All things related to multicast

["David Farmer" <>]

On 25 May 2006 Matthew Davy wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I believe that should be 0.0.0.0/8 *not* 0.0.0.0/0 :)
> 
> My personal opinion is that all the IANA reserved space should be  
> filtered (eg 235/8, 236/8, etc) at domain borders.    However, when I  
> suggested this at a Joint Tech's a few years ago, several people were  
> quite opposed to this.     Passing 236/8 interdomain is no different  
> than passing 10/8, both are IANA reserved addresses and, IMO,  
> everyone should be filtering these at domain borders.

I've made similar suggestions and had similar reactions in the past.  But 
I've 
made the suggestion more recently and with the worms sweeping through 
Multicast and hosing MSDP several times in the past couple years, I'd say 
some have warmed to the idea.  I'd like to propose we block the IANA 
Reserved Multicast Space.  Would it be possible for you to do some work 
and collect dtata to see if there is any sings of use, other than worms? 

> The other point you made regarding rate-limiting is a good one as  
> well.   We already do per-peer SA limiting.    We also have the  
> ability to do per-source SA limiting.    There was a thread on this  
> list a while back about implementing some per-source SA limits.    My  
> opinion is that limiting each source IP to some relatively large  
> number of different groups (say 1,000) on the backbone is a good  
> thing for the overall stability of multicast and wouldn't hinder any  
> legitimate use of multicast.    But, again, I think the consensus  
> that last time this was discussed was that the backbone shouldn't do  
> that type of limiting.    Is that still the consensus ?

I'd support doing the rate limiting, again maybe some data would help with 
the argument.

> Also, in terms of Bill's and Cisco's lists being out of date, I'm  
> sure they are.    However, I think it's the most complete list out  
> there today.   If there are other groups that should be added, we'll  
> certainly consider adding them.
> 
> - - Matt
> 
> 
> On May 25, 2006, at 12:40 PM, John Kristoff wrote:
> 
> > On Thu, 25 May 2006 12:11:16 -0400
> > Matthew Davy 
> > <>
> >  wrote:
> >
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> NEW ABILENE MSDP FILTER
> >>
> >>    sources:
> >>      (0.0.0.0/0,*)          Link Local Addresses
> >
> > Do you mean 0.0.0.0/32 or perhaps even the entire reserved block of
> > 0.0.0.0/8?
> >
> > Bill's draft and Cisco list are not so up to date considering the
> > multicast swamp gets polluted quicker than anyone would like and I
> > am not actively maintaining the page I started for hardening anymore.
> > It sort of depends on where your priorities are for filtering.  If
> > you want to cut down on bogus MSDPs, clearly filtering the reserved
> > /8's are going to make a much bigger difference than the control
> > plan overlapping /24's, but if you want be conservative then maybe
> > focus on rate limiting strategies to minimize state and flooding
> > explosion?
> >
> > John
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (Darwin)
> 
> iD8DBQFEdeNslW/4XGQiy+sRAl6gAKDVoUmcAsztQoVPNTH8yHPppKVG2gCgx3/P
> cQ/iPGSC/aIHWox2SKY2tss=
> =syNh
> -----END PGP SIGNATURE-----
> 



=================================================
David Farmer                            Email:  

Office of Information Technology
University of Minnesota                 Phone:  612-626-0815
2218 University Ave SE                  Cell:   612-812-9952
Minneapolis, MN 55414-3029              FAX:    612-626-1818
=================================================