Re: Using crypto auth for detecting corrupted IGP packets?

[John Kristoff <jtk () cymru com>]

On Fri, 1 Oct 2010 00:25:34 -0400
Jared Mauch <jared () puck nether net> wrote:

> I really wish there was a good way to (generically) keep a 4-6 hour
> buffer of all control-plane traffic on devices. While you can do that
> with some, the forensic value is immense when you have a problem.

Not precisely what you're looking for, but you can monitor the OSPF
database in other ways.  See some of early OSPF work described here for
instance:

  <http://www2.research.att.com/~ashaikh/presentations.php>

I had written a simple utility to grab the LSA counts and checksum
values from a set of routers.when I converted a RIP network to OSPF.
The network consisted of about 25 routers and 300 routes.  It was
invaluable to as a sanity check to see if all routers were in
agreement.

Packet Design's Route Explorer may be a commercial implementation of
this sort of thing.  I've only an early version of that at an earlier
NANOG and have never used it.  It seemed like cool technology at the
time, but don't take that as an endorsement.

Ob op note: I do recall one older IOS router where it would never have
exactly the same checksum values as the other. After manually
inspecting the routes I had concluded that it was an artifact of the
IOS code being run, which was an old 11.x train and the only one in the
net at the time.

John