[c-nsp] rate limiting multicast
Mikael Carlander
rip at kth.se
Thu Mar 17 04:13:08 EST 2005
Thank you for responding!
Your answers clears thing up for me a great deal!
The short answer to your question about my claim is no. In hindsight I can
see that I expressed myself poorly, it was not meant as a claim, merely as
an observation of mine after trying to read up on the subject. The very
few ISP's I have spoken to so far (3) have mentioned utilising rate
limiting for multicast, but have not been forthcoming about how.
Ive been focusing on attacks that are indiscriminately scanning IP
addresses and the effects that it has on the routing process, especially
in conjunction with other types of attacks that aim to exhaust the RP.
So I'm not primarily interested in rate limiting as a method of congestion
controll, or in order to stop UDP from pushing out TCP, but rather in
order to spare the RP.
By rate limiting in fixed numbers, multiple different types of attacks can
be used in order to overwhelm the RP. Instead I was hoping to find a way
of rate limiting by percentage of CPU-utilisation,
buffer-memory-utilisation or similar.
Again, thanks!
/Micke
> At 09:56 AM 16-03-05 -0600, John Kristoff wrote:
>
> See:
>
> ip multicast rate-limit {in | out} [video | whiteboard] [group-list
> access-list] [source-list access-list] kbps
>
> <http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fiprmc_r/mult/1rfmult2.htm#wp1078547>
>
> -Hank
>
>>On Wed, 16 Mar 2005 10:26:35 +0100 (CET)
>>"Mikael Carlander" <rip at kth.se> wrote:
>>
>> > Most ISP's are now rate-limiting Multicast. My question is: When you
>> limit
>> > Multicast, are you limiting CPU or bandwidth? and more importantly,
>> are
>> > you limiting by percentage or a static number?
>>
>>Can you provide references to the claim that most ISP's are rate
>>limiting multicast traffic? I'd be curious in how specifically. It
>>may be that certain types of multicast data and/or control traffic is
>>being limited, but it matters as to which one you are talking about.
>>
>>Generally speaking, you may be limiting both CPU somewhere and link
>>usage (what you call bandwidth). If you set rate limits on edge
>>interfaces for anything over UDP to 224/4 for example, you are
>> potentially
>>saving capacity on links that multicast may have been forwarded onto.
>>In addition, you may also be limiting multicast state created on the
>>router with the rate limit, or ones further downstream, due to the sender
>>driven state mechanisms used in typical multicast configurations. This
>>is often the case when worms have indiscriminately scanned 224/4.
>>
>>Most rate limit knobs use a fixed number, but since you are often
>>talking about a rate limit of capacity on a fixed speed link, you
>>can think of it as a percentage if you'd like to.
>>
>>John
>>_______________________________________________
>>cisco-nsp mailing list cisco-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>> +++++++++++++++++++++++++++++++++++++++++++
>> This Mail Was Scanned By Mail-seCure System
>> at the Tel-Aviv University CC.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list