Re: pim-sm-v2-new-09 and PMBR issues
Pavlin Radoslavov <pavlin <at> icir.org>
2004-04-07 09:05:54 GMT
> On Tue, 6 Apr 2004, Pavlin Radoslavov wrote:
> > > Issue 2: the wildcard receiver requirement (see below) is completely
> > > unrealistic, could be an enermous DoS component, and is completely
> > > inpractical -- not to mention failing to work with mechanisms like
> > > SSM, Embedded-RP or Bidir-PIM (?) -- where a random edge router does
> > > not know about all the groups in a domain. Imagine a case where you
> > > could associate with a PIM-SM router, and act as a wildcard receiver.
> > > Instand multicast DoS as the PIM-SM router would have to join to every
> > > source in the Internet!!!!
> > >
> > > Suggestion: discuss this requirement. My feeling is that it should be
> > > deprecated (with caveats, and describing its limitations) or removed
> > > completely.
> > The (*,*,RP) Join is generated only by the border routers for the
> > RPs within their own domain. In other words, the (*,*,RP) Join is
> > not carried across domains. Hence, you cannot use it for
> > inter-domain DoS attacks.
> > Within a domain, the assumption is that you trust your own routers
> > for the (*,*,RP) Join generation (among all other stuff), hence it
> > can't be used for intra-domain DoS attack either.
> How about SSM where you don't have any RPs and no (similar) multicast
> domain? The wildcard receiver argument applies equally to that as
> well, AFAICS.
The (*,*,RP) Joins don't apply for the SSM multicast address range
simply because the RPs exclude that address range.