Multicast TTL 1 packets processed where?

--chris----chris-- Member Posts: 1,518 ■■■■■□□□□□
i was listening to a pod cast earlier and someone on the show brought up that "most" multicast packets with a TTL of 1 are not processed in the ASICs but instead in software. They were discussing "Client made" DoS'ing, and he said he had seen a client actually DoS their own network through copious amounts of routing protocols sending updates with TTL 1 packets.

Does anyone know what protocols might do this? Is it all​ of the common routing protocols?

Comments

  • ccie14023ccie14023 Member Posts: 183
    The reason for this: when the TTL hits zero then the router is going to kick back an ICMP message with an error. This sort of thing is not handled in ASICs, so the packet needs to be punted to the CPU. Yes, a TTL of 1 is generally used for all routing protocols that use multicast. I can't think of any exceptions. If you think about it, there is no reason for multicast routing protocol packets to go beyond the local segment. Even if the TTL were greater than zero for some reason, multicast routing would have to be configured for the packet to go anywhere. TTL 0 traffic is not the only traffic that gets punted to the CPU, and it's often the case that when a router CPU goes high, traffic has some option that bumps it up there unnecessarily.
Sign In or Register to comment.