All things related to multicast

[Dave Diller <>]

> Keep in mind that SAP is useful for some apps like SDR, VLC, IPTV,  
> etc.
> Policing the entire SAP group to 1Mbps just makes it easier to DOS  
> SAP-
> now you only need to send 1Mbps of mcast data at the SAP group and  
> no good
> SAP packets will get through either, effectively taking down the  
> entire
> SAP service.

>  May want to think about simply turning off SAP listening on the  
> routers

True enough, and certainly the preferred course of action... one which  
rate limiting SAP may well work against.  Once you limit it to save  
your downstreams it becomes  "hey - look - no more problem, the router  
isn't melting down anymore, problem solved!"

The calculation for those downstreams who have not turned it off and  
get caught by things like this is whether it is better to just let  
their downstream routers melt, or 'just' have SAP be unusable for the  
duration.  Once it starts affecting their regular/production traffic  
by slamming CPU to 100% and dropping BGP sessions, I'd rather have   
SAP be broken and limit the damage to that.

Well, I'd still *rather* everyone just turn SAP listen off in the  
first place, and I got at least one more to do so today after his Sup  
melted... so maybe I should just harass the others I saw flap one more  
time ;-)

>  (delete protocols sap )

Hehe... I prefer the more explicit

/* listening to SAP announcements can cause high CPU */
sap {
    disable;
}


;-)


-dd