Re: [ssm] SSM with IPSec

Brad Huntting <> Wed, 15 January 2003 16:03 UTC

Received: from ( [] (may be forged)) by (8.9.1a/8.9.1a) with ESMTP id LAA01093 for <>; Wed, 15 Jan 2003 11:03:04 -0500 (EST)
Received: from (localhost.localdomain []) by (8.11.6/8.11.6) with ESMTP id h0FGHMJ21482; Wed, 15 Jan 2003 11:17:22 -0500
Received: from ( []) by (8.11.6/8.11.6) with ESMTP id h0FG9AJ20974 for <>; Wed, 15 Jan 2003 11:09:10 -0500
Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id KAA00758 for <>; Wed, 15 Jan 2003 10:53:58 -0500 (EST)
Received: from (localhost []) by (8.12.6/8.12.6) with ESMTP id h0FFv5Lq041831; Wed, 15 Jan 2003 08:57:05 -0700 (MST) (envelope-from
Message-Id: <>
Subject: Re: [ssm] SSM with IPSec
In-Reply-To: Your message of "Wed, 15 Jan 2003 01:25:34 EST." <>
Date: Wed, 15 Jan 2003 08:57:05 -0700
From: Brad Huntting <>
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <>, <>
List-Id: Source-Specific Multicast <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>

> The solution that I most like is fairly easy to state: require the
> source address to be part of the SA lookup when the destination
> address is an SSM address.  Mark and Brian inform me that the msec
> working group is looking at solving the problem this way.

What if the destination address is not in the SSM range?  For
example: A host wishes to receive NTP (network time protocol)
multicast traffic (destination address from three specific
hosts that it trusts (whether PIM-SSM can honor this request
efficiently is, I think, a separate issue).  I assume there is no
global group `owner' for this well known address, so the
SA for this traffic would, I suspect, need to be indexed by source
and destination just like SSM.

One could easily imagine similar situations for other group addresses.
However, as you pointed out, it's probably not necessary that the
SSM group solve this problem; at least not right away.

ssm mailing list