Re: [ssm] SSM with IPSec

[Brad Huntting <huntting@glarp.com>]

> The solution that I most like is fairly easy to state: require the
> source address to be part of the SA lookup when the destination
> address is an SSM address.  Mark and Brian inform me that the msec
> working group is looking at solving the problem this way.

What if the destination address is not in the SSM range?  For
example: A host wishes to receive NTP (network time protocol)
multicast traffic (destination address 224.0.1.1) from three specific
hosts that it trusts (whether PIM-SSM can honor this request
efficiently is, I think, a separate issue).  I assume there is no
global group `owner' for this well known address 224.0.1.1, so the
SA for this traffic would, I suspect, need to be indexed by source
and destination just like SSM.

One could easily imagine similar situations for other group addresses.
However, as you pointed out, it's probably not necessary that the
SSM group solve this problem; at least not right away.


brad
_______________________________________________
ssm mailing list
ssm@ietf.org
https://www1.ietf.org/mailman/listinfo/ssm