Sent from my iThing
On Oct 1, 2010, at 12:16 AM, Danny McPherson <da...@tcb.net> wrote: > > On Sep 30, 2010, at 11:34 PM, Manav Bhatia wrote: >> >> I would be interested in knowing if operators use the cryptographic >> authentication for detecting the errors that i just described above. > > Additionally, one might venture to understand the effects of such mechanisms > and > why knob's such as IS-IS's "ignore-lsp-errors" were added ~15 years ago. LSP > corruption storms driven by receivers that purge corrupted LSPs and > originators that > re-originate and flood on receipt of said purged LSPs are very problematic > and > otherwise difficult to identify in practice. > > Coincidentally, it's also why logging LSPs that trigger such errors is > important, whether > you ignore them or propagate them. I really wish there was a good way to (generically) keep a 4-6 hour buffer of all control-plane traffic on devices. While you can do that with some, the forensic value is immense when you have a problem. - Jared >
