Skip to Content.
Sympa Menu

wg-multicast - Re: MSDP SA explosion - sasser worm?

Subject: All things related to multicast

List archive

Re: MSDP SA explosion - sasser worm?


Chronological Thread 
  • From: Bill Owens <>
  • To:
  • Subject: Re: MSDP SA explosion - sasser worm?
  • Date: Tue, 4 May 2004 09:48:14 -0400

I'm thinking about a somewhat different approach to how we configure MSDP,
and I wanted to get everyone's feedback on it.

We have three classes of connections to NYSERNet - customers, transit, and
peers. Our customers will get a fairly tight sa-limit, probably 100 to start
with. The only ones going above that are people leaking stuff they shouldn't,
like Ghost. They will receive everything that we have in our cache.

Our transit connections will have a much higher sa-limit, probably 15000. We
will also filter outbound using a route-map that includes the ASes of all our
multicast-enabled customers. That way we'll only send sources that we
actually originate. We'll accept anything they send (up to the sa-limit).

Our peers will also have an sa-limit, and will be filtered outbound with the
same customer route-map. Inbound, we'll accept using the same as-path that we
use for BGP, which varies by peer depending on what our agreements with them
are.

Does that make sense? I think that in particular putting a tight sa-limit on
customers would help a great deal with the current problem, but filtering to
peers will also help keep the router CPU loads down on boxes that have lots
of external connections. I don't think it will break anything, but I guess
there's only one way to find out ;)

Bill.




Archive powered by MHonArc 2.6.16.

Top of Page