Upload
susanna-cecily-burns
View
237
Download
2
Tags:
Embed Size (px)
Citation preview
Network Security
MULTICASTING
Network Security
Introduction Unicasting
One source & one destination Multicasting
One source & group of
destinations Multiple Unicasting
One source send several
packets each with different
unicast destination address Broadcasting
One source send packets to
all the members of a network
Applications of Multicasting
Access to distributed database Information dissemination Dissemination of news Teleconferencing Distance Learning
Network Security
Network Security
Multicast Addresses
It is a destination address for a group of hosts that have joined a multicast group
A packet sent to a multicast address must be delivered to each member of the group
Addresses in class D of IPv4 are used for multicast communication
Addresses in classes A, B, or C are mostly used for unicast communication
Block assigned for multicasting is 224.0.0.0/4
i.e. total 232-4 = 228 host addresses Range is from 224.0.0.0 to 239.255.255.255
Network Security
Physical Multicast Support
Ethernet supports physical multicast addressing An Ethernet physical address (MAC address) is six octets (48
bits) long If the first 25 bits in an Ethernet address are 00000001
00000000 01011110 0, it is physical multicast address Remaining 23 bits can be used to define a group
Network Security
Conversion: IP multicast address to Ethernet address
Extract the least significant 23 bits of a class D IP address and insert them into a multicast Ethernet physical address
Ethernet multicast physical address ranges from
01:00:5E:00:00:00 to 01:00:5E:7F:FF:FF
(01:00:5E:0 = 0000 0001 0000 0000 0101 1110 0)
Network Security
Examples
Change the multicast IP address 230.43.14.7 to an Ethernet
multicast physical address.
We write the LSB (rightmost) 23 bits of the IP address in hexadecimal:
a) Change the rightmost 3 bytes to hexadecimal
b) subtracting 8 from the leftmost digit if it is greater than or equal to 8
The result will be 2B:OE:07
Since leftmost digit i.e. 2 is not >= 8, so we skip the (b) part and
add the result to the starting Ethernet multicast address, which is
01:00:5E:00:00:00
Answer is: 01:00:5E:2B:0E:07
Network Security
More examples
Change the multicast IP address 238.212.24.9 to an
Ethernet multicast physical address.
The LSB (rightmost) 3 bytes in hexadecimal is D4:18:09
We need to subtract 8 from the leftmost digit, resulting in
54:18:09 (D i.e. 13 > 8)
We add the result to the Ethernet multicast starting address
Answer is: 01:00:5E:54:18:09
Unicast Routing Protocols
A routing table can be either static or dynamic A static table is one with manual entries A dynamic table is one that is updated automatically when there is a
change somewhere in the internet
A routing protocol is a combination of rules and procedures that lets routers in the internet inform each other of changes
It allows routers to share whatever they know about the internet or their neighborhood
Network Security
Distance Vector Routing
Each node maintains a vector (table) of minimum distances to every node
the least-cost route between any two nodes is the route with minimum distance
Routing Information Protocol (RIP) is based on distance vector routing
Network Security
Link State Routing
each node in the domain has the entire topology of the domain i.e. list of nodes and links, how they are connected including type, cost (metric), and condition of links (up or down)
the node use Dijkstra's algorithm to build a routing table each node has the routing table showing least-cost node
to every other node Creation of the states of the links by each node (LSP) Dissemination of LSPs to every other router (flooding) Formation of a shortest path tree for each node Calculation of a routing table based on the shortest path
tree OSPF protocol is based on link state routing
Network Security
Path vector routing
similar to that of distance vector routing there is one node that acts on behalf of the entire system
(speaker node) creates a routing table and advertises it to speaker nodes
in the neighboring systems only speaker nodes in each system can communicate
with each other Border Gateway Protocol (BGP) is based on path vector
routing
Network Security
Network Security
Multicast Routing Optimal Routing
To define a shortest path tree to possible destinations The root of the tree is source, and leaves are the potential destinations Path from the root to each destination is the shortest path
Unicast Routing Each router has its own shortest path tree (SPT) Each line of the routing table is a shortest path
Network Security
Multicast Routing contd…
Multicast Routing A multicast packet may have destinations in more than one
network If we have n groups, we may need n shortest path trees Each involved router needs to construct a shortest path tree
for each group Two approaches:
Source-based trees (SBT) and Group-shared trees (GST)
Network Security
Source-based tree approach
Each router needs to have one shortest path tree for each group The shortest path tree for a group defines the next hop for each network
that has loyal member(s) for that group
If the number of groups is m, each router needs to have m shortest path trees, one for each group
Network Security
Group-shared tree approach
There is only one designated router, called the center core, or rendezvous router
The core has m shortest path trees in its routing table. The rest of the routers in the domain have none.
Network Security
Multicast Routing Protocols
Network Security
Multicast Link State Routing
It uses the source-based tree approach A direct extension of unicast routing Each router creates a shortest path tree by using Dijkstra's algorithm A node advertises every group which has any loyal member on the link. It needs to revise the interpretation of state (i.e. what groups are active
on the link) The information about the group comes from IGMP running on each
router When a router receives all the LSPs (Link State Packets), it creates n
topologies from which n shortest path trees are made by using Dijkstra's algorithm
The only problem with this protocol is the time and space needed to create and save the many shortest path trees :- The solution is to create the trees only when needed.
Network Security
Multicast Open Shortest path First: MOSPF An extension of the OSPF protocol that uses multicast link state
routing to create source-based trees
Network Security
Multicast Distance Vector Routing (MDVR) Multicast routing does not allow a router to send its routing table
to its neighbors Tables are created from scratch by using the information from
the unicast distance vector tables MDVR uses source-based trees, but the router never actually
makes a routing table It uses a process based on four decision-making strategies
1. Flooding: A router receives a packet and, without even looking at the destination group address, sends it out from every interlace except the one from which it was received
Every network with active members receives the packet This is a broadcast, not a multicast Also it creates loops; The next strategy, reverse path forwarding,
corrects this defect
MDVR contd…
2. Reverse Path Forwarding (RPF): To prevent loops, only one copy is forwarded; the other copies are dropped.
A router forwards only the copy that has traveled the shortest path from the source to the router
To find this copy, RPF uses unicast routing table
This strategy prevents loops because there is always one shortest path from the source to the router
Network Security
MDVR contd…
RPF does not guarantee that each network receives only one copy as it is not based on the destination address (a group address); forwarding is based on the source address
To eliminate duplication, we must define only one designated parent router for each network.
Reverse Path Broadcasting (RPB): It guarantees that the packet reaches every network and that every network receives only one copy
Network Security
MDVR contd… RPB does not multicast the packet, it broadcasts it. That’s not efficient. The multicast packet must reach only those networks that have active
members for that particular group. This is RPM.
4. Reverse Path Multicasting (RPM): To convert broadcasting to multicasting, the protocol uses two procedures, pruning and grafting.
Network Security
Network Security
Distance Vector Multicast Routing Protocol: DVMRP
It is an implementation of multicast distance vector routing.
It is a source-based routing protocol, based on RIP.
Network Security
Core-Based Tree (CBT)
A group-shared protocol The autonomous system is divided into regions, and a core (center
router or rendezvous router) is chosen for each region.
Formation of the Tree: After the rendezvous point is selected, every router is informed of the unicast address of the selected router.
Each router then sends a unicast join message After receiving all join messages from every member of the group, a
tree is formed
CBT contd…
Sending Multicast Packets: After formation of the tree, any source can send a multicast packet to all
members of the group It simply sends
the packet to the
rendezvous router
Network Security
Network Security
Protocol Independent Multicast (PIM) Two independent multicast routing protocols: Protocol Independent
Multicast, Dense Mode (PIM-DM) and Protocol Independent Multicast, Sparse Mode (PIM-SM)
Both protocols are unicast protocol- dependent PIM-DM is used when there is a possibility that each router is involved
in multicasting (dense mode such as a LAN) A source-based tree routing protocol that uses RPF and pruning and
grafting strategies for multicasting It assumes that the autonomous system is using a unicast protocol
(RIP or OSPF) and each router has a table PIM-SM is used when there is a slight possibility that each router is
involved in multicasting (sparse mode - WAN) A group-shared tree routing protocol It can switch from a GST strategy to a SBT strategy when necessary
Things to do
RIP, OSPF, BGP IGMP MBONE MSDP
Network Security