Rfc | 6529 |
Title | Host/Host Protocol for the ARPA Network |
Author | A. McKenzie, S. Crocker |
Date | April 2012 |
Format: | TXT, HTML |
Status: | HISTORIC |
|
Independent Submission A. McKenzie
Request for Comments: 6529 S. Crocker
Category: Historic April 2012
ISSN: 2070-1721
Host/Host Protocol for the ARPA Network
Abstract
This document reproduces the Host/Host Protocol developed by the ARPA
Network Working Group during 1969, 1970, and 1971. It describes a
protocol used to manage communication between processes residing on
independent Hosts. It addresses issues of multiplexing multiple
streams of communication (including addressing, flow control,
connection establishment/disestablishment, and other signaling) over
a single hardware interface. It was the official protocol of the
ARPA Network from January 1972 until the switch to TCP/IP in January
1983. It is offered as an RFC at this late date to help complete the
historical record available through the RFC series.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for the historical record.
This document defines a Historic Document for the Internet community.
This is a contribution to the RFC Series, independent of any other
RFC stream. The RFC Editor has chosen to publish this document at
its discretion and makes no statement about its value for
implementation or deployment. Documents approved for publication by
the RFC Editor are not a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6529.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents
1. Introduction ....................................................3
2. A Few Comments on Nomenclature and Key Concepts .................4
3. Host/Host Protocol Document .....................................5
(with its own table of contents on page 7)
4. Security Considerations ........................................34
1. Introduction
The Host/Host Protocol for the ARPA Network was created during 1969,
1970, and 1971 by the Network Working Group, chaired by Steve
Crocker, a graduate student at UCLA. Many of the RFCs with numbers
less than 72, plus RFCs 102, 107, 111, 124, 132, 154, and 179 dealt
with the development of this protocol. The first official document
defining the protocol was issued by Crocker on August 3, 1970 as
"Host-Host Protocol Document No. 1" (see citation in RFC 65), which
was based on RFC 54 by Crocker, Postel, Newkirk, and Kraley.
Revision of Document No. 1 began in mid-February 1971, as discussed
in RFC 102. Although McKenzie is listed as the author of the January
1972 document, which superseded Document No. 1, it is more correct to
say McKenzie was the person who compiled and edited the document.
Most or all of the ideas in the document originated with others.
At the time "Host-Host Protocol Document No. 1" was issued it was not
given an RFC number because it was not to be viewed as a "request for
comments" but as a standard for implementation. It was one of a set
of such standards maintained as a separate set of documentation by
the Network Information Center (NIC) at Stanford Research Institute
(SRI). The January 1972 version (NIC 8246) reproduced here also
followed that approach. It has been noted by many that all
subsequent standards were issued as RFCs, and the absence of the
Host/Host Protocol specification from the RFC series creates a
curious gap in the historical record. It is to fill that gap that
this RFC is offered.
In 1972, most ARPA Network documents, RFCs and others, were prepared
and distributed in hard copy. The Host/Host Protocol document was
typed on a typewriter (probably an IBM Selectric), which had
interchangeable print elements, and used both italic and boldface
fonts in addition to the regular font. Diagrams were drawn by a
graphic artist and pasted into the typed document. Since RFCs are
constrained to use a single typeface, we have tried to indicate
boldface by the use of either all capitals or by a double underline,
and to indicate italics by the use of underscores around words in
place of spaces. The resulting document is a bit more difficult to
read, but preserves the emphases of the original. Of course, the
pagination has changed, and we hope we have correctly modified all of
the page numbers. There were three footnotes in the original
document and we have moved these into the text, set off by
indentation and square brackets. A .pdf image of the original
document can be found at
http://www.cbi.umn.edu/hostedpublications/pdf/McKenzieNCP1972.pdf.
2. A Few Comments on Nomenclature and Key Concepts
In the protocol definition, "RFC" is used to mean "Request for
Connection", which refers to either a "Sender to Receiver" or a
"Receiver to Sender" request to initiate a connection. In
retrospect, this seems like an unnecessarily confusing choice of
terminology.
At the time this protocol was defined, it was given the
undistinguished name "Host-Host Protocol." The acronym "NCP" meant
"Network Control Program" and referred to the code that had to be
added to the operating system within each host to enable it to
interact with its Interface Message Processor (IMP) and manage
multiple connections. Over time, and particularly in the context of
the change from this protocol to TCP/IP, this protocol was commonly
called "NCP" and the expansion changed to "Network Control Protocol."
This protocol was superseded by TCP. In this document, the protocol
is referred to as a second layer (or "level") protocol, whereas in
current writings TCP is usually referred to as a layer 4 protocol.
When this protocol was created, it was expected that over time new
layers would be created on top of, below, and even in between
existing layers.
This protocol used a separate channel (the control link) to manage
connections. This was abandoned in future protocols.
In this design, there was no checksum or other form of error control
except for the RST. There had been in earlier versions, but it was
removed at the insistence of the IMP designers who argued vigorously
that the underlying network of IMPs would never lose a packet or
deliver one with errors. Although the IMP network was generally
quite reliable, there were instances where the interface between the
IMP and the host could drop bits, and, of course, experience with
congestion control as the network was more heavily used made it clear
that the host layer would have to deal with occasional losses in
transmission. These changes were built into TCP.
Uncertainty about timing constraints in the design of protocols is
evident in this document and remains a source of ambiguity,
limitation, and error in today's design processes.
3. Host/Host Protocol Document
Host/Host Protocol
for the
ARPA Network
Prepared for the Network Working Group by
Alex McKenzie
BBN
January 1972
PREFACE
This document specifies a protocol for use in communication between
Host computers on the ARPA Network. In particular, it provides for
connection of independent processes in different Hosts, control of
the flow of data over established connections, and several ancillary
functions. Although basically self-contained, this document
specifies only one of several ARPA Network protocols; all protocol
specifications are collected in the document
_Current_Network_Protocols,_ NIC #7104.
This document supersedes NIC #7147 of the same title. Principal
differences between the documents include:
- prohibition of spontaneous RET, ERP, and RRP commands
- a discussion of the problem of unanswered CLS commands (page 16)
- a discussion of the implications of queueing and not queueing
RFCs (page 14)
- the strong recommendation that received ERR commands be logged,
and some additional ERR specifications.
In addition to the above, several minor editorial changes have been
made.
Although there are many individuals associated with the network who
are knowledgeable about protocol issues, individuals with questions
pertaining to Network protocols should initially contact one of the
following:
Steve Crocker
Advanced Research Projects Agency
1400 Wilson Boulevard
Arlington, Virginia 22209
(202) 694-5921 or 5922
Alex McKenzie
Bolt Beranek and Newman Inc.
50 Moulton Street
Cambridge, Massachusetts 02133
(617) 491-1350 ext. 441
Jon Postel
University of California at Los Angeles
Computer Science Department
3732 Boelter Hall
Los Angeles, California 90024
(213) 325-2363
TABLE OF CONTENTS
I. INTRODUCTION..................................................8
An overview of the multi-leveled protocol structure in the ARPA
Network.
II. COMMUNICATION CONCEPTS.......................................10
Definitions of terminology and a description of the overall
strategy used in Host-to-Host communication.
III. NCP FUNCTIONS................................................13
The meat of the document for the first-time reader. Host-to-
Host "commands" are introduced with descriptions of conditions
of their use, discussion of possible problems, and other
background material.
Connection Establishment..........................13
Connection Termination............................15
Flow Control......................................17
Interrupts........................................20
Test Inquiry......................................20
Reinitialization..................................21
IV. DECLARATIVE SPECIFICATIONS...................................23
Details for the NCP implementer. A few additional "commands"
are introduced, and those described in Section III are
reviewed. Formats and code and link assignments are specified.
Message Format....................................23
Link Assignment...................................25
Control Messages..................................25
Control Commands..................................25
Opcode Assignment.................................31
Control Command Summary...........................31
I. INTRODUCTION
The ARPA Network provides a capability for geographically separated
computers, called Hosts, to communicate with each other. The Host
computers typically differ from one another in type, speed, word
length, operating system, etc. Each Host computer is connected into
the network through a local small computer called an _Interface_
_Message_Processor_(IMP)._ The complete network is formed by
interconnecting these IMPs, all of which are virtually identical,
through wideband communications lines supplied by the telephone
company. Each IMP is programmed to store and forward messages to the
neighboring IMPs in the network. During a typical operation, a Host
passes a message to its local IMP; the first 32 bits of this message
include the "network address" of a destination Host. The message is
passed from IMP to IMP through the Network until it finally arrives
at the destination IMP, which in turn passes it along to the
destination Host.
Specifications for the physical and logical message transfer between
a Host and its local IMP are contained in Bolt Beranek and Newman
(BBN) Report No. 1822. These specifications are generally called the
_first_level_protocol_ or Host/IMP Protocol. This protocol is not by
itself, however, sufficient to specify meaningful communication
between processes running in two dissimilar Hosts. Rather, the
processes must have some agreement as to the method of initiating
communication, the interpretation of transmitted data, and so forth.
Although it would be possible for such agreements to be reached by
each pair of Hosts (or processes) interested in communication, a more
general arrangement is desirable in order to minimize the amount of
implementation necessary for Network-wide communication.
Accordingly, the Host organizations formed a Network Working Group
(NWG) to facilitate an exchange of ideas and to formulate additional
specifications for Host-to-Host communications.
The NWG has adopted a "layered" approach to the specification of
communications protocol. The inner layer is the Host/IMP protocol.
The next layer specifies methods of establishing communications
paths, managing buffer space at each end of a communications path,
and providing a method of "interrupting" a communications path. This
protocol, which will be used by all higher-level protocols, is known
as the _second_level_protocol,_ or Host/Host protocol. (It is worth
noting that, although the IMP sub-network provides a capability for
_message_switching,_ the Host/Host protocol is based on the concept
of _line_switching._) Examples of further layers of protocol
currently developed or anticipated include:
1) An _Initial_Connection_Protocol_ (ICP) which provides a convenient
standard method for several processes to gain simultaneous access
to some specific process (such as the "logger") at another Host.
2) A _Telecommunication_Network_ (TELNET) protocol which provides for
the "mapping" of an arbitrary keyboard-printer terminal into a
Network Virtual Terminal (NVT), to facilitate communication
between a terminal user at one Host site and a terminal-serving
process at some other site which "expects" to be connected to a
(local) terminal logically different from the (remote) terminal
actually in use. The TELNET protocol specifies use of the ICP to
establish the communication path between the terminal user and the
terminal-service process.
3) A _Data_Transfer_ protocol to specify standard methods of
formatting data for shipment through the network.
4) A _File_Transfer_ protocol to specify methods for reading,
writing, and updating files stored at a remote Host. The File
Transfer protocol specifies that the actual transmission of data
should be performed in accordance with the Data Transfer protocol.
5) A _Graphics_ protocol to specify the means for exchanging graphics
display information.
6) A _Remote_Job_Service_ (RJS) protocol to specify methods for
submitting input to, obtaining output from, and exercising control
over Hosts which provide batch processing facilities.
The remainder of this document describes and specifies the Host/Host,
or second level, protocol as formulated by the Network Working Group.
II. COMMUNICATION CONCEPTS
The IMP sub-network imposes a number of physical restrictions on
communications between Hosts; these restrictions are presented in BBN
Report Number 1822. In particular, the concepts of leaders,
messages, padding, links, and message types are of interest to the
design of Host/Host protocol. The following discussion assumes that
the reader is familiar with these concepts.
Although there is little uniformity among the Hosts in either
hardware or operating systems, the notion of multiprogramming
dominates most of the systems. These Hosts can each concurrently
support several users, with each user running one or more processes.
Many of these processes may want to use the network concurrently, and
thus a fundamental requirement of the Host/Host protocol is to
provide for process-to-process communication over the network. Since
the first level protocol only takes cognizance of Hosts, and since
the several processes in execution within a Host are usually
independent, it is necessary for the second level protocol to provide
a richer addressing structure.
Another factor which influenced the Host/Host protocol design is the
expectation that typical process-to-process communication will be
based, not on a solitary message, but rather upon a sequence of
messages. One example is the sending of a large body of information,
such as a data base, from one process to another. Another example is
an interactive conversation between two processes, with many
exchanges.
These considerations led to the introduction of the notions of
connections, a Network Control Program, a "control link", "control
commands", connection byte size, message headers, and sockets.
A _connection_ is an extension of a link. A connection couples two
processes so that output from one process is input to the other.
Connections are defined to be simplex (i.e., unidirectional), so two
connections are necessary if a pair of processes are to converse in
both directions.
Processes within a Host are envisioned as communicating with the rest
of the network through a _Network_Control_Program_ (NCP), resident in
that Host, which implements the second level protocol. The primary
function of the NCP is to establish connections, break connections,
and control data flow over the connections. We will describe the NCP
as though it were part of the operating system of a Host supporting
multiprogramming, although the actual method of implementing the NCP
may be different in some Hosts.
In order to accomplish its tasks, the NCP of one Host must
communicate with the NCPs of other Hosts. To this end, a particular
link between each pair of Hosts has been designated as the
_control_link._ Messages transmitted over the control link are
called _control_messages_*, and must always be interpreted by an NCP
as a sequence of one or more _control_commands_. For example, one
kind of control command is used to initiate a connection, while
another kind carries notification that a connection has been
terminated.
[*Note that in BBN Report Number 1822, messages of non-zero type
are called control messages, and are used to control the flow of
information between a Host and its IMP. In this document, the
term "control message" is used for a message of type zero
transmitted over the control link. The IMPs take no special
notice of these messages.]
The concept of a message, as used above, is an artifact of the IMP
sub-network; network message boundaries may have little intrinsic
meaning to communicating processes. Accordingly, it has been decided
that the NCP (rather than each transmitting process) should be
responsible for segmenting interprocess communication into network
messages. Therefore, it is a principal of the second level protocol
that no significance may be inferred from message boundaries by a
receiving process. _The_only_exception_to_this_principle_is_in_
_control_messages,_each_of_which_must_contain_an_integral_number_of_
_control_commands._
Since message boundaries are selected by the transmitting NCP, the
receiving NCP must be prepared to concatenate successive messages
from the network into a single (or differently divided) transmission
for delivery to the receiving process. The fact that Hosts have
different word sizes means that a message from the network might end
in the middle of a word at the receiving end, and thus the
concatenation of the next message might require the receiving Host to
carry out extensive bit-shifting. Because bit-shifting is typically
very costly in terms of computer processing time, the protocol
includes the notions of connection byte size and message headers.
As part of the process of establishing a connection, the processes
involved must agree on a _connection_byte_size._ Each message sent
over the connection must then contain an integral number of bytes of
this size. Thus the pair of processes involved in a connection can
choose a mutually convenient byte size, for example, the least common
multiple of their Host word lengths. It is important to note that
the ability to choose a byte size _must_ be available to the
processes involved in the connection; an NCP is prohibited from
imposing an arbitrary byte size on any process running in its own
Host. In particular, an outer layer of protocol may specify a byte
size to be used by that protocol. If some NCP is unable to handle
that byte size, then the outer layer of protocol will not be
implementable on that Host.
The IMP sub-network requires that the first 32 bits of each message
(called the leader) contain addressing information, including
destination Host address and link number. The second level protocol
extends the required information at the beginning of each message to
a total of 72 bits; these 72 bits are called the _message_header._ A
length of 72 bits is chosen since most Hosts either can work
conveniently with 8-bit units of data or have word lengths of 18 or
36 bits; 72 is the least common multiple of these lengths. Thus, the
length chosen for the message header should reduce bit-shifting
problems for many Hosts. In addition to the leader, the message
header includes a field giving the byte size used in the message, a
field giving the number of bytes in the message, and "filler" fields.
The format of the message header is fully described in Section IV.
Another major concern of the second level protocol is a method for
reference to processes in other Hosts. Each Host has some internal
scheme for naming processes, but these various schemes are typically
different and may even be incompatible. Since it is not practical to
impose a common internal process naming scheme, a standard
intermediate name space is used, with a separate portion of the name
space allocated to each Host. Each Host must have the ability to map
internal process identifiers into its portion of this name space.
The elements of the name space are called _sockets._ A socket forms
one end of a connection, and a connection is fully specified by a
pair of sockets. A socket is identified by a Host number and a
32-bit socket number. The same 32-bit number in different Hosts
represents different sockets.
A socket is either a _receive_socket_ or a _send_socket,_ and is so
marked by its low-order bit (0 = receive; 1 = send). This property
is called the socket's _gender._ The sockets at either end of a
connection must be of opposite gender. Except for the gender, second
level protocol places no constraints on the assignment of socket
numbers within a Host.
III. NCP FUNCTIONS
The functions of the NCP are to establish connections, terminate
connections, control flow, transmit interrupts, and respond to test
inquiries. These functions are explained in this section, and
control commands are introduced as needed. In Section IV the formats
of all control commands are presented together.
Connection Establishment
========================
The commands used to establish a connection are STR (sender-to-
receiver) and RTS (receiver- to-sender).
8* 32 32 8
+----------------------------------------------+
| STR | send socket | receive socket | size |
+----------------------------------------------+
[*The number shown above each control command field is the length
of that field in bits.]
8 32 32 8
+----------------------------------------------+
| RTS | receive socket | send socket | link |
+----------------------------------------------+
The STR command is sent from a prospective sender to a prospective
receiver, and the RTS from a prospective receiver to a prospective
sender. The send socket field names a socket local to the
prospective sender; the receive socket field names a socket local to
the prospective receiver. In the STR command, the "size" field
contains an unsigned binary number (in the range 1 to 255; zero is
prohibited) specifying the byte size to be used for all messages over
the connection. In the RTS command, the "link" field specifies a
link number; all messages over the connection must be sent over the
link specified by this number. These two commands are referred to as
requests-for-connection (RFCs). An STR and an RTS match if the
receive socket fields match and the send socket fields match. A
connection is established when a matching pair of RFCs have been
exchanged. _Hosts_are_prohibited_from_establishing_more_than_one_
_connection_to_any_local_socket._
With respect to a particular connection, the Host containing the send
socket is called the _sending_Host_ and the Host containing the
receive socket is called the _receiving_Host._ A Host may connect
one of its receive sockets to one of its send sockets, thus becoming
both the sending Host and the receiving Host for that connection.
These terms apply only to data flow; control messages will, in
general, be transmitted in both directions.
A Host sends an RFC either to request a connection, or to accept a
foreign Host's request. Since RFC commands are used both for
requesting and for accepting the establishment of a connection, it is
possible for either of two cooperating processes to initiate
connection establishment. As a consequence, a family of processes
may be created with connection-initiating actions built-in, and the
processes within this family may be started up (in different Hosts)
in arbitrary order provided that appropriate queueing is performed by
the Hosts involved (see below).
_There_is_no_prescribed_lifetime_for_an_RFC._ A Host is permitted to
queue incoming RFCs and withhold a response for an arbitrarily long
time, or, alternatively, to reject requests (see Connection
Termination below) immediately if it does not have a matching RFC
outstanding. It may be reasonable, for example, for an NCP to queue
an RFC that refers to some currently unused socket until a local
process takes control of that socket number and tells the NCP to
accept or reject the request. Of course, the Host which sent the RFC
may be unwilling to wait for an arbitrarily long time, so it may
abort the request. On the other hand, some NCP implementations may
not include any space for queueing RFCs, and thus can be expected to
reject RFCs unless the RFC sequence was initiated locally.
_Queueing_Considerations_
The decision to queue, or not queue, incoming RFCs has important
implications which NCP implementers must not ignore. Each RFC which
is queued, of course, requires a small amount of memory in the Host
doing the queueing. If each incoming RFC is queued until a local
process seizes the local socket and accepts (or rejects) the RFC, but
no local process ever seizes the socket, the RFC must be queued
"forever." Theoretically this could occur infinitely many times
(there is no reason not to queue several RFCs for a single local
socket, letting the local process decide which, if any, to accept)
thus requiring infinite storage for the RFC queue. On the other
hand, if no queueing is performed the cooperating processes described
above will be able to establish a desired connection only by accident
(when they are started up such that one issues its RFC while the RFC
of the other is in transit in the network -- clearly an unlikely
occurrence).
Perhaps the most reasonable solution to the problems posed above is
for _each_ NCP to give processes running in its own Host two options
for attempting to initiate connections. The first option would allow
a process to cause an RFC to be sent to a specified remote socket;
with the NCP notifying the process as to whether the RFC were
accepted or rejected by the remote Host. The second option would
allow a process to tell _its_own_ NCP to "listen" for an RFC to a
specified local socket from some remote socket (the process might
also specify the particular remote socket and/or Host it wishes to
communicate with) and to accept the RFC (i.e., return a matching RFC)
if and when it arrives. Note that this also involves queueing (of
"listen" requests), but it is internal queueing which is susceptible
to reasonable management by the local Host. If this implementation
were available, one of two cooperating processes could "listen" while
the other process caused a series of RFCs to be sent to the
"listening" socket until one was accepted. Thus, no queueing of
incoming RFCs would be required, although it would do no harm.
_It_is_the_intent_of_the_protocol_that_each_NCP_should_provide_
_either_the_"listen"_option_described_above_or_a_SUBSTANTIAL_
_queueing_facility._ This is not, however, an absolute requirement
of the protocol.
Connection Termination
======================
The command used to terminate a connection is CLS (close).
8 32 32
+-----+-------------+-------------+
| CLS | my socket | your socket |
+-----+-------------+-------------+
The "my socket" field contains the socket local to the sender of the
CLS command. The "your socket" field contains the socket local to
the receiver of the CLS command. _Each_side_must_send_and_receive_a_
_CLS_command_before_connection_termination_is_completed_and_the_
_sockets_are_free_to_participate_in_other_connections._
It is not necessary for a connection to be established (i.e., for
_both_ RFCs to be exchanged) before connection termination begins.
For example, if a Host wishes to refuse a request for connection, it
sends back a CLS instead of a matching RFC. The refusing Host then
waits for the initiating Host to acknowledge the refusal by returning
a CLS. Similarly, if a Host wishes to abort its outstanding request
for a connection, it sends a CLS command. The foreign Host is
obliged to acknowledge the CLS with its own CLS. Note that even
though the connection was never established, CLS commands must be
exchanged before the sockets are free for other use.
After a connection is established, CLS commands sent by the receiver
and sender have slightly different effects. CLS commands sent by the
sender indicate that no more messages will be sent over the
connection. _This_command_must_not_be_sent_if_there_is_a_message_
_in_transit_over_the_connection._ A CLS command sent by the receiver
acts as a demand on the sender to terminate transmission. However,
since there is a delay in getting the CLS command to the sender, the
receiver must expect more input.
A Host should "quickly" acknowledge an incoming CLS so the foreign
Host can purge its tables. However, _there_is_no_prescribed_time_
_period_in_which_a_CLS_must_be_acknowledged._
Because the CLS command is used both to initiate closing, aborting
and refusing a connection, and to acknowledge closing, aborting and
refusing a connection, race conditions can occur. However, they do
not lead to ambiguous or erroneous results, as illustrated in the
following examples.
EXAMPLE 1: Suppose that Host A sends Host B a request for
connection, and then A sends a CLS to Host B because it is tired
of waiting for a reply. However, just when A sends its CLS to B,
B sends a CLS to A to refuse the connection. A will "believe" B
is acknowledging the abort, and B will "believe" A is
acknowledging its refusal, but the outcome will be correct.
EXAMPLE 2: Suppose that Host A sends Host B an RFC followed by a
CLS as in example 1. In this case, however, B sends a matching
RFC to A just when A sends its CLS. Host A may "believe" that the
RFC is an attempt (on the part of B) to establish a new connection
or may understand the race condition; in either case it can
discard the RFC since its socket is not yet free. Host B will
"believe" that the CLS is breaking an _established_ connection,
but the outcome is correct since a matching CLS is the required
response, and both A and B will then terminate the connection.
Every NCP implementation is faced with the problem of what to do if a
matching CLS is not returned "quickly" by a foreign Host (i.e., if
the foreign Host appears to be violating protocol in this respect).
One naive answer is to hold the connection in a partially closed
state "forever" waiting for a matching CLS. There are two
difficulties with this solution. First, the socket involved may be a
"scarce resource" such as the "logger" socket specified by an Initial
Connection Protocol (see NIC # 7101) which the local Host cannot
afford to tie up indefinitely. Second, a partially broken (or
malicious) process in a foreign Host may send an unending stream of
RFCs which the local Host wishes to refuse by sending CLS commands
and waiting for a match. This could, in worst cases, require 2^32 !
socket pairs to be stored before duplicates began to appear.
Clearly, no Host is prepared to store (or search) this much
information.
A second possibility sometimes suggested is for the Host which is
waiting for matching CLS commands (Host A) to send a RST (see page
20) to the offending Host (Host B), thus allowing all tables to be
reinitialized at both ends. This would be rather unsatisfactory to
any user at Host A who happened to be performing useful work on Host
B via network connections, since these connections would also be
broken by the RST.
Most implementers, recognizing these problems, have adopted some
unofficial timeout period after which they "forget" a connection even
if a matching CLS has not been received. The danger with such an
arrangement is that if a second connection between the same pair of
sockets is later established, and a CLS finally arrives for the first
connection, the second connection is likely to be closed. This
situation can only arise, however, if one Host violates protocol in
two ways; first by failing to respond quickly to an incoming CLS, and
second by permitting establishment of a connection involving a socket
which it believes is already in use. It has been suggested that the
network adopt some standard timeout period, but the NWG has been
unable to arrive at a period which is both short enough to be useful
and long enough to be acceptable to every Host. Timeout periods in
current use seem to range between approximately one minute and
approximately five minutes. _It_must_be_emphasized_that_all_timeout_
_periods,_although_they_are_relatively_common,_reasonably_safe,_and_
_quite_useful,_are_in_violation_of_the_protocol_since_their_use_can_
_lead_to_connection_ambiguities._
Flow Control
============
After a connection is established, the sending Host sends messages
over the agreed-upon link to the receiving Host. The receiving NCP
accepts messages from its IMP and queues them for its various
processes. Since it may happen that the messages arrive faster than
they can be processed, some mechanism is required which permits the
receiving Host to quench the flow from the sending Host.
The flow control mechanism requires the receiving Host to allocate
buffer space for each connection and to notify the sending Host of
how much space is available. The sending Host keeps track of how
much room is available and never sends more data than it believes the
receiving Host can accept.
To implement this mechanism, the sending Host keeps two counters
associated with each connection, a _message_counter_ and a
_bit_counter._ Each counter is initialized to zero when the
connection is established and is increased by allocate (ALL) control
commands sent from the receiving Host as described below. When
sending a message, the NCP of the sending Host subtracts one from the
message counter and the _text_length_ (defined below) from the bit
counter. The sender is prohibited from sending if either counter
would be decremented below zero. The sending Host may also return
all or part of the message or bit space allocation with a return
(RET) command upon receiving a give-back (GVB) command from the
receiving Host (see below).
The _text_length_ of a message is defined as the product of the
connection byte size and the byte count for the message; both of
these quantities appear in the message header. Messages with a zero
byte count, hence a zero text length, are specifically permitted.
Messages with zero text length do not use bit space allocation, but
do use message space allocation. The flow control mechanisms do not
pertain to the control link, since connections are never explicitly
established over this link.
The control command used to increase the sender's bit counter and
message counter is ALL (allocate).
8 8 16 32
+------------------------------------+
| ALL | link | msg space | bit space |
+------------------------------------+
This command is sent only from the receiving Host to the sending
Host, and is legal only when a connection using the link number
appearing in the "link" field is established. The "msg space" field
and the "bit space" field are defined to be unsigned binary integers
specifying the amounts by which the sender's message counter and bit
counter (respectively) are to be incremented. The receiver is
prohibited from incrementing the sender's counter above (2^16 - 1),
or the sender's bit counter above (2^32 - 1). In general, this rule
will require the receiver to maintain counters which are incremented
and decremented according to the same rules as the sender's counters.
The receiving Host may request that the sending Host return all or
part of its current allocation. The control command for this request
is GVB (give-back).
8 8 8 8
+----------------------+
| GVB | link | fm | fb |
+----------------------+
This command is sent only from the receiving Host to the sending
Host, and is legal only when a connection using the link number in
the "link" field is established. The fields fm and fb are defined as
the fraction (in 128ths) of the current message space allocation and
bit space allocation (respectively) to be returned. If either of the
fractions is equal to or greater than one, _all_ of the corresponding
allocation must be returned. Fractions are used since, with messages
in transit, the sender and receiver may not agree on the actual
allocation at every point in time.
Upon receiving a GVB command, the sending Host must return _at_
_least_* the requested portions of the message and bit space
allocations. (A sending Host is prohibited from spontaneously
returning portions of the message and bit space allocations.) The
control command for performing this function is RET (return).
[*In particular, fractional returns must be rounded up, not
truncated.]
8 8 16 32
+------------------------------------+
| RET | link | msg space | bit space |
+------------------------------------+
This command is sent only from the sending Host to the receiving
Host, and is legal only when a connection using the link number in
the "link" field is established and a GVB command has been received
from the receiving Host. The "msg space" field and the "bit space"
field are defined as unsigned binary integers specifying the amounts
by which the sender's message counter and bit counter (respectively)
have been decremented due to the RET activity (i.e., the amounts of
message and bit space allocation being returned). NCPs are obliged
to answer a GVB with a RET "quickly"; however, there is _no_
prescribed time period in which the answering RET must be sent.
Some Hosts will allocate only as much space as they can guarantee for
each link. These Hosts will tend to use the GVB command only to
reclaim space which is being filled very slowly or not at all. Other
Hosts will allocate more space than they have, so that they may use
their space more efficiently. Such a Host will then need to use the
GVB command when the input over a particular link comes faster than
it is being processed.
Interrupts
==========
The second level protocol has included a mechanism by which the
transmission over a connection may be "interrupted." The meaning of
the "interrupt" is not defined at this level, but is made available
for use by outer layers of protocol. The interrupt command sent from
the receiving Host to the sending Host is INR (interrupt-by-
receiver).
8 8
+------------+
| INR | link |
+------------+
The interrupt command sent from the sending Host to the receiving
Host is INS (interrupt-by-sender).
8 8
+------------+
| INS | link |
+------------+
The INR and INS commands are legal only when a connection using the
link number in the "link" field is established.
Test Inquiry
============
It may sometimes be useful for one Host to determine if some other
Host is capable of carrying on network conversations. The control
command to be used for this purpose is ECO (echo).
8 8
+------------+
| ECO | data |
+------------+
The "data" field may contain any bit configuration chosen by the Host
sending the ECO. Upon receiving an ECO command an NCP must respond
by returning the data to the sender in an ERP (echo-reply) command.
8 8
+------------+
| ERP | data |
+------------+
A Host should "quickly" respond (with an ERP command) to an incoming
ECO command. However, there is no prescribed time period, after the
receipt of an ECO, in which the ERP must be returned. A Host is
prohibited from sending an ERP when no ECO has been received, or from
sending an ECO to a Host while a previous ECO to that Host remains
"unanswered." Any of the following constitute an "answer" to an ECO:
information from the local IMP that the ECO was discarded by the
network (e.g., IMP/Host message type 7 - Destination Dead), ERP, RST,
or RRP (see below).
Reinitialization
================
Occasionally, due to lost control messages, system "crashes", NCP
errors, or other factors, communication between two NCPs will be
disrupted. One possible effect of any such disruption might be that
neither of the involved NCPs could be sure that its stored
information regarding connections with the other Host matched the
information stored by the NCP of the other Host. In this situation,
an NCP may wish to reinitialize its tables and request that the other
Host do likewise; for this purpose the protocol provides the pair of
control commands RST (reset) and RRP (reset-reply).
8
+-----+
| RST |
+-----+
8
+-----+
| RRP |
+-----+
The RST command is to be interpreted by the Host receiving it as a
signal to purge its NCP tables of any entries which arose from
communication with the Host which sent the RST. The Host sending the
RST should likewise purge its NCP tables of any entries which arise
from communication with the Host to which the RST was sent. The Host
receiving the RST should acknowledge receipt by returning an RRP.
_Once_the_first_Host_has_sent_an_RST_to_the_second_Host,_the_first_
_Host_is_not_obliged_to_communicate_with_the_second_Host_(except_for_
_responding_to_RST)_until_the_second_Host_returns_an_RRP._ In fact,
to avoid synchronization errors, the first Host _should_not_
communicate with the second until the RST is answered. Of course, if
the IMP subnetwork returns a "Destination Dead" (type 7) message in
response to the control message containing the RST, an RRP should not
be expected. If both NCPs decide to send RSTs at approximately the
same time, then each Host will receive an RST and each must answer
with an RRP, even though its own RST has not yet been answered.
Some Hosts may choose to "broadcast" RSTs to the entire network when
they "come up." One method of accomplishing this would be to send an
RST command to each of the 256 possible Host addresses; the IMP
subnetwork would return a "Destination Dead" (type 7) message for
each non-existent Host, as well as for each Host actually "dead."
_However,_no_Host_is_ever_obliged_to_transmit_an_RST_command._
Hosts are prohibited from sending an RRP when no RST has been
received. Further, Hosts may send only one RST in a single control
message and should wait a "reasonable time" before sending another
RST to the same Host. Under these conditions, a single RRP
constitutes an "answer" to _all_ RSTs sent to that Host, and any
other RRPs arriving from that Host should be discarded.
IV. DECLARATIVE SPECIFICATIONS
Message Format
==============
All Host-to-Host messages (i.e., messages of type zero) shall have a
header 72 bits long consisting of the following fields (see Figure
1):
Bits 1-32 Leader - The contents of this field must be
constructed according to the specifications contained
in BBN Report Number 1822.
Bits 33-40 Field M1 - Must be zero.
Bits 41-48 Field S - Connection byte size. This size must be
identical to the byte size in the STR used in
establishing the connection. If this message is being
transmitted over the control link the connection byte
size must be 8.
Bits 49-64 Field C - Byte Count. This field specifies the number
of bytes in the text portion of the message. A zero
value in the C field is explicitly permitted.
Bits 65-72 Field M2 - Must be zero.
Following the header, the message shall consist of a text field of C
bytes, where each byte is S bits in length. Following the text there
will be field M3 followed by padding. The M3 field is zero or more
bits long and must be all zero; this field may be used to fill out a
message to a word boundary.
|<---------------------------32 bits--------------------------->|
|<----8 bits--->|<----8 bits--->|<-----------16 bits----------->|
+---------------------------------------------------------------+
| |
| LEADER |
| |
+---------------------------------------------------------------|
| | | |
| FIELD M1 | FIELD S | FIELD C |
| | | |
+---------------+---------------+-------------------------------+
| | ^ |
| FIELD M2 | | |
| | | |
+---------------+ | |
| | |
| | |
| | |
| | |
| TEXT |
| | |
| | |
| | |
| | |
| | +--------------------+
| | | |
| | | FIELD M3 |
| V | |
+-----------------------------------+------+--------------------+
| |
| 10-----------------0 |<-------PADDING
| |
+-----------------------------------+
Figure 1
========
The message header must, among other things, enable the NCP at the
receiving Host to identify correctly the connection over which the
message was sent. Given a set of messages from Host A to Host B, the
only field in the header under the control of the NCP at Host B is
the link number (assigned via the RTS control command). Therefore,
each NCP must insure that, at a given point in time, for each
connection for which it is the receiver, a unique link is assigned.
Recall that the link is specified by the sender's address and the
link number; thus a unique link number must be assigned to each
connection to a given Host.
Link Assignment
===============
Links are assigned as follows:
Link number Assignment
=========== ==========
0 Control link
2-71 Available for connections
1, 72-190 Reserved - not for current use
191 To be used only for measurement work under the
direction of the Network Measurement Center at UCLA
192-255 Available for private experimental use.
Control Messages
================
Messages sent over the control link have the same format as other
Host-to-Host messages. The connection byte size (Field S in the
message header) must be 8. Control messages may not contain more
than 120 bytes of text; thus the value of the byte count (Field C in
the message header) must be less than or equal to 120.
Control messages must contain an integral number of control commands.
A single control command may not be split into parts which are
transmitted in different control messages.
Control Commands
================
Each control command begins with an 8-bit _opcode._ These opcodes
have values of 0, 1, ... to permit table lookup upon receipt.
Private experimental protocols should be tested using opcodes of 255,
254, ... Most of the control commands are more fully explained in
Section III.
NOP - No operation
==================
8
+-----+
| NOP |
+-----+
The NOP command may be sent at any time and should be discarded by
the receiver. It may be useful for formatting control messages.
RST - Reset
===========
8
+-----+
| RST |
+-----+
The RST command is used by one Host to inform another that all
information regarding previously existing connections, including
partially terminated connections, between the two Hosts should be
purged from the NCP tables of the Host receiving the RST. Except for
responding to RSTs, the Host which sent the RST is not obliged to
communicate further with the other Host until an RRP is received in
response.
RRP - Reset reply
=================
8
+-----+
| RRP |
+-----+
The RRP command must be sent in reply to an RST command.
RTS - Request connection, receiver to sender
============================================
8 32 32 8
+----------------------------------------------+
| RTS | receive socket | send socket | link |
+----------------------------------------------+
The RTS command is used to establish a connection and is sent from
the Host containing the receive socket to the Host containing the
send socket. The link number for message transmission over the
connection is assigned with this command; the "link" field must be
between 2 and 71, inclusive.
STR - Request connection, sender to receiver
============================================
8 32 32 8
+----------------------------------------------+
| STR | send socket | receive socket | size |
+----------------------------------------------+
The STR command is used to establish a connection and is sent from
the Host containing the send socket to the Host containing the
receive socket. The connection byte size is assigned with this
command; the size must be between 1 and 255, inclusive.
CLS - Close
===========
8 32 32
+-----+-------------+-------------+
| CLS | my socket | your socket |
+-----+-------------+-------------+
The CLS command is used to terminate a connection. A connection need
not be completely established before a CLS is sent.
ALL - Allocate
==============
8 8 16 32
+------------------------------------+
| ALL | link | msg space | bit space |
+------------------------------------+
The ALL command is sent from a receiving Host to a sending Host to
increase the sending Host's space counters. This command may be sent
only while the connection is established. The receiving Host is
prohibited from incrementing the Host's message counter above
(2^16 - 1) or bit counter above (2^32 - 1).
GVB - Give back
===============
8 8 8 8
+----------------------+
| GVB | link | fm | fb |
+----------------------+
^ ^
| +--- bit fraction
+-------- message fraction
The GVB command is sent from a receiving Host to a sending Host to
request that the sending Host return all or part of its message space
and/or bit space allocations. The "fractions" specify what portion
(in 128ths) of each allocation must be returned. This command may be
sent only while the connection is established.
RET - Return
============
8 8 16 32
+------------------------------------+
| RET | link | msg space | bit space |
+------------------------------------+
The RET command is sent from the sending Host to the receiving Host
to return all or a part of its message space and/or bit space
allocations in response to a GVB command. This command may be sent
only while the connection is established.
INR - Interrupt by receiver
===========================
8 8
+------------+
| INR | link |
+------------+
The INR command is sent from the receiving Host to the sending Host
when the receiving process wants to interrupt the sending process.
This command may be sent only while the connection is established.
INS - Interrupt by sender
=========================
8 8
+------------+
| INS | link |
+------------+
The INS command is sent from the sending Host to the receiving Host
when the sending process wants to interrupt the receiving process.
This command may be sent only while the connection is established.
ECO - Echo request
==================
8 8
+------------+
| ECO | data |
+------------+
The ECO command is used only for test purposes. The data field may
be any bit configuration convenient to the Host sending the ECO
command.
ERP - Echo reply
================
8 8
+------------+
| ERP | data |
+------------+
The ERP command must be sent in reply to an ECO command. The data
field must be identical to the data field in the incoming ECO
command.
ERR - Error detected
====================
8 8 80
+-----+------+---------------------------- ~ -------------+
| ERR | code | data |
+-----+------+---------------------------- ~ -------------+
The ERR command may be sent whenever a second level protocol error is
detected in the input from another Host. In the case that the error
condition has a predefined error code, the "code" field specifies the
specific error, and the data field gives parameters. For other
errors the code field is zero and the data field is idiosyncratic to
the sender. Implementers of Network Control Programs are expected to
publish timely information on their ERR commands.
The usefulness of the ERR command is compromised if it is merely
discarded by the receiver. Thus, sites are urged to record incoming
ERRs if possible, and to investigate their cause in conjunction with
the sending site. The following codes are defined. Additional codes
may be defined later.
a. Undefined (Error code = 0)
The "data" field is idiosyncratic to the sender.
b. Illegal opcode (Error code = 1)
An illegal opcode was detected in a control message. The "data"
field contains the ten bytes of the control message beginning
with the byte containing the illegal opcode. If the remainder
of the control message contains less than ten bytes, fill will
be necessary; the value of the fill is zeros.
c. Short parameter space (Error code = 2)
The end of a control message was encountered before all the
required parameters of the control command being decoded were
found. The "data" field contains the command in error; the
value of any fill necessary is zeros.
d. Bad parameters (Error code = 3)
Erroneous parameters were found in a control command. For
example, two receive or two send sockets in an STR, RTS, or CLS;
a link number outside the range 2 to 71 (inclusive); an ALL
containing a space allocation too large. The "data" field
contains the command in error; the value of any fill necessary
is zeros.
e. Request on a non-existent socket (Error code = 4)
A request other than STR or RTS was made for a socket (or link)
for which no RFC has been transmitted in either direction. This
code is meant to indicate to the NCP receiving it that functions
are being performed out of order. The "data" field contains the
command in error; the value of any fill necessary is zeros.
f. Socket (link) not connected (Error code = 5)
There are two cases:
1. A control command other than STR or RTS refers to a socket
(or link) which is not part of an established connection.
This code would be used when one RFC had been transmitted,
but the matching RFC had not. It is meant to indicate the
failure of the NCP receiving it to wait for a response to an
RFC. The "data" field contains the command in error; the
value of any fill necessary is zeros.
2. A message was received over a link which is not currently
being used for any connection. The contents of the "data"
field are the message header followed by the first eight bits
of text (if any) or zeros.
Opcode Assignment
=================
Opcodes are defined to be eight-bit unsigned binary numbers. The
values assigned to opcodes are:
NOP = 0
RTS = 1
STR = 2
CLS = 3
ALL = 4
GVB = 5
RET = 6
INR = 7
INS = 8
ECO = 9
ERP = 10
ERR = 11
RST = 12
RRP = 13
Control Command Summary
=======================
8
+-----+
| NOP |
+-----+
8 32 32 8
+----------------------------------------------+
| RTS | receive socket | send socket | link |
+----------------------------------------------+
8 32 32 8
+----------------------------------------------+
| STR | send socket | receive socket | size |
+----------------------------------------------+
8 32 32
+-----+-------------+-------------+
| CLS | my socket | your socket |
+-----+-------------+-------------+
8 8 16 32
+------------------------------------+
| ALL | link | msg space | bit space |
+------------------------------------+
8 8 8 8
+----------------------+
| GVB | link | fm | fb |
+----------------------+
8 8 16 32
+------------------------------------+
| RET | link | msg space | bit space |
+------------------------------------+
8 8
+------------+
| INR | link |
+------------+
8 8
+------------+
| INS | link |
+------------+
8 8
+------------+
| ECO | data |
+------------+
8 8
+------------+
| ERP | data |
+------------+
8 8 80
+-----+------+---------------------------- ~ -------------+
| ERR | code | data |
+-----+------+---------------------------- ~ -------------+
8
+-----+
| RST |
+-----+
8
+-----+
| RRP |
+-----+
[ This is the end of the January 1972 document. ]
4. Security Considerations
This document does not discuss any security considerations.
Authors' Addresses
Alexander McKenzie
PMB #4334, PO Box 2428
Pensacola, FL 32513
USA
EMail: amckenzie3@yahoo.com
Steve Crocker
5110 Edgemoor Lane
Bethesda, MD 20814
USA
EMail: steve@stevecrocker.com