All things related to multicast

[Leonard Giuliano <>]

On Mon, 30 Jun 2008, Zenon Mousmoulas wrote:

-) This is great, but I'd like to see how it can be extended so that a 
specific
-) appropriate action can be taken automatically, for example policing 
offending
-) sources.
-) I suppose you would need a stateful service that would track offending
-) sources as they appear and disappear and then somehow signal the router to
-) take the action, i.e. match the sources with criteria in a policy-statement
-) that would be used to apply a particular traffic policer.

What you are looking for is the ability to commit configuration changes as 
an action of an event script (if rate exceeds, then police/filter instead 
of just syslog).  That functionality is coming soon, but for now best you 
can do is some type of alert like syslog.

-) There are probably many different ways to do such signaling; one could be
-) using specially-crafted bgp announcements tagged with a specific community
-) that would then be used in source-class filter match conditions. Such a
-) method would resemble qos-group tags used in Cisco QPPB[1].

You could probably do the QPPB thing today, but you still need a mechanism 
to set the BGP attribute as a result of exceeding the configured rate for 
the group.

-) I suppose such a service would have to live outside the router. If you were
-) to implement something like that, would it also be possible to discover
-) offending sources by some other means, e.g. snmp queries, rather than 
through
-) this script and syslog?

You should be able to find offending sources today through SNMP- I believe 
the mcast MIB shows pkt rates.  

-) 
-) Getting this to work automatically is obviously somewhat complicated. Some
-) folks may prefer to do it manually or even go with a more naive approach of
-) policing all sap traffic. I noticed that you advise against such an 
approach
-) and I certainly agree with your justification. However I was wondering if 
you
-) would care to comment on the hack that I happened to mention a couple of
-) weeks ago[2], involving the use of multicast flow maps. Would this be
-) feasible at all? Would it be too expensive, in terms of router resources?
-) 

Flow-maps were designed for a different app, so it's probably not the 
droid you're looking for.  I don't think it can be used to do any more 
than what a simple filter/policer would do.