As per Relevance of the word identifier, we have this rfc below:
Network Working Group David
Request for Comments: 1045 Stanford
February 1988
VMTP: VERSATILE MESSAGE TRANSACTION
Protocol
STATUS OF THIS
This RFC describes a protocol proposed as a standard for the
community. Comments are encouraged. Distribution of this document
unlimited
This memo specifies the Versatile Message Transaction Protocol (VMTP
[Version 0.7 of 19-Feb-88], a transport protocol specifically
to support the transaction model of communication, as exemplified
remote procedure call (RPC). The full function of VMTP,
support for security, real-time, asynchronous message exchanges
streaming, multicast and idempotency, provides a rich selection to
VMTP user level. Subsettability allows the VMTP module for
clients and servers to be specialized and simplified to the
actually required. Examples of such simple clients and servers
PROM network bootload programs, network boot servers, data sensors
simple controllers, to mention but a few examples
RFC 1045 VMTP February 1988
Table of
1. Introduction 1
1.1. Motivation 2
1.1.1. Poor RPC Performance 2
1.1.2. Weak Naming 3
1.1.3. Function Poor 3
1.2. Relation to Other Protocols 4
1.3. Document Overview 5
2. Protocol Overview 6
2.1. Entities, Processes and Principals 7
2.2. Entity Domains 9
2.3. Message Transactions 10
2.4. Request and Response Messages 11
2.5. Reliability 12
2.5.1. Transaction Identifiers 13
2.5.2. Checksum 14
2.5.3. Request and Response Acknowledgment 14
2.5.4. Retransmissions 15
2.5.5. Timeouts 15
2.5.6. Rate Control 18
2.6. Security 19
2.7. Multicast 21
2.8. Real-time Communication 22
2.9. Forwarded Message Transactions 24
2.10. VMTP Management 25
2.11. Streamed Message Transactions 25
2.12. Fault-Tolerant Applications 28
2.13. Packet Groups 29
2.14. Runs of Packet Groups 31
2.15. Byte Order 32
2.16. Minimal VMTP Implementation 33
2.17. Message vs. Procedural Request Handling 33
2.18. Bibliography 34
3. VMTP Packet Formats 37
3.1. Entity Identifier Format 37
3.2. Packet Fields 38
Cheriton [page i
RFC 1045 VMTP February 1988
3.3. Request Packet 45
3.4. Response Packet 47
4. Client Protocol Operation 49
4.1. Client State Record Fields 49
4.2. Client Protocol States 51
4.3. State Transition Diagrams 51
4.4. User Interface 52
4.5. Event Processing 53
4.6. Client User-invoked Events 54
4.6.1. Send 54
4.6.2. GetResponse 56
4.7. Packet Arrival 56
4.7.1. Response 58
4.8. Management Operations 61
4.8.1. HandleNoCSR 62
4.9. Timeouts 64
5. Server Protocol Operation 66
5.1. Remote Client State Record Fields 66
5.2. Remote Client Protocol States 66
5.3. State Transition Diagrams 67
5.4. User Interface 69
5.5. Event Processing 70
5.6. Server User-invoked Events 71
5.6.1. Receive 71
5.6.2. Respond 72
5.6.3. Forward 73
5.6.4. Other Functions 74
5.7. Request Packet Arrival 74
5.8. Management Operations 78
5.8.1. HandleRequestNoCSR 79
5.9. Timeouts 82
6. Concluding Remarks 84
I. Standard VMTP Response Codes 85
II. VMTP RPC Presentation Protocol 87
Cheriton [page ii
RFC 1045 VMTP February 1988
II.1. Request Code Management 87
III. VMTP Management Procedures 89
III.1. Entity Group Management 100
III.2. VMTP Management Digital Signatures 101
IV. VMTP Entity Identifier Domains 102
IV.1. Domain 1 102
IV.2. Domain 3 104
IV.3. Other Domains 105
IV.4. Decentralized Entity Identifier Allocation 105
V. Authentication Domains 107
V.1. Authentication Domain 1 107
V.2. Other Authentication Domains 107
VI. IP Implementation 108
VII. Implementation Notes 109
VII.1. Mapping Data Structures 109
VII.2. Client Data Structures 111
VII.3. Server Data Structures 111
VII.4. Packet Group transmission 112
VII.5. VMTP Management Module 113
VII.6. Timeout Handling 114
VII.7. Timeout Values 114
VII.8. Packet Reception 115
VII.9. Streaming 116
VII.10. Implementation Experience 117
VIII. UNIX 4.3 BSD Kernel Interface for VMTP 118
Index 120
Cheriton [page iii
RFC 1045 VMTP February 1988
List of
Figure 1-1: Relation to Other Protocols 4
Figure 3-1: Request Packet Format 45
Figure 3-2: Response Packet Format 47
Figure 4-1: Client State Transitions 52
Figure 5-1: Remote Client State Transitions 68
Figure III-1: Authenticator Format 92
Figure VII-1: Mapping Client Identifier to CSR 109
Figure VII-2: Mapping Server Identifiers 110
Figure VII-3: Mapping Group Identifiers 111
Cheriton [page iv
RFC 1045 VMTP February 1988
1.
The Versatile Message Transaction Protocol (VMTP) is a
protocol designed to support remote procedure call (RPC) and
transaction-oriented communication. By transaction-
communication, we mean that
- Communication is request-response: A client sends a
for a service to a server, the request is processed, and
server responds. For example, a client may ask for the
page of a file as the service. The transaction is
by the server responding with the next page
- A transaction is initiated as part of sending a request to
server and terminated by the server responding. There are
separate operations for setting up or terminating
between clients and servers at the transport level
- The server is free to discard communication state about
client between transactions without causing incorrect
or failures
The term message transaction (or transaction) is used in the reminder
this document for a request-response exchange in the sense
above
VMTP handles the error detection, retransmission, duplicate
and, optionally, security required for transport-level end-to-
reliability
The protocol is designed to provide a range of behaviors within
transaction model, including
- Minimal two packet exchanges for short, simple transactions
- Streaming of multi-packet requests and responses for
data transfer
- Datagram and multicast communication as an extension of
transaction model
Example Uses
- Page-level file access - VMTP is intended as the
level for file access, allowing simple, efficient operation
a local network. In particular, VMTP is appropriate for
by diskless workstations accessing shared network
Cheriton [page 1]
RFC 1045 VMTP February 1988
servers
- Distributed programming - VMTP is intended to provide
efficient transport level protocol for remote procedure
implementations, distributed object-oriented systems
message-based systems that conform to the request-
model
- Multicast communication with groups of servers to: locate
specific object within the group, update a replicated object
synchronize the commitment of a distributed transaction, etc
- Distributed real-time control with prioritized
handling, including datagrams, multicast and
calls
The protocol is designed to operate on top of a simple
datagram service, such as is provided by IP
1.1.
VMTP was designed to address three categories of deficiencies
existing transport protocols in the Internet architecture. We use
as the key current transport protocol for comparison
1.1.1. Poor RPC
First, current protocols provide poor performance for remote
call (RPC) and network file access. This is attributable to three
causes
- TCP requires excessive packets for RPC, especially
isolated calls. In particular, connection setup and
generates extra packets over that needed for VMTP to
RPC
- TCP is difficult to implement, speaking purely from
empirical experience over the last 10 years. VMTP
designed concurrently with its implementation, with focus
making it easy to implement and providing sensible subsets
its functionality
- TCP handles packet loss due to overruns poorly. We claim
overruns are the key source of packet loss in
high-performance RPC environment and, with the
Cheriton [page 2]
RFC 1045 VMTP February 1988
performance of networks, will continue to be the key source
(Older machines and network interfaces cannot keep up with
machines and network interfaces. Also, low-end
interfaces for high-speed networks have limited
buffering.)
VMTP is designed for ease of implementation and efficient RPC.
addition, it provides selective retransmission with rate-based
control, thus addressing all of the above issues
1.1.2. Weak
Second, current protocols provide inadequate naming of transport-
endpoints because the names are based on IP addresses. For example,
TCP endpoint is named by an Internet address and port identifier
Unfortunately, this makes the endpoint tied to a particular
interface, not specifically the process-level state associated with
transport-level endpoint. In particular, this form of naming
problems for process migration, mobile hosts and multi-homed hosts
VMTP provides host-address independent names, thereby solving the
mentioned problems
In addition, TCP provides no security and reliability guarantees on
dynamically allocated names. In particular, other than well-
ports, (host-addr, port-id)-tuples can change meaning on
following a crash. VMTP provides large identifiers with guarantee
stability, meaning that either the identifier never changes in
or else remains invalid for a significant time before becoming
again
1.1.3. Function
TCP does not support multicast, real-time datagrams or security.
fact, it only supports pair-wise, long-term, streamed
interchanges. Yet, multicast is of growing importance and is
developed for the Internet (see RFC 966 and 988). Also, a
facility with the same naming, transmission and reception facilities
the normal transport level is a powerful asset for real-time
parallel applications. Finally, security is a basic requirement in
increasing number of environments. We note that security is natural
implement at the transport level to provide end-to-end security (
opposed to (inter)network level security). Without security at
transport level, a transport level protocol cannot guarantee
standard transport level service definition in the presence of
intruder. In particular, the intruder can interject packets or
Cheriton [page 3]
RFC 1045 VMTP February 1988
packets while updating the checksum, making mockery out of
transport-level claim of "reliable delivery".
In contrast, VMTP provides multicast, real-time datagrams and security
addressing precisely these weaknesses
In general, VMTP is designed with the next generation of
systems in mind. These communication systems are characterized
follows. RPC, page-level file access and other request-
behavior dominates. In addition, the communication substrate,
local and wide-area, provides high data rates, low error rates
relatively low delay. Finally, intelligent, high-performance
interfaces are common and in fact required to achieve performance
approximates the network capability. However, VMTP is also designed
function acceptably with existing networks and network interfaces
1.2. Relation to Other
VMTP is a transport protocol that fits into the layered
protocol environment. Figure 1-1 illustrates the place of VMTP in
protocol hierarchy
+-----------+ +----+ +-----------------+ +------+
|File Access| |Time| |Program Execution| |Naming|...
+-----------+ +----+ +-----------------+ +------+
| | | | |
+-----------+-----------+-------------+------+
|
+------------------+
| RPC Presentation |
+------------------+
|
+------+ +--------+
| TCP | | VMTP |
+------+ +--------+
| |
+-----------------------------------+
| Internet Protocol & ICMP |
+-----------------------------------+
Figure 1-1: Relation to Other
The RPC presentation level is not currently defined in the
suite of protocols. Appendix II defines a proposed RPC
level for use with VMTP and assumed for the definition of the
management procedures. There is also a need for the definition of
Cheriton [page 4]
RFC 1045 VMTP February 1988
Application layer protocols listed above
If internetwork services are not required, VMTP can be used without
IP layer, layered directly on top of the network or data link layers
1.3. Document
The next chapter gives an overview of the protocol, covering naming
message structure, reliability, flow control, streaming, real-time
security, byte-ordering and management. Chapter 3 describes the
packet formats. Chapter 4 describes the client VMTP protocol
in terms of pseudo-code for event handling. Chapter 5 describes
server VMTP protocol operation in terms of pseudo-code for
handling. Chapter 6 summarizes the state of the protocol,
remaining issues and expected directions for the future. Appendix
lists some standard Response codes. Appendix II describes the
presentation protocol proposed for VMTP and used with the
management procedures. Appendix III lists the VMTP
procedures. Appendix IV proposes initial approaches for handling
identification for VMTP. Appendix V proposes initial
domains for VMTP. Appendix VI provides some details for
VMTP on top of IP. Appendix VII provides some suggestions on
implementation of VMTP, focusing on data structures and
functions. Appendix VIII describes a proposed program interface
UNIX 4.3 BSD and its descendants and related systems
Cheriton [page 5]
RFC 1045 VMTP February 1988
2. Protocol
VMTP provides an efficient, reliable, optionally secure
service in the message transaction or request-response model with
following features
- Host address-independent naming with provision for
forms of names for endpoints as well as associated (security
principals. (See Sections 2.1, 2.2, 3.1 and Appendix IV.)
- Multi-packet request and response messages, with a
size of 4 megaoctets per message. (Sections 2.3 and 2.14.)
- Selective retransmission. (Section 2.13.) and rate-based
control to reduce overrun and the cost of overruns. (
2.5.6.)
- Secure message transactions with provision for a variety
encryption schemes. (Section 2.6.)
- Multicast message transactions with multiple response
per request message. (Section 2.7.)
- Support for real-time communication with idempotent
transactions with minimal server overhead and state (
2.5.3), datagram request message transactions with
response, optional header-only checksum, priority
of transactions, conditional delivery and preemptive
of requests (Section 2.8)
- Forwarded message transactions as an optimization for
forms of nested remote procedure calls or
transactions. (Section 2.9.)
- Multiple outstanding (asynchronous) message transactions
client. (Section 2.11.)
- An integrated management module, defined with a
procedure call interface on top of VMTP providing a variety
communication services (Section 2.10.)
- Simple subset implementation for simple clients and
servers. (Section 2.16.)
This chapter provides an overview of the protocol as introduction to
basic ideas and as preparation for the subsequent chapters that
the packet formats and event processing procedures in detail
Cheriton [page 6]
RFC 1045 VMTP February 1988
In overview, VMTP provides transport communication between network
visible entities via message transactions. A message
consists of a request message sent by the client, or requestor, to
group of server entities followed by zero or more response messages
the client, at most one from each server entity. A message
structured as a message control portion and a segment data portion.
message is transmitted as one or more packet groups. A packet group
one or more packets (up to a maximum of 32 packets) grouped by
protocol for acknowledgment, sequencing, selective retransmission
rate control
Entities and VMTP operations are managed using a VMTP
mechanism that is accessed through a procedural interface (RPC
implemented on top of VMTP. In particular, information about a
entity is obtained and maintained using the Probe VMTP
operation. Also, acknowledgment information and requests
retransmission are sent as notify requests to the management module
(In the following description, reference to an "acknowledgment" of
request or a response refers to a management-level notify operation
is acknowledging the request or response.)
2.1. Entities, Processes and
VMTP defines and uses three main types of identifiers:
identifiers, process identifiers and principal identifiers, each 64-
in length. Communication takes place between network-visible entities
typically mapping to, or representing, a message port or
invocation. Thus, entities are the VMTP communication endpoints.
process associated with each entity designates the agent behind
communication activity for purposes of resource allocation
management. For example, when a lock is requested on a file, the
is associated with the process, not the requesting entity, allowing
process to use multiple entity identifiers to perform operations
lock conflict between these entities. The principal associated with
entity specifies the permissions, security and accounting
associated with the entity. The process and principal identifiers
included in VMTP solely to make these values available to VMTP
with the security and efficiency provided by VMTP. Only the
identifiers are actively used by the protocol
Entity identifiers are required to have three properties
Uniqueness Each entity identifier is uniquely defined at any
time. (An entity identifier may be reused over time.)
Stability An entity identifier does not change between
Cheriton [page 7]
RFC 1045 VMTP February 1988
meanings without suitable provision for
references to the entity identifier. Certain
identifiers are strictly stable, (i.e. never
meaning), typically being administratively
(although they need not be bound to a valid entity
all times), often called well-known identifiers.
other entity identifiers are required to be T-stable
not change meaning without having remained invalid
at least a time interval T
Host address
An entity identifier is unique independent of the
address of its current host. Moreover, an
identifier is not tied to a single Internet
address. An entity can migrate between hosts, reside
a mobile host that changes Internet addresses or
on a multi-homed host. It is up to the
implementation to determine and maintain up to date
host addresses of entities with which it
communicating
The stability of entity identifiers guarantees that an entity
represents the same logical communication entity and principal (in
security sense) over the time that it is valid. For example, if
entity identifier is authenticated as having the privileges of a
user account, it continues to have those privileges as long as it
continuously valid (unless some explicit notice is provided otherwise).
Thus, a file server need not fully authenticate the entity on every
access request. With T-stable identifiers, periodically checking
validity of an entity identifier with period less than T seconds
a change in entity identifier validity
A group of entities can form an entity group, which is a set of zero
more entities identified by a single entity identifier. For example
one can have a single entity identifier that identifies the group
name servers. An entity identifier representing an entity group
drawn from the same name space as entity identifiers. However,
entity identifiers are flagged as such by a bit in the
identifier, indicating that the identifier is known to identify at
one entity. In addition to the group bit, each entity
includes other standard type flags. One flag indicates whether
identifier is an alias for an entity in another domain (See Section 2.2
below.). Another flag indicates, for an entity group identifier
whether the identifier is a restricted group or not. A restricted
is one in which an entity can be added only by another entity with
management authorization. With an unrestricted group, an entity
allowed to add itself. If an entity identifier does not represent
Cheriton [page 8]
RFC 1045 VMTP February 1988
group, a type bit indicates whether the entity uses big-endian
little-endian data representation (corresponding to Motorola 680X0
VAX byte orders, respectively). Further specification of the format
entity identifiers is contained in Section 3.1 and Appendix IV
An entity identifier identifies a Client, a Server or a group
Servers <1>. A Client is always identified by a T-stable identifier.
server or group of servers may be identified by a a T-stable
(group or single entity) or by strictly stable (statically assigned
entity group identifier. The same T-stable identifier can be used
identify a Client and Server simultaneously as long as both
logically associated with the same entity. The state required
reliable, secure communication between entities is maintained in
state records (CSRs), which include the entity identifier of the Client
its principal, its current or next transaction identifier and so on
2.2. Entity
An entity domain is an administration or an administration
that guarantees the three required entity identifier properties
uniqueness, stability and host address independence for the entities
administers. That is, entity identifiers are only guaranteed to
unique and stable within one entity domain. For example, the set of
Internet hosts may function as one domain. Independently, the set
hosts local to one autonomous network may function as a separate domain
Each entity domain is identified by an entity domain identifier, Domain
Only entities within the same domain may communicate directly via VMTP
However, hosts and entities may participate in multiple entity
simultaneously, possibly with different entity identifiers.
example, a file server may participate in multiple entity domains
order to provide file service to each domain. Each entity
specifies the algorithms for allocation, interpretation and mapping
entity identifiers
Domains are necessary because it does not appear feasible to specify
universal VMTP entity identification administration that covers
entities for all time. Domains limit the number of entities that
to be managed to maintain the uniqueness and stability of the
_______________
<1> Terms such as Client, Server, Request, Response, etc.
capitalized in this document when they refer to their specific
in VMTP
Cheriton [page 9]
RFC 1045 VMTP February 1988
name space. Domains can also serve to separate entities of
security levels. For instance, allocation of a unclassified
identifier cannot conflict with secret level entity identifiers
the former is interpreted only in the unclassified domain, which
disjoint from the secret domain
It is intended that there be a small number of domains. In particular
there should be one (or a few) domains per installation "type",
than per installation. For example, the Internet is expected to use
domain per security level, resulting in at most 8 different domains
Cluster-based internetwork architectures, those with a local
protocol distinct from the wide-area protocol, may use one domain
local use and one for wide-area use
Additional details on the specification of specific domains is
in Appendix IV
2.3. Message
The message transaction is the unit of interaction between a Client
initiates the transaction and one or more Servers. A
transaction starts with a request message generated by a client.
the service interface, a server becomes involved with a transaction
receiving and accepting the request. A server terminates
involvement with a transaction by sending a response message. In
group message transaction, the server entity designated by the
corresponds to a group of entities. In this case, each server in
group receives a copy of the request. In the client's view,
transaction is terminated when it receives the response message or,
the case of a group message transaction, when it receives the
response message. Because it is normally impractical to determine
the last response message has been received. the current transaction
terminated by VMTP when the next transaction is initiated
Within an entity domain, a transaction is uniquely identified by
tuple (Client, Transaction, ForwardCount). where Transaction is
32-bit number and ForwardCount is a 4-bit value. A Client
monotonically increasing Transaction identifiers for new
transactions. Normally, the next higher transaction number,
2**32, is used for the next message transaction, although there
cases in which it skips a small range of Transaction identifiers. (
the description of the STI control flag.) The ForwardCount is used
a message transaction is forwarded and is zero otherwise
A Client generates a stream of message transactions with
transaction identifiers, directed at a diversity of Servers. We say
Cheriton [page 10]
RFC 1045 VMTP February 1988
Client has a transaction outstanding if it has invoked a
transaction, but has not received the last Response (or possibly
Response). Normally, a Client has only one transaction outstanding at
time. However, VMTP allows a Client to have multiple
transactions outstanding simultaneously, supporting streamed
asynchronous remote procedure call invocations. In addition,
supports nested calls where, for example, procedure A calls procedure
which calls procedure C, each on a separate host with different
entity identifiers for each call but identified with the same
and principal
2.4. Request and Response
A message transaction consists of a request message and one or
Response messages. A message is structured as message control
(MCB) and segment data, passed as parameters, as suggested below
+-----------------------+
| Message Control Block |
+-----------------------+
+-----------------------------------+
| segment data |
+-----------------------------------+
In the request message, the MCB specifies control information about
request plus an optional data segment. The MCB has the
format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ServerEntityId (8 octets) +
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Flags | RequestCode |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ CoresidentEntity (8 octets) +
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> User Data (12 octets) <
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MsgDelivery |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SegmentSize |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The ServerEntityId is the entity to which the Request MCB is to be
(or was sent, in the case of reception). The Flags indicate
options in the request and response handling as well as whether
Cheriton [page 11]
RFC 1045 VMTP February 1988
CoresidentEntity, MsgDelivery and SegmentSize fields are in use.
RequestCode field specifies the type of Request. It is analogous to
packet type field of the Ethernet, acting as a switch for higher-
protocols. The CoresidentEntity field, if used, designates a
of the ServerEntityId group to which the Request should be routed
namely those members that are co-resident with the specified entity (
entity group). The primary intended use is to specify the manager for
particular service that is co-resident with a particular entity,
the well-known entity group identifier for the service manager in
ServerEntityId field and the identifier for the entity in
CoresidentEntity field. The next 12 octets are user-
application-specified
The MsgDelivery field is optionally used by the RPC or user level
specify the portions of the segment data to transmit and on reception
the portions received. It provides the client and server
(optional) access to, and responsibility for, a simple
transmission and reception facility. For example, a client may
retransmission of just those portions of the segment that it failed
receive as part of the original Response. The primary intended use
to support highly efficient multi-packet reading from a file server
Exploiting user-level selective retransmission using the
field, the file server VMTP module need not save multi-packet
for retransmission. Retransmissions, when needed, are instead
directly from the file server buffers
The SegmentSize field indicates the size of the data segment,
present. The CoresidentEntity, MsgDelivery and SegmentSize fields
usable as additional user data if they are not otherwise used
The Flags field provides a simple mechanism for the user level
communicate its use of VMTP options with the VMTP module as well as
VMTP modules to communicate this use among themselves. The use of
options is generally fixed for each remote procedure so that an
mechanism using VMTP can treat the Flags as an integral part of
RequestCode field for the purpose of demultiplexing to the correct stub
A Response message control block follows the same format except
Response is sent from the Server to the Client and there is
Coresident Entity field (and thus 20 octets of user data).
2.5.
VMTP provides reliable, sequenced transfer of request and
messages as well as several variants, such as unreliable
requests. The reliability mechanisms include: transaction identifiers
Cheriton [page 12]
RFC 1045 VMTP February 1988
checksums, positive acknowledgment of messages and timeout
retransmission of lost packets
2.5.1. Transaction
Each message transaction is uniquely identified by the pair (Client
Transaction). (We defer discussion of the ForwardCount field to
2.9.) The 32-bit transaction identifier is initialized to a
value when the Client entity is created or allocated its
identifier. The transaction identifier is incremented at the end
each message transaction. All Responses with the same
(Client, Transaction) pair are associated with this Request
The transaction identifier is used for duplicate suppression at
Server. A Server maintains a state record for each Client for which
is processing a Request, identified by (Client, Transaction). A
with the same (Client, Transaction) pair is discarded as a duplicate
(The ForwardCount field must also be equal.) Normally, this record
retained for some period after the Response is sent, allowing the
to filter out subsequent duplicates of this Request. When a
arrives and the Server does not have a state record for the
Client, the Server takes one of three actions
1. The Server may send a Probe request, a simple
operation, to the VMTP management module associated with
requesting Client to determine the Client's
Transaction identifier (and other information), initialize
new state record from this information, and then process
Request as above
2. The Server may reason that the Request must be a new
because it does not have a state record for this Client if
keeps these state records for the maximum packet lifetime
packets in the network (plus the maximum VMTP
time) and it has not been rebooted within this time period
That is, if the Request is not new either the Request
have exceeded the maximum packet lifetime or else the
would have a state record for the Client
3. The Server may know that the Request is idempotent or can
safely redone so it need not care whether the Request is
duplicate or not. For example, a request for the
time can be responded to with the current time without
concerned whether the Request is a duplicate. The
is discarded at the Client if it is no longer of interest
Cheriton [page 13]
RFC 1045 VMTP February 1988
2.5.2.
Each VMTP packet contains a checksum to allow the receiver to
corrupted packets independent of lower level checks. The checksum
is 32 bits, providing greater protection than the standard 16-bit
checksum (in combination with an improved checksum algorithm).
large packets, high packet rates and general network
expected in the future warrant a stronger checksum mechanism
The checksum normally covers both the VMTP header and the segment data
Optionally (for real-time applications), the checksum may apply only
the packet header, as indicated by the HCO control bit being set in
header. The checksum field is placed at the end of the packet to
it to be calculated as part of a software copy or as part of a
transmission or reception packet processing pipeline, as expected in
next generation of network interfaces. Note that the number of
and data octets is an integral multiple of 8 because VMTP requires
the segment data be padded to be a multiple of 64 bits. The
field is appended after the padding, if any. The actual algorithm
described in Section 3.2.
A zero checksum field indicates that no checksum was transmitted
the packet. VMTP may be used without a checksum only when there is
host-to-host error detection mechanism and the VMTP security facility
not being used. For example, one could rely on the Ethernet CRC
communication is restricted to hosts on the same Ethernet and
network interfaces are considered sufficiently reliable
2.5.3. Request and Response
VMTP assumes an unreliable datagram network and internetwork interface
To guarantee delivery of Requests and Response, VMTP uses
acknowledgments, retransmissions and timeouts
A Request is normally acknowledged by receipt of a Response
with the Request, i.e. with the same (Client, Transaction).
streamed message transactions, it may also be acknowledged by
subsequent Response that acknowledges previous Requests in addition
the transaction it explicitly identifies. A Response may be
acknowledged by a NotifyVmtpServer operation requested of the
for the Server. In the case of streaming, this is a
acknowledgment, acknowledging all Responses with a lower
identifier as well.) In addition, with non-streamed communication,
subsequent Request from the same Client acknowledges Responses to
previous message transactions (at least in the sense that either
client received a Response or is no longer interested in Responses
Cheriton [page 14]
RFC 1045 VMTP February 1988
those earlier message transactions). Finally, a client response
(at the server) acknowledges a Response at least in the sense that
server need not be prepared to retransmit the Response subsequently
Note that there is no end-to-end guarantee of the Response
received by the client at the application level
2.5.4.
In general, a Request or Response is retransmitted periodically
acknowledged as above, up to some maximum number of retransmissions
VMTP uses parameters RequestRetries(Server) and ResponseRetries(Client
that indicate the number of retransmissions for the server and
respectively before giving up. We suggest the value 5 be used for
parameters based on our experience with VMTP and Internet packet loss
Smaller values (such as 3) could be used in low loss environments
which fast detection of failed hosts or communication channels
required. Larger values should be used in high loss environments
transport-level persistence is important
In a low loss environment, a retransmission only includes the MCB
not the segment data of the Request or Response, resulting in a
(short) packet on retransmission. The intended recipient of
retransmission can request selective retransmission of all or part
the segment data as necessary. The selective retransmission
is described in Section 2.13.
If a Response is specified as idempotent, the Response is
retransmitted nor stored for retransmission. Instead, the Client
retransmit the Request to effectively get the Response retransmitted
The server VMTP module responds to retransmissions of the Request
passing the Request on to the server again to have it regenerate
Response (by redoing the operation), rather than saving a copy of
Response. Only Request packets for the last transaction from
client are passed on in this fashion; older Request packets from
client are discarded as delayed duplicates. If a Response is
idempotent, the VMTP module must ensure it has a copy of the
for retransmission either by making a copy of the Response (
physically or copy-on-write) or by preventing the Server from
until the Response is acknowledged
2.5.5.
There is one client timer for each Client with an
transaction. Similarly, there is one server timer for each
transaction that is "active" at the server, i.e. there is a
Cheriton [page 15]
RFC 1045 VMTP February 1988
record for a Request from the Client
When the client transmits a new Request (without streaming), the
timer is set to roughly the time expected for the Response to
returned. On timeout, the Request is retransmitted with the
(Acknowledge Packet Group) bit set. The timeout is reset to
expected roundtrip time to the Server because an acknowledgment
be returned immediately unless a Response has been sent. The
may also be retransmitted in response to receipt of a VMTP
operation indicating that selected portions of the Request
segment need to be retransmitted. With streaming, the timeout
to the oldest outstanding message transaction in the run of
message transactions. Without streaming, there is one
transaction in the run, reducing to the previous situation. After
first packet of a Response is received, the Client resets the timeout
be the time expected before the next packet in the Response packet
is received, assuming it is a multi-packet Response. If not, the
is stopped. Finally, the client timer is used to timeout waiting
second and subsequent Responses to a multicast Request
The client timer is set at different times to four different values
TC1(Server) The expected time required to receive a Response
the Server. Set on initial Request transmission
after its management module receives a
operation, acknowledging the Request
TC2(Server) The estimated round trip delay between the client
the server. Set when retransmitting after receiving
Response for TC1(Server) time and retransmitting
Request with the APG bit set
TC3(Server) The estimated maximum expected interpacket time
multi-packet Responses from the Server. Set
waiting for subsequent Response packets within a
group before timing out
TC4 The time to wait for additional Responses to a
Request after the first Response is received. This
specified by the user level
These values are selected as follows. TC1 can be set to TC2 plus
constant, reflecting the time within which most servers respond to
requests. For example, various measurements of VMTP usage at
indicate that 90 percent of the servers respond in less than 200
milliseconds. Setting TC1 to TC2 + 200 means that most Requests
a Response before timing out and also that overhead for
Cheriton [page 16]
RFC 1045 VMTP February 1988
for long running transactions is insignificant. A
implementation may make the estimation of TC1 further specific to
Server
TC2 may be estimated by measuring the time from when a Probe request
sent to the Server to when a response is received. TC2 can also
measured as the time between the transmission of a Request with the
bit set to receipt of a management operation acknowledging receipt
the Request
When the Server is an entity group, TC1 and TC2 should be the largest
the values for the members of the group that are expected to respond
This information may be determined by probing the group on first
(and using the values for the last responses to arrive). Alternatively
one can resort to default values
TC3 is set initially to 10 times the transmission time for the
transmission unit (MTU) to be used for the Response. A
implementation may record TC3 per Server and refine the estimate
on measurements of actual interpacket gaps. However, a tighter
of TC3 only improves the reaction time when a packet is lost in a
group, at some cost in unnecessary retransmissions when the
becomes overly tight
The server timer, one per active Client, takes on the following values
TS1(Client) The estimated maximum expected interpacket time.
when waiting for subsequent Request packets within
packet group before timing out
TS2(Client) The time to wait to hear from a client
terminating the server processing of a Request.
limits the time spent processing orphan calls, as
as limiting how out of date the server's record of
Client state can be. In particular, TS2 should
significantly less than the minimum time within which
is reasonable to reuse a transaction identifier
TS3(Client) Estimated roundtrip time to the Client
TS4(Client) The time to wait after sending a Response (or
hearing from a client) before discarding the
associated with the Request which allows it to
duplicate Request packets and regenerate the Response
TS5(Client) The time to wait for an acknowledgment after sending
Response before retransmitting the Response, or
Cheriton [page 17]
RFC 1045 VMTP February 1988
up (after some number of retransmissions).
TS1 is set the same as TC3.
The suggested value for TS2 is TC1 + 3*TC2 for this server, giving
Client time to timeout waiting for a Response and retransmit 3
packets, asking for acknowledgments
TS3 is estimated the same as TC1 except that refinements to the
use measurements of the Response-to-acknowledgment times
In the general case, TS4 is set large enough so that a Client issuing
series of closely-spaced Requests to the same Server reuses the
state record at the Server end and thus does not incur the overhead
recreating this state. (The Server can recreate the state for a
by performing a Probe on the Client to get the needed information.)
should also be set low enough so that the transaction identifier
wrap around and so that the Server does not run out of CSR's.
suggest a value in the range of 500 milliseconds. However, if
Server accepts non-idempotent Requests from this Client without doing
Probe on the Client, the TS4 value for this CSR is set to at least 4
times the maximum packet lifetime
TS5 is TS3 plus the expected time for transmission and reception of
Response. We suggest that the latter be calculated as 3 times
transmission time for the Response data, allowing time for reception
processing and transmission of an acknowledgment at the Client end.
sophisticated implementation may refine this estimate further over
by timing acknowledgments to Responses
2.5.6. Rate
VMTP is designed to deal with the present and future problem of
overruns. We expect overruns to be the major cause of dropped
in the future. A client is expected to estimate and adjust
interpacket gap times so as to not overrun a server or
nodes. The selective retransmission mechanism allows the server
indicate that it is being overrun (or some intermediate point is
overrun). For example, if the server requests retransmission of
Kth block, the client should assume overrun is taking place and
the interpacket gap times. The client passes the server an
of the interpacket gap desired for a response. The client may have
increase the interval because packets are being dropped by
intermediate gateway or bridge, even though it can handle a higher rate
A conservative policy is to increase the interpacket gap whenever
packet is lost as part of a multi-packet packet group
Cheriton [page 18]
RFC 1045 VMTP February 1988
The provision of selective retransmission allows the rate of the
and the server to "push up" against the maximum rate (and thus
packets) without significant penalty. That is, every time that
transmission exceeds the rate of the channel or receiver, the
cost to retransmit the dropped packets is generally far less
retransmitting from the first dropped packet
The interpacket gap is expressed in 1/32nd's of the MTU
transmission time. The minimum interpacket gap is 0 and the maximum
that can be described in the protocol is 8 packet times. This places
limit on the slowest receivers that can be efficiently used on
network, at least those handling multi-packet Requests and Responses
This scheme also limits the granularity of adjustment. However,
granularity is relative to the speed of the network, as opposed to
absolute time. For entities on different networks of
different speed, we assume the interconnecting gateways can
packets to compensate<2>. With different network speeds and
nodes subject to packet loss, a node must adjust the interpacket
based on packet loss. The interpacket gap parameter may be of
use
2.6.
VMTP provides an (optional) secure mode that protects against the
security threats of peeking, impostoring, message tampering and replays
Secure VMTP must be used to guarantee any of the transport-
reliability properties unless it is guaranteed that there are
intruders or agents that can modify packets and update the
checksums. That is, non-secure VMTP provides no guarantees in
presence of an intelligent intruder
The design closely follows that described by Birrell [1].
information about a remote entity, including an encryption/
key, is obtained and maintained using a VMTP management operation,
authenticated Probe operation, which is executed as a non-secure
message transaction. If a server receives a secure Request for
the server has no entity state, it sends a Probe request to the
_______________
<2> Gateways must also employ techniques to preserve or
modify (if appropriate) the interpacket gaps. In particular, they
be sure not to arbitrarily remove interpacket gaps as a result of
forwarding of packets
Cheriton [page 19]
RFC 1045 VMTP February 1988
management module of the client, "challenging" it to provide
authenticator that both authenticates the client as being
with a particular principal as well as providing a key
encryption/decryption. The principal can include a real and
principal, as used in UNIX <3>. Namely, the real principal is
principal on whose behalf the Request is being performed whereas
effective principal is the principal of the module invoking the
or remote procedure call
Peeking is prevented by encrypting every Request and Response
with a working Key that is shared between Client and Server
Impostoring and replays are detected by comparing the
identifier with that stored in the corresponding entity state
(which is created and updated by VMTP as needed). Message tampering
detected by encryption of the packet including the Checksum field.
intruder cannot update the checksum after modifying the packet
knowing the Key. The cost of fully encrypting a packet is close to
cost of generating a cryptographic checksum (and of course,
is needed in the general case), so there is no explicit provision
cryptographic checksum without packet encryption
A Client determines the Principal of the Server and acquires
authenticator for this Server and Principal using a higher
protocol. The Server cannot decrypt the authenticator or the
packets unless it is in fact the Principal expected by the Client
An encrypted VMTP packet is flagged by the EPG bit in the VMTP
header. Thus, encrypted packets are easily detected and
from unencrypted packets. An encrypted VMTP packet is
encrypted except for the Client, Version, Domain, Length and
Flags fields at the beginning of the packet. Client identifiers can
assigned, changed and used to have no real meaning to an intruder or
only communicate public information (such as the host Internet address).
They are otherwise just a random means of identification
demultiplexing and do not therefore divulge any sensitive information
Further secure measures must be taken at the network or data link
if this information or traffic behavior is considered sensitive
VMTP provides multiple authentication domains as well as an
qualifier to accommodate different encryption algorithms and
_______________
<3> Principal group membership must be obtained, if needed, by
higher level protocol
Cheriton [page 20]
RFC 1045 VMTP February 1988
corresponding security/performance trade-offs. (See Appendix V.)
separate key distribution and authentication protocol is required
handle generation and distribution of authenticators and keys.
protocol can be implemented on top of VMTP and can closely follow
Birrell design as well
Security is optional in the sense that messages may be secure
non-secure, even between consecutive message transactions from the
client. It is also optional in that VMTP clients and servers are
required to implement secure VMTP (although they are required to
intelligently to attempts to use secure VMTP). At worst, a Client
fail to communicate with a Server if the Server insists on
communication and the Client does not implement security or vice versa
However, a failure to communicate in this case is necessary from
security standpoint
2.7.
The Server entity identifier in a message transaction can identify
entity group, in which case the Request is multicast to every Entity
this group (on a best-efforts basis). The Request is
until at least one Response is received (or an error timeout occurs
unless it is a datagram Request. The Client can receive
Responses to the Request
The VMTP service interface does not directly provide reliable
because it is expensive to provide, rarely needed by applications,
can be implemented by applications using the multiple Response feature
However, the protocol itself is adequate for reliable multicast
positive acknowledgments. In particular, a sophisticated
implementation could maintain a list of members for each entity group
interest and retransmit the Request until acknowledged by all members
No modifications are required to the Server implementations
VMTP supports a simple form of subgroup addressing. If the CRE bit
set in a Request, the Request is delivered to the subgroup of
in the Server group that are co-resident with one or more entities
the group (or individual entity) identified by the
field of the Request. This is commonly used to send to the
entity for a particular entity, where Server specifies the group of
managers. Co-resident means "using the same VMTP module", and
on the same network host. In particular, a Probe request can be sent
the particular VMTP management module for an entity by specifying
VMTP management group as the Server and the entity in question as
CoResidentEntity
Cheriton [page 21]
RFC 1045 VMTP February 1988
As an experimental aspect of the protocol, VMTP supports the
sending a group Response which is sent to the Client as well as
of the destination group of Servers to which the original Request
sent. The MDG bit indicates whether the Client is a member of
group, allowing the S