Internet Draft                                           B. Nickless
    Document: draft-ietf-nickless-ipv4-mcast-           Argonne National
    unusable-03.txt                                           Laboratory
    Expires: June 2004                                     December 2003


             IPv4 Multicast Unusable Group And Source Addresses


1. Status of this Memo

    This document is an Internet-Draft and is in full conformance with
    all provisions of Section 10 of RFC2026.

    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF), its areas, and its working groups.  Note that
    other groups may also distribute working documents as Internet-
    Drafts.

    Internet-Drafts are draft documents valid for a maximum of six
    months and may be updated, replaced, or obsoleted by other documents
    at any time.  It is inappropriate to use Internet-Drafts as
    reference material or to cite them other than as "work in progress."

    The list of current Internet-Drafts can be accessed at
         http://www.ietf.org/ietf/1id-abstracts.txt

    The list of Internet-Draft Shadow Directories can be accessed at
         http://www.ietf.org/shadow.html.


2. Abstract

    Some IPv4 multicast datagrams should not be routed, either within an
    administrative domain or between administrative domains.  A list of
    those restrictions is supplied here.  These restrictions SHOULD be
    respected by IPv4 multicast applications and included in network
    device access control lists.  IANA should permanently reserve
    certain address ranges.

3. Table of Contents

    1. Status of this Memo.............................................1
    2. Abstract........................................................1
    4. Conventions used in this document...............................2
    5. Background......................................................2
    6. Specific (Source,Group) Restrictions............................2
    7. Unusable Locally................................................4
    8. Unusable Inter-domain...........................................4
    9. No Flooding of Knowledge of Active Sources......................5
    10. IANA Considerations............................................6
    11. Security Considerations........................................6

    Nickless       Informational - Expires June 2004                 1
                     IPv4 Multicast Unusable Group       December 2003
                            And Source Addresses

    12. Acknowledgements...............................................6
    13. References.....................................................6
    12. Author's Address...............................................7


4. Conventions used in this document

    The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
    "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
    document are to be interpreted as described in RFC-2119 [RFC2119].


5. Background

    IPv4 multicast [MCAST] is an internetwork service that allows IPv4
    datagrams sent from a source to be delivered to one or more
    interested receiver(s).  That is, a given source sends a packet the
    network with a destination address 224/4 CIDR [CIDR] range.  The
    network transports this packet to all receivers (replicated where
    necessary) that have registered their interest in receiving these
    packets.

    Some combinations of Source Address and Group Address SHOULD NOT be
    routed for various reasons.  This note describes those restrictions
    so they can be:

     - Avoided by applications, especially those that choose multicast
       groups on a random or ad-hoc basis.
     - Properly reflected in network device restriction lists.
     - Reserved by IANA.


6. Specific (Source,Group) Restrictions

    Following is a list of (Source,Group) ranges that should not be used
    or routed in certain circumstances.  Each range is associated with a
    brief explanation and a cross-reference to a fuller explanation to
    be found in following sections of this note.

    (*,224.0.1.2/32)       SGI-Dogfight                    Section 8.4
    (*,224.0.1.3/32)       Rwhod                           Section 8.5
    (*,224.0.1.22/32)      SVRLOC                          Section 8.4
    (*,224.0.1.24/32)      Microsoft-DS                    Section 8.4
    (*,224.0.1.35/32)      SVRLOC-DA                       Section 8.5
    (*,224.0.1.39/32)      CISCO-RP-ANNOUNCE               Section 8.5
    (*,224.0.1.40/32)      CISCO-RP-DISCOVERY              Section 8.5
    (*,224.0.1.60/32)      HP-DEVICE-DISC                  Section 8.5
    (*,224.0.2.2/32)       SUN-RPC                         Section 8.4
    (*,224.77.0.0/16)      Norton Ghost                    Section 8.3
    (*,224.128.0.0/24)     Control plane of IGMP snoopers  Section 7.1
    (*,225.0.0.0/24)       Control plane of IGMP snoopers  Section 7.1
    (*,225.1.2.3/32)       Altiris                         Section 8.3

    Nickless       Informational - Expires June 2004                 2
                     IPv4 Multicast Unusable Group       December 2003
                            And Source Addresses

    (*,225.128.0.0/24)     Control plane of IGMP snoopers  Section 7.1
    (*,226.0.0.0/24)       Control plane of IGMP snoopers  Section 7.1
    (*,226.77.0.0/16)      Norton Ghost                    Section 8.3
    (*,226.128.0.0/24)     Control plane of IGMP snoopers  Section 7.1
    (*,227.0.0.0/24)       Control plane of IGMP snoopers  Section 7.1
    (*,227.128.0.0/24)     Control plane of IGMP snoopers  Section 7.1
    (*,228.0.0.0/24)       Control plane of IGMP snoopers  Section 7.1
    (*,228.128.0.0/24)     Control plane of IGMP snoopers  Section 7.1
    (*,229.0.0.0/24)       Control plane of IGMP snoopers  Section 7.1
    (*,229.128.0.0/24)     Control plane of IGMP snoopers  Section 7.1
    (*,230.0.0.0/24)       Control plane of IGMP snoopers  Section 7.1
    (*,230.128.0.0/24)     Control plane of IGMP snoopers  Section 7.1
    (*,231.0.0.0/24)       Control plane of IGMP snoopers  Section 7.1
    (*,231.128.0.0/24)     Control plane of IGMP snoopers  Section 7.1
    (*,232.0.0.0/24)       Control plane of IGMP snoopers  Section 7.1
    (*,232.128.0.0/24)     Control plane of IGMP snoopers  Section 7.1
    (*,232.0.0.0/8)        Source-Specific Multicast       Section 9.1
    (*,233.0.0.0/24)       Control plane of IGMP snoopers  Section 7.1
    (*,233.128.0.0/24)     Control plane of IGMP snoopers  Section 7.1
    (*,234.0.0.0/24)       Control plane of IGMP snoopers  Section 7.1
    (*,234.42.42.42/32)    Phoenix/StorageSoft ImageCast   Section 8.3
    (*,234.128.0.0/24)     Control plane of IGMP snoopers  Section 7.1
    (*,234.142.142.42/31)  Phoenix/StorageSoft ImageCast   Section 8.3
    (*,234.142.142.44/30)  Phoenix/StorageSoft ImageCast   Section 8.3
    (*,234.142.142.48/28)  Phoenix/StorageSoft ImageCast   Section 8.3
    (*,234.142.142.64/26)  Phoenix/StorageSoft ImageCast   Section 8.3
    (*,234.142.142.128/29) Phoenix/StorageSoft ImageCast   Section 8.3
    (*,234.142.142.136/30) Phoenix/StorageSoft ImageCast   Section 8.3
    (*,234.142.142.140/31) Phoenix/StorageSoft ImageCast   Section 8.3
    (*,234.142.142.142/32) Phoenix/StorageSoft ImageCast   Section 8.3
    (*,235.0.0.0/24)       Control plane of IGMP snoopers  Section 7.1
    (*,235.128.0.0/24)     Control plane of IGMP snoopers  Section 7.1
    (*,236.0.0.0/24)       Control plane of IGMP snoopers  Section 7.1
    (*,236.128.0.0/24)     Control plane of IGMP snoopers  Section 7.1
    (*,237.0.0.0/24)       Control plane of IGMP snoopers  Section 7.1
    (*,237.128.0.0/24)     Control plane of IGMP snoopers  Section 7.1
    (*,238.0.0.0/24)       Control plane of IGMP snoopers  Section 7.1
    (*,238.128.0.0/24)     Control plane of IGMP snoopers  Section 7.1
    (*,239.0.0.0/8)        Administratively Scoped Groups  Section 8.1
    (*,239.0.0.0/24)       Control plane of IGMP snoopers  Section 7.1
    (*,239.128.0.0/24)     Control plane of IGMP snoopers  Section 7.1

    (0.0.0.0/0,*)          Link Local Addresses            Section 8.2
    (10.0.0.0/8,*)         Private Address Space           Section 8.2
    (127.0.0.0/8,*)        Loopback Address Space          Section 8.2
    (169.254.0.0/8,*)      Link Local Addresses            Section 8.2
    (172.16.0.0/12,*)      Private Address Space           Section 8.2
    (192.0.2.0/24,*)       Documentation/Example           Section 8.2
    (192.168.0.0/16,*)     Private Address Space           Section 8.2


    Nickless       Informational - Expires June 2004                 3
                     IPv4 Multicast Unusable Group       December 2003
                            And Source Addresses

7. Unusable Locally

    Multicast datagrams that match the criteria in this section SHOULD
    NOT be used, even on local, unrouted subnetworks.

    7.1 Groups processed in the control plane of IGMP-snooping switches.

    [MCAST] describes the mapping of IPv4 Multicast Group addresses to
    Ethernet MAC addresses, as follows:

         An IP host group address is mapped to an Ethernet multicast
         address by placing the low-order 23-bits of the IP address
         into the low-order 23 bits of the Ethernet multicast address
         01-00-5E-00-00-00 (hex).   Because there are 28 significant
         bits in an IP host group address, more than one host group
         address may map to the same Ethernet multicast address.

    Multicast group addresses in the 224.0.0.0/24 range are used for
    local subnetwork control.  This maps to the Ethernet multicast
    address range 01-00-5E-00-00-XX, where XX is 00 through FF.
    Ethernet frames within this range are always processed in the
    control plane of many popular network devices, such as IGMP-snooping
    switches.

    Because of the many-to-one mapping of IPv4 Multicast Group Addresses
    to Ethernet MAC addresses, it is possible to overwhelm the control
    plane of network devices by sending to group addresses that map into
    the 01-00-5E-00-00-XX (hex) range.

    IGMP-snooping network devices must also flood these frames to all
    outgoing ports, so the damage may extend to end systems and routers.

8. Unusable Inter-domain

    Multicast datagrams that match the criteria in this section SHOULD
    NOT be routed between administrative domains.

    Section 7 (Unusable Locally) is incorporated here by reference.

    8.1 Administratively Scoped Addresses

    RFC 2366 [ADMIN] defines 239.0.0.0/8 for use within an
    administrative domain.  As such, datagrams with group addresses that
    match 239.0.0.0/8 SHOULD NOT be passed between administrative
    domains.

    8.2 Special Use IPv4 Source Addresses

    RFC 1918 [PRIVATE] defines certain ranges of IPv4 unicast addresses
    that can be used within an administrative domain.  Multicast
    datagrams are no exception to the rule that datagrams addressed
    within these ranges SHOULD NOT be passed between administrative
    domains.

    Nickless       Informational - Expires June 2004                 4
                     IPv4 Multicast Unusable Group       December 2003
                            And Source Addresses


    127.0.0.0/8 is widely used for internal host addressing, and is
    generally not valid on datagrams passed between hosts.

    0.0.0.0/8 and 169.254.0.0/16 are valid only in the context of local
    links.  Such source addresses are not valid for datagrams passed
    between networks.  [RFC 1700] [RFC 3330]

    192.0.2.0/24 is reserved for documentation and example code.
    [RFC 3330]

    8.3 Personal Computer Deployment and Control Applications

    The Norton Ghost [GHOST], Phoenix/StorageSoft ImageCast [IMCAST],
    and Altiris [ALTIRIS] applications are used to duplicate files and
    filesystems from servers to clients, and to otherwise maintain
    groups of Personal Computers.  They are intended to be used on a
    local subnet or within an administrative domain, but the default
    addresses used by the software are not within the administratively-
    scoped range 239.0.0.0/8 (see Section 8.1 above).

    8.4 Known Insecure Services

    Applications that use certain multicast group addresses have been
    demonstrated to be vulnerable to exploitation, leading to serious
    security problems.

    8.5 Internal Resource Discovery

    Applications that use certain multicast group addresses are used to
    discover resources within an administrative domain.


9. No Flooding of Knowledge of Active Sources

    In the absence of explicit requests by interested receivers,
    multicast datagrams that match the criteria in this section SHOULD
    NOT be transmitted across administrative domain boundaries.

    The knowledge of active sources that match the criteria in this
    section SHOULD NOT be passed between administrative domains, for
    example through the operation of the Multicast Source Discovery
    Protocol (MSDP) [MSDP].

    Sections 7 and 8 are incorporated here by reference.

    9.1 Source-Specific Multicast

    Multicast datagrams addressed within 232.0.0.0/8 (See [IANA]) are
    used in the Source-Specific Multicast regime.  Interested recipients
    request traffic from specific sources using specific group
    addresses.  Knowledge of active sources is not flooded throughout

    Nickless       Informational - Expires June 2004                 5
                     IPv4 Multicast Unusable Group       December 2003
                            And Source Addresses

    the Internet, as it is the responsibility of the application to
    discover the active sources.


10. IANA Considerations

    Due to the issue outlined in Section 7.1 with 233.0.0.0/24 and
    233.128.0.0/24 above, IANA SHOULD NOT allocate AS 0 nor AS 32768 to
    any Autonomous System or Registry.

    IANA SHOULD reserve the 31 address blocks referenced in Section 7.

11. Security Considerations

    Low to moderate multicast traffic levels, using addresses within
    these Section 7.1 Multicast Group Address ranges, can result in
    severe denial of service on network devices that process frames with
    Ethernet MAC addresses in the 01-00-5E-00-00-XX (hex) range in the
    control plane.

    Interdomain forwarding of multicast traffic generated by certain
    multicast applications (see Section 8.3) can result in internal
    enterprise data being replicated far beyond that which was intended.

    Interdomain forwarding of multicast traffic on certain multicast
    groups (see Section 8.4) can lead to compromise of host systems.


12. Acknowledgements

    The author relied heavily on a list of problematic groups maintained
    by Cisco Systems, especially Beau Williamson and his colleagues.

    Jay Ford and Alan Croswell provided references for the Norton Ghost
    restriction.

    Leonard Giuliano, John Kristoff, Alastair Matthews, Pekka Savola,
    and Beau Williamson provided helpful comments, corrections, and
    suggestions.

    This work was supported by the Mathematical, Information, and
    Computational Sciences Division subprogram of the Office of Advanced
    Scientific Computing Research, U.S. Department of Energy, under
    Contract W-31-109-Eng-38.

13. References

    [RFC2119] RFC 2119: Key Words for use in RFCs to Indicate
       Requirement Levels.  S. Bradner.  March 1997.



    Nickless       Informational - Expires June 2004                 6
                     IPv4 Multicast Unusable Group       December 2003
                            And Source Addresses


    [MCAST] RFC 1112: Host extensions for IP multicasting. S.E. Deering.
       Aug-01-1989.

    [CIDR] RFC 1519: Classless Inter-Domain Routing (CIDR): an Address
       Assignment and Aggregation Strategy. V. Fuller, T. Li, J. Yu, K.
       Varadhan. September 1993.

    [ADMIN] RFC 2365: Administratively Scoped IP Multicast.  D. Meyer.
       July 1998.

    [PRIVATE] RFC 1918: Address Allocation for Private Internets.  Y
       Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, E. Lear.
       February 1996.

    [RFC 1700] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2,
       RFC 1700, October 1994.

    [RFC 3330] "Special-Use IPv4 Addresses", IANA, RFC 3330, September
       2002.

    [GHOST] Symantec.
       http://service2.symantec.com/SUPPORT/ghost.nsf/docid/
       1999033015222425

    [IMCAST] Phoenix Technologies.
       http://www.storagesoft.com/products/imagecast

    [ALTIRIS] Altiris
       http://www.altiris.com/support/docs/altirisexpress/
       axtechref41.pdf

    [MSDP] Multicast Source Discovery Protocol.  Bill Fenner and David
       Meyer, Editors.  Work in Progress. draft-ietf-msdp-spec-20.txt

    [IANA] Internet Assigned Numbers Authority.
       http://www.iana.org/assignments/multicast-addresses

14. Author's Address

    Bill Nickless
    Argonne National Laboratory
    9700 South Cass Avenue #221     Phone:  +1 630 252 7390
    Argonne, IL 60439               Email:  nickless@mcs.anl.gov

    Nickless       Informational - Expires June 2004                 7