Microsoft SOHO router multicast problem? - or maybe it's just doing what it's supposed to be doing...
Mark Radabaugh
mark at amplex.net
Fri Apr 15 03:48:10 UTC 2005
So which one of the gods of Multicast would like to take a look at a
short tcpdump and tell me if the multicast broadcast storm is a problem
with the protocol, the Microsoft implementation, or just a really weird
coincidence?
We run a fixed wireless network that for various reasons is bridged.
Yes - it's a crappy design and we are working on changing it but that's
not really the point. I have been trying to track down a broadcast
storm that shows up on the network intermittently. I finally managed to
capture the start of one tonight.
The process starts with a slightly mangled packet (intentional? - can't
tell yet) with the 'multicast promiscuous bit' set. All of the
customers with Microsoft routers (and one Belkin) then rewrite the
mangled packet into a multicast packet, decriment the TTL, and forward
it back out the interface it came in on. This process then repeats with
each of the Microsoft routers responding to the packets from the other
routers and sending them out again. With 4 of these routers it manages
to generate 20,000+ packets before all of the TTL's drop to 0.
Needless to say this results in a little bit of a performance hit. I
have blocked Multicast at several points on the network so the problem
should be gone for now. The tcpdump file is at
http://www.amplex.net/images/multicast.cap
Mark Radabaugh
Amplex
More information about the NANOG
mailing list