All things related to multicast

[Matthew Davy <>]

While I agree ASM should die, I disagreed with the idea that MSDP  
flooding cannot be controlled without loosing legitimate SAs.    About  
4 years ago, we implemented the following controls with great success...

1) We only accept MSDP SA's for the 224/8 and 233/8 group addresses.    
This eliminates a lot of noise.
2) We implemented Juniper's per-source MSDP limits.   We only accept  
SAs for 300 different groups from the same source IP.   Theoretically  
a single host could be legitimately sending to >300 different group  
addresses, but in practice I've never seen anything near this.  IMO  
this is a must have feature for MSDP.

These combined with Juniper's off-loading of encapsulation to the  
tunnel PIC has, as far as I can tell, completely protected us from  
MSDP storms without dropping legitimate SAs.

Does anyone know if Cisco ever implement something like per-source  
MSDP limits ?

- Matt


On Oct 24, 2008, at 7:59 AM, Alan Crosswell wrote:

> Rate-limiting MSDP means you may lose useful, low update frequency,l  
> SAs that are buried in the noise.
>
> ASM must die.
> /a
>
> On Oct 24, 2008, at 6:17 AM, "Tony Ballardie" < 
> > wrote:
>
> > > From: Dan Pritts 
> > > [mailto:]
> > > Sent: 23 October 2008 21:34
> > >
> > > > After all, 1) ASM works,
> > >
> > > Arguably, ASM does not work.
> > >
> > > I've certainly had problems on my network due to MSDP storms
> > > and the SAP storm we saw recently.
> >
> > ASM works provided it's configured properly (like anything else)  
> > and you
> > rate-limit msdp. Unless you're talking about bugs which do break its
> > correct operation, it's misleading to suggest it doesn't work. That's
> > NOT to say we shouldn't be moving towards SSM - we definitely SHOULD.
> >
> > > IMO, Going forward we'll be faced with a choice between SSM and  
> > > giving
> > > up on
> > > interdomain multicast.
> >
> > It's not time to give up on it.... quite the opposite :-)
> >
> > Tony