Did your BGP crash today?

Raymond Dijkxhoorn raymond at prolocation.net
Sat Aug 28 12:42:32 UTC 2010


Hi!

> Cisco posts their advisories to the NANOG list.

>> 'The vulnerability manifests itself when a BGP peer announces a prefix
>> with a specific, valid but unrecognized transitive attribute. On
>> receipt of this prefix, the Cisco IOS XR device will corrupt the
>> attribute before sending it to the neighboring devices. Neighboring
>> devices that receive this corrupted update may reset the BGP peering
>> session.'

> I'm not sure what you intend to say by quoting this part of the
> advisory.  If you think that it's an IOS XR bug which only needs
> fixing in IOS XR, you're showing the very attitude which has stopped
> us from making the network more resilient to these types of events.

Its more a workaround then a bugfix ...

Dont try to write down what I might think. I am perfectly capable of 
explaining this myselve. The narrow minded response you just did tells 
more about you then about me. So far for the rant.

I think i am around long enough that you would not even consider thinking 
that i would say 'hey this is a IOS XR BUG. Its not.' I didnt say this at 
all. Did I?

If it affects a large part of traffic on the internet and it obviously 
did. It took down a couple of the larger networks.

http://www.ams-ix.net/cgi-bin/stats/16all?log=totalall;png=daily

You can clearly see the drop there also.

I think a 'fix' 'bugfix' 'workaround' whatever you want to call it, 
i still think its good they released it and fast. A more structural 
approach is nice but wont help a lot of networks right now.

I am sorry i tried to add something to the thread. Think about this 
Florian. We are not the bad guys.

Bye,
Raymond.







More information about the NANOG mailing list