[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Using crypto auth for detecting corrupted IGP packets?

Subject: Using crypto auth for detecting corrupted IGP packets?
From: danny at tcb.net (Danny McPherson)
Date: Fri, 1 Oct 2010 00:16:58 -0400
In-reply-to: <[email protected]>
References: <[email protected]>

On Sep 30, 2010, at 11:34 PM, Manav Bhatia wrote:
> 
> I would be interested in knowing if operators use the cryptographic
> authentication for detecting the errors that i just described above.

Additionally, one might venture to understand the effects of such mechanisms and
why knob's such as IS-IS's "ignore-lsp-errors" were added ~15 years ago.  LSP
corruption storms driven by receivers that purge corrupted LSPs and originators that 
re-originate and flood on receipt of said purged LSPs are very problematic and 
otherwise difficult to identify in practice.  

Coincidentally, it's also why logging LSPs that trigger such errors is important, whether 
you ignore them or propagate them.

-danny

Follow-Ups:
- Using crypto auth for detecting corrupted IGP packets?
  - From: jared at puck.nether.net (Jared Mauch)

References:
- Using crypto auth for detecting corrupted IGP packets?
  - From: manavbhatia at gmail.com (Manav Bhatia)

Prev by Date: Using crypto auth for detecting corrupted IGP packets?
Next by Date: Using crypto auth for detecting corrupted IGP packets?
Previous by thread: Using crypto auth for detecting corrupted IGP packets?
Next by thread: Using crypto auth for detecting corrupted IGP packets?
Index(es):
- Date
- Thread