nanog mailing list archives
Re: Using crypto auth for detecting corrupted IGP packets?
From: Jared Mauch <jared () puck nether net>
Date: Fri, 1 Oct 2010 00:25:34 -0400
Sent from my iThing On Oct 1, 2010, at 12:16 AM, Danny McPherson <danny () tcb net> wrote:
On Sep 30, 2010, at 11:34 PM, Manav Bhatia wrote:I would be interested in knowing if operators use the cryptographic authentication for detecting the errors that i just described above.Additionally, one might venture to understand the effects of such mechanisms and why knob's such as IS-IS's "ignore-lsp-errors" were added ~15 years ago. LSP corruption storms driven by receivers that purge corrupted LSPs and originators that re-originate and flood on receipt of said purged LSPs are very problematic and otherwise difficult to identify in practice. Coincidentally, it's also why logging LSPs that trigger such errors is important, whether you ignore them or propagate them.
I really wish there was a good way to (generically) keep a 4-6 hour buffer of all control-plane traffic on devices. While you can do that with some, the forensic value is immense when you have a problem. - Jared
Current thread:
- Using crypto auth for detecting corrupted IGP packets? Manav Bhatia (Sep 30)
- Re: Using crypto auth for detecting corrupted IGP packets? Christopher Morrow (Sep 30)
- Re: Using crypto auth for detecting corrupted IGP packets? Danny McPherson (Sep 30)
- Re: Using crypto auth for detecting corrupted IGP packets? Jared Mauch (Sep 30)
- Re: Using crypto auth for detecting corrupted IGP packets? Manav Bhatia (Sep 30)
- Re: Using crypto auth for detecting corrupted IGP packets? Jared Mauch (Sep 30)