Repair Head is responsible for maintaining a set of state
   variables on the status of its children.  Unlike the Generic Router
   Assist, this is hard state, that only is removed when a child leaves
   that Repair Head gracefully, or after the Repair Head detects that a
   child has failed.  These variables MUST include, but are not
   necessarily limited to, the following:
   - ChildID.  This is the two byte identifier assigned to the Child by
     the Repair Head.  This uniquely identifies this Child to this
     Repair Head, but has no meaning outside that scope.
   - GlobalChildIdentifier.  This is the globally unique identifier for
     this Child.
   - ChildRTT.  This is the weighted average of the local RTT to this
     Child.
   - LastTRACK.  This is the contents of the last TRACK message sent
     from this Child, if any, not including options.
   - LastApplicationLevelConfirmation.  This is the contents of the last
     Application Level Confirmation sent from this Child, if any.
   - Last Statistics.  This is the contents of the last Statistics
     message sent from this Child, if any.
   - ChildLiveness.  This is a set of variables that keep track of the
     liveness of each child.  This includes the last time a TRACK
     message was received from this child, as well as the number of
     Heartbeat messages that have been directed at it, and the time at
     which the last Heartbeat message was sent to the child.  Please see
     Fault Detection, above, for more details.

4.2 Data Sessions.

4.2.1 Data Transmission and Retransmission

   Data is multicast by a Sender on the Data Multicast Address via the
   Data Channel Protocol.  The Data Channel Protocol is responsible for
   taking care of as many retransmissions as possible, and for ensuring
   the goodput of the Data Session.  TRACK is then responsible for
   providing OPTIONAL flow control and application level reliability.
   The mechanics of an application level confirmation of delivery are
   handled by TRACK, including keeping track of the distributed
   membership list of receivers and aggregating acknowledgements up the
   Control Tree.  Please see below for more details on flow control and
   application level confirmation.

   A common scenario for handling recovery of lost messages is to allow
   the Data Channel Protocol to provide statistical reliability, and
   then allow TRACK to provide retransmissions for more persistent
   failure cases, such as if a Receiver is not able to receive any Data
   messages for a few minutes.





Whetten                   Expires - May 2003                 [Page 22]


                         TRACK BUILDING BLOCK            November 2002


   Retransmissions of data messages may be multicast by the Sender on
   the Data Multicast Address or be multicast on a Local Control Channel
   by a Repair Head.

   A Repair Head joins all of the Data Multicast Addresses that any of
   its descendants have joined.  A Repair Head is responsible for
   receiving and buffering all data messages using the reliability
   semantics configured for a stream.  As a simple to implement option,
   a Repair Head MAY also function as a Receiver, and pass these data
   messages to an attached application.

   For additional fault tolerance, a Receiver MAY subscribe to the
   multicast address associated with the Local Control Channel of one or
   more Repair Heads in addition to the multicast address of its parent.
   In this case it does not bind to this Repair Head or Sender, but will
   process Retransmission messages sent to this address.  If the
   Receivers Repair Head fails and it transfers to another Repair Head,
   this minimizes the number of data messages it needs to recover after
   binding to the new Repair Head.

4.2.2 Local Retransmission

   If a Repair Head or Sender determines from its child nodes TRACK
   messages that a Data message was missed, the Repair Head retransmits
   the Data message.  The Repair Head or Sender multicasts the
   Retransmission message on its multicast Local Control Channel.  In
   the event that a Repair Head receives a retransmission and knows that
   its children need this repair, it re-multicasts the retransmission to
   its children.

   The scope of retransmission (the multicast TTL) is considered part of
   the Control Channels multicast address, and is derived during tree
   configuration.

   A Repair Head maintains the following state for each of its children,
   for the purpose of providing repair service to the local group:

   - HighestConsecutivelyReceived.  A Sequence Number indicating all
     Data messages up to this number (inclusive) that have been received
     by a given child.

   - MissingMessages.  A data structure to keep track of the reception
     status of the Data messages with Sequence Number higher than
     HighestConsecutivelyReceived.

   The minimum HighestConsecutivelyReceived value of all its children is
   kept as the variable LocalStable.




Whetten                   Expires - May 2003                 [Page 23]


                         TRACK BUILDING BLOCK            November 2002


   A Repair Head also maintains a retransmission buffer. The size of the
   retransmission buffer MUST be greater than the maximum value of a
   Senders transmission window.  The retransmission buffer MUST keep all
   the Data messages received by the Repair Head with Sequence Number
   higher than LocalStable, optionally some messages with Sequence
   Number lower than LocalStable if there is room (beyond the maximum
   value of Senders transmission window).  The latter messages are kept
   in the retransmission buffer in case a Receiver from another group
   losses its parent and needs to join this group.

   As TRACK messages are received, the Repair Head updates the above
   state variables.

   To perform local repair, a Repair Head implements a retransmission
   queue with memory.  Each lost message is entered into the
   retransmission queue in increasing order according to its Sequence
   Number. If the same Data message has already been retransmitted
   recently (recognized due to the queues memory) it is delayed by the
   local group RTT (see roundtrip time measurement) before
   retransmission.

   Retransmissions MAY NOT be sent at a faster rate than the current
   TransmissionRate advertised by the Sender.

4.2.3 Flow and Rate Control

   TRACK offers the ability to limit the rate of Data traffic, through
   both flow control and rate limits.

   When a Receiver sends a TRACK to its parent, the HighestAllowed field
   provides information on the status of the Receivers flow control
   window.  The value of HighestAllowed is computed as follows:

           HighestAllowed = seqnum + ReceiverWindow

   Where seqnum is the highest Sequence Number of consecutively received
   data messages at the Receiver.  The size of the ReceiverWindow may
   either be based on a parameter local to the Receiver or be a global
   parameter.

   If flow control is enabled for a given Data Session, then a Sender
   MUST NOT send any Data messages to the Data Channel Protocol that are
   higher than the current value for HighestAllowed that it has. On
   startup, HighestAllowed is initialized to ReceiverWindow.

   In addition, the Sender application MAY provide minimum and maximum
   rate limits.  Unless overridden by the Data Channel Protocol, a
   Sender will not offer Data messages to the Data Channel Protocol at
   lower than MinimumDataRate (except possibly during short periods of


Whetten                   Expires - May 2003                 [Page 24]


                         TRACK BUILDING BLOCK            November 2002


   time when certain slow Receivers are being ejected), or higher than
   MaximumDataRate.  If a Receiver is not able to keep up with the
   minimum rate for a period of time, it SHOULD leave the group
   promptly. Receivers that leave the group MAY attempt to rejoin the
   group at a later time, but SHOULD NOT attempt an immediate
   reconnection.

4.2.4 Reliability Window

   The Sender and each Repair Head maintain a window of messages for
   possible retransmission.  As messages are acknowledged by all of its
   children, they are released from the parents retransmission buffer,
   as described in 4.2.2. In addition, there are two global parameters
   that can affect when a parent releases a data message from the
   retransmission buffer -- MinHoldTime, and MaxHoldTime.

   MinHoldTime specifies a minimum length of time a message must be held
   for retransmission from when it was received. This parameter is
   useful to handle scenarios where one or more children have been
   disconnected from their parent, and have to reconnect to another.
   If, for example, MinHoldTime is set to FAILURE_DETECTION_REDUNDANCY *
   2 * ConstantHeartbeatPeriod, then there is a high likelihood that any
   child will be able to recover any lost messages after reconnecting to
   another parent.

   The Sender continually advertises to the members of the Data Session
   both edges of its retransmission window.  The higher value is the
   SeqNum field in each Data or NullData message, which specifies the
   highest Sequence Number of any data message sent.  The trailing edge
   of the window is advertised in the HighestReleased field.  This
   specifies the largest Sequence Number of any message sent that has
   subsequently been released from the Senders retransmission window.
   If both values are the same then the window is presently empty.  Zero
   is not a legitimate value for a data Sequence Number, so if either
   field has a value of zero, then no messages have yet reached that
   state.  All Sequence Number fields use Sequence Number arithmetic so
   that a Data Session can continue after exhausting the Sequence Number
   space.

   When a member of a Data Session receives an advertisement of a new
   HighestReleased value, it stores this, and is no longer allowed to
   ask for retransmission for any messages up to and including the
   HighestReleased value.  If it has any outstanding missing messages
   that are less than or equal to HighestReleased, it MAY move forward
   and continue delivering the next data messages in the stream.  It
   also SHOULD report an error for the messages that are no longer
   recoverable.




Whetten                   Expires - May 2003                 [Page 25]


                         TRACK BUILDING BLOCK            November 2002


   MaxHoldTime specifies the maximum length of time a message may be
   held for retransmission.  This parameter is set at the Sender which
   uses it to set the HighestReleased field in data message headers.
   This is particularly useful for real-time, semi-reliable streams such
   as live video, where retransmissions are only useful for up to a few
   seconds.  When combined with Unordered delivery semantics, and
   application-level jitter control at the Receivers, this provides Time
   Bounded Reliability.  MaxHoldTime MUST always be larger than
   MinHoldTime.

4.2.5 Ordering Semantics

   TRACK offers two flavors of ordering semantics: Ordered or Unordered.
   One of these is selected on a per session basis as part of the
   Session Configuration Parameters.

   Unordered service provides a reliable stream of messages, without
   duplicates, and delivers them to the application in the order
   received.  This allows the lowest latency delivery for time sensitive
   applications.  It may also be used by applications that wish to
   provide its own jitter control.

   Ordered service provides TCP semantics on delivery. All messages are
   delivered in the order sent, without duplicates.

4.2.6 Retransmission Requests.

   A Receiver detects that it has missed one or more Data messages by
   gaps in the sequence numbers of received messages.  Each Receiver
   keeps track of HighestSequenceNumber, the highest sequence number
   known of for a Data Session, as observed from Data, RData, and
   NullData messages.  Any sequence numbers between HighestReleased and
   HighestSequenceNumber that have not been received are assumed to be
   missing.

   When a Receiver detects missing messages it MAY send off a request
   for retransmission, if local retransmission is enabled.  It does this
   by sending a Retransmission Request message.  The timing of this
   request is described below.

4.2.7 End Of Stream.

   When an application signals that a Data Session is complete, the
   Sender advertises this to its children by setting the End of Session
   option on the last Data Message in the Data Session, as well as all
   subsequent retransmissions of that Data Message, and all subsequent
   Null Data messages.




Whetten                   Expires - May 2003                 [Page 26]


                         TRACK BUILDING BLOCK            November 2002


   The Sender SHOULD NOT leave the Data Session until it has a report
   from the TRACK reports that all group members have left the Data
   Session, or it has waited a period of at least
   FAILURE_DETECTION_REDUNDANCY * TrackTimeout seconds.

4.3 Control Traffic Generation and Aggregation.

   One of the largest challenges for scaleable reliable multicast
   protocols has been that of controlling the potential explosion of
   control traffic.  There is a fundamental tradeoff between the latency
   with which losses can be detected and repaired, and the amount of
   control traffic generated by the protocol.

   TRACK messages are the primary form of control traffic in this BB.
   They are sent from Receivers and Repair Heads to their parents.
   TRACK messages may be sent for the following purposes:
   - to request retransmission of messages
   - to advance the Senders transmission window for flow control
   purposes
   - to deliver application level confirmation of data reception
   - to propagate other relevant feedback information up through the
   session (such as RTT and loss reports, for congestion control)

4.3.1 TRACK Generation with the Rotating TRACK Algorithm

   Each Receiver sends a TRACK message to its parent once per AckWindow
   of data messages received.  A Receiver uses an offset from the
   boundary of each AckWindow to send its TRACK, in order to reduce
   burstiness of control traffic at the parents.  Each parent has a
   maximum number of children, MaxChildren.  When a child binds to the
   parent, the parent assigns a locally unique ChildID to that child,
   between 0 and MaxChildren-1.

   Each child in a tree generates a TRACK message at least once every
   AckWindow of data messages, when the most recent data messages
   Sequence Number, modulo AckWindow, is equal to MemberID.  If the
   message that would have triggered a given TRACK for a given node is
   missed, the node will generate the TRACK as soon as it learns that it
   has missed the message, typically through receipt of a higher
   numbered data message.

   Together, AckWindow and MaxChildren determine the maximum ratio of
   control messages to data messages seen by each parent, given a
   constant load of data messages.

   In each data message, the Sender advertises the current MessageRate
   (measured in messages per second) it is sending data at.  This rate
   is generated by the congestion control algorithms in use at the
   Sender.


Whetten                   Expires - May 2003                 [Page 27]


                         TRACK BUILDING BLOCK            November 2002



   At the time a node sends a regular TRACK, it also computes a
   TRACKTimeout value:

           interval = AckWindow / MessageRate

           TRACKTimeout = 2 * interval

   If no TRACKs are sent within TRACKTimeout interval, a TRACK is
   generated, and TRACKTimeout is increased by a factor of 2, up to a
   value of MAX_TRACK_TIMEOUT.

   This timer mechanism is used by a Receiver to ensure timely repair of
   lost messages and regular feedback propagation up the tree even when
   the Sender is not sending data continuously. This mechanism
   complements the AckWindow-based regular TRACK generation mechanism.

4.3.2 TRACK Aggregation.

   There are many reasons for providing feedback from all the Receivers
   to the Sender in an aggregated form.  The major ones are listed
   below:

   1) End-to-end delivery confirmation.  This confirmation tells the
   Sender that all the Receivers (in the entire tree) have received data
   messages up to a certain Sequence Number.  This is carried in an
   Application Level Confirmation message.

   2) Flow control.  The aggregated information is carried in the field
   HighestAllowed.  It tells the Sender the highest Sequence Number that
   all the Receivers (in the entire tree) are prepared to receive.

   3) Congestion control feedback.  Information about the state of the
   tree can be passed up to help control the congestion control
   algorithms for the group.

   4) Counting current membership in the group.  This information is
   carried in the field SubTreeCount.  This lets the Sender know the
   number of Receivers currently connected to the repair tree.

   5) Measuring the round-trip time from the Sender to the "worst"
   Receiver.

   A Repair Head maintains state for each child.  Each time a TRACK
   (from a child) is received, the corresponding states for that child
   are updated based on the information in the TRACK message. When a
   Repair Head sends a TRACK message to its parent, the following fields
   of its TRACK message are derived from the aggregation of the



Whetten                   Expires - May 2003                 [Page 28]


                         TRACK BUILDING BLOCK            November 2002


   corresponding states for its children.  The following rules describe
   how the aggregation is performed:

   - WorstLossRate.  Take the maximum value of the WorstLossRate from
     all Children.
   - SubTreeCount.  Take the sum of the SubTreeCount from all Children.
   - HighestAllowed.  Take the minimum of the HighestAllowed value from
     all children.
   - WorstEdgeThroughput.  Take the minimum value of the
     WorstEdgeThroughput field from all Children.
   - UnicastCost.  Take the sum of the UnicastCost from all Children.
   - MulticastCost.  Take the sum of the MulticastCost from all
     Children.
   - SenderDallyTime: take the minimum value, for all of the children,
     of (childs reported SenderDallyTime + childs local dally time).
   - FailureCount: take the sum of the FailureCount for all Children.
   - FailureList: concatenate the FailureList fields for all Children,
     up to a maximum list size of MaxFailureListSize.

   Note, the SenderTimeStamp, ParentTimestamp, and ParentDallyTime
   fields are not aggregated.  The Sender will derive the roundtrip time
   to the worst Receiver by doing its local aggregation for
   SenderDallyTime and then compute:
         RTT = currentTime û SenderTimeStamp û SenderDallyTime.

   Application level confirmations (ALCs) are handled as follows.  For a
   set of ALC requests from receivers, the ones with the highest value
   for HighConfirmationSequenceNumber are considered, and all others are
   discarded.

   For the ConfirmationStatus field, the following rules apply.  Note
   that ConfirmationStatus of SomeReceiversAcknowledge can correspond to
   a ConfirmationCount of zero.
        If all children report AllReceiversAcknowledge Then
                ConfirmationStatus = AllReceiversAcknowlege
        Else If at least one child reports (ListOfFailures OR
          FailuresExceedMaximumListSize) Then
                If the count of all reported failures >
                  MaximumFailureListSize Then
                     ConfimationStatus = FailuresExceedMaximumListSize
                Else
                     ConfirmationStatus = ListOfFailures
        Else
                ConfirmationStatus = SomeReceiversAcknowledge

   The ConfirmationCount field is equal to the sum of the
   ConfimationCount for the aggregated ALC reports of all Children.  The
   PendingCount field is equal to the sum of the PendingCount fields of
   all Children.  The FailureList field is the concatenation of the


Whetten                   Expires - May 2003                 [Page 29]


                         TRACK BUILDING BLOCK            November 2002


   FailureList fields of all aggregated ALC reports of all children, up
   to a maximum length of MaximumFailureListSize.

   In addition to these fields with fixed aggregation rules, TRACK
   supports a set of user defined aggregation statistics.  These
   statistics are self describing in terms of their data type and
   aggregation method.  Statistics reports are numbered, and only the
   most recent statistics report request is aggregated to the Sender.
   Statistics are aggregated over the set of Child statistics reports
   that have been received with that number.  Aggregation methods
   include minimum, maximum, sum, product, and concatenation.

4.3.3 Statistics Reporting.

   A Sender can request a list of aggregated statistics from all
   Receivers in the group.  There are a set of predefined statistics,
   such as loss rate and average throughput.  There is also the capacity
   to request a set of other TRACK statistics, as well as application
   defined statistics.

   The format of each statistic is self-describing, both in terms of
   data type, size, and aggregation method.  A Sender reliably sends out
   a statistics request by attaching it as an option to a Data message.
   When a Receiver gets a request for a statistic, it fills in the data
   fields, and forwards it up the tree in the next TRACK message.  Since
   TRACKs are not reliable, multiple copies are sent in a total of
   NumReplies consecutive TRACK messages from each Receiver.  Each
   statistics report is aggregated according to the method described in
   the statistic, and the result is delivered to the Sender.

   Most aggregation options have fixed length no matter how many
   Receivers there are.  The one exception is concatenation, which
   creates a list of values from some or all Receivers, up to a length
   of MaximumStatisticsListSize entries.  It is NOT RECOMMENDED to use
   this to create group-wide lists, unless the groups size is carefully
   controlled.

4.4 Application Level Confirmed Delivery.

   Flow control and the reliability window are concerned with goodput,
   of delivering data with a high probability that it is delivered at
   all Receivers.  However, neither mechanism provides explicit
   confirmation to the Sender as to the list of recipients for each
   message.  Application level confirmed delivery allows applications to
   determine the set of applications that have received a set of data
   messages.

   There are three primary factors that determine the reliability
   semantics of a message: the senders knowledge of the Receiver list,


Whetten                   Expires - May 2003                 [Page 30]


                         TRACK BUILDING BLOCK            November 2002


   the application level actions that must be performed in order to
   consider a message delivered, and the response to persistent failure
   conditions at Receivers.  For example, an extremely strong
   distributed guarantee would consist of the following.  First, the
   full Receiver membership list is known at the Sender, and verified to
   make sure no Receivers have left the group.  Second, the application
   at each Receiver must write the Data to persistent store before it
   can be acknowledged.  Third, Receivers are given a very long period
   of time - say one hour û to recover all lost Data messages, before
   they are ejected from the Data Session.  In the meantime,
   transmission of Data messages is flow controlled by the slowest
   receivers.

   A weaker form of reliability would include the following.  First,
   that the Sender gets a count of Receivers, and otherwise depends on
   the distributed group membership algorithms to maintain the
   membership list. Second, that Data messages are considered reliably
   delivered as soon as the application receives the Data from TRACK.
   Third, that Retransmissions are limited to only 30 seconds, and
   Receivers must choose to leave the Data Session or continue with
   missing Data messages, if a failure takes longer than this period to
   recover from.

   TRACK provides the functionality to easily implement a wide range of
   application level confirmation semantics, based on how these three
   items are configured.  It is the applications responsibility to then
   select the configurations it desires for a given Data Session.

4.4.1 Application Level Confirmation Mechanisms

   The primary mechanism for application level confirmation (ALC) of
   delivery is the ALC report.  To check for ALC of delivery, a Sender
   issues a Application Level Confirmation Request, by attaching this
   message as an option to a Data message, and reliably transmitting it
   to all Receivers.  Each ALC Request includes a specified level of
   reliability, a reply redundancy factor, and the range of Data message
   sequence numbers that the ALC Confirmation covers.

   When a Receiver gets an ALC Request, it checks to see if the
   application has delivered the specified range of Data Messages,
   including both the Low Confirmation Sequence Number and the High
   Confirmation Sequence Number.  When it sends the next TRACK out, it
   sets the ConfirmationStatus field to either SomeReceiversAcknowledge
   if it is still pending confirmation, AllReceiversAcknowledge if it
   has application level confirmation, ListOfFailures if it has a
   failure and MaximumFailureListSize > 0, or
   FailuresExceedsMaximumListSize otherwise.  It also sets the
   ConfirmCount to 1 if it has a confirmation, and PendingCount to 1 if



Whetten                   Expires - May 2003                 [Page 31]


                         TRACK BUILDING BLOCK            November 2002


   it is still pending.  If the Immediate ACK bit is set in the ALC
   Request, the Receiver generates an ACK immediately.

   One example of how an application can implicitly signal confirmation
   of delivery is through the freeing of buffers passed to it by the
   transport.  The API could specify that whenever an application has
   freed up a buffer containing one or more data messages, then these
   messages are considered acknowledged by the application.
   Alternatively, the application could be required to explicitly
   acknowledge each message.

4.5 Distributed RTT Calculations.

   This TRACK BB provides two algorithms for distributed RTT
   calculations ù LocalRTT measurements and SenderRTT measurements.
   LocalRTT measurements are only between a parent and its children.
   SenderRTT measurements are end-to-end RTT measurements, measuring the
   RTT to the worst Receiver as selected by the congestion control
   algorithms.

   The SenderRTT is useful for congestion control. It can be used to set
   the data rate based on the TCP response function, which is being
   proposed for the congestion control building blocks.

   The LocalRTT can be used to (a) quickly detect faulty children (as
   described under fault detection) or (b) avoid sending unnecessary
   retransmissions (as described in the local repair algorithm).

   In the case of LocalRTT measurements, a parent initiates measurement
   by including a ParentTimestamp field in a Heartbeat message sent to
   its children.  When a child receives a Heartbeat message with this
   field set, it notes the time of receipt using its local system clock,
   and stores this with the message as HeartbeatReceiveTime.  When the
   child next generates a TRACK, just before sending it, it measures its
   system clock again as TRACKSendTime, and calculates the
   LocalDallyTime.

            LocalDallyTime = TRACKSendTime û HeartbeatReceiveTime.

   The child includes this value, along with the ParentTimestamp field,
   as fields in the next TRACK message sent.  Every heartbeat message
   that is multicast to all children SHOULD include a ParentTimestamp
   field.

   The SenderRTT algorithm is similar.  A Sender initiates the process
   by including a SenderTimestamp field in a data message.  When a
   Receiver gets a message with this field set, it keeps track of the
   DataReceiveTime for that message, and when it generates the next
   TRACK message, includes the SenderTimestamp and SenderDallyTime


Whetten                   Expires - May 2003                 [Page 32]


                         TRACK BUILDING BLOCK            November 2002


   value.  These values are aggregated by Repair Heads, as described
   above.

   Each node only keeps track of the most recent value for
   {SenderTimestamp, DataReceiveTime} and {ParentTimestamp,
   HeartbeatReceiveTime}, replacing any older values any time that a new
   message is received with these values set.  As long as it has non-
   zero values to report, each node sends up both a {SenderTimestamp,
   SenderDallyTime} and a {ParentTimestamp, LocalDallyTime} set of
   fields in each TRACK message generated.

   Unless redefined by the TRACK PI, these RTT measurements are averaged
   using an exponentially weighted moving average, where the first RTT
   measurement, RTT_measurement, initializes the average RTT_average,
   and then each successive measurement is averaged in according to the
   following formula.  The RECOMMENDED value for alpha is 1/8.
         RTT_average = RTT_measurement * alpha + RTT_average (1-alpha)

4.6 SNMP Support

   The Repair Heads and the Sender are designed to interact with SNMP
   management tools.  This allows network managers to easily monitor and
   control the sessions being transmitted.  All TRACK nodes MAY have
   SNMP MIBs defined in a separate document.  SNMP support is OPTIONAL
   for Receiver nodes, but is RECOMMENDED for all other nodes.

4.7 Late Join Semantics

   TRACK offers three flavors of late join support:
   a) No Recovery
      A Receiver binds to a Repair Head after the session has started
      and agrees to the reliability service starting from the Sequence
      Number in the current data message received from the Sender.
   b) Continuation
      This semantic is used when a Receiver has lost its Repair Head
      and needs to re-affiliate.  In this case, the Receiver must
      indicate the oldest Sequence Number it needs to repair in order
      to continue the reliability service it had from the previous
      Repair Head.  The binding occurs if this is possible.
   c) No Late Join
     For some applications, it is important that a Receiver receives
     either all data or no data (e.g. software distribution).  In this
     case option (c) is used.

   These are specified by the LateJoinSemantics session parameter, and
   enforced by a Parent when a Child attempts to bind to it.

5. Message Types



Whetten                   Expires - May 2003                 [Page 33]


                         TRACK BUILDING BLOCK            November 2002


   The following table summarizes the messages and their fields used by
   the TRACK BB.  All messages contain the session identifier.  For more
   details, please see the sample TRACK PI [17].

+--------------------------------------------------------------------+
Message          From      To     Mcast?       Fields
+--------------------------------------------------------------------+

BindRequest     Child    Parent    no       Scope, Level, Role, Rejoin
                                      BindSequenceNumber, SubTreeCount
+--------------------------------------------------------------------+

BindConfirm     Parent   Child     no   RepairAddr, BindSequenceNumber
                                                 LowestAvailableRepair
                                               Level, ChildIndex, Role
+--------------------------------------------------------------------+

BindReject      Parent   Child     no       Reason, BindSequenceNumber
+--------------------------------------------------------------------+

UnbindRequest   Child    Parent    no               Reason, ChildIndex
+--------------------------------------------------------------------+

UnbindConfirm   Parent   Child     no
+--------------------------------------------------------------------+

EjectRequest    Parent   Child    either       Reason, AlternateParent
+--------------------------------------------------------------------+

EjectConfirm    Child    Parent    no
+--------------------------------------------------------------------+

Heartbeat       Parent   Child    either        Level, ParentTimestamp
                                                  ChildrenList, SeqNum
                                                       HighestReleased
+--------------------------------------------------------------------+

NullData,       Sender    all      yes     SenderTimeStamp, DataLength
OData                                          HighestReleased, SeqNum
                                         EndOfStream, TransmissionRate
+--------------------------------------------------------------------+

Rdata           Parent   Child     yes     SenderTimeStamp, DataLength
                                               HighestReleased, SeqNum
                                         EndOfStream, TransmissionRate
+--------------------------------------------------------------------+

Track           Child    Parent    no            BitMask, SubTreeCount
                                               Slowest, HighestAllowed


Whetten                   Expires - May 2003                 [Page 34]


                         TRACK BUILDING BLOCK            November 2002


                                          ParentThere, ParentTimeStamp
                                      ParentDallyTime, SenderTimeStamp
                                    SenderDallyTime, CongestionControl
                                                           FailureList
+--------------------------------------------------------------------+

ALCRequest     Sender   Receiver    yes         Immediate, Reliability
                                               NumReplies, SeqNumRange
+--------------------------------------------------------------------+

ALCReply        Child   Parent      yes     SeqNumRange, ConfirmStatus
                                            ConfirmCount, PendingCount
                                                        FailedChildren
+--------------------------------------------------------------------+

StatsRequest   Sender   Receiver    yes         Immediate, StatsSeqNum
                                                 NumReplies, StatsList
+--------------------------------------------------------------------+

StatsReply      Child   Parent      yes         StatsSeqNum, StatsList
+--------------------------------------------------------------------+






























Whetten                   Expires - May 2003                 [Page 35]


                         TRACK BUILDING BLOCK            November 2002




   The various fields of the messages are described as follows:

   - BindSequenceNumber:  This is a monotonically increasing sequence
   number for each bind request from a given Receiver for a given Data
   Session.

   - Scope: an integer to indicate how far a repair message travels.
   This is optional.

   - Rejoin: a flag as to whether this Receiver was previously a member
   of this Data Session.

   - Level: an integer that indicates the level in the repair tree.
   This value is used to keep loops in the tree from forming, in
   addition to indicating the distance from the Sender.  Any changes in
   a nodes level are passed down to the Tree BB using the
   treeLevelUpdate interface.

   - Role: This indicates if the bind requestor is a Receiver or Repair
   Head.

   - SubTreeCount: This is an integer indicating the current number of
   Receivers below the node.

   - RepairAddr: This field in the BindConfirm message is used to tell
   the Receiver which multicast address the Repair Head will be sending
   retransmissions on.  If this field is null, then the Receiver should
   expect retransmissions to be sent on the Senders data multicast
   address.

   - AlternateParent: This is an optional field that specifies another
   parent a Child may attempt to bind to.

   - SeqNum: an integer indicating the Sequence Number of a data message
   within a given Data Session.  For a Heartbeat, it is the highest
   sequence number the parent knows about.

   - ChildIndex: This is an integer the Repair Head assigns to a
   particular child.  The child Receiver uses this value to implement
   the rotating TRACK Generation algorithm.

   - LowestRepairAvailable: This is the lowest sequence number that a
   Repair Head will provide repairs for.

   - Reason: a code indicating the reason for the BindReject,
   UnbindRequest, or EjectRequest message.



Whetten                   Expires - May 2003                 [Page 36]


                         TRACK BUILDING BLOCK            November 2002


   - ParentTimestamp: This field is included in Heartbeat messages to
   signal the need to do a local RTT measurement from a parent.  It is
   the time when the parent sent the message.

   - ChildrenList: This field contains the identifiers for a list of
   children.  As part of the keepalive message, this field together with
   the SeqNum field is used to urge those listed Receivers to send a
   TRACK (for the provided SeqNum).  The Repair Head sending this must
   have been missing the regular TRACKs from these children for an
   extended period of time.

   - SenderTimestamp: This field is included in Data messages to signal
   the need to do a roundtrip time measurement from the Sender, through
   the tree, and back to the Sender.  It is the time (measured by the
   Senders local clock) when it sent the message.

   - ApplicationSynch: a Sequence Number signaling a request for
   confirmed delivery by the application.

   - EndOfStream: indicates that this message is the end of the data for
   this session.

   - TransmissionRate: This field is used by the Sender to tell the
   Receivers its sending rate, in messages per second.  It is part of
   the data or nulldata messages.

   - HighestReleased:  This field contains a Sequence Number,
   corresponding to the trailing edge of the Senders retransmission
   window.  It is used (as part of the data, nulldata or retransmission
   headers) to inform the Receivers that they should no longer attempt
   to recover those messages with a smaller (or same) Sequence Number.

   - HighestAllowed: a Sequence Number, used for flow control from the
   Receivers.  It signals the highest
   Sequence Number the Sender is allowed to send that will not overrun
   the Receivers buffer pools.

   - BitMask: an array of 1s and 0s.  Together with a Sequence Number it
   is used to indicate lost data messages.  If the ith element is a 1,
   it indicates the message SeqNum+i is lost.

   - Slowest: This field contains a field that characterizes the slowest
   Receiver in the subtree beneath (and including) the node sending the
   TRACK.  This is used to provide information for the congestion
   control BB.

   - SenderDallyTime: This field is associated with a SenderTimestamp
   field.  It contains the sum of the waiting time that should be
   subtracted from the RTT measurement at the Sender.


Whetten                   Expires - May 2003                 [Page 37]


                         TRACK BUILDING BLOCK            November 2002



   - ParentDallyTime: This is the same as the SenderDallyTime, but is
   associated with a ParentTimestamp instead of a SenderTimestamp.

   - DataLength: This is the length of the Data payload.

   - CongestionControl:  This includes any additional congestion control
   variables for aggregation, such as WorstLossRate,
   WorstEdgeThroughput, UnicastCost, and MulticastCost.

   - ApplicationConfirms: This is the SeqNum value for which delivery
   has been confirmed by all children at or below this parent.

   - FailedChildren: This is a list of all children that have recently
   been dropped from the repair tree.

   - Immediate: If set to 1, a Receiver should immediately send a TRACK
   on receipt of this packet.

   - Reliability: The level of reliability required in order to consider
   the set of data packets reliably delivered.

   - NumReplies: The number of consecutive TRACK messages that should be
   sent with this message attached

   - SeqNumRange: The set of data messages that the ALC request applies
   to.

   - ConfirmStatus: The acknowledgement status of the Receivers in the
   subtree up to the node that sends this message.

   - ConfirmCount: The number of Receivers in the subtree up to the node
   that sends this message, that have acknowledged the ALC request.

   - PendingCount: The number of Receivers in this subtree that are
   still pending in their decision as to acknowledging this ALC request.

   - StatsSeqNum: The number of this request for statistics.

   - StatsList: The list of statistics to be filled in by Receivers, and
   aggregated by the control tree.


6. Global Configuration Variables, Constants, and Reason Codes

6.1 Global Configuration Variables
These are variables that control the Data Session and are advertised to
all participants.  Some of them MAY instead be configured as constants.



Whetten                   Expires - May 2003                 [Page 38]


                         TRACK BUILDING BLOCK            November 2002


   - TimeMaxBindResponse: the time, in seconds, to wait for a response
   to a BindRequest.  Initial value is TIMEOUT_PARENT_RESPONSE
   (recommended value is 3).  Maximum value is
   MAX_TIMEOUT_PARENT_RESPONSE.

   - MaxChildren: The maximum number of children a Repair Head is
   allowed to handle. Recommended value: 32.

   - ConstantHeartbeatPeriod: Instead of dynamically calculating the
   HeartbeatPeriod, a constant period may be used instead.  Recommended
   value: 3 seconds.

   - MinimumHeartbeatPeriod: The minimum value for the dynamically
   calculated HeartbeatPeriod.  Recommended value: 1 second.

   - MinHoldTime: The minimum amount of time a Repair Head holds on to
   data messages.

   - MaxHoldTime: The maximum amount of time a Repair Head holds on to
   data messages.

   - AckWindow: The number of messages seen before a Receiver issues an
   acknowledgement.  Recommended value: 32.

   - LateJoinSemantics: The options available to a Receiver who wishes
   to join a Data Session that is already in progress.

   - MaximumFailureListSize: The maximum number of entries that can be
   in a failure list.  This MUST be small enough that the FailureList
   does not ever cause a TRACK to exceed the size of a maximum UDP
   packet.  Recommended value:  800.

   - MaximumStatisticsListSize: The maximum number of entries that can
   be in a statistics list.  This MUST be small enough that the
   FailureList does not ever cause a TRACK to exceed the size of a
   maximum UDP packet.  Recommended value:  100.

   - MaximumDataRate: The maximum admission rate for data messages from
   the application to the Data Channel Protocol.

   - MinimumDataRate: The minimum admission rate for data messages from
   the application to the Data Channel Protocol.

6.2 Constants

   - NUM_MAX_PARENT_ATTEMPTS: The number of times to try to bind to a
   Repair Head before declaring a PARENT_UNREACHABLE error.  Recommended
   value is 5.



Whetten                   Expires - May 2003                 [Page 39]


                         TRACK BUILDING BLOCK            November 2002


   - TIMEOUT_PARENT_RESPONSE: The minimum value, in seconds, between
   attempts to contact a parent.  Recommended value is 1 second.

   - MAX_TIMEOUT_PARENT_RESPONSE:  The maximum value, in seconds,
   between attempts to contact a parent.  Recommended value is 16.

   - NULL_DATA_PERIOD: The time between transmission of NullData
   Messages.  Recommended value is 1.

   - FAILURE_DETECTION_REDUNDANCY: The number of times a message is sent
   without receiving a response before declaring an error.  Recommended
   value is 3.

   - MAX_TRACK_TIMEOUT: The maximum value for TRACKTimeout.  Recommended
   value is 5 seconds.

   - TRANSMISSION_REDUNDANCY: The number of times a failure notification
   is redundantly sent up the tree in a TRACK message.  Recommended
   value is 3.

6.3 Reason Codes

   - BindReject reason codes
     - LOOP_DETECTED
     - MAX_CHILDREN_EXCEEDED

   - UnbindRequest reason codes
     - SESSION_DONE
     - APPLICATION_REQUEST
     - RECEIVER_TOO_SLOW

   - EjectRequest reason codes
     - PARENT_LEAVING
     - PARENT_FAILURE
     - CHILD_TOO_SLOW
     - PARENT_OVERLOADED


7. Security

   As specified in [12], the primary security requirement for a TRACK
   protocol is protection of the transport infrastructure.  This is
   accomplished through the use of lightweight group authentication of
   the control and, optionally, the data messages sent to the group.
   These algorithms use IPsec and shared symmetric keys.  For TRACK,
   [12] recommends that there be one shared key for the Data Session and
   one for each Local Control Channel.  These keys are distributed
   through a separate key manager component, which may be either
   centralized or distributed.  Each member of the group is responsible


Whetten                   Expires - May 2003                 [Page 40]


                         TRACK BUILDING BLOCK            November 2002


   for contacting the key manager, establishing a pair-wise security
   association with the key manager, and obtaining the appropriate keys.

   The exact algorithms for this BB are presently the subject of
   research within the IRTF Secure Multicast Group (SMuG) and
   standardization within the Multicast Security working group.

8. References

   [1]  Bradner, S., "The Internet Standards Process -- Revision 3", BCP
      9, RFC 2026, October 1996.

   [2]  Whetten, B., et. al. "Reliable Multicast Transport Building
      Blocks for One-to-Many Bulk-Data Transfer."  RFC 3048, January
      2001.

   [3]  Handley, M., et. al.  "The Reliable Multicast Design Space for
      Bulk Data Transfer."  RFC 2887, August 2000.

   [4]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
      Levels", BCP 14, RFC 2119, March 1997

   [5]  Whetten, B., Taskale, G.  "Overview of the Reliable Multicast
      Transport Protocol II (RMTP-II)."  IEEE Networking, Special Issue
      on Multicast, February 2000.

   [6]  Nonnenmacher, J., Biersack, E.  "Reliable Multicast: Where to
      use Forward Error Correction", Proc. 5th. Workshop on Protocols
      for High Speed Networks, Sophia Antipolis, France, Oct. 1996.

   [7]  Nonnenmacher, J., et. al.  "Parity-Based Loss Recovery for
      Reliable Multicast Transmission", In Proc. of ACM SIGCOMM 97,
      Cannes, France, September 1997.

   [8]  Rizzo, L.  "Effective erasure codes for reliable computer
      communications protocols", DEIT Technical Report LR-970115.

   [9]  Nonnenmacher, J., Biersack, E. "Optimal Multicast Feedback",
      Proc. IEEE INFOCOM 1998, March 1998.

   [10]  Whetten, B., Conlan, J.  "A Rate Based Congestion Control
      Scheme for Reliable Multicast", GlobalCast Communications
      Technical White Paper, November 1998.
      http://www.talarian.com/rmtp-ii

   [11]  Padhye, J., et. al.  "Modeling TCP Throughput:  A Simple Model
      and its Empirical Validation".  University of Massachusetts
      Technical Report CMPSCI TR 98-008.



Whetten                   Expires - May 2003                 [Page 41]


                         TRACK BUILDING BLOCK            November 2002


   [12]  Hardjorno, T., Whetten, B.  "Security Requirements for TRACK"
      draft-ietf-rmt-pi-track-security-00.txt, June 2000.  Work in
      Progress.

   [13]  Golestani, J., "Fundamental Observations on Multicast
      Congestion Control in the Internet", Bell Labs, Lucent Technology,
      paper presented at the July 1998 RMRG meeting.

   [14]  Kadansky, M., D. Chiu, J. Wesley, J. Provino, "Tree-based
      Reliable Multicast (TRAM)", draft-kadansky-tram-02.txt, Work in
      Progress.

   [15]  Whetten, B., M. Basavaiah, S. Paul, T. Montgomery, "RMTP-II
      Specification", draft-whetten-rmtp-ii-00.txt, April 8, 1998. Work
      in Progress.

   [16]  Kadansky, M., Chiu, D. M., Whetten, B., Levine, B. N., Taskale,
      G., Cain, B., Thaler, D., Koh, s. J., "Reliable Multicast
      Transport Building Block: Tree Auto-Configuration", draft-ietf-
      rmt-bb-tree-config-02.txt, March 2, 2001.  Work in Progress.

   [17]  Whetten, B. et. al., "TRACK Protocol Instantiation Over UDP",
      draft-ietf-rmt-track-pi-udp-00.txt, November 2002.

   [18]  Adamson, B., et. al.,  "NACK Oriented Reliable Multicast
      Protocol (NORM), draft-ietf-rmt-pi-norm-02.txt, July 2001.  Work
      in Progress.

   [19]  Vicisano, L., et. al., "Asynchronous Layered Coding - A
      scalable reliable multicast protocol", draft-ietf-rmt-pi-alc-
      02.txt, July 2001.  Work in Progress.

   [20]  Speakman, T., et. al., "Pragmatic General Multicast (PGM)",
      draft-speakman-pgm-spec-06.txt, Feb 2001.  Work in Progress.

   [21]  Kermode, R., Vicisano, L., "Author Guidelines for RMT Building
   Blocks and Protocol Instantiation Documents", RFC 3269.

10. Acknowledgements
   We would like to thank the follow people: Sanjoy Paul, Seok Joo Koh,
   Supratik Bhattacharyya, Joe Wesley, and Joe Provino.


11. Authors Addresses

   Brian Whetten
   890 Sea Island Lane
   Foster City, CA  94404
   b2@whetten.net


Whetten                   Expires - May 2003                 [Page 42]


                         TRACK BUILDING BLOCK            November 2002



   Dah Ming Chiu
   Sun Microsystems Laboratories
   1 Network Drive
   Burlington, MA 01803
   dahming.chiu@sun.com

   Miriam Kadansky
   Sun Microsystems Laboratories
   1 Network Drive
   Burlington, MA 01803
   miriam.kadansky@sun.com

   Seok Joo Koh
   sjkoh@pec.etri.re.kr

   Gursel Taskale
   TIBCO Corporation
   gursel@tibco.com


   Full Copyright Statement

   "Copyright (C) The Internet Society (2000). All Rights Reserved. This
   document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works. However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."




Whetten                   Expires - May 2003                 [Page 43]


                         TRACK BUILDING BLOCK            November 2002





















































Whetten                   Expires - May 2003                 [Page 44]