Download presentation
Presentation is loading. Please wait.
Published byAnnice Franklin Modified over 8 years ago
1
Source-Specific Multicast (RFC4607) Author: H. Holbrook, Arastra, Inc. B. Cain, Acopia Networks Speaker: Wu Zhi Yu
2
Outline Introduction ASM (Any-Source Multicast ) and SSM Channel and Group Allocation UBM Forward Security Spoofed Source Address
3
Introduction defines an extension to the Internet network service that applies to datagrams sent to SSM addresses.
4
ASM and SSM ASM( Any-Source Multicast ): Receivers have to subscribe to groups Source do not have to subscribe to groups Any host can send traffic to any multicast group
5
ASM and SSM ASM: 1. May receive unwanted packets 2. Even if application level filters drop unwanted packets, they consume some resources
6
ASM and SSM SSM: Allows hosts to specify list from which they want to receive traffic Allows hosts to block packets from sources that send unwanted rtraffic
7
Channel and Group SSM: Identify a shortest-path tree : channel Identifier : (S,G) ASM: Identify a shortest-path tree : group Identifier : G
8
Allocation Multicast address (old format):
9
Allocation Multicast address (new format): Ie, UBM ( Unicast-Prefix-based IPv6 Multicast Addresses)
10
Allocation Flag: P = 0 indicates a multicast address that is not assigned based on the network prefix. P = 1 indicates a multicast address that is assigned based on the network prefix. If P = 1, T MUST be set to 1
11
Allocation The reserved field must be zero. plen indicates the actual number of bits in the network prefix field that identify the subnet when P = 1.
12
Allocation All SSM addresses must have P=1, T=1, and plen=0. The network prefix field of an SSM address also be set to zero, hence all SSM addresses fall in the FF3x::/96 range.
13
Allocation Addresses in the range FF3x::4000:0001 through FF3x::7FFF:FFFF are reserved in for allocation by IANA. Addresses in the range FF3x::8000:0000 through FF3x::FFFF:FFFF are allowed for dynamic allocation by a host.
14
UBM AAP: 1.When a client requires a multicast address, it sends a request to a Multicast Address Allocation Servers (MAAS) for information about the scope zones that include the server. 2. The client then choose a scope zone, and requests an address for a certain of time.
15
UBM 3. The MAAS choose address from address set that is not currently in use, and multicast the message to all other MAASs in the allocation domain. 4.If no-one objects to this announcement, then MAAS starts to periodically multicast an address-in-use message to all the MAASs in the allocation domain. Then it returns the address to the client to use.
16
UBM What is the use of unicast prefix-based multicast address (UBM) allocation ? Removes the need of AAP.
17
Forward A router that receives such a non-source- specific request for data in the SSM range must not use the request to establish forwarding state and must not propagate the request to other neighboring routers.
18
Security The IPsec Authentication Header (AH) and Encapsulating Security Payload (ESP) can be used to secure SSM traffic, if a multicast- capable implementation of IPsec is used by the receivers.
19
Spoofed Source Address By forging the source address in a datagram, an attacker can potentially violate the SSM service model by transmitting datagrams on a channel belonging to another host. The IPsec Authentication Header may be used to authenticate the source of an SSM transmission, for instance.
20
Reference http://www2.tools.ietf.org/html/draft-ietf- malloc-aap-00http://www2.tools.ietf.org/html/draft-ietf- malloc-aap-00 Haberman, B. and D. Thaler, "Unicast- Prefix-based IPv6 Multicast Addresses", RFC 3306, August 2002. RFC 3306 http://www.microsoft.com/taiwan/technet/c olumns/profwin/14-IPSec-2.mspxhttp://www.microsoft.com/taiwan/technet/c olumns/profwin/14-IPSec-2.mspx http://www.microsoft.com/taiwan/technet/c olumns/profwin/13-IPSec-1.mspx
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.