[44219] in North American Network Operators' Group
Re: Rate limiting UDP,Multicast,ICMP
daemon@ATHENA.MIT.EDU (Niels Bakker)
Tue Nov 13 12:38:25 2001
Date: Tue, 13 Nov 2001 18:37:41 +0100
From: Niels Bakker <niels=nanog@bakker.net>
To: nanog@merit.edu
Message-ID: <20011113183741.I31887@trance.org>
Mail-Followup-To: nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011113121033.B7797@puck.nether.net>; from jared@puck.Nether.net on Tue, Nov 13, 2001 at 12:10:33PM -0500
Errors-To: owner-nanog-outgoing@merit.edu
* jared@puck.Nether.net (Jared Mauch) [Tue 13 Nov 2001, 18:11 CET]:
> As far as multicast goes, I'm not aware of anyone running
> native multicast that would limit the traffic. Those still using
> DVMRP may have multicast rate-limits in place as to not have a massive
> bandwidth sucking sound coming from their general direction.
I'm sure that the operators of the networks that were massively hindered
when some worms started scanning random hosts in 224/4 (that's what you
get if you don't understand IP and just use a random number generator to
get something resembling an IP address) were rate-limiting packets to
multicast addresses pretty quickly. All those new sessions (one UDP
packet to a multicast address) created state in lots of routers
throughout their networks. Dropping TCP to 224/4 of course also helps
in this particular case.
Apart from not wanting to point fingers, the names of some of these
network operators escape me at the moment too, even though I believe
they were posted here at the time.
Regards,
-- Niels.
