Building network automation solutions

9 module online course

Start now!

Protect your network with BGP maxas-limit

Update @ 2009-02-17 18:42UTC: more IOS bug details
Update @ 2009-02-20: Root cause analysis, Detailed Cisco IOS bug description

Have you noticed how slow the Internet was yesterday? I almost blamed my kids (sometimes they manage to overload my WAN link), but it turned out to be a global problem. It looks like a greenhorn ISP (they joined RIPE less than four months ago) in central Europe managed to generate a BGP update with too many AS numbers in the AS path, confusing older routers. It’s my wild guess that those routers did not anticipate two AS_SEQUENCE attributes in the BGP update message. You can find the details in the Renesys blog; at the peak of the instability, they were receiving over 100.000 BGP updates per second.

It’s very easy to protect yourself (and your downstream neighbors) from an operational error like this one. Cisco has implemented the AS-path length limiting code in IOS release 12.2. One would hope that the major ISPs would have started using this feature years ago; obviously that’s not the case. I wrote an article in the CT3 Wiki describing the “intricate” details of this obviously ignored IOS feature just to make sure everyone understands what the bgp maxas-limit command does (and hopefully implements it in this millennium)

Read the article in the CT3 wiki

Add comment