Re: Rate limiting UDP,Multicast,ICMP

[Jared Mauch <jared () puck Nether net>]

On Tue, Nov 13, 2001 at 06:37:41PM +0100, Niels Bakker wrote:
> * jared () puck Nether net (Jared Mauch) [Tue 13 Nov 2001, 18:11 CET]:
> >     As far as multicast goes, I'm not aware of anyone running
> > native multicast that would limit the traffic.  Those still using
> > DVMRP may have multicast rate-limits in place as to not have a massive
> > bandwidth sucking sound coming from their general direction.
>
> I'm sure that the operators of the networks that were massively hindered
> when some worms started scanning random hosts in 224/4 (that's what you
> get if you don't understand IP and just use a random number generator to
> get something resembling an IP address) were rate-limiting packets to
> multicast addresses pretty quickly.  All those new sessions (one UDP
> packet to a multicast address) created state in lots of routers
> throughout their networks.  Dropping TCP to 224/4 of course also helps
> in this particular case.

        There were a few bugs that were related
to that.

        1) unices would allow tcp connections (syns) to multicast space
        2) routers would create (S,G) for that, causing SA storms in MSDP
(there is now a sa-limit command so you can prevent getting these from
msdp peers)
        3) some routers running MSDP would have their CPU overloaded
due to poor time managment of cpu resources.  

        Obvious ways to prevent that was to drop tcp to 224/4 at the edges 
where it was easy.  This does make sense as there is limited application
for tcp connections to 224/4.

        - Jared

-- 
Jared Mauch  | pgp key available via finger from jared () puck nether net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.