[31921] in North American Network Operators' Group
Re: IS-IS protocol implementation problem
daemon@ATHENA.MIT.EDU (Neil J. McRae)
Mon Oct 30 04:30:16 2000
From: "Neil J. McRae" <neil@COLT.NET>
Message-Id: <200010300928.JAA17727@NetBSD.noc.COLT.NET>
In-Reply-To: <20001030024915.24565.cpmta@c004.sfo.cp.net> from Sean Donelan at "Oct 29, 2000 06:49:15 pm"
To: sean@donelan.com (Sean Donelan)
Date: Mon, 30 Oct 2000 09:28:06 +0000 (GMT)
Cc: smd@clock.org, nanog@merit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
> At approximately 7:37am EDT on Friday, about 258 Cisco 12000's on UUNET's
> primary backbone reloaded. This appeared to be isolated to routers
> in ASN 701. It disrupted reachability to about 15% of the world-wide Internet
> based on data from Matrix measurements. A contributing cause was a bad
> IS-IS packet which confused certain IOS versions in the 12.0 IOS software
> train. I haven't heard what the root cause was or what originated the
> bad IS-IS packet. The Cisco bug id is CSCdr05779. Any provider running the
> affected IOS version may be vulnerable depending on what the root cause
> turns out to be.
>
> Although the bad IS-IS packet didn't propagate to other providers, several
> other providers did report BGP resets and route flaps about the same time.
If a large AS such as AS701 starts flapping I wouldn't be surprised
if other ASes start seeing BGP resets and route-flaps. Could be
that crud routing information was exchange when that chaos started
[jeez 258 routers I'd hate to have been the on duty NOC guy on that
morning :-)]
Interestingly though we still see alot routes with bad AS-PATH information
people should be setting more stringent configurations on the routes
the learn and subsequentally pass on to avoid this.
Regards,
Neil.