200 likes | 348 Views
Source-Specific Multicast (RFC4607). Author: H. Holbrook , Arastra, Inc. B. Cain , Acopia Networks Speaker: Wu Zhi Yu. Outline. Introduction ASM (Any-Source Multicast ) and SSM Channel and Group Al location UBM Forward Security Spoofed Source Address. Introduction.
E N D
Source-Specific Multicast (RFC4607) Author: H. Holbrook , Arastra, Inc. B. Cain , Acopia Networks Speaker: Wu Zhi Yu
Outline • Introduction • ASM (Any-Source Multicast ) and SSM • Channel and Group • Allocation • UBM • Forward • Security • Spoofed Source Address
Introduction • defines an extension to the Internet network service that applies to datagrams sent to SSM addresses.
ASM and SSM • ASM( Any-Source Multicast ): • Receivers have to subscribe to groups • Source do not have to subscribe to groups • Any host can send traffic to any multicast group
ASM and SSM ASM: 1. May receive unwanted packets 2. Even if application level filters drop unwanted packets, they consume some resources
ASM and SSM • SSM: • Allows hosts to specify list from which they want to receive traffic • Allows hosts to block packets from sources that send unwanted rtraffic
Channel and Group • SSM: • Identify a shortest-path tree : channel • Identifier : (S,G) ASM: • Identify a shortest-path tree : group • Identifier : G
Allocation • Multicast address (old format):
Allocation • Multicast address (new format): Ie, UBM ( Unicast-Prefix-based IPv6 Multicast Addresses)
Allocation • Flag: • P = 0 indicates a multicast address that is not assigned based on the network prefix . • P = 1 indicates a multicast address that is assigned based on the network prefix. • If P = 1, T MUST be set to 1
Allocation • The reserved field must be zero. • plen indicates the actual number of bits in the network prefix field that identify the subnet when P = 1.
Allocation • All SSM addresses must have P=1, T=1, and plen=0. • The network prefix field of an SSM address also be set to zero, hence all SSM addresses fall in the FF3x::/96 range .
Allocation • Addresses in the range FF3x::4000:0001 through FF3x::7FFF:FFFF are reserved in for allocation by IANA. • Addresses in the range FF3x::8000:0000 through FF3x::FFFF:FFFF are allowed for dynamic allocation by a host.
UBM • AAP: 1.When a client requires a multicast address , it sends a request to a Multicast Address Allocation Servers (MAAS) for information about the scope zones that include the server . 2. The client then choose a scope zone, and requests an address for a certain of time .
UBM 3. The MAAS choose address from address set that is not currently in use , and multicast the message to all other MAASs in the allocation domain . 4.If no-one objects to this announcement, then MAAS starts to periodically multicast an address-in-use message to all the MAASs in the allocation domain. Then it returns the address to the client to use.
UBM • What is the use of unicast prefix-based multicast address (UBM) allocation ? Removes the need of AAP.
Forward • A router that receives such a non-source-specific request for data in the SSM range must not use the request to establish forwarding state and must not propagate the request to other neighboring routers.
Security • The IPsec Authentication Header (AH) and Encapsulating Security Payload (ESP) can be used to secure SSM traffic, if a multicast- capable implementation of IPsec is used by the receivers.
Spoofed Source Address • By forging the source address in a datagram, an attacker can potentially violate the SSM service model by transmitting datagrams on a channel belonging to another host. • The IPsec Authentication Header may be used to authenticate the source of an SSM transmission, for instance.
Reference • http://www2.tools.ietf.org/html/draft-ietf-malloc-aap-00 • Haberman, B. and D. Thaler, "Unicast-Prefix-based IPv6 Multicast Addresses", RFC 3306, August 2002. • http://www.microsoft.com/taiwan/technet/columns/profwin/14-IPSec-2.mspx • http://www.microsoft.com/taiwan/technet/columns/profwin/13-IPSec-1.mspx