• McAfee, Inc

Multicast Traffic – Ethernet

Most industrial producer-consumer (or publisher-subscriber) protocols operating over Ethernet, such as EtherNet/IP and Foundation Fieldbus HSE, are IP multicast-based. The first advantage of IP multicasting is network efficiency; by not repeating the data transmission to the multiple destinations, a significant reduction in network load can occur. The second advantage is that the sending host need not be concerned with knowing every IP address of every destination host listening for the broadcast information. The third, and perhaps most important for industrial control purposes, is that a single multicast message offers far better capabilities for time synchronization between multiple control devices than multiple unicast messages.

If the source and destinations of a multicast packet are connected with no intervening routers or firewalls between them, the multicast transmission is relatively seamless. However, if the source and destinations are not on the same LAN, forwarding the multicast messages to a destination becomes more complicated. To solve the problem of multicast message routing, hosts need to join (or leave) a group by informing the multicast router on their network of the relevant group ID through the use of the Internet Group Management Protocol (IGMP).

Multicast routers subsequently know of the members of multicast groups on their network and can decide whether or not to forward a received multicast message onto their network. A multicast routing protocol is also required. From a firewall administration perspective, monitoring and filtering IGMP traffic becomes another series of rule sets to manage, adding to the complexity of the firewall.

Another firewall issue related to multicasting is the use of NAT (Network address translation)

A firewall performing Network address translation (NAT) that receives a multicast packet from an external host has no reverse mapping for which internal group ID should receive the data. If IGMP-aware, it could broadcast it to every group ID it knows about, because one of them will be correct, but this could cause serious issues if an unintended control packet were broadcast to a critical node. The safest action for the firewall to take is to drop the packet. Thus, multicasting is generally considered NAT-unfriendly.

Published in Computer & Network Security , Friday January 9th 2009
Tags: , ,



8 Responses to “Multicast Traffic – Ethernet”

  1. david says:

    How to prevent attacks using IDS Implementations ?

  2. admin says:

    To detect and prevent attacks, IDS solutions are implemented by one of two methods: profiles or signatures

  3. Cameron says:

    What are DOS attacks ?

  4. admin says:

    DoS (denial-of-service) attacks are based on packet flooding, which uses up bandwidth, CPU, and memory resources on not just the victim device, but also intervening devices, such as routers, switches, and firewalls

  5. Cameron says:

    What DoS attacks use ?

  6. admin says:

    Usually DoS attacks use UDP echos (Fraggle), ICMP echo and echo replies (Smurf), and TCP (TCP SYN flooding

  7. Paul says:

    What are the steps to design an IPSec solution ?

  8. admin says:

    Handle design and policy issues
    Allow for IPSec traffic
    Configure IKE Phase 1 management-connection policies
    Define what traffic is to be protected by the IPSec connection
    Create your transform sets
    Build a crypto map
    Activate your crypto map
    Test your IPSec connection

  9. Ken says:

    interesting post

  10. P. Silva says:

    a very good article about Multicast Traffic – Ethernet

Privacy | About Us | Contact
Copyright © 2008 Home Automation - JAEC - All the rights reserved