<div dir="ltr">I wouldn't be so quick to blame it on a single thing. We have all been there, An incident always comes down to many things not going the way you think. <br><br>Reading between the lines, I see that a peer's network creates larger than "normal" routes, and seeing they called out IPv6 in their submission to Senate [1]<br>Lack of filtering of v6 for that peer due to an oversight or misunderstanding of the template/group between v4 and v6.<br><br>Then, when it was shared with their PE routers (Which seem to be Cisco) On the ASK9K (Not sure what they use), the default limit of 524288 [2] for v6 could lead to the session's termination by default. <br><br>We should read these reports and understand if the same thing could happen to your network, what protection you have to stop this, and your device's default behaviour. <br><br>I would like to know more about their out-of-band and why it had issues. (Could it be that DNS broke, issue getting to internal documentation or was the password vault access broken, or the IP limit of the OOB device was too tight). <br><div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Chris O'Shea<br><br>[1] <a href="https://www.aph.gov.au/DocumentStore.ashx?id=2ed95079-023d-49d5-87fd-d9029740629b&subId=750333">https://www.aph.gov.au/DocumentStore.ashx?id=2ed95079-023d-49d5-87fd-d9029740629b&subId=750333</a> reports of the Optus outage<br>[2] <a href="https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/routing/command/reference/b-routing-cr-asr9000/bgp-commands.html#wp3192417938">https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/routing/command/reference/b-routing-cr-asr9000/bgp-commands.html#wp3192417938</a> </div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Nov 17, 2023 at 2:02 AM Tony Wicks <<a href="mailto:tony@wicks.co.nz">tony@wicks.co.nz</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">To be fair, Assuming there were config issues (i.e. the lack of maximum-prefixes and the lack of filtering preventing large route tables hitting devices that can not carry full tables) the behaviour of a network device when its RIB/FIB or memory is exceeded also significantly comes into play. Dropping BGP is fine, crashing the router so it requires a hard reset is another case entirely. In my experience (I have not used Cisco's in a telco environment for many years however) Cisco devices have been much more pre-disposed to crash catastrophically than over vendor devices like Nokia or Juniper.<br>
<br>
<br>
<br>
-----Original Message-----<br>
From: AusNOG <<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">ausnog-bounces@lists.ausnog.net</a>> On Behalf Of DaZZa<br>
Sent: Friday, November 17, 2023 2:38 PM<br>
To: Andrew Oakeley <<a href="mailto:andrew@oakeley.com.au" target="_blank">andrew@oakeley.com.au</a>><br>
Cc: <a href="mailto:michael.bethune@australiaonline.au" target="_blank">michael.bethune@australiaonline.au</a>; Luke Thompson <<a href="mailto:luke.t@tncrew.com.au" target="_blank">luke.t@tncrew.com.au</a>>; <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>
Subject: Re: [AusNOG] Optus downtime chat + affecting SMS verification toTelstra?<br>
<br>
What a load of crap.<br>
<br>
The root cause was they're morons, and configured the routers incorrectly.<br>
<br>
Cisco had nothing to do with it. I'll bet the routers behaved exactly as they were intended to behave.<br>
<br>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="https://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">https://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div>