[28902] in North American Network Operators' Group
Re: That pesky AS path corruption bug...
daemon@ATHENA.MIT.EDU (Peter T. Whiting)
Tue May 23 14:06:04 2000
Date: Tue, 23 May 2000 13:01:54 -0500
From: "Peter T. Whiting" <pwhiting@fury.ittc.ukans.edu>
To: Vadim Antonov <avg@kotovnik.com>
Cc: blaine@inbound.blaines.net, pwhiting@fury.ittc.ukans.edu,
nanog@merit.edu
Message-ID: <20000523130154.C11182@sprint.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200005231741.KAA02092@kitty.kotovnik.com>; from avg@kotovnik.com on Tue, May 23, 2000 at 10:41:24AM -0700
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, May 23, 2000 at 10:41:24AM -0700, Vadim Antonov wrote:
> Peter T. Whiting <pwhiting@fury.ittc.ukans.edu> wrote:
>
> > As I understand the current spec, a router, upon receiving a malformed
> > as_path is supposed to respond with a notification message (3.11) and
> > drop the BGP connection. Your suggestion to maintain the connection
> > and drop the announcement is a practical one, but doesn't put as much
> > pressure on vendors to fix the bug.
>
> This is not only practical, but, in fact, the only sane way to do things.
> Dropping BGP session causes withdrawal of hundreds or thousands of
> acceptable routes. When the BGP session is reestablished, these routes
> will be acquired again, causing a wave of announcements. When the
> invalid route shows up, the cycle is repeated.
>
> What a perfect way to kill the Internet :)
good point.
In defense of the spec here is a cut from rfc 1771:
If a BGP speaker detects an error, it shuts down the connection
and changes its state to Idle. Getting out of the Idle state
requires generation of the Start event. If such an event is
generated automatically, then persistent BGP errors may result
in persistent flapping of the speaker. To avoid such a
condition it is recommended that Start events should not be
generated immediately for a peer that was previously
transitioned to Idle due to an error. For a peer that was
previously transitioned to Idle due to an error, the time
between consecutive generation of Start events, if such events
are generated automatically, shall exponentially increase. The
value of the initial timer shall be 60 seconds. The time shall
be doubled for each consecutive retry.
pete
