Mills@UDEL.EDU (01/18/88)
Folks, I am used to seeing some amount of trash in the core gateway routing tables, but this morning it has gotten out of hand. At the end of this message is a summary of the world according to the PURDUE LSI-11 core gateway. The first part shows the neighbors which at one time were up, but are at the moment offline, crashed or worse. The second part shows a mess of 68 apparently bogus nets (!) presently sloshing over all Internet corespeakers at the moment. I constructed this list from the full PURDUE routing table by deleting all named networks and all unnamed networks in the range 128.x.x.x, 129.x.x.x and 192.x.x.x. Some of the remainder are marked unreachable, so are not included in PURDUE routing updates sent to its neighbors. The others are in fact now sloshing all over the Internet, overflowing routing tables and crashing at least three EGPspeakers known to me. From the hop counts and first-hop gateways listed, I suspect counting-to-infinity is in progress on the MILNET side of the mailbridges, so the bogons might eventually evaporate from the core tables. However, the three EGPspeakers I watch are now crashing at intervals of a few hours, so the bogon generator may be barking at those intervals or less. I strongly suspect a malformed EGP update is being sent to a core gateway, which results not only in broken tables, but a malformed EGP update being sent back to the remaining EGP population. While my crashed EGPspeakers may deserve additional anti-bogon insulation, the bogonspeakers should be found and fried ASAP. Could it be that some list of gateways within an EGP update has overflowed a count field or broken a parser? Dave Gateway 16 PURDUE 10.2.0.37 (Arpanet) Sun Jan 17 09:52:25 1988 (EST) Neighbors: DOWN: golden-gateway.stanford.edu 10.1.0.11 (Arpanet) (EGP or indirect via EGP) DOWN: gateway.rice.edu 10.4.0.62 (Arpanet) (EGP or indirect via EGP) DOWN: a.cs.uiuc.edu 10.3.0.37 (Arpanet) (EGP or indirect via EGP) DOWN: rita.acs.washington.edu 10.1.0.91 (Arpanet) (EGP or indirect via EGP) DOWN: iu.ai.sri.com 10.5.0.2 (Arpanet) (EGP or indirect via EGP) DOWN: ISTC 10.1.0.107 (Arpanet) DOWN: gold.bacs.indiana.edu 10.7.0.37 (Arpanet) (EGP or indirect via EGP) DOWN: princeton.edu 10.7.0.96 (Arpanet) (EGP or indirect via EGP) DOWN: oberon.usc.edu 10.0.0.121 (Arpanet) (EGP or indirect via EGP) DOWN: ngp.utexas.edu 10.0.0.62 (Arpanet) (EGP or indirect via EGP) DOWN: think.com 10.4.0.6 (Arpanet) (EGP or indirect via EGP) DOWN: lad 10.6.0.62 (Arpanet) (EGP or indirect via EGP) DOWN: YALE 10.2.0.9 (Arpanet) (EGP or indirect via EGP) DOWN: 10.7.0.62 (Arpanet) (EGP or indirect via EGP) DOWN: 192.5.48.18 (purdue-cs-net) (EGP or indirect via EGP) DOWN: potomac.ads.com 10.5.0.25 (Arpanet) (EGP or indirect via EGP) DOWN: xn.ll.mit.edu 10.2.0.10 (Arpanet) (EGP or indirect via EGP) DOWN: columbia.edu 10.3.0.89 (Arpanet) (EGP or indirect via EGP) DOWN: teknowledge-vaxc 10.5.0.11 (Arpanet) (EGP or indirect via EGP) DOWN: utah-arpa-gw 10.3.0.4 (Arpanet) (EGP or indirect via EGP) DOWN: VAN 10.5.0.63 (Arpanet) (EGP or indirect via EGP) DOWN: TEST2 10.2.0.63 (Arpanet) (EGP or indirect via EGP) DOWN: 10.7.0.111 (Arpanet) (EGP or indirect via EGP) DOWN: 10.0.5.91 (Arpanet) (EGP or indirect via EGP) DOWN: att 10.5.0.89 (Arpanet) (EGP or indirect via EGP) Network Table: 193.252.102 4 hops (ext) via MILLBL 10.0.0.68 (Arpanet) 207.255.92 6 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 125 Unreachable 127 Unreachable 159.249 5 hops (ext) via MILBBN 10.5.0.5 (Arpanet) 159.183 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 135.251 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 207.250.89 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 191.151 6 hops (ext) via MILISI 10.2.0.22 (Arpanet) 19 Unreachable 207.252.253 6 hops (ext) via MILISI 10.2.0.22 (Arpanet) 100 6 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 159.250 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 143.151 4 hops (ext) via MILLBL 10.0.0.68 (Arpanet) 159.59 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 207.250.115 5 hops (ext) via MILARPA 10.2.0.28 (Arpanet) 207.250.83 6 hops (ext) via MILSAC 10.2.0.80 (Arpanet) 207.252.247 4 hops via MILDCEC 10.7.0.20 (Arpanet) 159.255 4 hops (ext) via MILLBL 10.0.0.68 (Arpanet) 207.255.40 6 hops (ext) via MILSAC 10.2.0.80 (Arpanet) 207.252.98 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 135.239 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 159.164 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 159.254 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 207.255.253 6 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 207.255.167 6 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 193.255.57 6 hops (ext) via MILISI 10.2.0.22 (Arpanet) 126 Unreachable 159.167 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 193.252.249 Unreachable 199.253.7 6 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 207.252.220 6 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 84 1 hop (ext) via umn-rei-uc 10.2.0.94 (Arpanet) 42 Unreachable 159.89 6 hops (ext) via MILISI 10.2.0.22 (Arpanet) 207.255.234 6 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 207.253.52 4 hops (ext) via MILLBL 10.0.0.68 (Arpanet) 143.180 5 hops (ext) via MILBBN 10.5.0.5 (Arpanet) 193.252.205 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 199.250.83 4 hops (ext) via MILLBL 10.0.0.68 (Arpanet) 159.235 4 hops via MILDCEC 10.7.0.20 (Arpanet) 143.252 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 207.252.215 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 207.253.88 5 hops (ext) via MILBBN 10.5.0.5 (Arpanet) 143.250 6 hops (ext) via MILISI 10.2.0.22 (Arpanet) 207.253.217 6 hops (ext) via MILISI 10.2.0.22 (Arpanet) 207.252.249 5 hops (ext) via MILBBN 10.5.0.5 (Arpanet) 159.180 6 hops (ext) via MILISI 10.2.0.22 (Arpanet) 207.252.242 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 159.243 4 hops (ext) via MILLBL 10.0.0.68 (Arpanet) 131.237 4 hops (ext) via MILLBL 10.0.0.68 (Arpanet) 199.255.174 5 hops (ext) via MILARPA 10.2.0.28 (Arpanet) 159.149 6 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 61 Unreachable 207.252.172 4 hops via MILDCEC 10.7.0.20 (Arpanet) 60 Unreachable 207.255.51 6 hops via MILDCEC 10.7.0.20 (Arpanet) 199.253.217 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 199.253.202 5 hops (ext) via ISI 10.3.0.27 (Arpanet) 195.253.219 6 hops (ext) via MILISI 10.2.0.22 (Arpanet) 207.253.147 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 207.253.89 5 hops (ext) via ISI 10.3.0.27 (Arpanet) 207.252.255 6 hops (ext) via MILISI 10.2.0.22 (Arpanet) 207.243.181 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 63 Unreachable 159.210 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 159.62 5 hops (ext) via MILDCEC 10.7.0.20 (Arpanet) 207.250.17 5 hops (ext) via MILARPA 10.2.0.28 (Arpanet)
narten@PURDUE.EDU (Thomas Narten) (01/18/88)
>Neighbors: > > DOWN: 192.5.48.18 (purdue-cs-net) (EGP or indirect via EGP) The list of "down" neighbors may be a bit deceiving. The machine 192.5.48.18 hasn't peered with Purdue LSI gateway since before Christmas. I would suggest that the LSI gateway hasn't been rebooted in over a month and that the entry is old, but... >However, the three EGPspeakers I watch are now crashing at intervals >of a few hours, so the bogon generator may be barking at those >intervals or less. Perhaps the definition of "crashed" needs to be examined. According to my own logs, the Purdue gateway has flawlessly responded to ICMP echoes every 15 minutes for the last 3 days. Although the gateway can probably reboot and completely rebuild all its route tables in only a few minutes, it seems unlikely that I would miss every one of the crashes. Thomas
hinden@PARK-STREET.BBN.COM (Robert Hinden) (01/18/88)
Thomas, In fact, both Purdue gateways (Butterfly and LSI-11) have been up with out any restarts for a month or more. See attached status reports. Bob gstatus: 10/31/86 10:23 For documentation, type "gstatus \?" Beginning at Sun Jan 17 21:24:58 1988 (EST) Source Host: 10.2.0.82 (Arpanet inoc.bbn.com) Butterfly Gateway 91 PURD-BF 10.0.0.37 (Arpanet) Sun Jan 17 21:25:05 1988 (EST) Version 3.10 Gateway Number 32, Autonomous System 60 Last restart: 11/30 09:23 Interfaces: UP: PURD-BF 10.0.0.37 (Arpanet) UP: PURD-BF 128.210.2.1 (purdue-ccnet) UP: PURD-BF 128.10.2.200 (Purdue-CS) UP: PURD-BF 128.211.0.51 (purdue-cs-cyp) UP: PURD-BF 192.5.91.60 (purdue-ecn1) Gateway 16 PURDUE 10.2.0.37 (Arpanet) Sun Jan 17 21:25:09 1988 (EST) Version 1008.2 Last restart: 12/18 10:24 Features on: THR EGP RUP sequence number = 044630 Memory: 80784 bytes in use, 123368 bytes idle, 1680 bytes free Interfaces: UP: PURDUE 10.2.0.37 (Arpanet) (since 12/18 10:24) output q: 2, allocated: 48, data size: 1006 UP: PURDUE 192.5.48.6 (purdue-cs-net) (since 12/18 10:24) output q: 0, allocated: 31, data size: 1600 gstatus terminated at Sun Jan 17 21:25:09 1988 (EST)
narten@PURDUE.EDU (Thomas Narten) (01/18/88)
>In fact, both Purdue gateways (Butterfly and LSI-11) have been up with out >any restarts for a month or more. See attached status reports. In that case, the extra bogus nets (or some other recent problem) may be causing the EGP servers to "burp" periodically. Three times in the last 4 days, the Butterfly EGP decided that we (128.211.1.1) were no longer an EGP neighbor, and restarted the neighbor aquisition protocol. In each case, events happened suddenly and without warning; no cease commands were received, and we had not even declared the Butterfly down for lack of responses to hellos & polls. I am fairly certain that this had not happening even once in the entire preceding month. I can't speak for the LSI-11 gateway, because we aren't peering with it anymore. Thomas