BGP noise tonight?

Say, our alarms went off tonight when we saw a roughly tenfold spike in
BGP prefix announcement and withdrawal rates at RIPE's rrc00 and rrc03
collection points in Amsterdam. The trouble started around 20:00 GMT,
hit its peak by about 21:00 GMT, and has trailed off slowly since then.

Looking at the worst-behaved prefixes and AS paths led me to put in
a call to the tech support center of an unnamed Major Provider, who
confirmed that there had been a major BGP event but would provide
no specifics.

So, what's going on out there in the NOCs tonight? Inquiring minds
want to know. --jim

Another poison route taking down sessions to RFC-compliant routers, it
looks like. At least, we reset sessions on all of our routers that reset
last time due to this issue, and not a flinch on $VENDOR's routers that
are known to disobey the RFC.

All of our (Tier 1, for whatever value you see it) upstreams saw it
throughout their networks; this would explain the exceedingly high BGP
levels, even discounting the "fragile" edge.

I suspect that was C&W. I talked to them with a customer of theirs while
we tried to figure out what was going on. We weren't able to get any
details from them other than "something bad in the global table, switch to
customer routes and we can keep your session up." So we did that.

Hash: SHA1

%BGP-6-ASPATH: Invalid AS path xxx 3300 (64603) 2008 received from
x.x.x.x: Confederation AS-path found in the middle

provider x'd out to protect the innocent, but saw this from ALL ebgp

Thankfully our main vendor included a knob to emulate cisco's
brokenness, so we magically stayed up.


- --
Matt Levine
ICQ : 17080004
"The Trouble with doing anything right the first time is that nobody
appreciates how difficult it was."

- -----Original Message-----