wg-multicast - DR multicast register filtering BCP?
Subject: All things related to multicast
List archive
- From: Pekka Savola <>
- To:
- Subject: DR multicast register filtering BCP?
- Date: Fri, 15 Aug 2008 10:51:45 +0300 (EEST)
Hi,
We're providing anycast-RP service to universities. The problem is that some universities are sending a lot of junk to our anycast RP, and in some cases this may cause quite a load on the RP routers. This junk includes:
1) global source addresses, global but identifiable group addresses (e.g.
norton ghost -like applications)
2) global source addresses, pretty much random group addresses (e.g. by
various p2p softwares, rtp "broadcast" addresses some voip phones are
using etc.)
3) private source addresses, group address either in category 1) or 2).
We can drop these at the RP end, but I'm wondering if there is any BCP or just suggestions how the institutions should configure their equipment not to spew junk at us.
An "alternative" to this would be to connect sites just using MSDP but this seems pretty heavyweight for most users. (And then they couldn't use Linux as a DR because there is no software.)
I guess 1) and 2) could be tackled by blacklisting non-allocated IANA address space (but this will impair the use of local apps that do use addresses in that range) in "ip pim rp-address x.x.x.x ACL". 3) seems like a more difficult problem. You can't filter based on source address in rp-address ACLs. What are the other options? Drop these in input ACL at the LAN border (may impair valid use of intra-campus multicast)? Some other means?
I'd be interested in hearing experiences how folks have dealt with this (or if they tried, failed, and just scrapped mcast or moved to MSDP).
Pekka Savola
- DR multicast register filtering BCP?, Pekka Savola, 08/15/2008
- Re: DR multicast register filtering BCP?, Bruce Curtis, 08/15/2008
- Re: DR multicast register filtering BCP?, Leonard Giuliano, 08/15/2008
Archive powered by MHonArc 2.6.16.