Confirming source-routed multicast is dead on the public Internet
sean at donelan.com
Thu Aug 2 19:26:03 UTC 2018
On Thu, 2 Aug 2018, John Levine wrote:
> In article <nycvar.OFS.7.76.4444.1808021118080.22714 at cnex.qbaryna.pbz> you write:
>> Multicast is being used in various private IP networks. It seems to work
>> very well for satellite content distribution because multicast doesn't
>> require ack's. Enterprise networks also use multicast.
> I would think it'd work fine on private networks, but since there's no
> authentication, on the public Internet how could you tell the
> multicast you want from random malicious junk on the same IP address?
They use some type of encryption to authenticate the data.
Satellite distribution networks usually encrypt both the satellite signal
so only authorized receivers get the download. The multicast data files
are also separately encrypted/signed/checked.
On private/enterprise networks, I guess they just trust its a controlled
On the public Internet. Gosh darn, I don't know, shrug?
More information about the NANOG