All things related to multicast

[Brent Sweeny <>]

I forwarded this to some I2 folks who should respond.

On 2/8/2011 1:31 PM, Ge Moua wrote:
> would someone from I2 respond back about Bill's comments and if so, can
> this be updated on I2 mcast url?
> 
> -- 
> Regards,
> Ge Moua
> 
> Network Design Engineer
> University of Minnesota | OIT - NTS
> 2218 University Ave SE
> Minneapolis, MN 55414-3029
> Email: 
> 
>  | Office: 612.626.2779
> -- 
> 
> 
> On 2/8/11 12:26 PM, Bill Owens wrote:
>> On Tue, Feb 08, 2011 at 10:13:51AM -0800, Eli Dart wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> we're still seeing SA thresholds kick in (we warn at 125k SAs).
>>>
>>> Any chance folks might be interested in putting bogon filters on MSDP?
>>>   A huge amount of this is for unallocated space....
>> The Internet2 Visible Network configs page is not responding right
>> now, but here's a copy of their filter from a couple of years ago:
>>
>>      policy-statement MSDP-FILTER {
>>          term bad-groups {
>>              from {
>>                  route-filter 224.0.1.2/32 exact;
>>                  route-filter 224.0.1.3/32 exact;
>>                  route-filter 224.0.1.8/32 exact;
>>                  route-filter 224.0.1.22/32 exact;
>>                  route-filter 224.0.1.24/32 exact;
>>                  route-filter 224.0.1.25/32 exact;
>>                  route-filter 224.0.1.35/32 exact;
>>                  route-filter 224.0.1.39/32 exact;
>>                  route-filter 224.0.1.40/32 exact;
>>                  route-filter 224.0.1.60/32 exact;
>>                  route-filter 224.0.2.1/32 exact;
>>                  route-filter 224.0.2.2/32 exact;
>>                  route-filter 224.77.0.0/16 orlonger;
>>                  route-filter 225.1.2.3/32 exact;
>>                  route-filter 226.77.0.0/16 orlonger;
>>                  route-filter 229.55.150.208/32 exact;
>>                  route-filter 234.42.42.40/30 orlonger;
>>                  route-filter 234.142.142.42/31 orlonger;
>>                  route-filter 234.142.142.44/30 orlonger;
>>                  route-filter 234.142.142.48/28 orlonger;
>>                  route-filter 234.142.142.64/26 orlonger;
>>                  route-filter 234.142.142.128/29 orlonger;
>>                  route-filter 234.142.142.136/30 orlonger;
>>                  route-filter 234.142.142.140/31 orlonger;
>>                  route-filter 234.142.142.142/32 exact;
>>                  route-filter 232.0.0.0/8 orlonger;
>>                  route-filter 239.0.0.0/8 orlonger;
>>              }
>>              then reject;
>>          }
>>          term bad-sources {
>>              from {
>>                  source-address-filter 10.0.0.0/8 orlonger;
>>                  source-address-filter 127.0.0.0/8 orlonger;
>>                  source-address-filter 172.16.0.0/12 orlonger;
>>                  source-address-filter 192.168.0.0/16 orlonger;
>>              }
>>              then reject;
>>          }
>>          term bad-planetlab {
>>              from {
>>                  source-address-filter 198.32.154.179/32 exact;
>>                  source-address-filter 198.32.154.187/32 exact;
>>                  source-address-filter 198.32.154.195/32 exact;
>>                  source-address-filter 198.32.154.202/32 exact;
>>                  source-address-filter 198.32.154.210/32 exact;
>>                  source-address-filter 198.32.154.218/32 exact;
>>                  source-address-filter 198.32.154.226/32 exact;
>>                  source-address-filter 198.32.154.235/32 exact;
>>                  source-address-filter 198.32.154.243/32 exact;
>>                  source-address-filter 198.32.154.250/32 exact;
>>              }
>>              then reject;
>>          }
>>          term allow {
>>              then accept;
>>          }
>>
>> I had never noticed the 'bad-planetlab' section before and I don't
>> know whether that's still in the current config. Perhaps it needs to
>> be made larger. . .
>>
>> Bill.