[nsp-sec] 94.125.216.0/21 - ASN 47868 SUPRO-AS
David Freedman
david.freedman at uk.clara.net
Tue Feb 17 18:18:08 EST 2009
Just as a point of reference,
I have 50 set as limit in 12.0(32)SY4 and works perfectly for me
Dave,
------------------------------------------------
David Freedman
Group Network Engineering
Claranet Limited
http://www.clara.net
-----Original Message-----
From: nsp-security-bounces at puck.nether.net on behalf of Mike Lewinski
Sent: Tue 2/17/2009 19:49
To: nsp-security at puck.nether.net
Subject: Re: [nsp-sec] 94.125.216.0/21 - ASN 47868 SUPRO-AS
----------- nsp-security Confidential --------
German Martinez wrote:
> On Mon Feb 16, 2009, Mike Lewinski wrote:
>
>> We did have "bgp maxas-limit 75" configured prior to this event and that
>> should have helped but didn't. Completely dropping ALL received routes also
>> didn't help. I'm pretty sure the only thing that is going to permanently
>> fix this is an IOS upgrade and I'm working to get that into the pipeline.
>>
>> Everything I see shows CSCdr54230 addressed back in '04. I'm running an IOS
>> compiled in '07 (12.2(18)S13) so that's a little puzzling.
>
> did you have this command explicitly configure in your routers?
> According to Cisco:
I did - since this past October actually (see
http://www.gossamer-threads.com/lists/nanog/users/109412 ).
In fact I have log messages from before the event that confirm this. We
decided after months of watching "malloc fail" events that we'd rather
not allocate more memory for other people's shenanigans and that was the
motive for configuring this.
Working good on Feb 13:
Feb 13 16:45:08 lsvl-gw-1 324: Feb 13 16:45:07 MST: %BGP-6-ASPATH: Long
AS path 209 3356 39412 39625 39625 39625 39625 39625 39625 39625 39625
39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625
39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625
39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625
39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625
39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625
39625 39625 39625 39625 39625 39625 39625 39625 39625 received from
63.224.65.109: More than configured MAXAS-LIMIT
Not working on Feb 16:
Feb 16 09:24:27 lsvl-gw-1 328: Feb 16 09:24:27 MST: %BGP-6-ASPATH: Long
AS path 209 3356 29113 47868 47868 47868 47868 47868 47868 47868 47868
47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
47868 47868 47868 47868 47868 47868 47868 47868 47868 received from
63.224.65.109: Has more than 255 AS
Feb 16 09:24:27 lsvl-gw-1 329: Feb 16 09:24:27 MST: %BGP-5-ADJCHANGE:
neighbor 63.224.65.109 Down BGP Notification sent
Feb 16 09:24:27 lsvl-gw-1 330: Feb 16 09:24:27 MST: %BGP-3-NOTIFICATION:
sent to neighbor 63.224.65.109 3/11 (invalid or corrupt AS path) 516
bytes 50020200 02FF00D1 0D1C71B9 BAFCBAFC BA
I actually removed the " bgp maxas-limit 75" when things started to
crash, thinking that maybe it was causing the problem somehow. It made
no difference at all to have it or not.
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list