draft-ietf-pim-rfc4601bis-05.txt   draft-ietf-pim-rfc4601bis-06.txt 
Network Working Group B. Fenner Network Working Group B. Fenner
Internet Draft Arista Networks Internet Draft Arista Networks
Intended Status: Internet Standard M. Handley Intended Status: Internet Standard M. Handley
Expires: November 15, 2015 UCL Expires: February 12, 2016 UCL
Obsoletes: 4601 H. Holbrook Obsoletes: 4601 H. Holbrook
Arastra Arastra
I. Kouvelas I. Kouvelas
R. Parekh R. Parekh
Cisco Systems, Inc. Cisco Systems, Inc.
Z. Zhang Z. Zhang
Juniper Networks Juniper Networks
L. Zheng L. Zheng
Huawei Technologies Huawei Technologies
May 14, 2015 August 12, 2015
Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Independent Multicast - Sparse Mode (PIM-SM):
Protocol Specification (Revised) Protocol Specification (Revised)
draft-ietf-pim-rfc4601bis-05 draft-ietf-pim-rfc4601bis-06
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 15, 2015. This Internet-Draft will expire on February 12, 2016.
Abstract Abstract
This document specifies Protocol Independent Multicast - Sparse Mode This document specifies Protocol Independent Multicast - Sparse Mode
(PIM-SM). PIM-SM is a multicast routing protocol that can use the (PIM-SM). PIM-SM is a multicast routing protocol that can use the
underlying unicast routing information base or a separate multicast- underlying unicast routing information base or a separate multicast-
capable routing information base. It builds unidirectional shared capable routing information base. It builds unidirectional shared
trees rooted at a Rendezvous Point (RP) per group, and optionally trees rooted at a Rendezvous Point (RP) per group, and optionally
creates shortest-path trees per source. creates shortest-path trees per source.
skipping to change at page 4, line 30 skipping to change at page 4, line 30
5.1. PIM Address Family . . . . . . . . . . . . . . . . . . . .123 5.1. PIM Address Family . . . . . . . . . . . . . . . . . . . .123
5.2. PIM Hello Options . . . . . . . . . . . . . . . . . . . .124 5.2. PIM Hello Options . . . . . . . . . . . . . . . . . . . .124
6. Security Considerations . . . . . . . . . . . . . . . . . . .124 6. Security Considerations . . . . . . . . . . . . . . . . . . .124
6.1. Attacks Based on Forged Messages . . . . . . . . . . . . .124 6.1. Attacks Based on Forged Messages . . . . . . . . . . . . .124
6.1.1. Forged Link-Local Messages . . . . . . . . . . . . . .124 6.1.1. Forged Link-Local Messages . . . . . . . . . . . . . .124
6.1.2. Forged Unicast Messages . . . . . . . . . . . . . . .125 6.1.2. Forged Unicast Messages . . . . . . . . . . . . . . .125
6.2. Non-Cryptographic Authentication Mechanisms . . . . . . .125 6.2. Non-Cryptographic Authentication Mechanisms . . . . . . .125
6.3. Authentication . . . . . . . . . . . . . . . . . . . . . .126 6.3. Authentication . . . . . . . . . . . . . . . . . . . . . .126
6.4. Denial-of-Service Attacks . . . . . . . . . . . . . . . .126 6.4. Denial-of-Service Attacks . . . . . . . . . . . . . . . .126
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .126 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .126
8. Normative References . . . . . . . . . . . . . . . . . . . . .128 8. Normative References . . . . . . . . . . . . . . . . . . . . .127
9. Informative References . . . . . . . . . . . . . . . . . . . .128 9. Informative References . . . . . . . . . . . . . . . . . . . .127
Appendix A. Functionality removed from RFC 4601 . . . . . . . . .130 Appendix A. Functionality removed from RFC 4601 . . . . . . . . .129
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . .131 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . .130
List of Figures List of Figures
Figure 1. Per-(S,G) register state machine at a DR ................38 Figure 1. Per-(S,G) register state machine at a DR ................38
Figure 2. Downstream per-interface (*,G) state machine ............45 Figure 2. Downstream per-interface (*,G) state machine ............45
Figure 3. Downstream per-interface (S,G) state machine ............49 Figure 3. Downstream per-interface (S,G) state machine ............49
Figure 4. Downstream per-interface (S,G,rpt) state machine ........53 Figure 4. Downstream per-interface (S,G,rpt) state machine ........53
Figure 5. Upstream (*,G) state machine ............................58 Figure 5. Upstream (*,G) state machine ............................58
Figure 6. Upstream (S,G) state machine ............................62 Figure 6. Upstream (S,G) state machine ............................62
Figure 7. Upstream (S,G,rpt) state machine for triggered Figure 7. Upstream (S,G,rpt) state machine for triggered
skipping to change at page 126, line 12 skipping to change at page 126, line 12
An implementation SHOULD provide a mechanism to allow an RP to An implementation SHOULD provide a mechanism to allow an RP to
restrict the range of source addresses from which it accepts restrict the range of source addresses from which it accepts
Register-encapsulated packets. Register-encapsulated packets.
All options that restrict the range of addresses from which packets All options that restrict the range of addresses from which packets
are accepted MUST default to allowing all packets. are accepted MUST default to allowing all packets.
6.3. Authentication 6.3. Authentication
RFC 4601 mandates the use of IPsec to ensure authentication of the This document refers to RFC 5796 [8], which specifies mechanisms to
link-local messages in PIM-SM. The description of authentication authenticate PIM-SM link-local messages using the IP security (IPsec)
using IPsec has been removed due to lack of sufficient implementation Encapsulating Security Payload (ESP) or (optionally) the
and deployment experience. RFC 5796 [8] specifies mechanisms to Authentication Header (AH). It also points out that non-link-local
authenticate the PIM-SM link-local messages using the IP security PIM-SM messages (i.e., Register and Register-Stop messages) can be
(IPsec) Encapsulating Security Payload (ESP) or (optionally) the secured by normal unicast IPsec Security Association (SA) between two
Authentication Header (AH). It specifies optional mechanisms to communicants.
provide confidentiality using the ESP. The reader is referred to RFC
5796 [8] for detailed discussion of authentication using IPsec.
6.4. Denial-of-Service Attacks 6.4. Denial-of-Service Attacks
There are a number of possible denial-of-service attacks against PIM There are a number of possible denial-of-service attacks against PIM
that can be caused by generating false PIM protocol messages or even that can be caused by generating false PIM protocol messages or even
by generating false traffic. Authenticating PIM protocol traffic by generating false traffic. Authenticating PIM protocol traffic
prevents some, but not all, of these attacks. Three of the possible prevents some, but not all, of these attacks. Three of the possible
attacks include: attacks include:
- Sending packets to many different group addresses quickly can be a - Sending packets to many different group addresses quickly can be a
skipping to change at page 132, line 4 skipping to change at page 131, line 4
San Jose, CA 95134 San Jose, CA 95134
EMail: kouvelas@cisco.com EMail: kouvelas@cisco.com
Rishabh Parekh Rishabh Parekh
Cisco Systems, Inc. Cisco Systems, Inc.
170 W. Tasman Drive 170 W. Tasman Drive
San Jose, CA 95134 San Jose, CA 95134
EMail: riparekh@cisco.com EMail: riparekh@cisco.com
Zhaohui (Jeffrey) Zhang Zhaohui Zhang
Juniper Networks Juniper Networks
10 Technology Park Drive 10 Technology Park Drive
Westford, MA 01886 Westford, MA 01886
Email: zzhang@juniper.net Email: zzhang@juniper.net
Lianshu Zheng Lianshu Zheng
Huawei Technologies Co., Ltd Huawei Technologies Co., Ltd
Huawei Campus, 156 Beiqing Road, Hai-dian District Huawei Campus, 156 Beiqing Road, Hai-dian District
Beijing 100089 Beijing 100089
 End of changes. 7 change blocks. 
18 lines changed or deleted 16 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/