This was what happened last Friday (August 27, 2010, from 08:41 to 09:08 UTC)
The incident started on August 27 08:41 UTC when the RIPE advertised through BGP a route with an experimental BGP attribute. A bug in Cisco IOS XR would corrupt this experimental attribute and send it out to neighbors. Since the attribute thereafter became an "invalid attribute", by design every BGP neighbors reset relations to this telling IOS XR router. So, many disruptions happened at the same time. Bad luck!
Because of the popularity of Cisco IOS XR platform (such as GSR and CRS family), the disruption was quite substantial and all over the world. RIPE stopped the advertisement at 09:08 UTC and everything went back to normal later.
All IOS XR software affected! Even if your IOS XR router was lucky enough not involved in this incident, you still have to upgrade the router software fast.
Related Links
- Cisco.com, Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability
- Discussion on NANOG (Wiki): Starting from this post.
- RIPE Announcement for this incident.
- NetworkWorld.com,"Research experiment disrupts Internet, for some"
- yebo blog, "RIPE NCCがルーティング事故、IOS-XRの脆弱性発覚"
No comments:
Post a Comment
Tip: you can also anonymously comment here.