Did your BGP crash today?
Warren Kumari
warren at kumari.net
Fri Aug 27 22:20:01 UTC 2010
On Aug 27, 2010, at 5:37 PM, bmanning at vacation.karoshi.com wrote:
>
> come on Chris, is the Internet an experiment or not? :)
> one would think that a responsible party would have made
> efforts to let others in the "playground" know they were
> going to try something different that could have ramifications
> on an unkown distribution of some code bases.
I'm assuming that they weren't really expecting this to cause
issues... Where does one draw the line? I'm planning on announcing
x.y.z.0/20 later in the week -- x, y and z are all prime and the sum
of all 3 is also a prime. There is a non-zero chance that something
somewhere will go flooie, shall I send mail now or later?
Also, I would prefer that this gets discovered and dealt with (in this
case by stopping the announcement :-)) than having folk not willing to
try things and ending up with a weaponized version...
W
>
> I'm not asking my vendor or (in the case of OSS) me to run
> "full bit sweeps"... but a heads up to some of the known
> ops lists would have been not only welcome but expected.
>
> as usual, YMMV
>
> --bill
>
>
> On Fri, Aug 27, 2010 at 04:11:32PM -0400, Christopher Morrow wrote:
>> On Fri, Aug 27, 2010 at 4:07 PM, Mike Gatti <ekim.ittag at gmail.com>
>> wrote:
>>> where's the change management process in all of this.
>>> basically now we are going to starting changing things that can
>>> potentially have an adverse affect on users without letting anyone
>>> know
>>> before hand .... Interesting concept.
>>
>> you are running bgp, you are connected to the 'internet'... congrats
>> you are part of the experiment.
>>
>> I suppose one view is that "at least it wasn't someone with ill
>> intent, or a misconfigured mikrotek!"
>>
>> (you are asking your vendors to run full bit sweeps of each protocol
>> in a regimented manner checking for all possible edge cases and
>> properly handling them, right?)
>>
>> -chris
>>
>>> On Aug 27, 2010, at 3:33 PM, Dave Israel wrote:
>>>
>>>>
>>>> On 8/27/2010 3:22 PM, Jared Mauch wrote:
>>>>> When you are processing something, it's sometimes hard to tell
>>>>> if something
>>>>> just was mis-parsed (as I think the case is here with the
>>>>> "missing-2-bytes")
>>>>> vs just getting garbage. Perhaps there should be some way to
>>>>> "re-sync" when
>>>>> you are having this problem, or a parallel "keepalive" path
>>>>> similar to
>>>>> MACA/MCAS/MIDCAS/TCAS between the devices to talk when something
>>>>> bad is
>>>>> happening.
>>>>
>>>> I know it wasn't there originally, and isn't mandatory now, but
>>>> there is
>>>> an MD5 hash that can be added to the packet. If the TCP hash
>>>> checks
>>>> out, then you know the packet wasn't garbled, and just contained
>>>> information you didn't grok. That seems like enough evidence to
>>>> be able
>>>> to shrug and toss the packet without dropping the session.
>>>>
>>>> -Dave
>>>>
>>>>
>>>>
>>>
>>> =+=+=+=+=+=+=+=+=+=+=+=+=
>>> Mike Gatti
>>> ekim.ittag at gmail.com
>>> =+=+=+=+=+=+=+=+=+=+=+=+=
>>>
>>>
>>>
>>>
>>>
>>
>
--
What our ancestors would really be thinking, if they were alive today,
is: "Why is it so dark in here?"
-- (Terry Pratchett, Pyramids)
More information about the NANOG
mailing list