All things related to multicast

[Marshall Eubanks <>]

Dear Michael;

   Apparently a lot, at least for some routers - 
we had 15,000 (S,G) at one time from Stanford, all within 2 or 3
minutes. How
long does it take one of these worms to scan through the entire
multicast /4 ?
Someone could look in the logs for the Stanford and UMass DR and see how
they faired.

   I am not sure that this is a good way to set a lower bound for
acceptable traffic for
a protocol, though.

                                   Marshall

Michael Luby wrote:
> 
> I'm actually independently interested in the rate at which DRs can accept
> and process IGMP join/leave traffic for some typical DRs without melting
> down.  This is one of the outstanding questions in the RMT working group on
> one of the congestion control schemes proposed there.  Does anybody have any
> statistics of this type?
> Mike Luby
> 
> -----Original Message-----
> From: 
> 
> [mailto:]On
>  Behalf Of Bill Nickless
> Sent: Wednesday, January 17, 2001 4:11 PM
> To: 
> 
> Cc: Bill Nickless; Bill Owens; Greg Shepherd; Kevin Thompson;
> ;
>  mbone mail list
> Subject: Re: MSDP Storm
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At 06:03 PM 1/17/2001 -0500, Marshall Eubanks wrote:
> 
> >Bill;
> >
> >    You did indeed, now you seem clairvoyant.
> 
> Aiee!  I didn't mean to leave that impression--my earlier notes contained a
> write-up of the problem in detail that didn't go to some of the lists,
> which is why I reposted them to the wider audience.
> 
> >BUT, it seems to me that at base this is not a MSDP issue - it is an IGMP
> >issue. Wouldn't it make more sense (although, alas, more work) to rate
> >limit IGMP joins ?
> 
> Good question.
> 
> I agree with Dave Meyer's comment, that the general problem is a lack of
> rate limiting on routing protocols subject to flooding, including
> MSDP.  Should we include IGMP in this list of protocols that should be rate
> limitable?  I'm not sure.
> 
> In this case, though, I don't think the problem could have been solved by
> rate limiting on IGMP.  The MSDP SAs were created from PIM Register
> packets, which were made from actual IP data packets by the (broken, ugly)
> scanner transmitted.  Thus, IGMP wasn't necessary for the problem to spread
> widely.
> 
> That being said, I would be interested to know if the kernel on the
> compromised hosts did actually do IGMP joins to receive any replies, or if
> the non-multicast-aware scanner did enough of the right socket calls.
> ===
> Bill Nickless    http://www.mcs.anl.gov/people/nickless      +1 630 252 7390
> PGP:0E 0F 16 80 C5 B1 69 52 E1 44 1A A5 0E 1B 74 F7     
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
> 
> iQCVAwUBOmY0mawgm7ipJDXBAQH3NQP+LXJKuzGeRNFVv9MC36fKUdLs+CkV/IgX
> +AueKEVXeimx6+Cvr0iJMkUcUAV+w3OPQd+PtROX/wLEYrSeqbtF+MLtjzGOq3B0
> 9ZXdXGi9BwPomsornB87BpNJEb+RfsTBjYGYw/of0nWJcBLiPZM+xc9qxuHXl1lk
> by+qEghwjtg=
> =iNis
> -----END PGP SIGNATURE-----

-- 


                                   Regards
                                   Marshall Eubanks

   This e-mail may contain confidential and proprietary information of 
   Multicast Technologies, Inc, subject to Non-Disclosure Agreements

   Multicast Technologies, Inc.
   10301 Democracy Lane, Suite 201
   Fairfax, Virginia 22030
   Phone : 703-293-9624          Fax     : 703-293-9609     
   e-mail : 

     http://www.on-the-i.com