donatas abraitis

DC meltdown by having fat-finger syndrome

In my previous lighting blog post, I described how it’s possible to null route the whole datacenter by having fat-finger syndrome.

This is a second example of how to melt down your network by just mistyping a single character. Imagine what happens when you type:

neighbor route-map lN in
route-map IN permit
  match ip address prefix-list default-only

Looking around with a properly bad font you can’t catch anything abnormal. But in != ln.

In this case, you receive a full BGP table which will be inserted into the routing table and with a weak hardware you should guess what happens.

Neither Cisco nor Juniper does not handle this anyhow.

Again with my non-profit contribution marathon to FRRouting this raises warning if you mistype route-map name. It’s much easier and faster to detect if you type those commands inside the terminal.

Newer >>