All things related to multicast

[Bill Owens <>]

Taking myself up on the challenge to look at the bogon groups currently 
floating around the SA table, I grabbed a snapshot shortly after the UC Davis 
PlanetLab stuff disappeared. Out of 990 SAs, 316 are from IANA-reserved 
ranges. Another 134 are from 234/8, which according to IANA is now set aside 
for RFC6034, "Unicast-Prefix-Based IPv4 Multicast Addresses". Who knew ;) 
However, a quick scan of the list shows only two groups that could 
potentially be legitimate uses of that RFC, and I don't think that either one 
really is.

I dont have time to carefully analyze the SA lists, though there are 
certainly some interesting things hiding in there. For example, I discovered 
that 228.1.2.1 is a multicast group for Blackberry Enterprise Servers, and 
yes, they do send status packets to it. It's possible that most of the bogon 
groups are like that, intended to be for internal use, and are only 
accidentally getting out of the campus or regional network. 

What does that mean for bogon filtering? I think that someone would have to 
look more closely at the existing activity to at least be able to make an 
educated guess how much of it is intended to be interdomain, and would 
therefore be impacted by a stricter filter. I would not be willing to 
implement such a filter within NYSERNet until that kind of examination were 
done.

Bill.