[31921] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: IS-IS protocol implementation problem

daemon@ATHENA.MIT.EDU (Neil J. McRae)
Mon Oct 30 04:30:16 2000

From: "Neil J. McRae" <neil@COLT.NET>
Message-Id: <200010300928.JAA17727@NetBSD.noc.COLT.NET>
In-Reply-To: <20001030024915.24565.cpmta@c004.sfo.cp.net> from Sean Donelan at "Oct 29, 2000 06:49:15 pm"
To: sean@donelan.com (Sean Donelan)
Date: Mon, 30 Oct 2000 09:28:06 +0000 (GMT)
Cc: smd@clock.org, nanog@merit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu


> At approximately 7:37am EDT on Friday, about 258 Cisco 12000's on UUNET's
> primary backbone reloaded. This appeared to be isolated to routers
> in ASN 701. It disrupted reachability to about 15% of the world-wide Internet
> based on data from Matrix measurements.  A contributing cause was a bad
> IS-IS packet which confused certain IOS versions in the 12.0 IOS software
> train. I haven't heard what the root cause was or what originated the
> bad IS-IS packet. The Cisco bug id is CSCdr05779. Any provider running the
> affected IOS version may be vulnerable depending on what the root cause
> turns out to be.
> 
> Although the bad IS-IS packet didn't propagate to other providers, several
> other providers did report BGP resets and route flaps about the same time.

If a large AS such as AS701 starts flapping I wouldn't be surprised
if other ASes start seeing BGP resets and route-flaps. Could be
that crud routing information was exchange when that chaos started
[jeez 258 routers I'd hate to have been the on duty NOC guy on that
morning :-)]

Interestingly though we still see alot routes with bad AS-PATH information
people should be setting more stringent configurations on the routes
the learn and subsequentally pass on to avoid this.

Regards,
Neil.


home help back first fref pref prev next nref lref last post