Confirming source-routed multicast is dead on the public Internet

Sean Donelan sean at
Thu Aug 2 19:26:03 UTC 2018

On Thu, 2 Aug 2018, John Levine wrote:
> In article <nycvar.OFS.7.76.4444.1808021118080.22714 at cnex.qbaryna.pbz> you write:
>> Multicast is being used in various private IP networks. It seems to work
>> very well for satellite content distribution because multicast doesn't
>> require ack's. Enterprise networks also use multicast.
> I would think it'd work fine on private networks, but since there's no
> authentication, on the public Internet how could you tell the
> multicast you want from random malicious junk on the same IP address?

They use some type of encryption to authenticate the data.

Satellite distribution networks usually encrypt both the satellite signal 
so only authorized receivers get the download. The multicast data files 
are also separately encrypted/signed/checked.

On private/enterprise networks, I guess they just trust its a controlled 

On the public Internet. Gosh darn, I don't know, shrug?

More information about the NANOG mailing list