North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: That pesky AS path corruption bug...
On Tue, 23 May 2000, Blaine Christian wrote: > 1. How can everyone protect themselves RIGHT NOW. RIGHT NOW you can basically shut your routers off. Or a slightly less drastic method might be to trace down the session that originates the bad NLRI and turn that peering session down. > else is free game. Who besides a route-server would want to prepend an > AS besides their own. Who wants to allow customers and perhaps even > peers to send routes prepending an AS that is not their own? Prepending an AS is not as inherently bad as REMOVING an as. You can only prepend an AS to a route you send out (either you originate or you transit it). If you own the object, BFD. People will notice that you are messing with their AS and various unpleasantness will occur. If you are messing with others people's objects that you are transiting, then they should get a better transit provider. Either way, it is a self correcting problem which does not cause any catastrophic damage, like removing an as would. > EBGP peer with extreme suspicion. Reseting the BGP session (perhaps > tearing it down and leaving it down until a human intervenes) is probably > the best idea. A note of interest for the events I have seen is that you This is already accounted for in the spec. Exponential backoff on retry. > way. In fact the vendors I am thinking of quite obviously propagate the > bad route AND THEN decide to reset their BGP on a larger scale<grrrr>. Escalate the issue internally to net-eng and let Juzer deal with it. /vijay
|