Skip to Content.
Sympa Menu

wg-multicast - Re: Filtering IANA Reserved Group Addresses

Subject: All things related to multicast

List archive

Re: Filtering IANA Reserved Group Addresses


Chronological Thread 
  • From: debbie fligor <>
  • To: wg-multicast List <>
  • Cc: Debbie Fligor <>
  • Subject: Re: Filtering IANA Reserved Group Addresses
  • Date: Tue, 27 Nov 2007 15:16:51 -0600

SiebleCenter is our campus. I've started dialog with them to try to get this resolved.


On Nov 27, 2007, at 13:58, Bill Owens wrote:

On Tue, Nov 20, 2007 at 05:33:44PM -0500, Matthew Davy wrote:
I'm going to jump back on my soapbox about filtering the IANA Reserved
multicast group addresses (ie 225/8-231/8 and 234/8-238/8) at all
inter-domain borders.

I spent some time yesterday looking at two things; the traffic in reserved groups that had more than a couple of sources, particularly those where the sources were in different netblocks, and the reserved groups that were included in SAP advertisements. In the first part, I found a couple of groups that appeared to be poorly chosen defaults in distributed software:

225.0.0.11 novell-zfs dest port, Red Hat Cluster Suite?
225.0.0.225 nStor storage arrays
228.1.2.3 TreeCache - JBoss?

I suspect that traffic represents leakage from applications that are expecting to talk only with other local instances, but I can't be sure. I didn't check all of the other groups but most that I did look at had no traffic, or were an obvious misconfiguration (for example 225.100.1.1, which is NTP from 3 hosts at ohio-state.edu).

In the second case, I found eight groups:

225.1.1.1 "Live Stream AVC/UVT", can't decode the format (also uses . 2)
225.1.1.102 "SiebelCenter1404 Program 2", no traffic
225.1.1.103 "SiebelCenter1404 Program 2", no traffic
225.210.157.154 no name, window cam at Purdue, source 128.210.157.122, source device from Visionary Solutions, Inc.
226.252.20.100 "testovacia prev", same video as IPTV ZU
227.10.10.1 "University of Bergen Kamera 1", window cam
231.2.141.4 "Construction Cam", unr.edu, no traffic
234.94.98.85 "Trondheim Underground Radio"

I suspect that each of those can be renumbered without too much difficulty, and the folks at Purdue might want to change their SAP anyway so that people can see them. I only found out about the group by dumping packets since it doesn't show up in VLC.

Of course, I ignored the dozens of 239 groups whose SAP is leaking out into the network, something for which I'm not sure we can do anything. I may submit a feature request for VLC to add a button that causes it to ignore 239 sources. . .

Based on what I found, I feel comfortable recommending that NYSERNet restrict MSDP to just 224/8 and 233/8. We talked about this question yesterday on our weekly engineering call and there were no objections, so since I'm on call this week I plan to put the filters in place. I'll let the group know if there are any objections once they're done ;)

Bill.


-----
-debbie
Debbie Fligor, n9dn Network Engineer, CITES, Univ. of Il
email:

<http://www.uiuc.edu/ph/www/fligor>
"My turn." -River






Archive powered by MHonArc 2.6.16.

Top of Page