[AG-TECH] Argonne bridge policy changes

Bill Nickless nickless at mcs.anl.gov
Sun Jul 22 22:49:02 CDT 2001 

To foster the use of scalable networking models, to avoid incidents like 
those described below, and to align Argonne's network use with the 
acceptable use policies of various network providers, Argonne intends to 
restrict the use of the Multi Session Bridge to authorized hosts, and to a 
subset of the available Venues.

If your node doesn't yet have native IP multicast worked out, Argonne will 
continue to serve your needs for a time.  Please send email to 
mcast-support at accessgrid.org with the IP addresses of your audio, video, 
and display machines.  Argonne people will verify that you have a Multicast 
Beacon running and that the process of enabling native IP multicast at your 
site has begun.  Then we will enable your access to the Multi Session 
Bridge.  We will revisit this access approximately every 30 days in the 
context of enabling native IP multicast to your node.

Unfortunately, the Multi Session Bridge has been used as an effective 
denial of service attack tool, albeit unintentionally:

  - Users of 802.11b wireless networks have started up MSB vtc clients
    at various sites (yes, more than one), rendering those wireless
    networks unusable for any other purpose.

  - Home users of cable modem and DSL have started MSB vtc clients.  MSB
    dutifully started sending several megabits of traffic (over 80 megabits
    in at least one case) towards users limited to 1.5 megabits/sec.

  - MSB users on shared 10 megabit/sec Ethernets have caused so much
    traffic on their local network segment that other users have been
    unable to get work done; in fact, some of those users have lost
    all external reachability because the MSB traffic overwhelmed the
    network routing protocols.

Argonne peers with several dozen networks, including government sponsored 
(ESNet, DREN), research oriented (Abilene), and commercial (@Home, Verio, 
Exodus, Cogent).  This puts Argonne in an very good position in terms of 
reachability to our collaborators, but it also requires Argonne to pay 
attention to the acceptable use policies of these various networks.

For example, one research network (let's call it Network A) has strict 
requirements on who can source traffic to them.  Arguably, use of the MSB 
by non-Network A participants violates Network A's use policies.  We can 
finesse this point by calling it an experiment or a temporary measure, but 
we also have to be able to show progress towards native multicast 
deployment at the MSB user sites.

In the second example cited above (blasting a DSL/cable modem user with 
excessive traffic) Argonne is afraid of those network managers deciding 
that the Argonne peering is more trouble than it is worth.  Argonne depends 
on those peerings for other purposes than Access Grid, and losing those 
peerings would reflect badly on the Access Grid project at Argonne.

Finally, Argonne's external networking resources are finite.  We can't be 
the center of the Access Grid network universe forever; that limits the 
scalability of the Access Grid as a whole.  Each user of the MSB costs 
Argonne more than the entire bandwidth of the Venue in use.  That's why 
Bill Nickless and Linda Winkler work so hard on native IP multicast 
deployment for Access Grid sites.  Unfortunately, it seems that the free 
availability of the MSB can reduce the incentive for Access Grid sites to 
solve their IP multicast problems.

The good news is that Bill and Linda stand ready to do whatever they can to 
help a site fix their multicast.  Bill routinely travels across the United 
States helping sites with deployment and debugging.  Bill and Linda 
participate in networking conferences to train network operators and to 
improve IP multicast deployment.  Send us email at 
mcast-support at accessgrid.org telling us how we can help--we're always 
looking for ways to push the deployment of IP multicast technology.

We apologize for having to start limiting what has become a very popular 
and useful resource in the Access Grid community.  But in exchange we offer 
you our help and expertise to keep you from having to routinely depend on it.

===
hBill Nickless    http://www.mcs.anl.gov/people/nickless      +1 630 252 7390
PGP:0E 0F 16 80 C5 B1 69 52 E1 44 1A A5 0E 1B 74 F7     nickless at mcs.anl.gov

More information about the ag-tech mailing list