[c-nsp] Research experiment disrupts Internet, for some
Zoe O'Connell
zoe-nsp at complicity.co.uk
Mon Aug 30 08:10:36 EDT 2010
On 29/08/2010 18:59, Jared Mauch wrote:
> This story appears to be highly sensationalized.
>
> IOS-XR had a bug processing valid bgp updates. This has happened in the past as well with 4-byte ASNs and other things over the years.
>
> You say the customer was running IOS, but not what version or if it is IOS-XR on the GSR(12K) which is totally feasible.
>
> If the software is old, they likely saw a bug. If you don't maintain your BGP speaking devices software revisions, you will likely see problems.
>
> If you are not going to maintain your device, you likely don't need BGP. (Or you need to hire a contractor to help you monitor and manage this periodically).
From a UK perspective, I don't believe this story is sensationalised,
if anything I'm surprised by the lack of news coverage. We saw a major
impact (~15% of total internet traffic if LINX is anything to go by) and
it appears to have taken down large portions of the older of the two DSL
platforms run by local ex-monopoly telco, BT. It may be the legacy
platform but it's certainly not unmaintained and probably carries in the
region of 25-50% of UK broadband traffic at a guess. Being the older of
the two platforms that's not seeing any active development, I would
imagine they have a very conservative upgrade policy.
More information about the cisco-nsp
mailing list