Skip to Content.
Sympa Menu

wg-multicast - Re: Proposed MSDP filtering changes on Abilene

Subject: All things related to multicast

List archive

Re: Proposed MSDP filtering changes on Abilene


Chronological Thread 
  • From: Stig Venaas <>
  • To:
  • Cc: Matthew Davy <>,
  • Subject: Re: Proposed MSDP filtering changes on Abilene
  • Date: Mon, 29 May 2006 14:58:19 +0200

David Farmer wrote:
On 25 May 2006 Matthew Davy wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I believe that should be 0.0.0.0/8 *not* 0.0.0.0/0 :)

My personal opinion is that all the IANA reserved space should be filtered (eg 235/8, 236/8, etc) at domain borders. However, when I suggested this at a Joint Tech's a few years ago, several people were quite opposed to this. Passing 236/8 interdomain is no different than passing 10/8, both are IANA reserved addresses and, IMO, everyone should be filtering these at domain borders.


I've made similar suggestions and had similar reactions in the past. But I've made the suggestion more recently and with the worms sweeping through Multicast and hosing MSDP several times in the past couple years, I'd say some have warmed to the idea. I'd like to propose we block the IANA Reserved Multicast Space. Would it be possible for you to do some work and collect dtata to see if there is any sings of use, other than worms?

In general I wouldn't recommend blocking reserved space. It makes it very hard for some of the space to become un-reserved in the future if you see what I mean. If at some point some of this space should be unblocked, it might be hard to get everyone to open up.

Of course as an administrator I might want to block it, knowing that I would be able to unblock my routers if necessary...

Stig



The other point you made regarding rate-limiting is a good one as well. We already do per-peer SA limiting. We also have the ability to do per-source SA limiting. There was a thread on this list a while back about implementing some per-source SA limits. My opinion is that limiting each source IP to some relatively large number of different groups (say 1,000) on the backbone is a good thing for the overall stability of multicast and wouldn't hinder any legitimate use of multicast. But, again, I think the consensus that last time this was discussed was that the backbone shouldn't do that type of limiting. Is that still the consensus ?


I'd support doing the rate limiting, again maybe some data would help with the argument.


Also, in terms of Bill's and Cisco's lists being out of date, I'm sure they are. However, I think it's the most complete list out there today. If there are other groups that should be added, we'll certainly consider adding them.

- - Matt


On May 25, 2006, at 12:40 PM, John Kristoff wrote:


On Thu, 25 May 2006 12:11:16 -0400
Matthew Davy
<>
wrote:


-----BEGIN PGP SIGNED MESSAGE-----
NEW ABILENE MSDP FILTER

sources:
(0.0.0.0/0,*) Link Local Addresses

Do you mean 0.0.0.0/32 or perhaps even the entire reserved block of
0.0.0.0/8?

Bill's draft and Cisco list are not so up to date considering the
multicast swamp gets polluted quicker than anyone would like and I
am not actively maintaining the page I started for hardening anymore.
It sort of depends on where your priorities are for filtering. If
you want to cut down on bogus MSDPs, clearly filtering the reserved
/8's are going to make a much bigger difference than the control
plan overlapping /24's, but if you want be conservative then maybe
focus on rate limiting strategies to minimize state and flooding
explosion?

John

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFEdeNslW/4XGQiy+sRAl6gAKDVoUmcAsztQoVPNTH8yHPppKVG2gCgx3/P
cQ/iPGSC/aIHWox2SKY2tss=
=syNh
-----END PGP SIGNATURE-----





=================================================
David Farmer Email:

Office of Information Technology
University of Minnesota Phone: 612-626-0815
2218 University Ave SE Cell: 612-812-9952
Minneapolis, MN 55414-3029 FAX: 612-626-1818
=================================================





Archive powered by MHonArc 2.6.16.

Top of Page