Home page logo
/

nanog logo nanog mailing list archives

Re: IS-IS protocol implementation problem
From: "Neil J. McRae" <neil () COLT NET>
Date: Mon, 30 Oct 2000 09:28:06 +0000 (GMT)


At approximately 7:37am EDT on Friday, about 258 Cisco 12000's on UUNET's
primary backbone reloaded. This appeared to be isolated to routers
in ASN 701. It disrupted reachability to about 15% of the world-wide Internet
based on data from Matrix measurements.  A contributing cause was a bad
IS-IS packet which confused certain IOS versions in the 12.0 IOS software
train. I haven't heard what the root cause was or what originated the
bad IS-IS packet. The Cisco bug id is CSCdr05779. Any provider running the
affected IOS version may be vulnerable depending on what the root cause
turns out to be.

Although the bad IS-IS packet didn't propagate to other providers, several
other providers did report BGP resets and route flaps about the same time.

If a large AS such as AS701 starts flapping I wouldn't be surprised
if other ASes start seeing BGP resets and route-flaps. Could be
that crud routing information was exchange when that chaos started
[jeez 258 routers I'd hate to have been the on duty NOC guy on that
morning :-)]

Interestingly though we still see alot routes with bad AS-PATH information
people should be setting more stringent configurations on the routes
the learn and subsequentally pass on to avoid this.

Regards,
Neil.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault