It mus be Friday
Am I the only one who misread the headline and expected to read a piece about some sat-nav kit sending a driver to Slough via Jupiter.
Traffic snags on Juniper router glitch
Juniper has published a security update designed to fix a bug involving its router software. The glitch in JUNOS creates problems for networking kit from Juniper in processing Border Gateway Protocol (BGP) traffic. BGP is a core routing protocol of the internet that's widely used by ISPs and others to (put simply) map the best …
-
-
Monday 17th December 2007 03:36 GMT Geir Leirvik
Not at all worrying - if your BGP is properly configured
This is an issue only between BGP peers, since everybody I know of is using MD5 authenticated BGP peers, this means that only somebody with those credentials can actually establish a session with you - and you have to know its IP address and have to recognize the peers IP address for this to start to be an issue.
There is also dampening that can and will be leveraged to minimize the impact of this. This is done to protect against flapping due to flaky interfaces or links and will not impact a whole lot. BGP uses TCP to communicate and will not allow exchange of routing data to parties that have not established a peer relationship.
So I am afraid this is less of an issue that portrayed.
Geir
-
Tuesday 18th December 2007 01:20 GMT Anonymous Coward
Not quite that simple
It's a little more complicated than that. It does not require that the direct peer originate the malformed BGP update. The behavior of vendor "C" is to pass the malformed packet on. This is the behavior of the updated Juniper code as well. So, the malformed packet might enter the network many, many AS / BGP peering relationships away from the vulnerable router and still cause problem. It does not bring down the interface, but just the BGP session, and I do not believe that route dampening will help on this session.
This topic is closed for new posts.
Biting the hand that feeds IT
