1 / 20

Source-Specific Multicast (RFC4607)

Source-Specific Multicast (RFC4607). Author: H. Holbrook , Arastra, Inc. B. Cain , Acopia Networks Speaker: Wu Zhi Yu. Outline. Introduction ASM (Any-Source Multicast ) and SSM Channel and Group Al location UBM Forward Security Spoofed Source Address. Introduction.

tal
Download Presentation

Source-Specific Multicast (RFC4607)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Source-Specific Multicast (RFC4607) Author: H. Holbrook , Arastra, Inc. B. Cain , Acopia Networks Speaker: Wu Zhi Yu

  2. Outline • Introduction • ASM (Any-Source Multicast ) and SSM • Channel and Group • Allocation • UBM • Forward • Security • Spoofed Source Address

  3. Introduction • defines an extension to the Internet network service that applies to datagrams sent to SSM addresses.

  4. ASM and SSM • ASM( Any-Source Multicast ): • Receivers have to subscribe to groups • Source do not have to subscribe to groups • Any host can send traffic to any multicast group

  5. ASM and SSM ASM: 1. May receive unwanted packets 2. Even if application level filters drop unwanted packets, they consume some resources

  6. ASM and SSM • SSM: • Allows hosts to specify list from which they want to receive traffic • Allows hosts to block packets from sources that send unwanted rtraffic

  7. Channel and Group • SSM: • Identify a shortest-path tree : channel • Identifier : (S,G) ASM: • Identify a shortest-path tree : group • Identifier : G

  8. Allocation • Multicast address (old format):

  9. Allocation • Multicast address (new format): Ie, UBM ( Unicast-Prefix-based IPv6 Multicast Addresses)

  10. Allocation • Flag: • P = 0 indicates a multicast address that is not assigned based on the network prefix . • P = 1 indicates a multicast address that is assigned based on the network prefix. • If P = 1, T MUST be set to 1

  11. Allocation • The reserved field must be zero. • plen indicates the actual number of bits in the network prefix field that identify the subnet when P = 1.

  12. Allocation • All SSM addresses must have P=1, T=1, and plen=0. • The network prefix field of an SSM address also be set to zero, hence all SSM addresses fall in the FF3x::/96 range .

  13. Allocation • Addresses in the range FF3x::4000:0001 through FF3x::7FFF:FFFF are reserved in for allocation by IANA. • Addresses in the range FF3x::8000:0000 through FF3x::FFFF:FFFF are allowed for dynamic allocation by a host.

  14. UBM • AAP: 1.When a client requires a multicast address , it sends a request to a Multicast Address Allocation Servers (MAAS) for information about the scope zones that include the server . 2. The client then choose a scope zone, and requests an address for a certain of time .

  15. UBM 3. The MAAS choose address from address set that is not currently in use , and multicast the message to all other MAASs in the allocation domain . 4.If no-one objects to this announcement, then MAAS starts to periodically multicast an address-in-use message to all the MAASs in the allocation domain. Then it returns the address to the client to use.

  16. UBM • What is the use of unicast prefix-based multicast address (UBM) allocation ? Removes the need of AAP.

  17. Forward • A router that receives such a non-source-specific request for data in the SSM range must not use the request to establish forwarding state and must not propagate the request to other neighboring routers.

  18. Security • The IPsec Authentication Header (AH) and Encapsulating Security Payload (ESP) can be used to secure SSM traffic, if a multicast- capable implementation of IPsec is used by the receivers.

  19. Spoofed Source Address • By forging the source address in a datagram, an attacker can potentially violate the SSM service model by transmitting datagrams on a channel belonging to another host. • The IPsec Authentication Header may be used to authenticate the source of an SSM transmission, for instance.

  20. Reference • http://www2.tools.ietf.org/html/draft-ietf-malloc-aap-00 • Haberman, B. and D. Thaler, "Unicast-Prefix-based IPv6 Multicast Addresses", RFC 3306, August 2002. • http://www.microsoft.com/taiwan/technet/columns/profwin/14-IPSec-2.mspx • http://www.microsoft.com/taiwan/technet/columns/profwin/13-IPSec-1.mspx

More Related