GENWiki

Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools


rfc:rfc2337

Network Working Group D. Farinacci Request for Comments: 2337 Cisco Systems Category: Experimental D. Meyer

                                                         Cisco Systems
                                                            Y. Rekhter
                                                         Cisco Systems
                                                            April 1998
Intra-LIS IP multicast among routers over ATM using Sparse Mode PIM

Status of this Memo

 This memo defines an Experimental Protocol for the Internet
 community.  It does not specify an Internet standard of any kind.
 Discussion and suggestions for improvement are requested.
 Distribution of this memo is unlimited.

Copyright Notice

 Copyright (C) The Internet Society (1998).  All Rights Reserved.

2. Abstract

 This document describes how intra-LIS IP multicast can be efficiently
 supported among routers over ATM without using the Multicast Address
 Resolution Server (MARS). The method described here is specific to
 Sparse Mode PIM [PIM-SM], and relies on the explicit join mechanism
 inherent in PIM-SM to notify routers when they should create group
 specific point-to-multipoint VCs.

3. Overall model

 This document focuses on forwarding of multicast traffic among PIM-SM
 routers connected to an ATM network. Routers on an ATM network are
 partitioned into Logical IP Subnets, or LISs.  This document deals
 with handling multicast within a single LIS. Handling inter-LIS
 multicast traffic, including handling shortcuts, is outside the scope
 of this document.  In addition, this document does not address
 forwarding of multicast traffic to or from hosts connected to an ATM
 network.

Farinacci, et. al. Experimental [Page 1] RFC 2337 IP multicast over ATM using PIM April 1998

4. Router behavior

 This document requires that each router within a LIS knows IP and ATM
 addresses of all other routers within the LIS. The mapping between IP
 and ATM addresses may be provided by an ARP server [RFC2225], or by
 any other means (e.g., static configuration).
 Each PIM router within a LIS is required to maintain a single
 (shared) point-to-multipoint distribution VC rooted at the router
 with all other PIM routers in the LIS as the leaf nodes. The VC is
 expected to be used for forwarding of multicast traffic (both data
 and control) among routers within the LIS. For example, this VC would
 be used for distributing PIM [PIM-SM] control messages (Join/Prune
 messages).
 In addition, if a PIM router receives a IGMP report from an non-PIM
 neighbor, then the router may add the reporter to the existing shared
 distribution VC or to the group specific distribution VC (if it
 exists). The PIM router may also create a specific VC for this IGMP
 proxy.

4.1. Establishing Dedicated, Per Group Point-to-Multipoint VCs

 Routers may also maintain group specific, dedicated point-to-
 multipoint VCs. In particular, an upstream router for a group may
 choose to become the root of a group specific point-to-multipoint VC
 whose leaves are the downstream routers that have directly connected
 or downstream receivers for the group. While the criteria for
 establishing a group specific point-to-multipoint VC are local to a
 router, issues such as the volume of traffic associated with the
 group and the fanout factor within the LIS should be considered.
 Finally, note that a router must minimally support a single shared
 point-to-multipoint VC for distribution of control messages and data
 (to all group addresses).
 A router can choose to establish a dedicated point-to-multipoint VC
 (or add another leaf to an already established dedicated point-to-
 multipoint VC) when it receives a PIM Join or IGMP report messages
 from another device in the same LIS. When a router that is the root
 of a point-to-multipoint VC receives PIM Prune message or IGMP leave,
 it removes the originator of the message from its dedicated point-
 to-multipoint VC.

Farinacci, et. al. Experimental [Page 2] RFC 2337 IP multicast over ATM using PIM April 1998

4.2. Switching to a Source-Rooted Tree

 If at least one of the routers within a LIS decides to switch to a
 source-rooted tree (by sending (S,G) PIM Joins), then all other
 routers within the LIS that have downstream members for G should
 switch to that source-rooted tree as well. Since a router that
 switches to a source-rooted tree sends PIM Join messages for (S,G)
 over its shared point-to-multipoint VC, the other routers within the
 LIS are able to detect this. Once a router that has downstream
 members for G detects this, the router should send (S,G) PIM Join
 message as well (otherwise the router may receive duplicate traffic
 from S).
 Note that it is possible for a non-PIM router in the LIS to fail to
 receive data if the injection point moves to router to which there is
 not an existing VC.

4.2.1. Adding New Members to a Source-Rooted Tree

 As mentioned above, this document requires that once one router in a
 LIS decides to switch to the source tree for some (S,G), all routers
 in the LIS that have downstream members must also switch to the (S,G)
 source tree. Now, when a new router wants to receive traffic from G,
 it starts sending (*,G)-Joins on it's shared point-to-multipoint VC
 toward the RP for G. The root of the (S,G)-source-rooted tree will
 know to add the new router to the point-to-multipoint VC servicing
 the (S,G)-source-rooted tree by observing the (*,G)-joins on it's
 shared point-to-multipoint VC. However, the new router must also
 switch to the (S,G)-source-rooted tree. In order to accomplish this,
 the newly added router must:
    (i).    Notice that it has been added to a new
            point-to-multipoint VC
    (ii).   Notice (S,G) traffic coming down this new
            point-to-multipoint VC
    (iii).  Send (S,G) joins toward S, causing it to switch to the
            source-rooted tree. The router learns that the VC is used
            to distribute (S,G) traffic in the previous steps.

Farinacci, et. al. Experimental [Page 3] RFC 2337 IP multicast over ATM using PIM April 1998

4.3. Handing the "Packet Reflection" Problem

 When a router receives a multicast packet from another router in its
 own LIS, the router should not send the packet on any of the routers
 distribution point-to-multipoint VCs associate with the LIS. This
 eliminates the problem of "packet reflection". Sending the packet on
 the routers' distribution VCs associated with other LISs is
 controlled by the multicast routing procedures.

5. Brief Comparison with MARS

 The intra-LIS multicast scheme described in this document is intended
 to be a less complex solution to an important subset of the
 functionality provided by the Multicast Address Resolution Server, or
 MARS [MARS]. In particular, it is designed to provide intra-LIS
 multicast between routers using PIM-SM, and does not consider the
 case of host-rooted point-to-multicast multicast distribution VCs.
 Although MARS supports both of the current schemes for mapping the IP
 multicast service model to ATM (multicast server and meshes of
 point-to-multipoint VCs), it does so at at cost and complexity higher
 than of the scheme described in this document. In addition, MARS
 requires new encapsulations, whereas this proposal works with either
 LLC/SNAP or with NLPID encapsulation. Another important difference is
 that MARS allows point-to-multipoint VCs rooted either at a source or
 at a multicast server (MCS). The approach taken here is to constrain
 complexity by focusing on PIM-SM (taking advantage of information
 available in explicit joins), and by allowing point-to-multipoint VCs
 to be rooted only at the routers (which is roughly analogous to the
 complexity and functionality of rooting point-to-multipoint VCs at
 the sources).
 In summary, the method described in this document is designed for the
 router-to-router case, and takes advantage of the explicit-join
 mechanism inherent in PIM-SM to provide a simple mechanism for
 intra-LIS multicast between routers. MARS, on the other hand, accepts
 different tradeoffs in complexity-functionality design space. In
 particular, while the MARS paradigm provides a general neighbor
 discovery mechanism, allows host to participate, and is protocol
 independent, it does so at considerable cost.

Farinacci, et. al. Experimental [Page 4] RFC 2337 IP multicast over ATM using PIM April 1998

6. Security Considerations

 In general, the security issues relevant to the proposal outlined in
 the memo are subsumed by those faced by PIM-SM. While work in
 proceeding on security for PIM-SM, it is worthwhile noting that
 several issues have been raised in conjunction with multicast routing
 and with PIM-SM in particular. These issues include but are not
 limited to:
    (i).   Unauthorized Senders
    (ii).  Unauthorized Receivers
    (iii). Unauthorized use of the RP
    (iv).  Unauthorized "last hop" switching to shortest path
           tree.

6.1. General Comments on Multicast Routing Protocol Security

 Historically, routing protocols used within the Internet have lacked
 strong authentication mechanisms [RFC1704]. In the late 1980s,
 analysis revealed that there were a number of security problems in
 Internet routing protocols then in use [BELLOVIN89].  During the
 early 1990s it became clear that adversaries were selectively
 attacking various intra-domain and inter-domain routing protocols
 (e.g. via TCP session stealing of BGP sessions) [CERTCA9501,
 RFC1636]. More recently, cryptographic authentication mechanisms have
 been developed for RIPv2, OSPF, and the proprietary EIGRP routing
 protocols.  BGP protection, in the form of a Keyed MD5 option for
 TCP, has also become widely deployed.
 At present, most multicast routing protocols lack strong
 cryptographic protection.  One possible approach to this is to
 incorporate a strong cryptographic protection mechanism (e.g. Keyed
 HMAC MD5 [RFC2104]) within the routing protocol itself.  Alternately,
 the routing protocol could be designed and specified to use the IP
 Authentication Header (AH) [RFC1825, RFC1826, RFC2085] to provide
 cryptographic authentication.
 Because the intent of any routing protocol is to propagate routing
 information to other parties, confidentiality is not generally
 required in routing protocols.  In those few cases where local
 security policy might require confidentiality, the use of the IP
 Encapsulating Security Payload (ESP) [RFC1825, RFC1827] is
 recommended.

Farinacci, et. al. Experimental [Page 5] RFC 2337 IP multicast over ATM using PIM April 1998

 Scalable dynamic multicast key management is an active research area
 at this time. Candidate technologies for scalable dynamic multicast
 key management include CBT-based key management [RFC1949] and the
 Group Key Management Protocol (GKMP) [RFC2093,RFC2094].  The IETF IP
 Security Working Group is actively working on GKMP extensions to the
 standards-track ISAKMP key management protocol being developed in the
 same working group.

7. References

 [BELLOVIN89] S. Bellovin, "Security Problems in the TCP/IP
              Protocol Suite", ACM Computer Communications Review,
              Volume 19, Number 2, pp. 32-48, April 1989.
 [CERTCA9501] CERT, "IP Spoofing Attacks and Hijacked Terminal
              Connections", ftp://ftp.cert.org/cert_advisories/,
              January 1995.
 [MARS]       Armitage, G., "Support for Multicast over UNI 3.0/3.1
              based ATM Networks.", RFC 2022, November 1996.
 [PIM-SM]     Estrin, D, et. al., "Protocol Independent Multicast
              Sparse Mode (PIM-SM): Protocol Specification", Work in
              Progress.
 [RFC1636]    Braden, R., Clark, D., Crocker, S., and C. Huitema,
              "Report of IAB Workshop on Security in the Internet
              Architecture February 8-10, 1994", RFC 1636, June 1994.
 [RFC1704]    Haller, N., and R. Atkinson, "On Internet
              Authentication", RFC 1704, October 1994.
 [RFC1825]    Atkinson, R., "IP Security Architecture", RFC 1825,
              August 1995.
 [RFC1826]    Atkinson, R., "IP Authentication Header", RFC 1826,
              August 1995.
 [RFC1827]    Atkinson, R., "IP Encapsulating Security Payload",
              RFC 1827, August 1995.
 [RFC1949]    Ballardie, A., "Scalable Multicast Key Distribution",
              RFC1949, June 1996.
 [RFC2085]    Oehler, M., and R. Glenn, "HMAC-MD5 IP Authentication
              with Replay Prevention", RFC 2085, February 1997.

Farinacci, et. al. Experimental [Page 6] RFC 2337 IP multicast over ATM using PIM April 1998

 [RFC2093]    Harney, H., and C. Muckenhirn, "Group Key Management
              Protocol (GKMP) Specification", RFC 2093, July 1997.
 [RFC2094]    Harney, H., and C. Muckenhirn, "Group Key Management
              Protocol (GKMP) Architecture", RFC 2094, July 1997.
 [RFC2104]    Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed
              Hashing for Message Authentication", RFC 2104, February
              1997.
 [RFC2225]    Laubach, M., and J. Halpern, "Classical IP and ARP over
              ATM", RFC 2225, April 1998.

8. Acknowledgments

 Petri Helenius provided several insightful comments on earlier
 versions of this document.

9. Author Information

 Dino Farinacci
 Cisco Systems
 170 Tasman Dr.
 San Jose, CA 95134
 Phone: (408) 526-4696
 EMail: dino@cisco.com
 David Meyer
 Cisco Systems
 170 Tasman Dr.
 San Jose, CA 95134
 Phone: (541) 687-2581
 EMail: dmm@cisco.com
 Yakov Rekhter
 cisco Systems, Inc.
 170 Tasman Dr.
 San Jose, CA 95134
 Phone: (914) 528-0090
 EMail: yakov@cisco.com

Farinacci, et. al. Experimental [Page 7] RFC 2337 IP multicast over ATM using PIM April 1998

10. Full Copyright Statement

 Copyright (C) The Internet Society (1998).  All Rights Reserved.
 This document and translations of it may be copied and furnished to
 others, and derivative works that comment on or otherwise explain it
 or assist in its implementation may be prepared, copied, published
 and distributed, in whole or in part, without restriction of any
 kind, provided that the above copyright notice and this paragraph are
 included on all such copies and derivative works.  However, this
 document itself may not be modified in any way, such as by removing
 the copyright notice or references to the Internet Society or other
 Internet organizations, except as needed for the purpose of
 developing Internet standards in which case the procedures for
 copyrights defined in the Internet Standards process must be
 followed, or as required to translate it into languages other than
 English.
 The limited permissions granted above are perpetual and will not be
 revoked by the Internet Society or its successors or assigns.
 This document and the information contained herein is provided on an
 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Farinacci, et. al. Experimental [Page 8]

/data/webs/external/dokuwiki/data/pages/rfc/rfc2337.txt · Last modified: 1998/04/29 21:28 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki