Network Security MULTICASTING. Network Security Introduction Unicasting One source & one destination Multicasting One source & group of destinations.

Network Security

MULTICASTING

Network Security

Introduction Unicasting

One source & one destination Multicasting

One source & group of

destinations Multiple Unicasting

One source send several

packets each with different

unicast destination address Broadcasting

One source send packets to

all the members of a network

Applications of Multicasting

Access to distributed database Information dissemination Dissemination of news Teleconferencing Distance Learning

Network Security

Network Security

Multicast Addresses

It is a destination address for a group of hosts that have joined a multicast group

A packet sent to a multicast address must be delivered to each member of the group

Addresses in class D of IPv4 are used for multicast communication

Addresses in classes A, B, or C are mostly used for unicast communication

Block assigned for multicasting is 224.0.0.0/4

i.e. total 232-4 = 228 host addresses Range is from 224.0.0.0 to 239.255.255.255

Network Security

Physical Multicast Support

Ethernet supports physical multicast addressing An Ethernet physical address (MAC address) is six octets (48

bits) long If the first 25 bits in an Ethernet address are 00000001

00000000 01011110 0, it is physical multicast address Remaining 23 bits can be used to define a group

Network Security

Conversion: IP multicast address to Ethernet address

Extract the least significant 23 bits of a class D IP address and insert them into a multicast Ethernet physical address

Ethernet multicast physical address ranges from

01:00:5E:00:00:00 to 01:00:5E:7F:FF:FF

(01:00:5E:0 = 0000 0001 0000 0000 0101 1110 0)

Network Security

Examples

Change the multicast IP address 230.43.14.7 to an Ethernet

multicast physical address.

We write the LSB (rightmost) 23 bits of the IP address in hexadecimal:

a) Change the rightmost 3 bytes to hexadecimal

b) subtracting 8 from the leftmost digit if it is greater than or equal to 8

The result will be 2B:OE:07

Since leftmost digit i.e. 2 is not >= 8, so we skip the (b) part and

add the result to the starting Ethernet multicast address, which is

01:00:5E:00:00:00

Answer is: 01:00:5E:2B:0E:07

Network Security

More examples

Change the multicast IP address 238.212.24.9 to an

Ethernet multicast physical address.

The LSB (rightmost) 3 bytes in hexadecimal is D4:18:09

We need to subtract 8 from the leftmost digit, resulting in

54:18:09 (D i.e. 13 > 8)

We add the result to the Ethernet multicast starting address

Answer is: 01:00:5E:54:18:09

Unicast Routing Protocols

A routing table can be either static or dynamic A static table is one with manual entries A dynamic table is one that is updated automatically when there is a

change somewhere in the internet

A routing protocol is a combination of rules and procedures that lets routers in the internet inform each other of changes

It allows routers to share whatever they know about the internet or their neighborhood

Network Security

Distance Vector Routing

Each node maintains a vector (table) of minimum distances to every node

the least-cost route between any two nodes is the route with minimum distance

Routing Information Protocol (RIP) is based on distance vector routing

Network Security

Link State Routing

each node in the domain has the entire topology of the domain i.e. list of nodes and links, how they are connected including type, cost (metric), and condition of links (up or down)

the node use Dijkstra's algorithm to build a routing table each node has the routing table showing least-cost node

to every other node Creation of the states of the links by each node (LSP) Dissemination of LSPs to every other router (flooding) Formation of a shortest path tree for each node Calculation of a routing table based on the shortest path

tree OSPF protocol is based on link state routing

Network Security

Path vector routing

similar to that of distance vector routing there is one node that acts on behalf of the entire system

(speaker node) creates a routing table and advertises it to speaker nodes

in the neighboring systems only speaker nodes in each system can communicate

with each other Border Gateway Protocol (BGP) is based on path vector

routing

Network Security

Network Security

Multicast Routing Optimal Routing

To define a shortest path tree to possible destinations The root of the tree is source, and leaves are the potential destinations Path from the root to each destination is the shortest path

Unicast Routing Each router has its own shortest path tree (SPT) Each line of the routing table is a shortest path

Network Security

Multicast Routing contd…

Multicast Routing A multicast packet may have destinations in more than one

network If we have n groups, we may need n shortest path trees Each involved router needs to construct a shortest path tree

for each group Two approaches:

Source-based trees (SBT) and Group-shared trees (GST)

Network Security

Source-based tree approach

Each router needs to have one shortest path tree for each group The shortest path tree for a group defines the next hop for each network

that has loyal member(s) for that group

If the number of groups is m, each router needs to have m shortest path trees, one for each group

Network Security

Group-shared tree approach

There is only one designated router, called the center core, or rendezvous router

The core has m shortest path trees in its routing table. The rest of the routers in the domain have none.

Network Security

Multicast Routing Protocols

Network Security

Multicast Link State Routing

It uses the source-based tree approach A direct extension of unicast routing Each router creates a shortest path tree by using Dijkstra's algorithm A node advertises every group which has any loyal member on the link. It needs to revise the interpretation of state (i.e. what groups are active

on the link) The information about the group comes from IGMP running on each

router When a router receives all the LSPs (Link State Packets), it creates n

topologies from which n shortest path trees are made by using Dijkstra's algorithm

The only problem with this protocol is the time and space needed to create and save the many shortest path trees :- The solution is to create the trees only when needed.

Network Security

Multicast Open Shortest path First: MOSPF An extension of the OSPF protocol that uses multicast link state

routing to create source-based trees

Network Security

Multicast Distance Vector Routing (MDVR) Multicast routing does not allow a router to send its routing table

to its neighbors Tables are created from scratch by using the information from

the unicast distance vector tables MDVR uses source-based trees, but the router never actually

makes a routing table It uses a process based on four decision-making strategies

1. Flooding: A router receives a packet and, without even looking at the destination group address, sends it out from every interlace except the one from which it was received

Every network with active members receives the packet This is a broadcast, not a multicast Also it creates loops; The next strategy, reverse path forwarding,

corrects this defect

MDVR contd…

2. Reverse Path Forwarding (RPF): To prevent loops, only one copy is forwarded; the other copies are dropped.

A router forwards only the copy that has traveled the shortest path from the source to the router

To find this copy, RPF uses unicast routing table

This strategy prevents loops because there is always one shortest path from the source to the router

Network Security

MDVR contd…

RPF does not guarantee that each network receives only one copy as it is not based on the destination address (a group address); forwarding is based on the source address

To eliminate duplication, we must define only one designated parent router for each network.

Reverse Path Broadcasting (RPB): It guarantees that the packet reaches every network and that every network receives only one copy

Network Security

MDVR contd… RPB does not multicast the packet, it broadcasts it. That’s not efficient. The multicast packet must reach only those networks that have active

members for that particular group. This is RPM.

4. Reverse Path Multicasting (RPM): To convert broadcasting to multicasting, the protocol uses two procedures, pruning and grafting.

Network Security

Network Security

Distance Vector Multicast Routing Protocol: DVMRP

It is an implementation of multicast distance vector routing.

It is a source-based routing protocol, based on RIP.

Network Security

Core-Based Tree (CBT)

A group-shared protocol The autonomous system is divided into regions, and a core (center

router or rendezvous router) is chosen for each region.

Formation of the Tree: After the rendezvous point is selected, every router is informed of the unicast address of the selected router.

Each router then sends a unicast join message After receiving all join messages from every member of the group, a

tree is formed

CBT contd…

Sending Multicast Packets: After formation of the tree, any source can send a multicast packet to all

members of the group It simply sends

the packet to the

rendezvous router

Network Security

Network Security

Protocol Independent Multicast (PIM) Two independent multicast routing protocols: Protocol Independent

Multicast, Dense Mode (PIM-DM) and Protocol Independent Multicast, Sparse Mode (PIM-SM)

Both protocols are unicast protocol- dependent PIM-DM is used when there is a possibility that each router is involved

in multicasting (dense mode such as a LAN) A source-based tree routing protocol that uses RPF and pruning and

grafting strategies for multicasting It assumes that the autonomous system is using a unicast protocol

(RIP or OSPF) and each router has a table PIM-SM is used when there is a slight possibility that each router is

involved in multicasting (sparse mode - WAN) A group-shared tree routing protocol It can switch from a GST strategy to a SBT strategy when necessary

Things to do

RIP, OSPF, BGP IGMP MBONE MSDP

Network Security