[nsp-sec] Anyone else see badness at LINX starting approx 00:50 31 Jul 2011 UTC?
John Fraizer
john at op-sec.us
Sun Jul 31 04:04:21 EDT 2011
Did anyone else see badness via the LINX starting at about 00:50 31 Jul 2011
UTC?
Our London router went into a boot loop starting at around 00:50 UTC. It
would come up and form iBGP adjacency for a total of 19 seconds before it
rebooted again. I immediately started thinking rogue BGP announcement where
someone has a grossly long AS path or hundreds of communities was the
cause. Troubleshooting, is a bit difficult when you only have 19 seconds to
get into the box before it craps out again. The ultimate cure of the issue
only came when we engaged Telehouse to physically disconnect our two LINX
uplinks from the router. All badness stopped at that point.
The only common denominator I can find in the crash logs is that one of the
LINX Brocade LAN route-servers (195.66.227.230 or 195.66.227.231) had just
come up seconds earlier.
*Jul 31 03:15:17.211: %BGP-5-ADJCHANGE: neighbor 195.66.227.37 Up
*Jul 31 03:15:17.215: %BGP-5-ADJCHANGE: neighbor 195.66.227.231 Up
*Jul 31 03:15:21.575: %BGP-5-ADJCHANGE: neighbor 195.66.227.99 Up
*Jul 31 03:15:21.867: %C6K_PLATFORM-2-PEER_RESET: RP is being reset by the
SP
%Software-forced reload
As much as I don't wish bad juju on other people, I'm hoping I'm not the
only one who saw this and that someone else is also trying to track down
what funk was being spewed at the LINX to cause the issue.
John Fraizer
AS36167
More information about the nsp-security
mailing list