nanog mailing list archives
Re: L3 East cost maint / fiber 05FEB2012 maintenance
From: Jonathan Lassoff <jof () thejof com>
Date: Tue, 5 Feb 2013 09:41:20 -0800
On Tue, Feb 5, 2013 at 9:33 AM, Jason Biel <jason () biel-tech com> wrote:
Workaround is proper filtering and other techniques on the RE/Loopback to prevent the issue from happening.
Agreed. However, if it only takes one packet, what if an attacker sources the traffic from your management address space? Guarding against this requires either a separate VRF/table for management traffic or transit traffic, RPF checking, or TTL security. If these weren't setup ahead of time, maybe it would be easier to upgrade than lab, test, and deploy a new configuration. This is all speculation about Level3 on my part; I don't know their network from an internal perspective. --j
Should an upgrade be performed? Yes, but certainly doesn't have to have right away or without notice to customers. On Tue, Feb 5, 2013 at 11:23 AM, Jonathan Lassoff <jof () thejof com> wrote:My hunch is that this is fallout and repairs from Juniper PR839412. Only fix is an upgrade. Not sure why they're not able to do a hitless upgrade though; that's unfortunate. Specially-crafted TCP packets that can get past RE/loopback filters can crash the box. --j On Tue, Feb 5, 2013 at 7:39 AM, Josh Reynolds <esseph () gmail com> wrote:I know a lot of you are out of the office right now, but does anybodyhaveany info on what happened with L3 this morning? They went into a 5 hour maintenance window with expected downtime of about 30 minutes while they upgraded something like *40* of their "core routers" (their words), but also did this during some fiber work and completely cut off several of their east coast peers for the entirety of the 5 hour window. If anybody has any more info on this, on a NOC contact for them on theEastCoast for future issues, you can hit me off off-list if you don't feel comfortable replying with that info here. Thanks, and I hope hope you guys are enjoying Orlando. -- *Josh Reynolds* esseph () gmail com - (270) 302-3552-- Jason
Current thread:
- L3 East cost maint / fiber 05FEB2012 maintenance Josh Reynolds (Feb 05)
- Re: L3 East cost maint / fiber 05FEB2012 maintenance Viral Vira (Feb 05)
- RE: L3 East cost maint / fiber 05FEB2012 maintenance David Hubbard (Feb 05)
- Re: L3 East cost maint / fiber 05FEB2012 maintenance Jon Lewis (Feb 05)
- Re: L3 East cost maint / fiber 05FEB2012 maintenance Jason Lixfeld (Feb 05)
- Re: L3 East cost maint / fiber 05FEB2012 maintenance Jonathan Lassoff (Feb 05)
- Re: L3 East cost maint / fiber 05FEB2012 maintenance Jason Biel (Feb 05)
- Re: L3 East cost maint / fiber 05FEB2012 maintenance Jonathan Lassoff (Feb 05)
- Re: L3 East cost maint / fiber 05FEB2012 maintenance Jason Biel (Feb 05)
- Re: L3 East cost maint / fiber 05FEB2012 maintenance joel jaeggli (Feb 05)
- Re: L3 East cost maint / fiber 05FEB2012 maintenance Jason Biel (Feb 05)
- <Possible follow-ups>
- RE: L3 East cost maint / fiber 05FEB2012 maintenance Nick Olsen (Feb 05)
- RE: L3 East cost maint / fiber 05FEB2012 maintenance 2asx1y702 (Feb 05)
- Re: L3 East cost maint / fiber 05FEB2012 maintenance Ben Bartsch (Feb 05)