Skip to Content.
Sympa Menu

wg-multicast - Re: Proposed MSDP filtering changes on Abilene

Subject: All things related to multicast

List archive

Re: Proposed MSDP filtering changes on Abilene


Chronological Thread 
  • From: "David Farmer" <>
  • To: Matthew Davy <>
  • Cc:
  • Subject: Re: Proposed MSDP filtering changes on Abilene
  • Date: Thu, 25 May 2006 12:26:19 -0500
  • Organization: NTS, U of MN
  • Priority: normal

On 25 May 2006 Matthew Davy wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I believe that should be 0.0.0.0/8 *not* 0.0.0.0/0 :)
>
> My personal opinion is that all the IANA reserved space should be
> filtered (eg 235/8, 236/8, etc) at domain borders. However, when I
> suggested this at a Joint Tech's a few years ago, several people were
> quite opposed to this. Passing 236/8 interdomain is no different
> than passing 10/8, both are IANA reserved addresses and, IMO,
> everyone should be filtering these at domain borders.

I've made similar suggestions and had similar reactions in the past. But
I've
made the suggestion more recently and with the worms sweeping through
Multicast and hosing MSDP several times in the past couple years, I'd say
some have warmed to the idea. I'd like to propose we block the IANA
Reserved Multicast Space. Would it be possible for you to do some work
and collect dtata to see if there is any sings of use, other than worms?

> The other point you made regarding rate-limiting is a good one as
> well. We already do per-peer SA limiting. We also have the
> ability to do per-source SA limiting. There was a thread on this
> list a while back about implementing some per-source SA limits. My
> opinion is that limiting each source IP to some relatively large
> number of different groups (say 1,000) on the backbone is a good
> thing for the overall stability of multicast and wouldn't hinder any
> legitimate use of multicast. But, again, I think the consensus
> that last time this was discussed was that the backbone shouldn't do
> that type of limiting. Is that still the consensus ?

I'd support doing the rate limiting, again maybe some data would help with
the argument.

> Also, in terms of Bill's and Cisco's lists being out of date, I'm
> sure they are. However, I think it's the most complete list out
> there today. If there are other groups that should be added, we'll
> certainly consider adding them.
>
> - - Matt
>
>
> On May 25, 2006, at 12:40 PM, John Kristoff wrote:
>
> > On Thu, 25 May 2006 12:11:16 -0400
> > Matthew Davy
> > <>
> > wrote:
> >
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> NEW ABILENE MSDP FILTER
> >>
> >> sources:
> >> (0.0.0.0/0,*) Link Local Addresses
> >
> > Do you mean 0.0.0.0/32 or perhaps even the entire reserved block of
> > 0.0.0.0/8?
> >
> > Bill's draft and Cisco list are not so up to date considering the
> > multicast swamp gets polluted quicker than anyone would like and I
> > am not actively maintaining the page I started for hardening anymore.
> > It sort of depends on where your priorities are for filtering. If
> > you want to cut down on bogus MSDPs, clearly filtering the reserved
> > /8's are going to make a much bigger difference than the control
> > plan overlapping /24's, but if you want be conservative then maybe
> > focus on rate limiting strategies to minimize state and flooding
> > explosion?
> >
> > John
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (Darwin)
>
> iD8DBQFEdeNslW/4XGQiy+sRAl6gAKDVoUmcAsztQoVPNTH8yHPppKVG2gCgx3/P
> cQ/iPGSC/aIHWox2SKY2tss=
> =syNh
> -----END PGP SIGNATURE-----
>



=================================================
David Farmer Email:

Office of Information Technology
University of Minnesota Phone: 612-626-0815
2218 University Ave SE Cell: 612-812-9952
Minneapolis, MN 55414-3029 FAX: 612-626-1818
=================================================




Archive powered by MHonArc 2.6.16.

Top of Page