Copyright Xerox Corporation 1979Inter-Office MemorandumToCommunication ProtocolsDateFebruary 13, 1979FromEd Taft and David BoggsLocationPalo AltoSubjectAlto Boot ProtocolOrganizationParc/CSLXEROX Filed on: [Maxc1]AltoBoot.pressThis memo describes the protocol by which Altos are boot-loaded over the Ethernet, the protocolfor discovering what boot files are available, the protocol for distributing the most recent version ofa boot file to all boot servers, and the protocol for getting a boot server's statistics.Because gateways are up 24 hours a day and are often located at places in the internet where manyEthernets come together, most gateways contain a boot server. However it is important tounderstand that boot servers and gateways are logically two very different things which are onlyphysically co-located for convenience. There are gateways which aren't boot servers (e.g. Maxc1),and boot servers which aren't gateways (e.g. Peek).Breath of LifeA Boot server periodically (every 5 seconds or so) sends a BreathOfLife packet on each directly-connected Ethernet. This is not a Pup: it is a raw Ethernet packet with the Ethernet destinationaddress set to a special value. The remainder of the packet is an Alto Ethernet boot loaderprogram.When an Alto is booted with the BS key depressed, the boot microcode enables the Ethernet receiverto accept packets directed to host 377B and copies them into memory beginning at location 1. Whena packet of type 602B is received without error, the Alto then begins executing instructions atlocation 3.The current Alto Ethernet boot loader is contained in EtherBoot.asm.MaydayAn Alto which wants to be boot-loaded broadcasts a Pup of type BootFileRequest to MiscellaneousServices sockets of all hosts on the directly-connected Ethernet. The low-order 16 bits of the Pup IDis the number of the boot file desired. The Pup source port is the one to which the Alto wants theboot file sent.Since the BootFileRequest Pup may be lost, it should be periodically retransmitted up to somemaximum number of retries if no response is received at first. EtherBoot retransmits about once asecond for about 30 seconds. The reason for giving up after a while is that perhaps it is getting noanswer because its Ethernet interface is broken and is polluting the net whenever it transmits.The standard boot loader, when started at its normal address (3), reads one of the Alto keyboardÿî &ïpôXî]ïg~qôiî¶ïcrî]pôXî-¤rî7Bpî¶ï\šrî]pî-¤rî7Bpî¶ïVrî]pî-¤rî7BpîüïO€spî·ïI“ð$îÙïCÉô¨ðRô©îÙïBDôð;ô‘ð,îÙï@¿ôðYîÙï=Úôð&ôð;îÙï/dAlto Boot Protocol2words to determine the desired boot file number. All keys up (except BS) corresponds to boot filenumber 0. One-bits in this word are selected by depressing combinations of the following keys,listed most-significant bit first:3 2 W Q S A 9 I X O L , " ] BLANK-MIDDLE BLANK-TOPEFTPThe actual transfer of a boot file is accomplished using the Pup EFTP protocol. A boot serverreceiving a request for a boot file it is willing to supply simply attempts to EFTP that file to the portfrom which the BootFileRequest Pup arose.Since several boot servers may respond to a single request, a server should be prepared for the EFTPtransmit attempt to fail. When the Ethernet boot loader receives the first EFTPData Pup in responseto its BootFileRequest, it locks on to that source and ignores Pups from everywhere else. Due to spacelimitations (254 words), it is unable to respond to other EFTP transmissions with EFTPAbort Pups, asspecified by protocol.There are two timeouts of interest here: the abort timeout, within which an ack must be received orthe transfer is aborted, and the retransmission timeout, after which if an ack has not arrived thecurrent data block is sent again. Ideally the retransmission timeout should be adaptive: about 2times the average response time, exponentially aged over the last 8 samples. In any case it shouldbe such as to retransmit a few times before the abort timeout takes. The abort timeout should be afunction of the available bandwidth of the path between the sender and receiver. The table belowlists recommended values.First BlockSubsequent BlocksAbortRetransAbortRetransFast net 500 100 50001000Slow net100002500100002500The timeouts for a slow net are suitable down to about 2400 bits/sec. The retransmission timeoutslisted are for EFTP implementations which do not use an adaptive algorithm; the initial adaptiveretransmission timeout may have to be reduced from its default value (typically 1 second) for thefirst block on a fast net. A reasonable simplification is to assume that all nets except Ethernets areslow. Even on an unloaded 9600 bits/sec line it takes several minutes to send a full core image bootfile. Boot servers should be able to boot an Alto over an Ethernet while simultaneously updating aboot server at the end of a slow phone line.Boot File Names and NumbersString names and 16 bit numbers are both used to refer to boot files. Servers deal mostly in bootfile numbers: requests to send a boot file refer to it by number; servers compare the creation datesof files with identical numbers when distributing new versions. The NetExec sorts its directory byname, keeping the number, date, and server host address as auxiliary information.Boot file numbers less than 100000B have a uniform meaning throughout the network, are updatedautomatically and are assigned by administrative fiat. The remaining numbers are available for localuse and do not propagate. [Ivy]BootDirectory.txt is the master directory of registered bootfiles.Most gateways have a boot file with the name .boot, with number 100000B. This isintended for use by people developing new boot files. A test version of a boot file stored therewon't propagate, and there can't be any doubt about which boot server it came from.ÿî·ïfðpôîGïîÙïbô—ô˜ð>rpîÙï`™ôµðKô¶îÙï_ôð"îÏï\RrðAîÙïWétîÙïUpôÃðArpôÄîÙïSôˆð)ô‰ð&rpîÙïQúôup îÙïOô‡ð;ôˆð%rîÙïMpôðLupôîÙïLô€upôð<îÙïJ†ô™ð:rp ôšupîÙïIôîÙïFôôŽvpð)îÙïD—ô¹ôºvpð+îÙïCôµô¶ðUîÙïAô›ðLôœîÙï@ô‹ðcîÙï>ƒô˜ðaîÙï<þôîàï:ô€ î. ôîï8qî#Àî.àî5 îÙï5Œô€îàî$Àî.€î6`îÙï4îàî$Àî.€î6`îÙï1"ô”ð(ô•ð:îÙï/ô¹rpôºð=îÙï.ô¨ð%ô©ð<îÙï,“ô’ô“ðMîÙï+ôðUô‚îÙï)‰ôðaôîÙï(ôð,îÙï#wtîÙï ’pô˜ô™ðRîÙï ô’ô“ðNîÙïˆôœðcîÙïôðQîÙïô—ô˜rpð;îÙï™ô…ð0ô†ð5îÙïôð`ôîÙïîÙïªôôð:rp îÙï%ô®ô¯ðNîÙï ôðSÿø·Y>/Y±_Alto Boot Protocol3Boot Directory InformationWhen the EtherBoot mechanism was first developed it was only expected to handle a small numberof files -- DMT, Scavenger, FTP and a few others -- and key combinations were picked that were easyto remember and convenient for people with two hands and ten fingers. Even so, it was difficult toremember the keys and the number of files grew to the point where this scheme was getting out ofhand, so the NetExec was developed. The NetExec was assigned one of the last convenient keycombinations and it is now the standard way for humans to invoke other boot files.The NetExec discovers what boot files are available by broadcasting a Pup of type BootDirRequest toMiscellaneous Services sockets on all hosts on the directly-connected Ethernet. Hosts that are bootservers respond with packets of type BootDirReply containing tuples. A boot server with lots of boot files may fill several BootDirReply Pups. The NetExec buildsa directory of tuples from these responses.Boot File UpdateAt present there are two programs which implement boot servers: Gateways and Peek. There areabout 20 gateways in operation, and the number is growing. It takes a few minutes per gateway toupdate one boot file (most gateways are at the end of slow phone lines). Not all gateways are up allof the time. There are probably 50 Peek disks in the world, each with some subset of the boot filesthat existed when the disk was built. The owners of Peek disks are exhorted to rebuild their disksabout once a month. The result of this anarchy is that old versions of boot files persisted in theinternet for years.A Boot file now includes the date on which it was built. Boot servers periodically exchange bootfile directories which include these dates. When a new version of a boot file is stored onto any bootserver, all other boot servers will soon discover this and automatically update their local copies. Theprotocol is similar to that used by name servers to update the network directory.About once an hour and each time a new boot file arrives, each boot server broadcasts its boot filedirectory in a BootDirReply Pup to miscellaneous services sockets on all directly connected networks.When a boot server receives one of these, it compares the dates of its local boot files with the datesin the Pup. If the sender has a more recent version, then the receiver requests a copy using aSendBootFile Pup. If the receiver has a more recent version, then it should send a BootDirReply tocause the sender to update. The same EFTP protocol that is used to boot an Alto is used to movenew versions among boot servers.If the date comparison is unguarded, a damaged file with a bogus date far in the future couldpropagate everywhere and it would be impossible to purge. To protect against this, a file whichclaims to have been created in the future should be treated as if it had a date of zero, thus making itelegible for update by anyone.Server StatisticsBoot servers may optionally keep statistics on their activities and make them available through thenet. A program requests a boot server's statistics by sending a Pup of type BootStatsRequest to themiscellaneous services socket, and the boot server responds by sending a Pup of type BootStatsReplycontaining the statistics. The first word of the reply is a format version number which isincremented whenever the format changes.Pointers to other DocumentationWhen an Alto is hardware-booted over the Ethernet, all three of the steps (BreathOfLife, MayDay,EFTP) are executed. A software-initiated boot may be accomplished by copying the boot loader intopage 0 and jumping into it, thereby starting at the "Mayday" stage with the boot file number andî·ïfðpôîGïîÙïbtîÙï_9pôŒôðBîÙï]´ôƒrpô„rpðDîÙï\/ô‰ð4ôŠð/îÙïZªôðMô‘îÙïY%ô°ô±ðTîÙïW ôðRîÙïT»ô’ô“ð3u pîÙïS6ô—ð+ô˜ð9îÙïQ±ô…ð%upô†îÙïP,ôð@upôîÙïN§ôðZîÙïJtîÙïG5pô¢ðSô£ îÙïE°ô‘ð:ô’ð'îÙïD+ô‚ð#ôƒðBîÙïB¦ôˆð5ô‰ð/îÙïA!ô—ðcîÙï?œô¦ô§ðOîÙï>ôîÙï;2ô£ðSô¤ îÙï9ô‚ôƒðPîÙï8(ô„ô…ðJîÙï6£ôðQîÙï3¾ô’ð^ô“îÙï29ôupð6ôžîÙï0´ôŒð\ô îÙï//ô¹ ôºðTîÙï-ªupô¯ð9ô°upîÙï,%ôšð&rpð!ô›îÙï* ôîÙï'»ôÁð8ôÂð%îÙï&6ô°ðZô±îÙï$±ô€ðHôîÙï#,ôîÙïŸtîÙïºpô¡ð_ô¢îÙï5ôŸô ð3upîÙï°ô™ôšð?u îÙï+pôöô÷ðAîÙï¦ôð(îÙïtîÙï4pô—ð(ô˜ð8îÙï¯rpô‰ð1ôŠð-îÙï*ô ôžðVì· ã?/]'bAlto Boot Protocol4host as optional arguments. Further information may be found in the "EtherBoot" packagedocumentation. The standard Ethernet boot loader can load only B-format boot files. A boot server must transformS0-format files into B-format files (by rearranging pages) before sending them. Further informationmay be found in the "BuildBoot" subsystem documentation.DetailsA Breath of life packet is a raw (non-Pup) Ethernet packet:Destination:377BType:602BContents:A boot loader program.The starting address of the boot loader is the the third word of the packet (first contentword) which will be address 3 in Alto memory. The total packet length must not exceed256 words.Boot servers listen on the Miscellaneous Services socket (4) and handle some or all of the Pup typeslisted below.BootFileRequestPup Type:244BPup ID:Low 16 bits are the boot file number desiredPup SPort:The port to which the boot file should be EFTPedPup DPort:Miscellaneous servicesPup Contents:NoneThis packet is generated in two contexts: 1) by the Ether boot loader while booting an Alto,and 2) by a boot server to update a local copy of a boot file.BootDirRequestPup Type:257BPup DPort:Miscellaneous servicesPup Contents:NoneThis packet is generated by the NetExec to discover who the boot servers are and what filesthey have.BootDirReplyPup Type:260BPup ID:if it is in reply to a BootDirRequest, the ID should match the request.Pup Contents:1 or more blocks of the following format: A boot file number (thenumber that goes in the low 16 bits of a BootFileRequest Pup), an Altoformat date (2 words), a boot file name in BCPL string format.This packet is generated 1) in response to a BootDirRequest, 2) gratuitously broadcast everyhour, and 3) in response to a BootDirReply advertising an older version of a local file.KissOfDeathPup Type:247BPup DPort:Miscellaneous servicesPup SPort:The BootFileRequest Pup is sent to SPort.host on the local Ethernet. IfSPort.host is zero, it is broadcast.ÿî·ïfðpôîGïîÙïbôíôîðHîÙï`™ôîÙï]´ô‰ð/ôŠð3îÙï\/ôŒð3ôð1îÙïZªôð8îÙïVtîÙïS8pð!v pîÏïPSî€rîÏïNÎpî€rîÏïMIpî€îÏïJdô³ðKô´îÏïHßô¥ð.ô¦ð(îÏïGZô îÙïDuô‰ðVôŠ îÙïBðôîÙï@uîÏï=&pô€î€rîÏï;¡pî€pôð,îÏï:ô€ î€ôð'rpîÏï8—ô€ î€ôîÏï7ô€î€pîÏï4-ô‡ðSôˆîÏï2¨ôð>îÙï/Ãu îÏï,Þpô€î€prîÏï+Yp î€ôîÏï)Ôô€î€îÏï&ïôˆðHô‰îÏï%jô îÙï"…uîÏï pô€î€rîÏïpî€ô¤u prpô¥îÏï–ô€î€ô¢ð)ô£î€ïô‰ð&ôŠup î€ïŒôàð#ôárpîÏï§ô¨ð,ô©u pð!îÏï"ôÜupôÝ îÙï=u îÏïXpô€î€rîÏï Óp î€ôîÏïNô€ î€ôˆupð1ô‰î€ï Éôð$À· ‚>/]ˆMAlto Boot Protocol5Pup ID:The low 16 bits contain the boot file number to put in theBootFileRequest Pup.Pup Contents:NoneDMT is the only program which currently responds to KissOfDeath Pups and is used now onlyto run tests on the Ethernet. We have a multiprocessor with about 125 6-MIP CPUs on thesecond floor of Parc which is idle 16 hours a day just waiting for someone to figure out howto use it.BootStatsRequestPup Type:253BPup DPort:Miscellaneous servicesPup Contents:NoneBootStatsReplyPup Type:254BPupID:same as the BootStatsRequest that triggered it.Pup Contents:A version number to identify the format of the following words(current version = 1). Followed by the number of boot files sent,followed by the number of boot directories sent, both in BCPL doubleprecision format.Revision HistoryOctober 17, 1976First releaseMarch 9, 1978Boot directory protocol added.December 31, 1978Automatic update protocol added.February 13, 1979Boot server statistics protocol added.î·ïfðpôîGïîÏïbô€î€ôôî€ï`™upôîÏï_ô€î€îÏï\/rpô…ð$ô†u pîÏïZªô—ô˜ð=rprpîÏïY%ôô‚ðMîÏïW ô îÙïT»uîÏïQÖpô€î€rîÏïPQp î€ôîÏïNÌô€î€îÙïKçu îÏïIpî€rîÏïG}pî€ôupîÏïEøô€î€ôåôæð.î€ïDsô¯ð<ô°î€ïBîô‰ôŠð#rpî€ïAiôîÙï<ÜtîÙï9÷pîÏï7îÙï4-îÏï1HîÙï.cîÏï+~îÙï(™îÏï%´ð&Ð·%m99BÁ TIMESROMAN TIMESROMAN TIMESROMANLOGO TIMESROMAN HELVETICA TIMESROMAN ð ¡ ž³ ?#ÿÿj/&$“û“ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿaltoboot.bravoTaftSeptember 3, 1979 5:34 PM