All things related to multicast

[debbie fligor <>]

SiebleCenter is our campus. I've started dialog with them to try to  
get this resolved.


On Nov 27, 2007, at 13:58, Bill Owens wrote:

> On Tue, Nov 20, 2007 at 05:33:44PM -0500, Matthew Davy wrote:
> > I'm going to jump back on my soapbox about filtering the IANA  
> > Reserved
> > multicast group addresses (ie 225/8-231/8 and 234/8-238/8) at all
> > inter-domain borders.
>
> I spent some time yesterday looking at two things; the traffic in  
> reserved groups that had more than a couple of sources, particularly  
> those where the sources were in different netblocks, and the  
> reserved groups that were included in SAP advertisements. In the  
> first part, I found a couple of groups that appeared to be poorly  
> chosen defaults in distributed software:
>
> 225.0.0.11      novell-zfs dest port, Red Hat Cluster Suite?
> 225.0.0.225     nStor storage arrays
> 228.1.2.3       TreeCache - JBoss?
>
> I suspect that traffic represents leakage from applications that are  
> expecting to talk only with other local instances, but I can't be  
> sure. I didn't check all of the other groups but most that I did  
> look at had no traffic, or were an obvious misconfiguration (for  
> example 225.100.1.1, which is NTP from 3 hosts at ohio-state.edu).
>
> In the second case, I found eight groups:
>
> 225.1.1.1	"Live Stream AVC/UVT", can't decode the format (also uses . 
> 2)
> 225.1.1.102     "SiebelCenter1404 Program 2", no traffic
> 225.1.1.103     "SiebelCenter1404 Program 2", no traffic
> 225.210.157.154	no name, window cam at Purdue, source  
> 128.210.157.122, source device from Visionary Solutions, Inc.
> 226.252.20.100  "testovacia prev", same video as IPTV ZU
> 227.10.10.1     "University of Bergen Kamera 1", window cam
> 231.2.141.4     "Construction Cam", unr.edu, no traffic
> 234.94.98.85    "Trondheim Underground Radio"
>
> I suspect that each of those can be renumbered without too much  
> difficulty, and the folks at Purdue might want to change their SAP  
> anyway so that people can see them. I only found out about the group  
> by dumping packets since it doesn't show up in VLC.
>
> Of course, I ignored the dozens of 239 groups whose SAP is leaking  
> out into the network, something for which I'm not sure we can do  
> anything. I may submit a feature request for VLC to add a button  
> that causes it to ignore 239 sources. . .
>
> Based on what I found, I feel comfortable recommending that NYSERNet  
> restrict MSDP to just 224/8 and 233/8. We talked about this question  
> yesterday on our weekly engineering call and there were no  
> objections, so since I'm on call this week I plan to put the filters  
> in place. I'll let the group know if there are any objections once  
> they're done ;)
>
> Bill.

-----
-debbie
Debbie Fligor, n9dn       Network Engineer, CITES, Univ. of Il
email: 

          <http://www.uiuc.edu/ph/www/fligor>
                   "My turn."  -River