All things related to multicast

["David Farmer" <>]

Comments in line:

On 4 Sep 2003 Bill Nickless wrote:

> On Thu, 4 Sep 2003, David Farmer wrote:
> 
> > We still need to say you SHOULD filter them and we need it to 
> > become BCP that networks actually filter them.  How you actually 
> > filter them is really a local implementation issue.  Although making 
> > it easy is a good thing.
> 
> How does the following sound?
> 
> 1.  The mcast-unusable draft is intended (partially) to give IANA
>     advice about what groups should be permanently reserved.
> 
>     So I don't think it makes sense to put the bogon list in the
>     mcast-unusable draft, because the bogon list is controlled
>     by IANA.  Something feels circular.  :-)

OK if that the intent I'll believe you, your the Author. ;-)  I'd just say, 
giving direction to IANA ins't in the Abstract, but network access 
control lists are.  So I always assumed that this was intended as a 
recommendation for access control lists.

If you don't intend to provide a full list of things that should be 
blocked in an access control list, it would be good to point people 
working on an access control list to the mcast-ipv4-bcp.

Also something is weird: draft-nickless-ipv4-mcast-unusable-02.txt,
the IETF web site says cannot be found and thinking you may have 
updated it, I tried draft-nickless-ipv4-mcast-unusable-03.txt. Which 
comes up with a page basically saying it is an expired draft.  Which 
is wrong since 02 doesn't expire until Dec 2003.

> 2.  The mcast-ipv4-bcp draft, on the other hand, could very well
>     mention filtering bogons in the context of IANA reserved
>     blocks, plus a (technically redundant?) link to the permanently
>     unusable blocks in the mcast-unusable draft (and successors).

That fine, I don't see providing the acutall reserved list in either 
draft, as it will change, point them at IANA.  I would like to see the 
issue covered and I don't know what it would hurt to have a "you 
shouldn't route multicast for reserved groups" or something to that 
effect in both drafts.  But, your the author and as long as it is in one 
of them, I'll shut up.
 
> 3.  David Farmer writes a draft for MBONED explaining how to
>     automatically, safely, and securely update one's bogon/unusable
>     filter list.  :-)  :-)
>
> (Seriously, David, I'll be glad to work with you on #3 if you like.)

I'd be willing, but I don't think it is possible, at least not using BGP.

A BGP BOGON route like described on the web page you pointed 
to: http://www.cymru.com/BGP/bogon-rs.html  Would work for 
BOGON sources, Multicast NLRI routes point to a null,  then a 
BOGON source should cause a packets to fail RPF, both for traffic 
and MSDP I think.  But, I don't see how this can do anything based 
on Group Address. 

This could very well be a good thing to do as well, but I don't see 
how it can accomplish anything for BOGON Groups.  Which only 
leaves hand built access lists I think.  Someone PLEASE tell me I'm 
wrong :-(

If bigger brains than mine figure out a way, I'd be willing to write a 
dratf if no one else is.

> > On 4 Sep 2003 Bill Nickless wrote:
> > 
> > > 
> > > How about doing something like this for the multicast groups that IANA 
> > > hasn't yet allocated, or are otherwise unusable for various reasons?
> > > 
> > > What I like about it is that it's automated, rather than depending on a 
> > > human in the loop everywhere to watch for IANA announcements.
> > > 
> > > Having only spent about 20-30 seconds thinking about it, I'm not sure 
> > > whether it's possible to configure popular routers to black-hole 
> > > traffic 
> > > destined for groups that are in a table populated by BGP.  Maybe an 
> > > inspiration will strike later?
> > > 
> > > ---------- Forwarded message ----------
> > > Date: Thu, 4 Sep 2003 11:56:36 -0500 (CDT)
> > > From: Rob Thomas 
> > > <>
> > > To: Christopher L. Morrow 
> > > <>
> > > Cc: NANOG 
> > > <>
> > > Subject: Re: What were we saying about edge filtering?
> > > 
> > > 
> > > ] I'm going to take a stab at: The next 69.0.0.0/8 release? Certainly 
> > > there
> > > ] was some lesson learned from this, no?
> > > 
> > > Yep, and the lesson is:  Lots of folks do a poor job of network
> > > management.  :(
> > > 
> > > Keeping up with the bogons can be automated, see:
> > > 
> > >    <http://www.cymru.com/BGP/bogon-rs.html>
> > > 
> > > -- 
> > > Rob Thomas
> > > http://www.cymru.com
> > > ASSERT(coffee != empty);