Due to new incident reports, these experiments have been canceled permanently. On Tue, Jan 22, 2019 at 9:19 AM Italo Cunha <cunha@dcc.ufmg.br> wrote:
Hi all,This is a reminder that this experiment is scheduled for tomorrow (Wednesday, Jan. 23rd). We will announce 184.164.224.0/24 carrying a BGP attribute of type 0xff (reserved for development) between 14:00 and 14:15 GMT. On Thu, Jan 10, 2019 at 12:08 PM Italo Cunha <cunha@dcc.ufmg.br> wrote:
FRR users,
We are the research team running the experiment that triggered this issue (a description of the experiment is available [A]). We have postponed our experiment schedule until Jan. 23rd to allow for a two-week upgrade window [B]. Please let us know if you have any feedback.
[A] https://goo.gl/AFR1Cn [B] https://goo.gl/nJhmx1
-- Amir Herzberg, University of Connecticut Ethan Katz-Bassett, Columbia University Haya Shulman, Fraunhofer SIT Ítalo Cunha, Universidade Federal de Minas Gerais Michael Schapira, Hebrew University of Jerusalem Tomas Hlavacek, Fraunhofer SIT Yossi Gilad, MIT
On Wed, Jan 9, 2019 at 8:36 PM Donald Sharp <sharpd@cumulusnetworks.com> wrote:
All -
On Monday a research group installed into the global BGP routing table a prefix with a attribute type of 0xFF, which is designated as experimental by BGP RFC's. FRR had a developmental escape that read this attribute incorrectly and caused the bgp peering session to flap. If you have compiled FRR with the `--enable-bgp-vnc` option and run BGP as a peer on the global routing table you are vulnerable to this issue. This issue has been fixed in FRR with this commit:
https://github.com/FRRouting/frr/commit/943d595a018e69b550db08cccba1d0778a86...
We have applied this fix to the stable/3.0(3.0.4), stable/4.0(4.0.1), stable/5.0(5.0.2) and stable/6.0(6.0.2) branches. New releases can be found here:
https://github.com/FRRouting/frr/releases/tag/frr-3.0.4 https://github.com/FRRouting/frr/releases/tag/frr-4.0.1 https://github.com/FRRouting/frr/releases/tag/frr-5.0.2 https://github.com/FRRouting/frr/releases/tag/frr-6.0.2
Snap packaging and the FreeBSD ports have been updated as well. We recommend you update your installation of FRR immediately.
At this point we are applying for a CVE and will announce that information when we have it.
In the near future we plan to implement RFC-7606 to handle this situation better in BGP, if you have any questions please feel free to email me, or to open up discussions on the frog alias.
thanks!
donald
_______________________________________________ dev mailing list dev@lists.frrouting.org https://lists.frrouting.org/listinfo/dev