All things related to multicast

[Bill Owens <>]

On Tue, Nov 20, 2007 at 05:33:44PM -0500, Matthew Davy wrote:
> I'm going to jump back on my soapbox about filtering the IANA Reserved  
> multicast group addresses (ie 225/8-231/8 and 234/8-238/8) at all  
> inter-domain borders.

I spent some time yesterday looking at two things; the traffic in reserved 
groups that had more than a couple of sources, particularly those where the 
sources were in different netblocks, and the reserved groups that were 
included in SAP advertisements. In the first part, I found a couple of groups 
that appeared to be poorly chosen defaults in distributed software:

225.0.0.11      novell-zfs dest port, Red Hat Cluster Suite?
225.0.0.225     nStor storage arrays
228.1.2.3       TreeCache - JBoss?

I suspect that traffic represents leakage from applications that are 
expecting to talk only with other local instances, but I can't be sure. I 
didn't check all of the other groups but most that I did look at had no 
traffic, or were an obvious misconfiguration (for example 225.100.1.1, which 
is NTP from 3 hosts at ohio-state.edu).

In the second case, I found eight groups:

225.1.1.1       "Live Stream AVC/UVT", can't decode the format (also uses .2)
225.1.1.102     "SiebelCenter1404 Program 2", no traffic
225.1.1.103     "SiebelCenter1404 Program 2", no traffic
225.210.157.154 no name, window cam at Purdue, source 128.210.157.122, source 
device from Visionary Solutions, Inc.
226.252.20.100  "testovacia prev", same video as IPTV ZU
227.10.10.1     "University of Bergen Kamera 1", window cam
231.2.141.4     "Construction Cam", unr.edu, no traffic
234.94.98.85    "Trondheim Underground Radio"

I suspect that each of those can be renumbered without too much difficulty, 
and the folks at Purdue might want to change their SAP anyway so that people 
can see them. I only found out about the group by dumping packets since it 
doesn't show up in VLC.

Of course, I ignored the dozens of 239 groups whose SAP is leaking out into 
the network, something for which I'm not sure we can do anything. I may 
submit a feature request for VLC to add a button that causes it to ignore 239 
sources. . .

Based on what I found, I feel comfortable recommending that NYSERNet restrict 
MSDP to just 224/8 and 233/8. We talked about this question yesterday on our 
weekly engineering call and there were no objections, so since I'm on call 
this week I plan to put the filters in place. I'll let the group know if 
there are any objections once they're done ;)

Bill.