Multicasting
Traditional multicast routing mechanisms such as Distance Vector Multicast Routing Protocol
(DVMRP) and Multicast Open Shortest Path First (MOSPF) were intended for use within regions
where groups are densely populated or bandwidth is universally plentiful. When groups, and senders
to these groups, are distributed sparsely across a wide area, these “dense mode” schemes do not
perform efficiently.
Protocol Independent
Multicast (PIM)
Protocol Independent Multicast (PIM) protocols route multicast packets to multicast groups. PIM is
protocol independent because it can leverage whichever unicast routing protocol is used to populate
unicast routing table. There are two modes of PIM protocol – Dense mode (DM) and Sparse mode
(SM). Alcatel supports SM only in version 8.0 and higher.
PIM-DM floods multicast traffic throughout the network initially and then generates prune messages
as required. PIM-SM attempts to send multicast data only to networks which have active receivers.
This is achieved by having a common Rendezvous Point (RP) known to the senders and receivers
and by forming shared trees from the RP to the receivers.
PIM-SM is described in RFC 2362.
Securing Remote Access Using IPSec VPN
The features in version 8.0 and higher allow administrators to form a security tunnel to join two
private networks over the Internet. The following examples show how to set up an end-to-end tunnel
with a single proposal and pre-shared key authentication, with multiple proposals and pre-shared key
authentication, and with an SA Bundle, and pre-shared key authentication.
The corporate network no longer has a clearly defined perimeter inside secure building and locked
equipment closets. Increasingly, companies have a need to provide remote access to their corporate
resources for the employees on the move.
Traditionally, remote users could access the corporate LAN through dial-up and ISDN lines which
were terminated in the corporate remote access servers. However, these point-to-point connection
technologies do not scale well to the growing number of remote users and the corresponding increase
in the infrastructure investments and maintenance costs.
A solution to meeting the needs of increasing numbers of remote users and for controlling access
costs is to provide remote access through the Internet using firewalls and a Virtual Private Network
(VPN). Internet Protocol Security (IPSec) keeps the connection safe from unauthorized users.
In a typical IPSec remote access scenario, the mobile user has connectivity to Internet and an IPSec
VPN client loaded on their PC. The remote user connects to the Internet through their Internet
service provider and then initiates a VPN connection to the IPSec security gateway (the VPN server)
of the corporate office, which is typically an always-on Internet connection.
One of the main limitations in providing remote access is the typical remote user connects with a
dynamically assigned IP address provided by the ISP. IPSec uses the IP address of users as an index
to apply the Internet Key Exchange (IKE) and IPSec policies to be used for negotiation with each
peer. When the VPN client has a dynamic IP address, the VPN server cannot access the policies
based on the IP address of the client. Instead, the VPN server uses the identity of the VPN client to
access the policies.
To Next Page
Loading...
Need help?
General
