[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ssm] Document Action: An Overview of Source-Specific Multicast(SSM) Deployment to Informational

To: Jon Zeeff <jzeeff@internet2.edu>
Subject: Re: [ssm] Document Action: An Overview of Source-Specific Multicast(SSM) Deployment to Informational
From: Jean-Jacques Pansiot <Jean-Jacques.Pansiot@crc.u-strasbg.fr>
Date: Tue, 10 Jun 2003 15:50:16 +0200
CC: Toerless Eckert <eckert@cisco.com>, Bill Fenner<fenner@research.att.com>, ssm@ietf.org
List-Help: <mailto:ssm-request@ietf.org?subject=help>
List-Id: Source-Specific Multicast <ssm.ietf.org>
List-Post: <mailto:ssm@ietf.org>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ssm>,<mailto:ssm-request@ietf.org?subject=subscribe>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ssm>,<mailto:ssm-request@ietf.org?subject=unsubscribe>
Organization: ULP LSIIT & Departement d'Informatique
References: <5.1.0.14.2.20030606144813.01d03370@mail.internet2.edu> <200306040550.h545oaD08547@windsor.research.att.com> <5.1.0.14.2.20030606144813.01d03370@mail.internet2.edu> <5.1.0.14.2.20030610085539.023c1740@mail.internet2.edu>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0rc3) Gecko/20020811

Jon Zeeff wrote:
> 
> 
>> From my experience, windows XP does send IGMPv2 reports if it sees 
>> IGMPv2 queries.
>> It MUST do this according to the IGMPv3 spec.
> 
> 
> So if I do manage to get my LAN completely IGMPv3 capable and thus allow 
> the use of SSM, all it takes is one person
> plugging in a machine running IGMPv2 and SSM breaks.  This probably 
> means that SSM is unimplementable except
> in some special cases (example: one host per vlan).

Hi
this is not my understanding of IGMPv3 (and MLDv2).
The problem you describe occurs only if a router runs IGMPv2,
which should not be the case in a well managed network.
If all routers are running IGMPv3 (or MLDv2)
then the compatibility "downgrade" is per group (ie per multicast address) :
that is a group may use IGMPv2 if one member host is IGMPv2 only,
and another group on the same LAN may use IGMPv3 if all member hosts use IGMPv3.
Moreover, although it is not completely clear to me,
I think IGMPv3 capable hosts and routers should not downgrade to IGMPv2
for a multicast address in the SSM range.

I suppose that the main problem arises when a malicious user
runs a fake IGMPv2 router.

Jean-Jacques

> 
>> So, as far as easy gradual migration to SSM with DoS attack prevention 
>> is concerned,
>> this has almost completely been ignored by the IETF process.
> 
> 
> I see similar lack of concern about real world security in wireless 
> routing protocols (and DHCP and IPv6 and PIM and ...).
> 
> Thanks for the info.
> 
> _______________________________________________
> ssm mailing list
> ssm@ietf.org
> https://www1.ietf.org/mailman/listinfo/ssm

_______________________________________________
ssm mailing list
ssm@ietf.org
https://www1.ietf.org/mailman/listinfo/ssm

References:
- Re: [ssm] Document Action: An Overview of Source-Specific Multicast(SSM) Deployment to Informational
  - From: Jon Zeeff <jzeeff@internet2.edu>
- [ssm] Document Action: An Overview of Source-Specific Multicast(SSM) Deployment to Informational
  - From: Bill Fenner <fenner@research.att.com>
- Re: [ssm] Document Action: An Overview of Source-Specific Multicast(SSM) Deployment to Informational
  - From: Jon Zeeff <jzeeff@internet2.edu>

Prev by Date: [ssm] (no subject)
Prev by thread: Re: Re: [ssm] Document Action: An Overview of Source-Specific Multicast(SSM) Deployment to Informational
Next by thread: ietf.org mailing list memberships reminder
Index(es):
- Date
- Thread