All things related to multicast

[Bill Owens <>]

On Tue, Feb 08, 2011 at 10:36:11AM -0800, Eli Dart wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Bill,
> 
> Something like this:
>         term msdp-bogons {
>             from {
>                 route-filter 225.0.0.0/8 orlonger;
>                 route-filter 226.0.0.0/8 orlonger;
>                 route-filter 227.0.0.0/8 orlonger;
>                 route-filter 228.0.0.0/8 orlonger;
>                 route-filter 229.0.0.0/8 orlonger;
>                 route-filter 230.0.0.0/8 orlonger;
>                 route-filter 231.0.0.0/8 orlonger;
>             }
>             then reject;
>         }
> 
> If I read your filter correctly, it does not cover the vast majority of
> unallocated multicast space (e.g. 225/8 through 231/8, 235/8 through 238/8).

Correct. And intentional - for which see below. This filter has its basis in 
something that was originally proposed way back in 1999, according to my 
archives. It has grown since then, reacting to the various annoyances that 
people have observed (mostly idiot vendors picking multicast addresses out of 
the air and then using them in widely-deployed software). 

> The fun thing about MSDP is that most of the world is highly
> promiscuous....everybody floods everything to everybody.  So, even if
> you have an inbound filter, you still allocate all the memory to hold
> the incoming RIB so that the filter can process it.  Filtering means
> that you can keep your own MSDP mesh sane, and avoid flooding bogons to
> peers/customers, but to avoid seeing MSDP bogons it is my understanding
> that you really need to get your peers to filter.

Yes, and in fact the reason I'm not seeing the crazy number of MSDP groups is 
because Internet2 is filtering at the edge with CENIC. And because we never 
got around to turning up multicast between NYSERNet and ESnet at our peering 
in NYC ;)

> RFC 5771 states that "applications MUST NOT use addressing in the IANA
> reserved blocks" - I think it's worth treating unallocated multicast
> space like bogons just as we treat unallocated unicast space like bogons
> (please, let's not rathole on the IPv4 runout).

True. Nobody should be doing that, the question is whether and how we want to 
deal with those who are. This topic last came up in the mailing list almost 
five years ago: 
https://lists.internet2.edu/sympa/arc/wg-multicast/2006-05/msg00056.html

I skimmed that discussion just now and I think that it's still applicable. It 
might be worth another pass through the SA cache (once the current mess is 
done with) to see how many legitimate users are using illegitimate groups. 

Bill.