IGMP SSM Mapping
Background
IGMPv3 supports source-specific multicast (SSM) but IGMPv1 and IGMPv2 do not. Although the majority of latest multicast devices support IGMPv3, most legacy multicast terminals only support IGMPv1 or IGMPv2. SSM mapping is a transition solution that provides SSM services for such legacy multicast terminals.
Using rules that specify the mapping from a particular multicast group G to a source-specific group, SSM mapping can convert IGMPv1 or IGMPv2 packets whose group addresses are within the SSM range to IGMPv3 packets. This mechanism allows hosts running IGMPv1 or IGMPv2 to access SSM services. SSM mapping allows IGMPv1 or IGMPv2 terminals to access only specific sources, thus minimizing the risks of attacks on multicast sources.
A multicast device does not process the (*, G) requirements, but only processes the (S, G) requirements from the multicast group in the SSM address range. For details about SSM, see PIM-SSM.
If a large number of multicast devices on a network have IGMPv1 or IGMPv2 users and there are many SSM mappings, you can use DNS-based SSM mapping to provide dynamic mapping services to facilitate mapping rule management and simplify maintenance. That is, after receiving IGMPv1 or IGMPv2 messages whose group addresses are in the SSM range, a multicast device queries the DNS server for the multicast source address, and converts IGMPv1 or IGMPv2 messages into IGMPv3 messages based on the reply from the DNS server.
SSM Mapping Implementation Process
As shown in Figure 1, on the user network segment of the SSM network, Host A runs IGMPv3, Host B runs IGMPv2, and Host C runs IGMPv1. To enable the SSM network to provide SSM services for all of the hosts without upgrading the IGMP versions to IGMPv3, configure SSM mapping on the multicast device.
If Device A has SSM mapping enabled and is configured with mappings between group addresses and source addresses, it will perform the following actions after receiving a (*, G) message from Host B or Host C:
If the multicast group address contained in the message is within the any-source multicast (ASM) range, Device A processes the request as described in Principles of IGMP.
If the multicast group address contained in the message is within the SSM range, Device A maps a (*, G) join message to multiple (S, G) join messages based on mapping rules. With this processing, hosts running IGMPv1 or IGMPv2 can access multicast services available only in the SSM range.
DNS-based SSM Mapping Implementation Process
As shown in Figure 2, on the user network segment of the SSM network, Host A runs IGMPv3, Host B runs IGMPv2, and Host C runs IGMPv1. The multicast device Device A connecting to user hosts connects to the DNS server to query SSM mapping rules so as to provide SSM services for all hosts on the network segment. In this case, you must enable DNS-based SSM mapping on Device A.
If DNS-based SSM mapping is enabled on Device A and the domain name suffix of the DNS server is configured, after Device A receives an IGMP (*, G) Join message from Host B or Host C, it performs the following operations based on the actual situation:
If the multicast group of the message is in the Any-Source Multicast (ASM) address range, see Principles of IGMP for the processing method.
If the multicast group of the message is in the SSM address range, Device A adds the domain name suffix to the multicast group address to form a complete domain name, and sends a query request to the DNS server. The domain name is in the format of reverse multicast group address + domain name suffix. For example, if the default domain name suffix in-addr.arpa is used and the (*, 232.0.0.1) Join message is received, Device A queries the DNS server for the IP address corresponding to the domain name 1.0.0.232.in-addr.arpa.
After receiving the query request, the DNS server returns the corresponding IP address to Device A. Device A uses the IP address in the response packet as the source address to convert (*, G) into (S, G). Then, Device A can provide multicast services in the SSM range for user hosts using lower IGMP versions.