Netscreen – IGMP / PIM-SM

Internet Group Management Protocol (IGMP) is a communication protocol that multicasts messages and information among all member devices in an IP multicast group. Traffic is sent to a single MAC address but is forwarded out (via the local multicast router) to multiple hosts via multicast. It can be effectively used for gaming and showing online videos. On the downside IGMP is vulnerable to network attacks.

Configuring an Access List for Accepted Groups

Netscreen -> set vrouter trust-vr access-list 1 permit ip 224.4.4.1/32 1
Netscreen -> set interface ethernet1 protocol igmp accept groups 1

Enabling IGMP on an interface

Netscreen -> set interface ethernet1 protocol igmp router
Netscreen -> set interface ethernet1 protocol igmp accept groups 1
Netscreen -> set interface ethernet1 protocol igmp enable
Netscreen -> set interface ethernet2 protocol igmp router
Netscreen -> set interface ethernet2 protocol igmp accept groups 1
Netscreen -> set interface ethernet2 protocol igmp enable

Verifying an IGMP Configuration (Commands)

Netscreen -> exec igmp interface ethernet2 query
Netscreen -> exec igmp interface ethernet2 query 224.4.4.1
Netscreen -> exec igmp interface ethernet2 report 224.4.4.1
Netscreen -> get igmp interface
Netscreen -> get igmp group

If you need to forward the multicast traffic you will need to configure a multicast routing protocol. Please see below.

PIM (Protocol Independent Multicast)

Whereas the IGMP runs between hosts and routers to exchange multicast group membership information, PIM runs between routers to forward multicast traffic to multicast group members throughout the network.

PIM-SM (Protocol Independent Multicast-Sparse Mode) is a multicast routing protocol that forwards multicast traffic to interested receivers only.
It can use either a shared distribution tree or the shortest path tree (SPT) to forward multicast traffic throughout the network.
In the case of using “Shared Distribution Tree” at the root of the tree the source fowards the packets to a rendezvous point (RP). Which is normally a core router. In addition to this a DR (Designated Router) is elected when there are multiple multicast routers. The DR is responsible for sending the multicast packets to the RP and the rest of the tree (other multicast routers).

Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial