[31920] in North American Network Operators' Group
Re: IS-IS protocol implementation problem
daemon@ATHENA.MIT.EDU (Sean Donelan)
Sun Oct 29 21:51:09 2000
Date: 29 Oct 2000 18:49:15 -0800
Message-ID: <20001030024915.24565.cpmta@c004.sfo.cp.net>
Content-Type: text/plain
Content-Disposition: inline
Mime-Version: 1.0
To: smd@clock.org
From: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, 29 October 2000, smd@clock.org wrote:
> P.S.: any chance you can be a bit more concrete about what's happening?
When I'm concrete, providers complain I'm picking on them, and getting
them bad press.
But since you asked....
At approximately 7:37am EDT on Friday, about 258 Cisco 12000's on UUNET's
primary backbone reloaded. This appeared to be isolated to routers
in ASN 701. It disrupted reachability to about 15% of the world-wide Internet
based on data from Matrix measurements. A contributing cause was a bad
IS-IS packet which confused certain IOS versions in the 12.0 IOS software
train. I haven't heard what the root cause was or what originated the
bad IS-IS packet. The Cisco bug id is CSCdr05779. Any provider running the
affected IOS version may be vulnerable depending on what the root cause
turns out to be.
Although the bad IS-IS packet didn't propagate to other providers, several
other providers did report BGP resets and route flaps about the same time.
