Group Address Allocation Protocol (GAAP)lispers.netSan JoseCAUSAfarinacci@gmail.comFutureweiSanta ClaraCAUSAmmcbride7@gmail.comThis document describes a design for a lightweight
decentralized multicast group address allocation protocol (named
GAAP and pronounced "gap" as in "mind the gap"). The protocol
requires no configuration setup and no centralized services. The
protocol runs among group participants which need a unique group
address to send and receive multicast packets. Tailored for IPv4
and IPv6 networks, this design offers a simple, lightweight option
rather than extending an existing protocol.The Group Address Allocation Protocol (GAAP) is a decentralized
multicast protocol used by participating applications which send
and receive packets to/from a multicast group. The protocol is
relatively lightweight, runs with minimized messaging and state so
that it can run within a library a multicast application compiles
into its executable binary.GAAP is a possible solution to the issues described in problem statement
draft .Other approaches to multicast group allocation have been
proposed in the past, they include SAP , SDP
, mDNS , MADCAP
, MASC , and IPv6
Allocation Guidelines . However, they
require global scope adding latency, configuration, use of a single subnet,
and are not decentralized.This document will describe the protocol operation, protocol
message formats, the API definition, and how multicast
applications use the API.is an ASCII string used by
applications so they can rendezvous on the same group
address. The application is started using this group name
parameter. Applications can use multiple group names if they
have requirements to use multiple group addresses.is a non-link-local IPv4 multicast
group address or an IPv6 multicast
group address .is an IANA assigned
non-link-local group address the GAAP protocol sends messages
to. This address must not come from the GAAP multicast address
block allocated by IANA. For IPv4, the range is TBD1/10.
For IPv6, the range is TBD2/32. See
for IANA considerations.is a cryptographic hash function
which takes the group name as input and produces a hash value as
output. The GAAP protocol uses SHA-256 .There are 4 hashed
values regarded as "acceptable" for a group name. They are
calculated using the SHA-256 hash function on 1 of 4 character
strings: "<group-name>",
"<group-name>+1",
"<group-name>+2", or
"<group-name>+3". No GAAP node should run the
hash on any other strings for this group name.is the output of a SHA-256 hash function where the low order 32-bits are
used to produce a unique network layer multicast group
address. Achieving a unique 32-bits allows layer-2 switches to
not have MAC multicast address collisions when mapped from
multiple network layer multicast group addresses.a network layer group
address where the low-order 32-bits of one group address is the
same as the low-order 32-bits of another group address. It is
desirable that the low-order 32-bits of a mapped IPv6 group
address to a MAC group address not be the same so layer-2
switches do not leak packets to non-group members. This is also
true for IPv4 group addresses where the low-order 23-bits must
be unique.a GAAP protocol message that
allocates a unique group address and claims it among other GAAP
nodes on the network.This section will describe the high-level functionality of the
GAAP protocol. Each application runs the GAAP protocol by using
the API defined in .An application is started with a group name.The group name is used to create a random allocated group address.A timestamp is taken when the group address is created.A Claim message, see , is sent with
group name, group address, and timestamp to determine if the
group address has been claimed by any other GAAP nodes.If no Claim message is sent in response, the application can
start using the group address.If a Claim message is returned, a collision has occurred and
the GAAP node must allocate another group address and send a
Claim message for the new group address.Claim messages are sent periodically. They are sent by a
single node using a delay-timer suppression mechanism similar to
IGMP . See for
details.GAAP nodes are not required to cache information from Claim messages.GAAP is designed to be decentralized and stateless. The nodes
that participate in the GAAP protocol are responsible for
allocating and claiming group addresses. No other entities are
needed.At this time, there is a single message called the Claim
message with type value 1. Type value of 0 is reserved. The Claim
message is sent in a UDP checksummed packet where the source port
is ephemeral and chosen by the sender and the destination port is
a well-known port allocated by IANA. GAAP can work behind NAT and
firewall devices as long as the GAAP destination port is permitted
through filters.Claim MessageSet to 0 and ignored on receipt.The number of records in this Claim message.The fixed bit pattern of 0xAAAAAAAA is
required to be set by the sender. The receiver verifies the
marker to be 0xAAAAAAAA. If it is not, the packet is
dropped. The Marker field is used to indicate to a receiver
that the packet may be encrypted. See for details on encrypting GAAP
messages.a 32-bit
multicast address in network byte order . If all bits are set to 0, there is no
IPv4 address being allocated and claimed.a 128-bit
multicast address in network byte order . If all bits are set to 0, there is no
IPv6 address being allocated and claimed.The IPv4 and IPv6 address
fields are fixed length (4 bytes and 16 bytes)
and their positions in the message are well known. Either or
both address fields may be populated, consistent with the
group address types being claimed. If only one address type
is used, the unused address field must be set to 0 by the
sender and ignored by the receiver. If both address fields
are set to 0, the message is invalid and must be discarded.A 32-bit standard epoch UTC
timestamp in seconds according to . The timestamp
is intended to provide a relative ordering between competing claims rather
than represent absolute time. Wraparound does not materially impact
correctness as long as comparisons are done appropriately.A variable length group name the
multicast application uses. It is in ASCII format . The string is terminated with a null
character. Since the Group Name is variable length, subsequent
records may not occur on a long- or short-word boundary. The Group
Name is encoded as a null terminated string of variable length. The
length of the Group Name can be determined from the overall message
length minus the fixed length fields that precede it. Receivers must
ensure that a null terminator is present within the bounds of the message
otherwise the message is considered malformed and discarded.The GAAP API has the following API calls a multicast
application will use. A multicast application imports the library
before using it in its code logic. This section documents a python
library.gaap.init() is used to initialize the GAAP API with a
application callback function. The callback function is called
when a group address has changed (due to collision) for a group
name the application allocated.gaap.allocate() is used when the application needs a group
address to send or receive on.gaap.release() is used when an application is finished using a group address.gaap.close() is used when an application is finished using the GAAP protocol.When an application needs a group address it provides the
GAAP API with a group name, the group name is used as input to a
SHA-256 hash function . Initially, when
no group address collision is detected the group name is passed
as a string to the hash function and the low-order 32-bits are
used for a group address. The following pseudo-code illustrates
the functionality:When the hash function is used to resolve a collision, the
following pseudo-code will illustrate how 3 more attempts are
used to find a unique group address:When a group address collision is detected by 2 GAAP nodes,
the node with the earliest timestamp for the group address
creation wins the collision and keeps using the address. The
node with a later timestamp has the responsibility to allocate a
new group address to prevent the collision.When a group address is allocated by a GAAP node it will
build and send a Claim message. Included in the Claim message is
the group name, group address, and timestamp. If the group
address collides with other GAAP nodes already using the
address, one of the nodes will send a Claim message to notify
the colliding node that it needs to allocate a new group
address.Collisions can occur two ways, the first is when multiple group names
produce the same hash, the second is when different hashes are produced
but when truncated to fit into a group address format, those bits are
the same.A collision is defined to be the same group address allocated
to 2 different group names. So if a GAAP node is claiming a
group address for its group name and a Claim is received with
the same group name with the same group address, it is not a
collision. It is simply a peer group participant claiming the
group address you both agree to be using.Each GAAP node will periodically send Claim messages for all
group names for the applications running on the node. It will do
this in a multi-record Claim message. The periodic Claim message
is sent by setting a rough 1 minute timer. The timer value is
set to 1 minute plus a jitter value. The jitter value is a
random number in a 10% range of 1 minute (60 to 66
seconds). When the timer expires, a Claim message is
sent. Receivers of a Claim message who have their timer running,
reset the timer and thereby suppresses sending their own Claim
message. This allows only a single GAAP node that is using the
group address to keep claiming the group is still in use.A new GAAP node may come up after a group address collision
has been resolved. It may send a Claim message for the first group
hash from the Acceptable Group Hash List. When this happens
previous nodes in the group will trigger sending a Claim for one of the
other addresses in the Acceptable Group Hash List. The new GAAP node
must switch over to using the triggered Claimed group address. The new GAAP
node must yield to existing nodes since their timestamps for the group address
allocation happened earlier than the new node's Claim.There will be network outage situations where all GAAP nodes
may not receive Claim messages. During a partition, duplicate
group addresses may be allocated and used by nodes on each side
of the partition. During this condition, multicast nodes can
operate normally and there is no conflict until the partition
heals. When the partition heals, duplicate group addresses will
be detected and fixed. The group address with the earliest
timestamp is used to determine who keeps the collided group
address. All others will have to rehash a new group address and
have the applications start using the new address (meaning
senders will source using the new group address and receivers
will leave the collided group and join the new group).When applications are no longer sending to a group address or
not joined to a group address, they can inform the GAAP API to
release the group. When this happens, the GAAP protocol stops
claiming the group address in periodic messages and will not
respond to a Claim for this address for a different group
name. It is important for receiver applications to leave the
group before releasing the group address.
This section summarizes operational considerations for GAAP deployment.
Group name selection is application deployment specific and may be driven by
configuration, applications, or provisioning systems. Operators should
define policies to avoid administrative conflicts.
GAAP is expected to co-exist with other multicast address allocation
mechanisms. Deployments should ensure that GAAP operates within defined
address ranges to avoid conflicts with non-GAAP assigned multicast addresses.
Operators should also be aware that, due to Layer-2 multicast address mapping,
multiple IPv4 multicast addresses, allocated by different multicast allocation procedures,
may map to the same ethernet multicast MAC address, which may result in hosts
receiving multicast traffic for groups to which they did not explicitly subscribe.
GAAP does not require receivers to be GAAP aware. However, all nodes allocating
multicast addresses for the same application or group name are expected to use
GAAP in order for collision detection to operate correctly. GAAP allocated groups
and non GAAP allocated groups may co-exist in the same network when used by
different applications or services. Deployment within a coordinated administrative domain
is recommended to avoid conflicts between allocation methods.
GAAP defines a method for deriving multicast addresses from group
names and detecting address allocation conflicts. Applications use
the derived multicast addresses for communication. Applications are required to
keep group names unique. The creation, distribution and discovery of group names are
application specific functions and are outside the scope of this document.
Implementations should provide mechanisms for operators to observe active
claims and to clear or reset state for operational purposes.
Deployments should include protections against spoofed claims using
appropriate authentication mechanisms, though specific methods are
outside the scope of this document.
Implementations may limit the number of records per message and should
perform basic validation, including detection of duplicate multicast
address claims.
While strict time synchronization is not required, loosely synchronized
clocks are recommended to ensure consistent timer behavior.
It is strongly suggested that the GAAP protocol run over an
encrypted multicast channel. All GAAP implementations should
support the same encryption mechanism and use the same key
management procedure to ensure interoperability. This could be
difficult in embedded devices with different configurations. The
message Marker is used to indicate if the packet is sent in
plaintext or ciphertext. If the Marker is not set to 0xAAAAAAAA
and the receiver does not have a shared-key configured or has the
wrong shared-key, the receiver cannot decrypt the message or
decrypts the message and no 0xAAAAAAAA results. In this case the
message MUST be dropped.An open-source GAAP implementation exists where ChaCha20 is used to encrypt GAAP messages. The
implementation's key management procedure is a simple shared key
that is configured with the application.Dynamic rekeying mechanisms are outside the scope of this document.
However, GAAP can operate with external key management systems, including
automated or Dynamic Key Management (DKM) solutions. In the absence of
such mechanisms, keys may be provisioned manually. The following attack threats may exist with possible mitigation techniques:Even when an encrypted channel is used, a bad actor could be
claiming a group address not derived from one of the group name
inputs used for the Acceptable Group Hash List (see
Definition of Terms section). Cooperating nodes should ignore
such messages and not try to send Claim messages to correct the
bad actor node.A bad actor could send an invalid timestamp giving it tie-breaking
priority when a group address collision occurs. If the group address
has been prior claimed by another node with a timestamp earlier than the
invalid timestamp, cooperating nodes should put the bad actor node on a
bad-actor list and ignore future messages from it. If the group name
has not been claimed yet, the timestamp will be accepted only if
earlier than the current time for the receiving node.A bad actor could send messages too often and is not adhering
to the random delay or periodic timer procedures in this
document. When this occurs, cooperating nodes should start
ignoring messages from the bad actor node and not reset or
cancel timers, or send triggered Claim messagesIANA will create the following registry in a new registry group called
"Group Address Allocation Protocol (GAAP)":
Registry Name: Group Address Allocation Protocol (GAAP)
Registration Procedure: IETF Review
IANA will create one UDP port number for the GAAP protocol:
Service Name
Port Number
Transport Protocol
Description
Reference
gaap
TBD
udp
GAAP Control Packets
draft-ietf-pim-gaap
IANA will create one multicast address from the IPv4 Internetwork Control Block 224.0.1.x
and one multicast address from the IPv6 Variable Scope Multicast Addresses Block
FF0X::TBD for the operation of the GAAP protocol. The registry description field should
indicate "GAAP".IANA will create two multicast address ranges for the GAAP
protocol to allocate application-use addresses from. For IPv4, a
/10 block in a new registry range is requested. A /10 block represents
a large portion of the IPv4 multicast space and discussion between
IETF and IANA is needed to determine the appropriate block size.
This is a significant allocation that impacts the overall IPv4 multicast
address space. For IPv6, a /32 block in a new registry range is being
requested. This allocation should come from the Dynamic Multicast Group
IDs registry defined in .
Registry Name: GAAP IPv4 Allocation Range
Registration Procedure: IETF Review
Registry Name: GAAP IPv6 Allocation Range
Registration Procedure: IETF Review
For IPv6 multicast addresses, the GAAP application allocation
range should be in the new "Dynamic Multicast Group IDs"
registry requested by .
This new registry requests the division of the 32-bit group ID
range 0xA0000000 through 0xAFFFFFFF. The GAAP allocation range
should come out of this 32-bit range.
-->
-->
The authors would like to thank the following people for their
motivation to start this draft. They include Chris Hopps, Acee
Lindem, David Lamparter, Jeff Tantsura, Nate Karstens, and
Lenny Giuliano.Submitted April 2026.Addressed comments from the IntDir review by Sheng Jiang.Changes made by Mike.Submitted April 2026.Clarified statements in the Operational Considerations section.Changes made by Mike.Submitted April 2026.Created a new Operational Considerations section to reflect comments from Med.Changes made by Mike.Submitted March 2026.Made changes to reflect Sandy comments about clarifying how multiple group names could
cause collisions as well as clarifying text about encryption.Changes made by Dino.Submitted March 2026.Change IANA request for an IPv4 multicast block from /8 to /10.Changes made by Dino.Submitted February 2026.Incorporated suggestion from Toerless Eckert to add paragraph discussing
SAP and SDP approaches to multicast group allocation in the Introduction section.Added references to RFC2974 (SAP) and RFC4566 (SDP).Changes made by Dino.Submitted February 2026.Be more clear about variable length group names and how subsequent records may
not be aligned.Changes made by Dino.Submitted February 2026.Incorporated WG review comments from Stig Venaas on GAAP Group Address definition, Timestamp field documentation, encryption interoperability requirements, and IANA allocation discussion.Changes made by Dino.Submitted January 2026.Change draft name in IANA considerations section to point to the IETF
draft name and not the individual contribution draft name.Changes made by Dino.Submitted September 2025.Dino fixes Kasten reference.Submitted September 2025.Mike adds one-liner to abstract.Submitted August 2025.Fix some typos in the GAAP API section.Submitted February 2025.Fix some typos in the GAAP API section.Update references and docuemnt timer.Submitted September 2024.Update references and docuemnt timer.Submitted April 2024.Update references and docuemnt timer.Submitted October 2023.Made draft-farinacci-pim-gaap-06 into WG document per PIM WG consensus.Submitted September 2023.Fix Nate last name misspelling.Add reference to to intro
section.In the IANA Considerations, add IPv6 allocation for GAAP in
the 0xA0000000-0xAFFFFFFF range, as suggested by Nate.Submitted August 2023.Update IANA Considerations section to have IPv6 GAAP
application allocations come from the registry that is
creating.Submitted April 2023.Added specific text recommended by IANA in the IANA
Considerations section.Submitted April 2023.Changes to reflect comments from PIM and MBONED WG meetings.Put IANA Considerations requests in standard request format.Submitted March 2023.Fix typos and grammer.Submitted February 2023.Updated spec to reflect implementation.Add Marker in message format.Add definition for the Acceptable Group Hash List.Discuss security threats and possible mitigation methods.Initial posting November 2022.