[130300] in North American Network Operators' Group
Re: Using crypto auth for detecting corrupted IGP packets?
daemon@ATHENA.MIT.EDU (Danny McPherson)
Fri Oct 1 00:17:14 2010
From: Danny McPherson <danny@tcb.net>
In-Reply-To: <AANLkTikM7CXUQzNfGSUcMo0jEJJnqfw+OcyvagVjj=Cb@mail.gmail.com>
Date: Fri, 1 Oct 2010 00:16:58 -0400
To: Manav Bhatia <manavbhatia@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 30, 2010, at 11:34 PM, Manav Bhatia wrote:
>=20
> I would be interested in knowing if operators use the cryptographic
> authentication for detecting the errors that i just described above.
Additionally, one might venture to understand the effects of such =
mechanisms and
why knob's such as IS-IS's "ignore-lsp-errors" were added ~15 years ago. =
LSP
corruption storms driven by receivers that purge corrupted LSPs and =
originators that=20
re-originate and flood on receipt of said purged LSPs are very =
problematic and=20
otherwise difficult to identify in practice. =20
Coincidentally, it's also why logging LSPs that trigger such errors is =
important, whether=20
you ignore them or propagate them.
-danny=20=
