Re: [ssm] SSM with IPSec

Brad Huntting <huntting@glarp.com> Wed, 15 January 2003 16:03 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA01093 for <ssm-archive@lists.ietf.org>; Wed, 15 Jan 2003 11:03:04 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h0FGHMJ21482; Wed, 15 Jan 2003 11:17:22 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h0FG9AJ20974 for <ssm@optimus.ietf.org>; Wed, 15 Jan 2003 11:09:10 -0500
Received: from hunkular.glarp.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA00758 for <ssm@ietf.org>; Wed, 15 Jan 2003 10:53:58 -0500 (EST)
Received: from hunkular.glarp.com (localhost [127.0.0.1]) by hunkular.glarp.com (8.12.6/8.12.6) with ESMTP id h0FFv5Lq041831; Wed, 15 Jan 2003 08:57:05 -0700 (MST) (envelope-from huntting@hunkular.glarp.com)
Message-Id: <200301151557.h0FFv5Lq041831@hunkular.glarp.com>
To: holbrook@cisco.com
cc: ssm@ietf.org, mbaugher@cisco.com, bew@cisco.com
Subject: Re: [ssm] SSM with IPSec
In-Reply-To: Your message of "Wed, 15 Jan 2003 01:25:34 EST." <20030115062534.076C910B869@holbrook-laptop.cisco.com>
Date: Wed, 15 Jan 2003 08:57:05 -0700
From: Brad Huntting <huntting@glarp.com>
Sender: ssm-admin@ietf.org
Errors-To: ssm-admin@ietf.org
X-BeenThere: ssm@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=unsubscribe>
List-Id: Source-Specific Multicast <ssm.ietf.org>
List-Post: <mailto:ssm@ietf.org>
List-Help: <mailto:ssm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=subscribe>

> The solution that I most like is fairly easy to state: require the
> source address to be part of the SA lookup when the destination
> address is an SSM address.  Mark and Brian inform me that the msec
> working group is looking at solving the problem this way.

What if the destination address is not in the SSM range?  For
example: A host wishes to receive NTP (network time protocol)
multicast traffic (destination address 224.0.1.1) from three specific
hosts that it trusts (whether PIM-SSM can honor this request
efficiently is, I think, a separate issue).  I assume there is no
global group `owner' for this well known address 224.0.1.1, so the
SA for this traffic would, I suspect, need to be indexed by source
and destination just like SSM.

One could easily imagine similar situations for other group addresses.
However, as you pointed out, it's probably not necessary that the
SSM group solve this problem; at least not right away.


brad
_______________________________________________
ssm mailing list
ssm@ietf.org
https://www1.ietf.org/mailman/listinfo/ssm