Anyone else seeing "(invalid or corrupt AS path) 3 bytes E01100" ?

Ricky Beam jfbeam at gmail.com
Mon Aug 17 18:26:59 CDT 2009


On Mon, 17 Aug 2009 18:40:39 -0400, Jared Mauch <jared at puck.nether.net>  
wrote:
> Is there some significant barrier to people getting recent code on the  
> devices that is not impacted by this and the other fun bgp 'attacks'  
> that can happen?

In a word: YES.

Any respectable ISP will not load code that has not been extensively  
tested.  Failure to do so can, and WILL, lead to even greater impact  
outages. (we've all made that mistake.  Once.)  Unless you do millions  
with Cisco and can therefore get custom IOS builds, you won't get a newer  
version with *just* the intended bug fixed.  Their maint "rebuilds" end up  
with multiple "fixes" and all too often, previous fixes reverted. (I  
stopped counting the number of times I had to bitch at them to refix the  
SNMP DLCI interface counters on the 7401... "we don't test frame relay on  
the 7401" -- sure, that's eons ago, but nothing has changed over there.)

And then there's the question of support... again, any respectable ISP  
maintains maint contracts with their vendors.  But, things tend to fall  
through the cracks... contracts expire, people forget to list all the  
equipment, vendors drop support for various hardware and software, etc.

You've obviously not gone to Cisco for any "non-contract" software  
updates.  It's faster to bribe someone with an active service contract or  
use google.

Also... Never underestimate the power of Lazy!

--Ricky




More information about the NANOG mailing list