IGMP and PIM protection

Anton Kapela tkapela at gmail.com
Wed Dec 23 16:32:11 CST 2009


On Wed, Dec 23, 2009 at 10:24 AM, Stefan Fouant
<sfouant at shortestpathfirst.net> wrote:
> I think OP meant that he only wants an integrity check of the control
> traffic, not confidentiality, hence the statement that he does not want to
> encrypt the control traffic.

I read the OP to mean this, too.

Musing on the idea for a moment, it would surely be 'nice' to somehow
know that PIM v2 joins from some other network were, in fact, 'good'
or somehow well-formed, rate-limited, and/or somehow 'safe' to accept
& hold state for. However, it seems as if the OP isn't interested in
inter-domain "rp protection" -- and probably more interested in
authenticating more local igmp v2/3 joins for STB's and the like.

Glen, clarify?

-Tk




More information about the NANOG mailing list