IGMP IPsec

IGMP IPsec is a security function that filters out invalid packets and protects devices on a multicast network. Table 1 describes the basic principles of IGMP IPsec.

Table 1 IGMP IPsec

Item

Purpose

Principle

Applicable Device

IGMP IPsec

This function is used to authenticate IGMP packets to prevent bogus IGMP protocol packet attacks, improving multicast service security.
IGMP IPsec uses security association (SA) to authenticate sent and received IGMP packets. The IGMP IPsec implementation process is as follows:
  • Before an interface sends out an IGMP protocol packet, IPsec adds an AH header to the packet.
  • After an interface receives an IGMP protocol packet, IPsec uses an SA to authenticate the AH header in the packet. If the AH header is authenticated, the interface forwards the packet. Otherwise, the interface discards the packet.

IGMP IPsec applies to multicast devices connected to user hosts.
Parent Topic: Understanding IGMP
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >