[129188] in North American Network Operators' Group
Re: Did your BGP crash today?
daemon@ATHENA.MIT.EDU (Thomas Mangin)
Sat Aug 28 08:52:11 2010
In-Reply-To: <87eidisz05.fsf@mid.deneb.enyo.de>
From: Thomas Mangin <thomas.mangin@exa-networks.co.uk>
Date: Sat, 28 Aug 2010 14:51:17 +0200
To: Florian Weimer <fw@deneb.enyo.de>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
We had ASN4, AS-PATH and this one. More or less we hit this session reset pr=
oblem once a year but nothing was done yet to change the RFC.
So I am to blame as much as every network engineer to not have pushed for a c=
hange or at least a comprehensive explanation on the session teardown behavi=
our is like it is and should not be changed.
It is only our fault for not having dealt with the problem the first time co=
rrectly, and will be next time if nothing is changed once more.
I agree correctly framed invalid packet should be discarded without tearing t=
he session down.
---
from my iPhone
On 28 Aug 2010, at 14:27, Florian Weimer <fw@deneb.enyo.de> wrote:
> * Raymond Dijkxhoorn:
>=20
>> Not sure if the link was posted allready ...
>>=20
>> http://www.cisco.com/en/US/products/products_security_advisory09186a0080b=
4411f.shtml
>=20
> Cisco posts their advisories to the NANOG list.
>=20
>> 'The vulnerability manifests itself when a BGP peer announces a prefix
>> with a specific, valid but unrecognized transitive attribute. On
>> receipt of this prefix, the Cisco IOS XR device will corrupt the
>> attribute before sending it to the neighboring devices. Neighboring
>> devices that receive this corrupted update may reset the BGP peering
>> session.'
>=20
> I'm not sure what you intend to say by quoting this part of the
> advisory. If you think that it's an IOS XR bug which only needs
> fixing in IOS XR, you're showing the very attitude which has stopped
> us from making the network more resilient to these types of events.
>=20
