nanog mailing list archives
Re: Using crypto auth for detecting corrupted IGP packets?
From: John Kristoff <jtk () cymru com>
Date: Fri, 1 Oct 2010 04:26:23 -0500
On Fri, 1 Oct 2010 00:25:34 -0400 Jared Mauch <jared () puck nether net> wrote:
I really wish there was a good way to (generically) keep a 4-6 hour buffer of all control-plane traffic on devices. While you can do that with some, the forensic value is immense when you have a problem.
Not precisely what you're looking for, but you can monitor the OSPF database in other ways. See some of early OSPF work described here for instance: <http://www2.research.att.com/~ashaikh/presentations.php> I had written a simple utility to grab the LSA counts and checksum values from a set of routers.when I converted a RIP network to OSPF. The network consisted of about 25 routers and 300 routes. It was invaluable to as a sanity check to see if all routers were in agreement. Packet Design's Route Explorer may be a commercial implementation of this sort of thing. I've only an early version of that at an earlier NANOG and have never used it. It seemed like cool technology at the time, but don't take that as an endorsement. Ob op note: I do recall one older IOS router where it would never have exactly the same checksum values as the other. After manually inspecting the routes I had concluded that it was an artifact of the IOS code being run, which was an old 11.x train and the only one in the net at the time. John
Current thread:
- Re: Using crypto auth for detecting corrupted IGP packets? Dobbins, Roland (Oct 01)
- Re: Using crypto auth for detecting corrupted IGP packets? Manav Bhatia (Oct 01)
- Re: Using crypto auth for detecting corrupted IGP packets? Dobbins, Roland (Oct 01)
- Re: Using crypto auth for detecting corrupted IGP packets? Jared Mauch (Oct 01)
- Re: Using crypto auth for detecting corrupted IGP packets? Christopher Morrow (Oct 01)
- Re: Using crypto auth for detecting corrupted IGP packets? Dobbins, Roland (Oct 01)
- Re: Using crypto auth for detecting corrupted IGP packets? Manav Bhatia (Oct 01)
- <Possible follow-ups>
- Re: Using crypto auth for detecting corrupted IGP packets? John Kristoff (Oct 01)
- Re: Using crypto auth for detecting corrupted IGP packets? Manav Bhatia (Oct 13)