Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?
I agree this is so vague, it's more fud than anything. But I still want to see what actually causes these issues, across ISPs... I hope I can catch some traffic until a reboot - Ursprüngliche Mail - Von: "Scott Weeks" <sur...@mauigateway.com> An: swi...@swinog.ch Gesendet: Sonntag, 18. September 2016 22:47:13 Betreff: Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else? --- rai...@ultra-secure.de wrote: From: Rainer Duffner <rai...@ultra-secure.de> > Am 18.09.2016 um 08:11 schrieb Fredy Kuenzler <kuenz...@init7.net>: > Friday night we observed several Brocade MLXe linecards rebooting > (several locations, i.e. Amsterdam, Frankfurt, Geneva), which > caused network instability due to flapping iBGP etc. : Coincidence? : : https://twitter.com/schneierblog/status/775783898366160896 --- "Take Down the Internet" "it feels like a large nation state...China or Russia" "I am unable to give details" "It feels like a nation's military cybercommand" etc. Seems like FUD to get viewers. 'The sky's going to fall and I can't tell you why or when, but I know it is. Trust me.' Where's the technical details so we can make an informed decision, rather than "it feels like..." scott ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?
--- rai...@ultra-secure.de wrote: From: Rainer Duffner> Am 18.09.2016 um 08:11 schrieb Fredy Kuenzler : > Friday night we observed several Brocade MLXe linecards rebooting > (several locations, i.e. Amsterdam, Frankfurt, Geneva), which > caused network instability due to flapping iBGP etc. : Coincidence? : : https://twitter.com/schneierblog/status/775783898366160896 --- "Take Down the Internet" "it feels like a large nation state...China or Russia" "I am unable to give details" "It feels like a nation's military cybercommand" etc. Seems like FUD to get viewers. 'The sky's going to fall and I can't tell you why or when, but I know it is. Trust me.' Where's the technical details so we can make an informed decision, rather than "it feels like..." scott ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?
I have been suspecting this as well, I plan to actually get this firmware, get a spare MLX from someone and put it online, pcap the hell out of it and see what happens until it reboots. Either this is a very strange bug or something bigger. - Ursprüngliche Mail - Von: "Rainer Duffner"[...] > > Since these routers operate in various locations and ASNs but are the same > make/model I suppose it's a software security issue. Can malicious packets > force a linecard reboot? > Coincidence? https://twitter.com/schneierblog/status/775783898366160896 ;-) ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?
> Am 18.09.2016 um 08:11 schrieb Fredy Kuenzler: > > Friday night we observed several Brocade MLXe linecards rebooting (several > locations, i.e. Amsterdam, Frankfurt, Geneva), which caused network > instability due to flapping iBGP etc. > > As of now we know that iWay and nine.ch suffered from similar issues in the > same time window, and we believe that they use also Brocade MLXe. > > Tonight around 4 a.m. symptoms occurred again, on a lesser degree. nine.ch > reports it too. > > For reference the tickets: > http://www.init7.net/de/status/?ticket=10348 > https://status.nine.ch/en/messages/544 > https://www.iway.ch/iway/status/ > > Did anyone else observed similar symptoms? > > Since these routers operate in various locations and ASNs but are the same > make/model I suppose it's a software security issue. Can malicious packets > force a linecard reboot? > Coincidence? https://twitter.com/schneierblog/status/775783898366160896 ;-) ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?
Hello Fredy, We were suffering the same issues during the same timeframes. From what I heard from TAC your guess that malicious packets are forcing the linecards to reload seems to be correct, not confirmed tough. I am eager to get further details. Still waiting for information regarding the patch... Cheers, Julian -- Julian Rutz Teamleader Network nexellent ag Saegereistrasse 33 CH-8152 Glattbrugg Phone: +41 44 872 20 00 URL: www.nexellent.ch X-NCC-RegID: ch.nexellent ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?
Please contact Brocade TAC which is able to provide a patch It is NOT been seen with customers using releases below 5.9.00 Regards, Chris -Original Message- From: swinog-boun...@lists.swinog.ch [mailto:swinog-boun...@lists.swinog.ch] On Behalf Of Fredy Kuenzler Sent: Sunday, September 18, 2016 08:11 To: swi...@swinog.ch Subject: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else? Friday night we observed several Brocade MLXe linecards rebooting (several locations, i.e. Amsterdam, Frankfurt, Geneva), which caused network instability due to flapping iBGP etc. As of now we know that iWay and nine.ch suffered from similar issues in the same time window, and we believe that they use also Brocade MLXe. Tonight around 4 a.m. symptoms occurred again, on a lesser degree. nine.ch reports it too. For reference the tickets: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.init7.net_de_status_-3Fticket-3D10348=DQICAg=IL_XqQWOjubgfqINi2jTzg=FMm8Sl9W6__uWnDcLmalOBsri9zL5oYrP-sJQm64SM8=sQi92DTCBjQiG40sOXnakdGSFQstLAF0FUn9wybQeLY=a-MVgVpvzQIDWR4rMJf-vTy63YzX0ZjgBC54t1pS47A= https://urldefense.proofpoint.com/v2/url?u=https-3A__status.nine.ch_en_messages_544=DQICAg=IL_XqQWOjubgfqINi2jTzg=FMm8Sl9W6__uWnDcLmalOBsri9zL5oYrP-sJQm64SM8=sQi92DTCBjQiG40sOXnakdGSFQstLAF0FUn9wybQeLY=8e4eokM6K4ntWYzPQq08TBxSzBlxhi3P9-Wbw-GCYjc= https://urldefense.proofpoint.com/v2/url?u=https-3A__www.iway.ch_iway_status_=DQICAg=IL_XqQWOjubgfqINi2jTzg=FMm8Sl9W6__uWnDcLmalOBsri9zL5oYrP-sJQm64SM8=sQi92DTCBjQiG40sOXnakdGSFQstLAF0FUn9wybQeLY=ms0CdUVHHFLmHHslpnq05pVIprd0F-eGglBuof0hqWw= Did anyone else observed similar symptoms? Since these routers operate in various locations and ASNs but are the same make/model I suppose it's a software security issue. Can malicious packets force a linecard reboot? Regards, -- Fredy Kuenzler Init7 (Switzerland) Ltd. St.-Georgen-Strasse 70 CH-8400 Winterthur Switzerland https://urldefense.proofpoint.com/v2/url?u=http-3A__www.init7.net_=DQICAg=IL_XqQWOjubgfqINi2jTzg=FMm8Sl9W6__uWnDcLmalOBsri9zL5oYrP-sJQm64SM8=sQi92DTCBjQiG40sOXnakdGSFQstLAF0FUn9wybQeLY=qE_KmMaIhgAWw5qLyjv2FDjFRswLS3X_c9mEgd0lWU8= ___ swinog mailing list swinog@lists.swinog.ch https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.swinog.ch_cgi-2Dbin_mailman_listinfo_swinog=DQICAg=IL_XqQWOjubgfqINi2jTzg=FMm8Sl9W6__uWnDcLmalOBsri9zL5oYrP-sJQm64SM8=sQi92DTCBjQiG40sOXnakdGSFQstLAF0FUn9wybQeLY=SsVJUo-h-55E6Gpdvv8V8Uxaj2-Q3Qgjc_xEjVdXZ64= ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Brocade MLXe: Random Linecard Reboot - anyone else?
Friday night we observed several Brocade MLXe linecards rebooting (several locations, i.e. Amsterdam, Frankfurt, Geneva), which caused network instability due to flapping iBGP etc. As of now we know that iWay and nine.ch suffered from similar issues in the same time window, and we believe that they use also Brocade MLXe. Tonight around 4 a.m. symptoms occurred again, on a lesser degree. nine.ch reports it too. For reference the tickets: http://www.init7.net/de/status/?ticket=10348 https://status.nine.ch/en/messages/544 https://www.iway.ch/iway/status/ Did anyone else observed similar symptoms? Since these routers operate in various locations and ASNs but are the same make/model I suppose it's a software security issue. Can malicious packets force a linecard reboot? Regards, -- Fredy Kuenzler Init7 (Switzerland) Ltd. St.-Georgen-Strasse 70 CH-8400 Winterthur Switzerland http://www.init7.net/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog