Your browser failed to load CSS style sheets. Your browser or web proxy might not support elliptic-curve TLS

Building network automation solutions

6 week online course

Start now!
back to overview

Protect your network with BGP maxas-limit

Update @ 2009-02-17 18:42UTC: more IOS bug details
Update @ 2009-02-20: Root cause analysis, Detailed Cisco IOS bug description

Have you noticed how slow the Internet was yesterday? I almost blamed my kids (sometimes they manage to overload my WAN link), but it turned out to be a global problem. It looks like a greenhorn ISP (they joined RIPE less than four months ago) in central Europe managed to generate a BGP update with too many AS numbers in the AS path, confusing older routers. It’s my wild guess that those routers did not anticipate two AS_SEQUENCE attributes in the BGP update message. You can find the details in the Renesys blog; at the peak of the instability, they were receiving over 100.000 BGP updates per second.

It’s very easy to protect yourself (and your downstream neighbors) from an operational error like this one. Cisco has implemented the AS-path length limiting code in IOS release 12.2. One would hope that the major ISPs would have started using this feature years ago; obviously that’s not the case. I wrote an article in the CT3 Wiki describing the “intricate” details of this obviously ignored IOS feature just to make sure everyone understands what the bgp maxas-limit command does (and hopefully implements it in this millennium)

Read the article in the CT3 wiki

No comments:

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Sidebar