nanog mailing list archives
Re: JunOS/FRR/Nokia et al BGP critical issue
From: Bjørn Mork <bjorn () mork no>
Date: Fri, 01 Sep 2023 11:52:19 +0200
Nick Hilliard <nick () foobar org> writes:
Bjørn Mork wrote on 01/09/2023 08:17:Sounds familiar. https://supportportal.juniper.net/s/article/BGP-Malformed-AS-4-Byte-Transitive-Attributes-Drop-BGP-Sessions?language=en_US You'd think a lot of thought has gone into error handling for optional transitive attributes since then, but...A good deal of thought has gone into the problem, and this is where rfc7606 came from. Treat-as-withdraw for the NLRI in question is the default option with this approach, and should be deployed universally.
Yes. But there's obviously not been enough thought applied to realize that optional transitive attributes must be considered evil by default. They can only be used after extremely careful parsing. This is the BGP version of select * from mytable where field = $unvalidated_user_input; I was hoping we'd moved past that point in the software development history. Bjørn
Current thread:
- Re: JunOS/FRR/Nokia et al BGP critical issue Bjørn Mork (Sep 01)
- Re: JunOS/FRR/Nokia et al BGP critical issue Nick Hilliard (Sep 01)
- Re: JunOS/FRR/Nokia et al BGP critical issue Bjørn Mork (Sep 01)
- Re: JunOS/FRR/Nokia et al BGP critical issue Eugeniu Patrascu (Sep 01)
- Re: JunOS/FRR/Nokia et al BGP critical issue Bjørn Mork (Sep 01)
- Re: JunOS/FRR/Nokia et al BGP critical issue Nick Hilliard (Sep 01)
- Re: JunOS/FRR/Nokia et al BGP critical issue Job Snijders via NANOG (Sep 01)
- Re: JunOS/FRR/Nokia et al BGP critical issue Bjørn Mork (Sep 01)
- Re: JunOS/FRR/Nokia et al BGP critical issue Tom Beecher (Sep 05)
- Re: JunOS/FRR/Nokia et al BGP critical issue Nick Hilliard (Sep 01)