Did your BGP crash today?
Richard A Steenbergen
ras at e-gerbil.net
Fri Aug 27 21:23:09 UTC 2010
On Fri, Aug 27, 2010 at 01:43:39PM -0700, Clay Fiske wrote:
> If -everyone- dropped the session on a bad attribute, it likely
> wouldn't make it far enough into the wild to cause these problems in
> the first place.
And if everyone filtered their BGP customers there would be no routing
leaks, but we've seen how well that works. :)
The "if anything bad happens, drop the session" method of protection is
only effective if EVERY BGP implementation catches EVERY malformed
update EVERY time, which just doesn't match up with reality. Not only
that, but a healthy number of the bgp update issues over the years have
actually been the result of implementations detecting perfectly valid
things as invalid, which means by definition the implementations which
get it right and don't drop the session act as carriers and spread the
problem route globally. How long as we going to continue to act like
this method of protection is actually working?
Lets be reasonable, if your basic bgp message format is malformed you're
going to need to drop the session. If the packet is corrupted or the
size of the message doesn't match whats in the tlv, you're not going to
be able to continue and you'll have to drop the session. But there are
still a huge number of potential issues where it would be perfectly safe
to drop the update you didn't like, and support for this could easily be
negotiated and the sending side informed of the issue by a soft
notification extension. I have yet to see a single argument against this
which isn't political or philosophical in nature.
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the NANOG