On Aug 27, 2010, at 5:37 PM, bmanning@vacation.karoshi.com wrote:
come on Chris, is the Internet an experiment or not? :) one would think that a responsible party would have made efforts to let others in the "playground" know they were going to try something different that could have ramifications on an unkown distribution of some code bases.
I'm assuming that they weren't really expecting this to cause issues... Where does one draw the line? I'm planning on announcing x.y.z.0/20 later in the week -- x, y and z are all prime and the sum of all 3 is also a prime. There is a non-zero chance that something somewhere will go flooie, shall I send mail now or later? Also, I would prefer that this gets discovered and dealt with (in this case by stopping the announcement :-)) than having folk not willing to try things and ending up with a weaponized version... W
I'm not asking my vendor or (in the case of OSS) me to run "full bit sweeps"... but a heads up to some of the known ops lists would have been not only welcome but expected.
as usual, YMMV
--bill
On Fri, Aug 27, 2010 at 04:11:32PM -0400, Christopher Morrow wrote:
On Fri, Aug 27, 2010 at 4:07 PM, Mike Gatti <ekim.ittag@gmail.com> wrote:
where's the change management process in all of this. basically now we are going to starting changing things that can potentially have an adverse affect on users without letting anyone know before hand .... Interesting concept.
you are running bgp, you are connected to the 'internet'... congrats you are part of the experiment.
I suppose one view is that "at least it wasn't someone with ill intent, or a misconfigured mikrotek!"
(you are asking your vendors to run full bit sweeps of each protocol in a regimented manner checking for all possible edge cases and properly handling them, right?)
-chris
On Aug 27, 2010, at 3:33 PM, Dave Israel wrote:
On 8/27/2010 3:22 PM, Jared Mauch wrote:
When you are processing something, it's sometimes hard to tell if something just was mis-parsed (as I think the case is here with the "missing-2-bytes") vs just getting garbage. Perhaps there should be some way to "re-sync" when you are having this problem, or a parallel "keepalive" path similar to MACA/MCAS/MIDCAS/TCAS between the devices to talk when something bad is happening.
I know it wasn't there originally, and isn't mandatory now, but there is an MD5 hash that can be added to the packet. If the TCP hash checks out, then you know the packet wasn't garbled, and just contained information you didn't grok. That seems like enough evidence to be able to shrug and toss the packet without dropping the session.
-Dave
=+=+=+=+=+=+=+=+=+=+=+=+= Mike Gatti ekim.ittag@gmail.com =+=+=+=+=+=+=+=+=+=+=+=+=
-- What our ancestors would really be thinking, if they were alive today, is: "Why is it so dark in here?" -- (Terry Pratchett, Pyramids)