An even worse week for EGP....


Thomas Narten (narten@purdue.edu)
Thu, 21 Jan 88 20:45:54 EST


The trouble with bogus networks slipping into the core tables has
apparently returned. Has anyone fingered a culprit?

In my seemingly endless explorations of the EGP code in gated, I have
discovered yet another tidbit. These comments apply directly to egpup
as well, from which gated claims ancestory.

1) Totally bogus nets are slipping into the core tables. By bogus, I
mean neither class A, B or C. When encountered during the processing
of an EGP network reachability update, one cannot determine how many
bytes the address is supposed to be. Gated chokes when it receives
them in updates and tosses the partially processed update.

2) EGP detects the "problem" with the data, and assumes that the
entire packet is bad (even though it installs all the routes up to the
bogus one). After 4 such updates in a row, gated sends a cease command
to the gateway it was peering with, and goes back into neighbor
acquisition state. Meanwhile, any routes you are advertising to the
core get marked ureachable for 60 seconds.

This has happened at our site many (1-2 dozen times) since last
Thursday. (e.g. the problem doesn't seem to be going away).

3) If you are running Kirton's EGP, or an old version of gated, none
of these events will be logged anywhere. In other words, if it is
happening to you, you probably aren't even aware of it.

4) The code in gated, egpup and the BBN core gateways apparently all
allow non class A, B, C nets to slip into updates [which side of the
fence do fuzzballs and vendor gateways sit on??] The problem is no
doubt code of the following type:

if (is_classA_net(net)) then
    /* do class A stuff */
else if (is_classsB_net(net)) then
   /* do class B stuff *
else
   /* must be a class C net */
   /* do class C stuff */
endif

For egpup users, I strongly urge that the following patch be applied
to rt_egp.c. It will prevent egp from sending out reachability updates
for non-A,B,C nets.

*** rt_egp.c Thu Jan 21 20:02:20 1988
--- /usr/src/local/etc/egp/rt_egp.c Mon Nov 10 19:05:38 1986
***************
*** 128,135 ****

                if( in_isa( current_gw)) n_bytes = 3;
                else if( in_isb( current_gw)) n_bytes = 2;
! else if (in_isc( current_gw)) n_bytes = 1;
! else return(ERROR);
                bcopy( (u_char *)&current_gw+4-n_bytes, nrp, n_bytes);
                nrp += n_bytes;

--- 128,134 ----

                if( in_isa( current_gw)) n_bytes = 3;
                else if( in_isb( current_gw)) n_bytes = 2;
! else n_bytes = 1;
                bcopy( (u_char *)&current_gw+4-n_bytes, nrp, n_bytes);
                nrp += n_bytes;

***************
*** 152,159 ****
                                                        /* copy net addr */
            if( in_isa( net_pt->net)) n_bytes = 1;
            else if( in_isb( net_pt->net)) n_bytes = 2;
! else if (in_isc( net_pt->net)) n_bytes = 3;
! else return(ERROR)
            bcopy(&net_pt->net, nrp, n_bytes);
            nrp += n_bytes;
        } /* end for each net */
--- 151,157 ----
                                                        /* copy net addr */
            if( in_isa( net_pt->net)) n_bytes = 1;
            else if( in_isb( net_pt->net)) n_bytes = 2;
! else n_bytes = 3;
            bcopy(&net_pt->net, nrp, n_bytes);
            nrp += n_bytes;
        } /* end for each net */

For gated users, the same basic patch applies. Look in the file
rt_egp.c, routine rt_NRnets(). I would supply the patch, but I am
running a beta test version of gated that's different than everyone
elses.

I am skeptical that the above fixes really get at the heart of the
problem. Some of the nets that are appearing apperently don't really
exist, but they are technically valid Internet addresses.

Thomas



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:40:41 GMT