All things related to multicast

["David Farmer" <>]

To me this raises a question I asked I asked last September about 
Multicast BCP.

Since Most of the Multicast Group Address space is IANA reserved 
still shouldn't it be filtered at AS boundaries?  In other words 
Multicast BOGON.

Current IANA reserved address space:

225.0.0.0/8
226.0.0.0/8
227.0.0.0/8
228.0.0.0/8
229.0.0.0/8
230.0.0.0/8
231.0.0.0/8
234.0.0.0/8
235.0.0.0/8
236.0.0.0/8
237.0.0.0/8
238.0.0.0/8

Or summarized to:

225.0.0.0/8
226.0.0.0/7
228.0.0.0/6
234.0.0.0/7
236.0.0.0/7
238.0.0.0/8

This would have eliminated more that 90% of the problem 
according to Marshall's numbers.

On 4 May 2004 Marshall Eubanks wrote:

> This is the biggest worm attack on MSDP I have yet seen - here is some
> information - note the 27331 Groups with only one Sender - a classic
> worm indicator.
> 
> Marshall
> 
> 
>  Date of MBGP Dump  Tue May  4 06:13:00 EDT 2004
> 
>  There were 30502 SA-Cache Entries      
>  There were  1005 Duplicate S,G Entries 
>  There were 27453 SA-Cache Groups       
>  There were  2125 SA-Cache Sources      
>  There were   277 SA-Cache RPs          
>  There were   153 SA-Cache ASs          
> 
>  The Most Active Group  is   224.2.127.254 with   976 members 
>  The Most Active Source is   130.239.19.66 with  1842 groups 
>  The Most Active RP     is   130.239.0.101 with  7505 entries 
>  The Most Active AS     is            2833 with  7505 entries 
> 
> This AS is
>   2833          SUNET-UMU                       [BE10]              
>   {S-100 44  STOCKHOLM, Sweden} 
> 
> 
>  There were 27331 Groups with only one Sender      
> 
>  First Octet Histogram
> 
>  Octet 224 had   2242 entries or   8.17 % 
>  Octet 225 had   1926 entries or   7.02 % 
>  Octet 226 had   1955 entries or   7.12 % 
>  Octet 227 had   1895 entries or   6.90 % 
>  Octet 228 had   1899 entries or   6.92 % 
>  Octet 229 had   2012 entries or   7.33 % 
>  Octet 230 had   1881 entries or   6.85 % 
>  Octet 231 had   1948 entries or   7.10 % 
>  Octet 233 had   2243 entries or   8.17 % 
>  Octet 234 had   1851 entries or   6.74 % 
>  Octet 235 had   1898 entries or   6.91 % 
>  Octet 236 had   1908 entries or   6.95 % 
>  Octet 237 had   1861 entries or   6.78 % 
>  Octet 238 had   1934 entries or   7.04 % 
> 
>  AS   2833 had   7505 entries 
>  AS    137 had   7473 entries 
>  AS    680 had   6220 entries 
>  AS   2200 had   2763 entries 
>  AS   2607 had   1570 entries 
>  AS   1955 had   1292 entries 
> <snip>
> 
> On Tue, 4 May 2004 07:12:37 -0400 (EDT)
>  "William F. Maton" 
> <>
>  wrote:
> > On Tue, 4 May 2004, Bill Owens wrote:
> > 
> > > FYI, our two Abilene MSDP peers had pushed up to over 45k SAs, so
> > > I've
> > >now shut them down. It was causing problems for CANARIE, and
> > >although our backbone Junipers haven't been affected yet, I'm not
> > >willing to take the chance.
> > >
> > > If things aren't better by the morning I'm going to be working on
> > > a
> > >filter to see whether I can let at least some of the legitimate
> > >sources through, though I'm not exactly sure how to specify that. .
> > >.
> > 
> > FWIW, we're seeing 20K+ MSDP entries coming from CANARIE towards us
> > at AS 2884.  I've had to shutdown MSDP peering and it seems there
> > are deeper problems within CANARIE's network that are affecting
> > AS2884's downstreams.
> > 
> > 
> > wfms
> > 
> 
> 



=================================================
David Farmer                            Email:  

Office of Information Technology
University of Minnesota                 Phone:  612-626-0815
2218 University Ave SE                  Cell:   612-812-9952
Minneapolis, MN 55414-3029              FAX:    612-624-4035
=================================================