[lacnog] Problemas de ruteo con nuevo atributo

Sanchez, Alvaro asanchez en Antel.com.uy
Vie Ago 27 17:26:21 BRT 2010

No percibimos problemas.
Espero que lo hayan probado exhaustivamente antes de ponerlo en operación . . .

De: lacnog-bounces en lacnic.net
Para: Latin America and Caribbean Region Network Operators Group
Enviado: Fri Aug 27 16:57:56 2010
Asunto: [lacnog] Problemas de ruteo con nuevo atributo

Creo que este mensaje de RIPE NCC es importante para la comunidad de ruteo. No se si a alguno le haya impactado en sus operaciones.


Date: Fri, 27 Aug 2010 11:42:17 -0700 (PDT)
From: Lucy Lynch <llynch en civil-tongue.net<mailto:llynch en civil-tongue.net>>
Subject: Re: Did your BGP crash today?
To: Grzegorz Janoszka <Grzegorz en Janoszka.pl<mailto:Grzegorz en Janoszka.pl>>
Cc: nanog en nanog.org<mailto:nanog en nanog.org>
Message-ID: <alpine.BSF.2.00.1008271141540.79214 en hiroshima.bogus.com<mailto:alpine.BSF.2.00.1008271141540.79214 en hiroshima.bogus.com>>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed


Dear Colleagues,

On Friday 27 August, from 08:41 to 09:08 UTC, the RIPE NCC Routing
Information Service (RIS) announced a route with an experimental BGP
attribute. During this announcement, some Internet Service Providers
reported problems with their networking infrastructure.


Immediately after discovering this, we stopped the announcement and
started investigating the problem. Our investigation has shown that the
problem was likely to have been caused by certain router types
incorrectly modifying the experimental attribute and then further
announcing the malformed route to their peers. The announcements sent
out by the RIS were correct and complied to all standards.

The experimental attribute was part of an experiment conducted in
collaboration with a group from Duke University. This involved
announcing a large (3000 bytes) optional transitive attribute, using a
modified version of Quagga. The attribute used type code 99. The data
consisted of zeros. We used the prefix for this and
announced from AS 12654 on AMS-IX, NL-IX and GN-IX to all our peers.

Reports from affected ISPs showed that the length of the attribute in
the attribute header, as seen by their routers, was not correct. The
header stated 233 bytes and the actual data in their samples was 237
bytes. This caused some routers to drop the session with the peer that
announced the route.

We have built a test set-up which is running identical software and
configurations to the live set-up. From this set-up, and the BGP packet
dumps as made by the RIS, we have determined that the length of the data
in the attribute as sent out by the RIS was indeed 3000 bytes and that
all lengths recorded in the headers of the BGP updates were correct.

Beyond the RIS systems, we can only do limited diagnosis. One possible
explanation is that the affected routers did not correctly use the
extended length flag on the attribute. This flag is set when the length
of the attribute exceeds 255 bytes i.e. when two octets are needed to
store the length.

It may be that the routers may not add the higher octet of the length to
the total length, which would lead, in our test set-up, to a total
packet length of 236 bytes. If, in addition, the routers also
incorrectly trim the attribute length, the problem could occur as
observed. It is worth noting that the difference between the reported
233 and 237 bytes is the size of the flags, type code and length in the

We will be further investigating this problem and will report any
findings. We regret any inconvenience caused.

Kind regards,

Erik Romijn

Information Services
tech-l mailing list
tech-l en ams-ix.net<mailto:tech-l en ams-ix.net>

- Lucy
El presente correo y cualquier posible archivo adjunto está dirigido únicamente al destinatario del mensaje y contiene información que puede ser confidencial. Si Ud. no es el destinatario correcto por favor notifique al remitente respondiendo anexando este mensaje y elimine inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su sistema. Está prohibida cualquier utilización, difusión o copia de este e-mail por cualquier persona o entidad que no sean las específicas destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con respecto a cualquier comunicación que haya sido emitida incumpliendo nuestra Política de Seguridad de la Información

This e-mail and any attachment is confidential and is intended solely for the addressee(s). If you are not intended recipient please inform the sender immediately, answering this e-mail and delete it as well as the attached files. Any use, circulation or copy of this e-mail by any person or entity that is not the specific addressee(s) is prohibited. ANTEL is not responsible for any communication emitted without respecting our Information Security Policy.
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20100827/ed7bd11c/attachment.html>

Más información sobre la lista de distribución LACNOG