I happened to be in one of our 7505 routers this afternoon when POP -- all of a sudden most of the internet disappeared! I immediately thought it was me, but looked around and saw this AS7007 broadcasting MY routes! It wasn't for all of our network space -- We have several /18's here, and it seemed only the first /24 of each CIDR was affected. When I found a workstation at the end of the /18, we got the whois info for 7007 -- Florida Internet Exchange, and called them. They claimed to have a customer broadcasting some bad routing information and unplugged their router. A few moments later, the internet stabilized and I started seeing real routes. Correct me if I'm wrong, but: (1) We're going to read about this in EVERY computer magazine, newspaper and TV as "the end of the internet?" (2) Access lists by backbone providers *should* have prevented this. (3) Does or does not the RADB and other routing registries (MCI's, etc) prevent this? I bet this hole will be patched up real soon! Steve
On Fri, 25 Apr 1997, Stephen A Misel wrote:
I happened to be in one of our 7505 routers this afternoon when POP -- all of a sudden most of the internet disappeared! I immediately thought it was me, but looked around and saw this AS7007 broadcasting MY routes! It wasn't for all of our network space -- We have several /18's here, and it seemed only the first /24 of each CIDR was affected. When I found a workstation at the end of the /18, we got the whois info for 7007 -- Florida Internet Exchange, and called them.
They claimed to have a customer broadcasting some bad routing information and unplugged their router. A few moments later, the internet stabilized and I started seeing real routes.
Correct me if I'm wrong, but:
(1) We're going to read about this in EVERY computer magazine, newspaper and TV as "the end of the internet?"
(2) Access lists by backbone providers *should* have prevented this.
(3) Does or does not the RADB and other routing registries (MCI's, etc) prevent this?
Registering route objects in a routing registry is not, by itself, a guaranty of sanity. Data in those registries have to be used by the upstream provider to build a corresponding access-list provided, of course, that it is enforced in the appropriate router configuration. This is how we (AS6453) do it. In the case of AS7007, if their upstream provider would have done so, AS7007 would not have appeared at all in our routing tables as they dont have a single route object registered!
I bet this hole will be patched up real soon!
Time will tell. __ Pierre Thibaudeau | e-mail: <prt@Teleglobe.CA> TELEGLOBE CANADA | 1000, rue de La Gauchetiere ouest | Tel: +1-514-868-7257 Montreal, QC H3B 4X5 | Canada | fax: +1-514-868-8446
If you haven't seen it yet, a rather revealing view of friday's incident is available at http://www.merit.edu/~ipma//instability/daily_graph//mae-east/mae-east.flapg...
### On Mon, 28 Apr 1997 10:32:50 -0400 (EDT), Cameo Wood <cameo@netsys.com> ### wrote to concerning "Re: Wow, AS7007!": CW> If you haven't seen it yet, a rather revealing view of friday's incident is CW> available at CW> http://www.merit.edu/~ipma//instability/daily_graph//mae-east/mae-east.flapg... Also a very interesting graph showing number of announcements can be seen at: http://www.merit.edu/~ipma/trends/mae-east/ann.gif -- /*===================[ Jake Khuon <khuon@Merit.Net> ]======================+ | Systems Research Programmer, IE Group /| /|[~|)|~|~ N E T W O R K | | VOX: (313) 763-4907 FAX: (313) 747-3185 / |/ |[_|\| | Incorporated | +==[ Suite C2122, Bldg. 1 4251 Plymouth Rd. Ann Arbor, MI 48105-2785 ]==*/
participants (4)
-
Cameo Wood
-
Jake Khuon
-
Pierre Thibaudeau
-
Stephen A Misel