PIM-SM uses shared trees instead of the source based trees of PIM-DM. This brings great efficiencies to a multicast domain. However, along withs its (*, G) trees come some security concerns. The idea of any source being able to use a common tree should immediately raise the concern of Denial of Service attacks. There are also some inherent inefficiencies with shared trees, and proper placement of redundant RPs is critical.

Source-Specific Multicast (SSM) is a service model that returns to (S, G) trees while retaining the advantages of sparse mode protocol operations and explicit joins. The key to implementing SSM is the source filtering capabilities of IGMPv3 and MLDv2. These protocol versions are prerequisites. SSM is enabled with PIM-SSM, a variation of PIM-SM. The sparse mode operations are retained but not the RPs.

The other prerequisite for SSM is that the group member must know, through the multicast application, which source it wants to receive the group traffic from. It specifies the (S, G) — called a multicast channel — to its designated router, which then grafts itself to an existing tree or initiates a new tree to the source. Notice that source discovery is outside the scope of PIM SSM and IGMPv3 and must be accomplished via some other means, such as global directory services.

IANA has reserved IPv4 group addresses in the range 232.0.0.0/8 and IPv6 group addresses in the range FF3x::/96 (with the assumption that this range will be expanded to FF3x::/32). Because not just any source can send to an SSM channel, the chances of a malicious source sending to the group is reduced— although it is still possible for a malicious source to spoof a legitimate source address.

Configuring PIM SSM is relatively straight-forward, because it uses regular PIM messages. You need only specify the range of groups that are using SSM signaling with the command ip pim ssm range {default|range <Standard-ACL>} . The default keyword means that the range 232.0.0.0/8 will be used for SSM. For the groups in the SSM range, no shared trees are allowed and the (*,G) joins are dropped.

The second step in configuring PIM SSM is to enable IGMPv3 on the interfaces connected to the receivers capable of using this protocol. Without IGMPv3, there can be no use of PIM SSM because no other IGMP version allows sources to be selected by the receivers explicitly to build shortest-path trees.

R1(config)# ip multicast-routing distributed
R1(config)# ip pim ssm default

And then to simulate the receiver we could do something like this:

R2(config)# ip multicast-routing distributed
R2(config)# ip pim ssm default
R2(config)# interface GigabitEthernet0/1
R2(config-if)# ip pim sparse-mode
R2(config-if)# ip igmp version 3
R2(config-if)# ip igmp join 232.10.10.10 source 150.1.6.6
R2(config-if)# exit

You can see that SSM is easier to configure than PIM-SM ASM because there is no bootstrap protocol, RPs, or Auto-RP to worry about.