View Full Version : Bedlam on the Web...

2009-02-17, 17:54

- http://isc.sans.org/diary.html?storyid=5872
Last Updated: 2009-02-17 14:10:57 UTC ...(Version: 2) - "... reported difficulty in reaching parts of the Internet... The source of the problem appears to be with AS 47868 causing AS paths to become too long... very good explanation* of what happened yesterday..."

* http://www.renesys.com/blog/2009/02/the-flap-heard-around-the-worl.shtml
February 16, 2009 10:40 PM - "... Now suppose you just got your Internet learner's permit yesterday and you really don't want your backup provider being used unless your main provider is down. You could prepend your AS a few times in the route announcements you make to your backup provider and that would do the trick, but to make really sure you go for a few hundred instead. In a perfect Internet, that wouldn't matter, but we don't have one of those. What we think happened next is the Internet equivalent of a massive buffer overflow. While most of the core routers run by major ISPs fared just fine, processing the ridiculous path and sending it on, others choked. Perhaps they weren't as well maintained or were running buggy software. These routers viewed the update as malformed and so tore down their session with whoever sent them the update. In other words, two routers that were happily exchanging traffic with each other just moments before suddenly stopped all communication. Traffic was lost, alternative paths were explored, and maybe the former cooperating routers recovered and re-established contact. Multiply this by thousands of routers around the world and you can begin to appreciate the ensuing pandemonium... We were heartened to see that most of Internet's core survived a single odd announcement, but this does speak to a lot of outdated equipment or software at the edge. And if you manage to get all of edge routers to reset, you aren't going to have many people to talk to no matter what the core is doing. While it might be tempting to bash SuproNet, can anyone really defend a system where a failure in probably one of the weaker links can cause the entire system to unravel? Maybe we really do need a new Internet and for more reasons than better security. The next one needs to come with an operating permit too."

(Charts/graphs and more detail available at the URL above.)