Presentation is loading. Please wait.

Presentation is loading. Please wait.

Akihiro Tanabe, Daisuke Andou, Kaori Izutsu, Tsunemasa Hayashi and Hiroshi Tohjo NTT Access Network Service Systems Laboratories Email: {atanabe, dandou,

Published byRyan Reilly Modified over 10 years ago

Similar presentations

Presentation on theme: "Akihiro Tanabe, Daisuke Andou, Kaori Izutsu, Tsunemasa Hayashi and Hiroshi Tohjo NTT Access Network Service Systems Laboratories Email: {atanabe, dandou,"— Presentation transcript:

1 Akihiro Tanabe, Daisuke Andou, Kaori Izutsu, Tsunemasa Hayashi and Hiroshi Tohjo NTT Access Network Service Systems Laboratories Email: {atanabe, dandou, izutsu}@ansl.ntt.co.jp NTT Network Innovation Laboratories Email: {hayashi.tsunemasa, tohjo.hiroshi}@lab.ntt.co.jp IGAP : IP Multicast Management Protocol that can collaborate with User Authentication

2 2 Introduction [What do we want to achieve?] Provide New Content Service for Broadband IP network (using xDSL, fiber optic network, …) [Viewpoints] Network should be able to transfer many broadband contents. --> CDN with IP Multicast Service providers should strictly manage the data of their users. Per content accounting mechanism should refer to the access data of users. --> No mechanism available IGAP (Internet Group membership Authentication Protocol)

3 3 Providers Network Assumed Network Environment Distribution Switch Content Delivery Network (CDN) Access Network to the Internet Customers Copy of Multicast Packets Distribute IP packets toward CDN and the PPPoE frame toward the Internet Portal Server User management system User client : PC or STB (Set-Top- Box) Multicast data, Authentication data, etc Internet content data PPPoE : 0x8863, 0x8864 IP : 0x0800 Video Distribution Server Authentication and Accounting Server Customers

4 4 Current Situation in IGAP development Client Multicast Router IGMPv2 Membership Report Multicast Packet Any client sending IGMPv2 Membership Report can join a multicast group, even if an illegal user is behind the client. Content Server subscribing to the service non subscribing to the service (illegal user) should authenticate the user Filtering by IP address is not sufficient, because IP address of clients may be changed for every connecting to network. Client 192.168.0.1 : accept 192.168.0.2 : reject 192.168.0.1 192.168.0.2 192.168.10.1 192.168.10.2 192.168.10.* : unknown (depends on default setting) change? ?

5 5 Summary of IGAP IGAP is based on IGMPv2, and works with user authentication and accounting mechanism. So users accepted by the multicast group can only receive the content data by IP multicast. Router implementing IGAP sends user authentication (accounting) data to authentication (accounting) server, and sends message about result of authentication and accounting status (start or stop) to user- client joining multicast group. IGAP can check whether the user is accepted for accessing the multicast group while receiving the multicast packets (re- authentication). Leave process of IGAP differs from that of IGMP. IGAP leave process is designed to lower the delay upon changing multicast content (such as changing TV channel).

6 6 Message (64bytes) User Account (16bytes) IGAP Header Format http://www.ietf.org/internet-drafts/draft-hayashi-igap-02.txt TypeMax Resp TimeChecksum Group Address VersionSubtype(Reserve-1)Challenge ID Account SizeMessage Size(Reserve-2) IGMPv2 Compatible (8bytes) IGAP Original (88bytes) 12340(Byte) Challenge ID : the parameter for encryption of password by Challenge-Response mechanism User Account : the parameter to indicate the user name Message : the parameter for authentication, e.g. password

7 7 IGAP Join process User Client IGMP Router 1 2 IGAP Router 12 / 3 RADIUS Server 4 5 / 6 IGMPv2 Membership Report Multicast Packet IGAP Join Multicast Packet RADIUS Packet [Join multicast group using IGMPv2] 1.Send IGMPv2 Membership Report from user client to IGMP router 2.Start to send multicast packets from IGMP router to user client [Join multicast group using IGAP] 1.Send IGAP Join from user client to IGAP router 2.Send RADIUS Access Request from IGAP router to RADIUS server 3.Send RADIUS Access Accept from RADIUS server to IGAP router 4.Start to send multicast packets from IGAP router to user client 5.Send RADIUS Accounting Request from IGAP router to RADIUS server 6.Send RADIUS Accounting Response (start) from RADIUS server to IGAP router Content Server Multicast Stream User Client

8 8 IGAP Query process and Re-authentication [Query Interval (same as IGMPv2)] This is interval for resending IGAP Query packet. When the timer of Query Interval expires, IGAP Router sends a Query and restarts the timer. [Validity-Period] This is interval to re-authenticate user, RADIUS server tells the value to IGAP Router. When the timer of Validity Period expires, IGAP Router sends the packets for re-authentication after IGAP Join received in reply to next IGAP Query. IGAP Query / IGAP Join (for replying to query) Re-authentication (access request / access accept or reject) time [time schedule] Count of Query Interval Count of Validity Period IGAP query process IGAP query and re-authentication process IGAP Router RADIUS Server User Client

9 9 IGAP Leave process User Clients IGMP Router Sending multicast packets IGMPv2 Leave IGMPv2 Query [Leave using IGMPv2] (the case of last member of multicast group) 1.Send IGMPv2 Leave from user client to IGMP router 2. Send IGMPv2 Group Membership Query from IGMP router to clients of the multicast 3. If no IGMP Membership Report received, multicast packets are stopped to all user clients. IGAP Router IGAP Leave [Leave using IGAP (Fast Leave)] 1.Send IGAP Leave from user client to IGMP router 2.The user client leaves the multicast group (independent of other user clients) User (client) management per user-ID User Clients Sending multicast packets

10 10 Distribution Switch (IGAP Router) STB (Set Top Box) Experimental Network Environment [experiment] Video streams encoded in MPEG2 are transferred by IP Multicast from encoders to IGAP Router. Join : Validation by authentication mechanism after STB or PC sends IGAP Join Query and Re-authentication : Validation by authentication mechanism after STB or PC sends IGAP Join in reply to IGAP Query, while the STB or PC is receiving multicast streams Leave : Validation by Fast Leave mechanism after STB or PC sends IGAP Leave Management system : Verification of accounting and watching log of users using this system Ethernet L3SW RADIUS server (commercial) Gigabit Ethernet MPEG2 encoder (6 commercial) units Video Cable PC MPEG2 multicast stream (6Mbps) Management System linkage portal Web server (PC) L3SW (Internet gateway) (to The Internet) PPPoE IGAP L2SW

11 11 IP Multicast Management System

12 12 Conclusions [Reports] The development of new IP Multicast management protocol IGAP for user authentication and accounting in content delivery services. The IGAP implementation for user-client and router Validation of IGAP operation The Improvements Revision of IGAP header (concordance with IGMPv3, IPv6, etc) QoS mechanism and flow management for keeping content (video) quality (e.g. expedited forwarding) Brush up implementation detials Inspection for actual (commercial) service etc

Download ppt "Akihiro Tanabe, Daisuke Andou, Kaori Izutsu, Tsunemasa Hayashi and Hiroshi Tohjo NTT Access Network Service Systems Laboratories Email: {atanabe, dandou,"

Similar presentations

Virtual Trunk Protocol

Virtual Trunk Protocol
Broadband Networks, Integrated Management & Standardization Nobuo FUJII ITU-T SG4 Vice Chairman NTT Network Innovation Laboratories

Broadband Networks, Integrated Management & Standardization Nobuo FUJII ITU-T SG4 Vice Chairman NTT Network Innovation Laboratories
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
SAVI Requirements and Solutions for ISP IPv6 Access Network ISP-access-01.txt.

SAVI Requirements and Solutions for ISP IPv6 Access Network ISP-access-01.txt.
Tuning the Behavior of IGMP and MLD for Mobile Hosts and Routers draftasaedamultimobigmpmldoptimization04a Hitoshi Asaeda, Yogo Uchida Keio University.

Tuning the Behavior of IGMP and MLD for Mobile Hosts and Routers draftasaedamultimobigmpmldoptimization04a Hitoshi Asaeda, Yogo Uchida Keio University.
1 Welcome Overview of DOCSIS. 2 Data Over Cable Service Interface Specification.

1 Welcome Overview of DOCSIS. 2 Data Over Cable Service Interface Specification.
IPTV: Becoming a reality Pierre Thiry CNIT Instructor ICONS P.I.

IPTV: Becoming a reality Pierre Thiry CNIT Instructor ICONS P.I.
IPTV Technology Team 3 – Christopher Monclova, Rafael Leefoon, Nick Adasi, Robb Zucker & Oscar Ucedo.

IPTV Technology Team 3 – Christopher Monclova, Rafael Leefoon, Nick Adasi, Robb Zucker & Oscar Ucedo.
IPTV Technology Kelum Vithana 25 May 2010.

IPTV Technology Kelum Vithana 25 May 2010.
Christophe Jelger – CS221 Network and Security - Universität Basel - 20051 Christophe Jelger Post-doctoral researcher IP Multicasting.

Christophe Jelger – CS221 Network and Security - Universität Basel Christophe Jelger Post-doctoral researcher IP Multicasting.
Push Technology Humie Leung Annabelle Huo. Introduction Push technology is a set of technologies used to send information to a client without the client.

Push Technology Humie Leung Annabelle Huo. Introduction Push technology is a set of technologies used to send information to a client without the client.
TCP/IP MODEL Maninder Kaur www.eazynotes.com.

TCP/IP MODEL Maninder Kaur
1April 16, 2002 Layer 3 Multicast Addressing IP group addresses 224.0.0.0–239.255.255.255 “Class D” addresses = high order bits of “1110” Special reserved.

1April 16, 2002 Layer 3 Multicast Addressing IP group addresses – “Class D” addresses = high order bits of “1110” Special reserved.
,< 資 管 Lee 附錄 A0 IGMP vs Multicast Listener Discovery.

,< 資 管 Lee 附錄 A0 IGMP vs Multicast Listener Discovery.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Computer Networks21-1 Chapter 21. Network Layer: Address Mapping, Error Reporting, and Multicasting 21.1 Address Mapping 21.2 ICMP 21.3 IGMP 21.4 ICMPv6.

Computer Networks21-1 Chapter 21. Network Layer: Address Mapping, Error Reporting, and Multicasting 21.1 Address Mapping 21.2 ICMP 21.3 IGMP 21.4 ICMPv6.
H. 323 Chapter 4.

H. 323 Chapter 4.
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 3 Ethernet Technologies/ Ethernet Switching/ TCP/IP Protocol Suite and IP Addressing.

1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 3 Ethernet Technologies/ Ethernet Switching/ TCP/IP Protocol Suite and IP Addressing.
1 Quality of Service Requirements Techniques for Achieving Good Quality of Service Integrated Services Differentiated Services Label Switching and MPLS.

1 Quality of Service Requirements Techniques for Achieving Good Quality of Service Integrated Services Differentiated Services Label Switching and MPLS.
© 2007 Cisco Systems, Inc. All rights reserved. Valašské Meziříčí 25.4.2015 1 Connecting to the Network.

© 2007 Cisco Systems, Inc. All rights reserved. Valašské Meziříčí Connecting to the Network.

Similar presentations

Ads by Google