All things related to multicast

[Chris Robb <>]

Chris Robb
Indiana University Global NOC Engineer

  Desk: 812-855-8604

On Mon, 14 Jul 2003, Alan Crosswell wrote:

> An apropos topic given the workshop will be here next week:-)
>
> This melted our campus tonight.... 6500 and 7500 routers at max CPU,
> losing BGP peerings and all that.  And, I couldn't even detect the SA's
> from my end.  We disabled the gigE uplinks for the two subnets that most
> of these hosts were on.
>
> Shouldn't an sa-limit at Abilene have prevented the larger sa flooding
> problem?  That's what we added after ramen.

It wasn't until recently that Juniper implemented MSDP SA limits. We had
them placed on Indianapolis. but they log VERY aggressively, noting each
SA that gets dropped. This would cause periodic spikes from the rpd
process that caused BGP sessions to drop. Turning off the limit fixed it.
5.7 implements some better filters, but we won't be upgrading until 5.7R3
for various other reasons.

Tracking this down did point out the difficulty in determining which hosts
were sending to the most groups. Matt Davy put a quick script together to
parse through Juniper's "show msdp source-active brief" messages, but it's
not realtime and it's a bit tedious.

>
> For those Nick Mancini fans....  You'll have to wait 'til tomorrow, the
> NOC has pulled the plug:-)
> /a
>
> -------- Original Message --------
> Subject: Abilene filtering SAs from Columbia | ENTRY=3836
> Date: Mon, 14 Jul 2003 17:38:37 -0500 (EST)
> From: Chris Robb 
> <>
> To: 
> 
> CC: 
> ,
>  
> <>
>
> Columbia:
>
> There are currently five hosts on the Columbia campus that are scanning
> the multicast address space and generating a large number of SAs. The
> hosts have changed over time which has lead us to filter out MSDP SAs from
> all hosts in the 128.59.0.0/16 address block. The *current* set of hosts
> is:
>
>    128.59.175.102
>    128.59.175.99
>    128.59.130.225
>    128.59.130.245
>    128.59.130.122
>
> As mentioned below, we also saw the hosts 128.59.130.189 and 128.59.86.224
> scanning the address space. The number of SAs is causing problems for at
> least one peer with their hardware unable to keep up. Please let us know
> when you think thinks have settled down a bit and we'll remove the filter.
> Since it's after hours, if you have addressed the situation before Tuesday
> morning, please call our NOC at 317-278-6622 and they will put you in
> contact with me.
>
> -Chris
>
> Chris Robb
> Indiana University Global NOC Engineer
> 
>   Desk: 812-855-8604
>
>
> Date: Mon, 14 Jul 2003 15:56:27 -0500 (EST)
> From: Jay Duncan 
> <>
> To: 
> 
> Cc: Jay Duncan 
> <>
> Subject: Please Stop These Hosts
>
> Hi,
>
> We're seeing a couple of hosts at Columbia which are generating a large
> number of MSDP SAs by scanning and trying to joing multicast groups
> sequentially.  This is affecting some customers of ours downstream.
>
> Can you look at 128.59.130.189 and 128.59.86.224 and please make them
> stop?
>
> Thank you very much,
> Jay
>
>
>
>