CCO1376@mvs.draper.COM (02/08/91)
We have discovered a problem on our network and would like to know if other sites have seen this problem. Solutions will be cheerfully accepted, also. We are running a subnetted class B network with a mixed bag of PCs, workstations, minis and mainframes: IBM, Apple, Sun, HP, DEC, etc. In order to better localize broadcast traffic to the originating subnet, we have configured most of this equipment to use the Subnet Directed Broadcast address: {<network number>,<subnet number>,-1} as described in RFC 1122, Section 3.3.6. Due to the need to support B-node NETBIOS over TCP (ala RFC 1001, 1002), the PCs using this protocol use the All-Subnets Directed Broadcast address: {<network number>,-1,-1}. Since our routers (Wellfleet) will pass All-Subnets Directed Broadcasts, we are able to provide the connectivity required for this service. Note, the routers themselves use Subnet Directed Broadcasts for RIP. So far, so good. We did notice, however, that there was a large number of ICMP Destination Unreachable (Port Unreachable) messages being generated. We traced this activity to the ULTRIX, UCX, AIX, A/UX, and OS/2 (but not SunOS) systems responding to the UDP All-Subnets Directed Broadcast from the NETBIOS machines. Apparently a lower layer of software in these machines accepts this traffic and passes it to a higher layer that is then unable to recognize it as a broadcast. It would seem that, recognizing the broadcast nature of the message, the higher layer should drop it quietly. (Imagine all hosts on a network, except one, responding to ARP with "not me" messages.) :-) One supporting piece of evidence of the underlying pathology is that the offending machines can be silenced by configuring them to use All-Subnets Directed Broadcasts, but that then loses the advantage of localizing these broadcasts. Furthermore, these offending machines now complain about the RIP packets, which use Subnet Directed Broadcasts. Reading in RFC1122 is enlightening. First, referring to the above mentioned broadcast address definitions in Section 3.3.6 it says, "A host MUST recognize any of these forms in the destination address of an incoming datagram." Earlier, in Section 3.2.2 it says, "An ICMP error message MUST NOT be sent as the result of receiving: ... a datagram destined to an IP broacast or an IP multicast address, ..." Lest there be any misunderstanding, it goes on to say, "THESE RESTRICTIONS TAKE PRECEDENCE OVER ANY REQUIREMENT ELSEWHERE IN THIS DOCUMENT FOR SENDING ICMP ERROR MESSAGES." The subsequent "discussion" goes on to describe the *exact* problem we observed, that is, a UDP broadcast to a non-existent port that triggers a flood of ICMP Destination Unreachable datagrams! ------------------------------------------------------------------------ Cecil C. Ogren cogren@draper.com C.S.Draper Laboratory (617)258-1655 555 Technology Square Mail Station: 33 Cambridge MA 02139 ------------------------------------------------------------------------