X hits on this document

PDF document

Cisco AVVID Network Infrastructure IP Multicast Design - page 91 / 98

254 views

0 shares

0 downloads

0 comments

91 / 98

CH A P T E R

8

Security, Timers, and Traffic Engineering in IP Multicast Networks

This chapter provides recommendations for security measures, timer adjustments, and traffic engineering for an IP multicast network.

Security

With IP multicast, it is important to protect the traffic from Denial-of-Service (DoS) attacks or stream hijacking by rogue sources or rogue RPs.

DoS attacks affect the availability and efficiency of a network. If a rogue application or device can generate enough traffic and target that traffic at a source, then CPU and memory resources can be severely impacted.

Stream hijacking allows any host on the network to become an active source for any legitimate multicast group. It is easy to download a free multicast-enabled chat application from the Internet and change the IP Multicast group address assignment to be the same as that used by legitimately configured multicast applications. If the network devices are not secured from “accepting” unauthorized sources, the rogue source can impact the IP Multicast streams. For the most part, receivers are ignorant of the details associated with which source is really responsible for which group.

Use the following commands on IP Multicast-enabled routers to guard against rogue sources and rogue RPs:

ip pim accept-register rp-announce-filter ip pim rp-address ip igmp access-group

Rogue Sources

A source is any host that is capable of sending IP Multicast traffic. Rogue sources are unauthorized sources that send IP Multicast traffic.

Cisco AVVID Network Infrastructure IP Multicast Design

956651

8-1

Document info
Document views254
Page views254
Page last viewedSat Dec 10 04:17:03 UTC 2016
Pages98
Paragraphs2650
Words25637

Comments