[160410] in North American Network Operators' Group
Re: L3 East cost maint / fiber 05FEB2012 maintenance
daemon@ATHENA.MIT.EDU (Jason Biel)
Tue Feb 5 13:02:41 2013
In-Reply-To: <CAHsqw9u6MNVf-pXecNnUgqBdvoQEPB_guGUo_EXdspcJZhwnTw@mail.gmail.com>
Date: Tue, 5 Feb 2013 12:02:06 -0600
From: Jason Biel <jason@biel-tech.com>
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Agree as well.
Bad assumption on my part that Level3 would doing the items listed in the
workaround already.
On Tue, Feb 5, 2013 at 11:41 AM, Jonathan Lassoff <jof@thejof.com> wrote:
> On Tue, Feb 5, 2013 at 9:33 AM, Jason Biel <jason@biel-tech.com> wrote:
> > Workaround is proper filtering and other techniques on the RE/Loopback to
> > prevent the issue from happening.
>
> Agreed. However, if it only takes one packet, what if an attacker
> sources the traffic from your management address space?
>
> Guarding against this requires either a separate VRF/table for
> management traffic or transit traffic, RPF checking, or TTL security.
> If these weren't setup ahead of time, maybe it would be easier to
> upgrade than lab, test, and deploy a new configuration.
>
> This is all speculation about Level3 on my part; I don't know their
> network from an internal perspective.
>
> --j
> >
> > Should an upgrade be performed? Yes, but certainly doesn't have to have
> > right away or without notice to customers.
> >
> > On Tue, Feb 5, 2013 at 11:23 AM, Jonathan Lassoff <jof@thejof.com>
> wrote:
> >
> >> My hunch is that this is fallout and repairs from Juniper PR839412.
> >> Only fix is an upgrade. Not sure why they're not able to do a hitless
> >> upgrade though; that's unfortunate.
> >>
> >> Specially-crafted TCP packets that can get past RE/loopback filters
> >> can crash the box.
> >>
> >> --j
> >>
> >> On Tue, Feb 5, 2013 at 7:39 AM, Josh Reynolds <esseph@gmail.com> wrote:
> >> > I know a lot of you are out of the office right now, but does anybody
> >> have
> >> > any info on what happened with L3 this morning? They went into a 5
> hour
> >> > maintenance window with expected downtime of about 30 minutes while
> they
> >> > upgraded something like *40* of their "core routers" (their words),
> but
> >> > also did this during some fiber work and completely cut off several of
> >> > their east coast peers for the entirety of the 5 hour window.
> >> >
> >> > If anybody has any more info on this, on a NOC contact for them on the
> >> East
> >> > Coast for future issues, you can hit me off off-list if you don't feel
> >> > comfortable replying with that info here.
> >> >
> >> > Thanks, and I hope hope you guys are enjoying Orlando.
> >> >
> >> > --
> >> > *Josh Reynolds*
> >> > esseph@gmail.com - (270) 302-3552
> >>
> >>
> >
> >
> > --
> > Jason
>
--
Jason
