CCO1376@mvs.draper.COM (02/08/91)
We have discovered a problem on our network and would like to know if
other sites have seen this problem. Solutions will be cheerfully
accepted, also.
We are running a subnetted class B network with a mixed bag of PCs,
workstations, minis and mainframes: IBM, Apple, Sun, HP, DEC, etc. In
order to better localize broadcast traffic to the originating subnet, we
have configured most of this equipment to use the Subnet Directed
Broadcast address: {<network number>,<subnet number>,-1} as described in
RFC 1122, Section 3.3.6.
Due to the need to support B-node NETBIOS over TCP (ala RFC 1001, 1002),
the PCs using this protocol use the All-Subnets Directed Broadcast
address: {<network number>,-1,-1}. Since our routers (Wellfleet) will
pass All-Subnets Directed Broadcasts, we are able to provide the
connectivity required for this service. Note, the routers themselves
use Subnet Directed Broadcasts for RIP.
So far, so good. We did notice, however, that there was a large number
of ICMP Destination Unreachable (Port Unreachable) messages being
generated. We traced this activity to the ULTRIX, UCX, AIX, A/UX, and
OS/2 (but not SunOS) systems responding to the UDP All-Subnets Directed
Broadcast from the NETBIOS machines. Apparently a lower layer of
software in these machines accepts this traffic and passes it to a
higher layer that is then unable to recognize it as a broadcast. It
would seem that, recognizing the broadcast nature of the message, the
higher layer should drop it quietly. (Imagine all hosts on a network,
except one, responding to ARP with "not me" messages.) :-)
One supporting piece of evidence of the underlying pathology is that the
offending machines can be silenced by configuring them to use
All-Subnets Directed Broadcasts, but that then loses the advantage of
localizing these broadcasts. Furthermore, these offending machines now
complain about the RIP packets, which use Subnet Directed Broadcasts.
Reading in RFC1122 is enlightening. First, referring to the above
mentioned broadcast address definitions in Section 3.3.6 it says, "A
host MUST recognize any of these forms in the destination address of an
incoming datagram." Earlier, in Section 3.2.2 it says, "An ICMP error
message MUST NOT be sent as the result of receiving: ... a datagram
destined to an IP broacast or an IP multicast address, ..." Lest there
be any misunderstanding, it goes on to say, "THESE RESTRICTIONS TAKE
PRECEDENCE OVER ANY REQUIREMENT ELSEWHERE IN THIS DOCUMENT FOR SENDING
ICMP ERROR MESSAGES."
The subsequent "discussion" goes on to describe the *exact* problem we
observed, that is, a UDP broadcast to a non-existent port that triggers
a flood of ICMP Destination Unreachable datagrams!
------------------------------------------------------------------------
Cecil C. Ogren cogren@draper.com
C.S.Draper Laboratory (617)258-1655
555 Technology Square
Mail Station: 33
Cambridge MA 02139
------------------------------------------------------------------------