Dear Colleagues,
Sorry for the late response.
The problem was due to faulty firmware on one of our Alaxala routers.
We resolved the problem the same day (Aug. 18) by downgrading firmware.
For more details, please see Alaxala page here (English):
http://www.alaxala.com/en/information/20090827.h
On 19/08/2009, at 6:58 AM, Ivan Pepelnjak wrote:
No. You cannot influence the inbound traffic apart from not
advertising some
of your prefixes to some of your neighbors or giving them hints with
BGP
communities or AS-path prepending. Whatever you do with BGP on your
routers
influences only
On Tue, Aug 18, 2009 at 09:37:22AM +0200, Ivan Pepelnjak wrote:
> > Anybody have a handy route-map that will deny anything with a
> > as-path longer than say 15-20? ;-)
>
> http://wiki.nil.com/Filter_excessively_prepended_BGP_paths
It will still be a while before we see unbroken 4byte AS behavio
Ivan-
This helps vey much.
Thanks
Dylan Ebner
-Original Message-
From: Ivan Pepelnjak [mailto:i...@ioshints.info]
Sent: Tuesday, August 18, 2009 1:58 PM
To: Dylan Ebner; 'randal k'; 'Adam Hebert'
Cc: nanog@nanog.org
Subject: RE: Anyone else seeing "(inva
> Ivan-
>Thanks for posting this how-to on excessive as prepends. I
> have a couple of questions that some of the less BGP savvy
> out their may find helpfull
>
> 1. In my enviornment, we are not doing full routes. We have
> partial routes from AS209 and then fail to AS7263. Is their
> any
with garbage traffic ?
Thanks
Dylan Ebner
-Original Message-
From: Ivan Pepelnjak [mailto:i...@ioshints.info]
Sent: Tuesday, August 18, 2009 2:37 AM
To: 'randal k'; 'Adam Hebert'
Cc: nanog@nanog.org
Subject: RE: Anyone else seeing "(invalid or corrupt AS path) 3
> Anybody have a handy route-map that will deny anything with a
> as-path longer than say 15-20? ;-)
http://wiki.nil.com/Filter_excessively_prepended_BGP_paths
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> From: Brett Watson
> Date: Mon, 17 Aug 2009 19:11:06 -0700
>
> On Aug 17, 2009, at 5:17 PM, Paul Ferguson wrote:
>
> > I recall Cisco code bugs that were fixed in semi- real-time, and
> > quotes
> > from tli: "Code still warm from compiler. Confidence level: Boots in
> > lab."
>
> IETF Da
On Aug 17, 2009, at 5:17 PM, Paul Ferguson wrote:
I recall Cisco code bugs that were fixed in semi- real-time, and
quotes
from tli: "Code still warm from compiler. Confidence level: Boots in
lab."
IETF Dallas, 1995 I think. MCI Reston engg and Cisco (Ravi and others)
in the terminal room
> Confidence level: Boots in lab."
One could argue that certain things haven't actually changed that much ;-).
Marko.
--
Marko
CCIE #18427 (SP)
My network blog: http://cisco.markom.info/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Aug 17, 2009 at 4:26 PM, Ricky Beam wrote:
>
> Any respectable ISP will not load code that has not been extensively
> tested. [...]
Just an observation on how things have changed in ~15 years:
I recall Cisco code bugs that were fixed in se
On Mon, 17 Aug 2009 18:40:39 -0400, Jared Mauch
wrote:
Is there some significant barrier to people getting recent code on the
devices that is not impacted by this and the other fun bgp 'attacks'
that can happen?
In a word: YES.
Any respectable ISP will not load code that has not been exte
On Aug 17, 2009, at 6:45 PM, deles...@gmail.com wrote:
I'd have to _assume_ that a lot of those impacted don't have a maint
contract with their router vendor of choice and therefore don't have
an easy path to upgrade.
-jim
Cisco gives out free software upgrades for any security(PSIRT) iss
ng "(invalid or corrupt AS path) 3 bytes E01100" ?
Sent: Aug 17, 2009 7:40 PM
On Aug 17, 2009, at 5:37 PM, randal k wrote:
> Yep, we started seeing this right around 12:20pm MST. We saw it from a
> customer's rapidly-flapping BGP peer. We told them to configure bgp
> maxas
On Aug 17, 2009, at 5:37 PM, randal k wrote:
Yep, we started seeing this right around 12:20pm MST. We saw it from a
customer's rapidly-flapping BGP peer. We told them to configure bgp
maxas-limit, but apparently CRS1s don't have that command.
Anybody have a handy route-map that will deny anyth
seeing "(invalid or corrupt AS path) 3 bytes E01100" ?
On Mon, Aug 17, 2009 at 03:37:07PM -0600, randal k wrote:
> Yep, we started seeing this right around 12:20pm MST. We saw it from a
> customer's rapidly-flapping BGP peer. We told them to configure bgp
> maxas-limit, bu
On Mon, Aug 17, 2009 at 03:37:07PM -0600, randal k wrote:
> Yep, we started seeing this right around 12:20pm MST. We saw it from a
> customer's rapidly-flapping BGP peer. We told them to configure bgp
> maxas-limit, but apparently CRS1s don't have that command.
>
> Anybody have a handy route-map t
Yep, we started seeing this right around 12:20pm MST. We saw it from a
customer's rapidly-flapping BGP peer. We told them to configure bgp
maxas-limit, but apparently CRS1s don't have that command.
Anybody have a handy route-map that will deny anything with a as-path
longer than say 15-20? ;-)
Ch
Throw your coffee at them!
Just my two pence ;)
...James
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GIT/MU/U dpu s: a--> C++>$ U+> L++> B-> P+> E?> W+++>$ N K W++ O M++>$ V-
PS+++ PE++ Y+ PGP t 5 X+ R- tv+ b+> DI D+++ G+ e(+) h--(++) r++ z++
--END GEEK CODE BLOCK--
We are seeing the same thing, has anyone found the offending AS yet?
Thanks
ERIC
-Original Message-
From: Adam Hebert [mailto:a2t...@gmail.com]
Sent: Monday, August 17, 2009 3:11 PM
To: nanog@nanog.org
Subject: Anyone else seeing "(invalid or corrupt AS path) 3 bytes E01100" ?
Multiple providers are seeing this right now. I assume someone is
advertising an extremely long AS_PATH again?
anyone else seeing this?
Adam
21 matches
Mail list logo