From: "John G. Scudder" <jgs at juniper.net>
Date: December 15, 2008 2:34:34 PM GMT-05:00
To: Danny McPherson <danny at tcb.net>
Cc: Jeffrey Haas <jhaas at pfrc.org>, cayle.spandon at gmail.com, Enke
Chen <enkechen at cisco.com>, quaizar.vohra at gmail.com, skh at nexthop.com,
Inter-Domain Routing List <idr at ietf.org>, Yakov Rekhter <yakov at juniper.net
>, Tony Li <tony.li at tony.li>, Quaizar Vohra <qv at juniper.net>
Subject: Re: [Idr] RFC-4893 handling malformed AS4_PATH attributes
On Dec 15, 2008, at 2:21 PM, Danny McPherson wrote:
After thinking about this for a few minutes, I can't currently
come up with any configuration where a forwarding loop would occur
as a result of just dropping the update (because the "translation"
occurs on ingress to an AS), so discarding the update is likely
to be a cleaner action.
AS1---AS2
\ /
\ /
AS3
- AS1 prefers to reach AS3 directly, and advertises its route to AS2.
- AS2 prefers to reach AS3 directly, and advertises its route to AS1.
- Connections AS3-AS1 and AS3-AS2 fail simultaneously.
- AS1 switches to prefer AS2's route, and sends an update message
which
includes a withdraw of its previous announcement. The withdraw is
bundled with some advertisements. It includes a bad attribute.
As a
result, AS2 ignores the message.
- AS2 switches to prefer AS1's route, and sends an update message
which
includes a withdraw of its previous announcement. The withdraw is
bundled with some advertisements. It includes a bad attribute.
As a
result, AS1 ignores the message.
End result is that AS1 forwards traffic for AS3 towards AS2, and AS2
forwards traffic for AS3 towards AS1. This is a permanent (until
corrected) forwarding loop.
I'm sure a less-contrived example can also be constructed, but this
one should be sufficient to prove the point.
--John