Did your BGP crash today?

Saku Ytti saku at ytti.fi
Sat Aug 28 03:41:22 CDT 2010


On (2010-08-28 09:22 +0100), Thomas Mangin wrote:

> > i suspect that these folk will test better next time.  i sure hope so.
> 
> Not sure the researcher can afford to buy a ios xr and may not have access to one !

Indeed.

Also testing is hard, especially so, when you essentially need to reinvent
the wheel every time, which might not even fit your time schedule. 

Maybe we as community could build 'BGPSpec' testing suite, simply python
(or ruby yay!) script which has been thought at least to puke out UPDATEs
that have known to break implementations before. Test cases being unique
files for easy contribution.
This BGPSpec could then be ran by vendors, researchers and operators, and
we could be sure that at least same mistake is not done twice.
With this suite in place, it would be easier for researcher to write new
test case for the suite and then ask people to run it against their gear.

>From global network security/reliability point-of-view BGP is pretty much
only important protocol and as such maybe should enjoy special status in
collaborative quality assurance.

Considering this issue, late junos 32b ASN, mikrotik long AS path this
http://www.cisco.com/en/US/products/products_security_advisory09186a0080094a58.shtml
and probably many others, it seems we've been exceptionally lucky, that
someone hasn't been fuzzing Internet BGP with target of breaking as much of
it as possible, as it wouldn't really been that hard.

-- 
  ++ytti




More information about the NANOG mailing list