Cisco bug behind small scale Internet outage

Duke, RIPE NCC BGP experiment triggers IOS XR vulnerability

Cisco says it has patched a bug in its routers that was behind the outage affecting 1% of the Internet last week. As colleague Robert McMillan of the IDG News Service reported, an experiment run by Duke University and a European group responsible for managing Internet resources disrupted a small percentage of Internet traffic.

The disruption was traced to a vulnerability in Cisco's IOS XR operating system, which runs on its CRS-1 and XR 12000 series routers. IOS XR routers took the experimental data, corrupted it, and then passed that corrupted information on to other routers, McMillan reports. Many of the routers that received this information closed connections with the Cisco routers that sent the buggy data, causing part of the Internet to become inaccessible.

The experiment conducted by Duke and Reseaux IP Europeens Network Coordination Centre (RIPE NCC) announced BGP routes that were configured differently from normal because they used an experimental data format. The anomaly triggered the IOS XR bug, which disrupted access to networks in 60 countries for less than a half hour.

Duke claimed that the experimental data was "100% standard compliant," according to McMillan's report. RIPE NCC said the experiment was intended "to further global understanding of specific aspects of Internet routing behaviour."

Mission accomplished! The experiment and the bug affected 3,500 IP address prefixes, McMillan reports.

Cisco issued a security advisory on the IOS XR vulnerability hours after the event. RIPE NCC said it will give network operators a heads-up before fiddling with BGP again. Duke would not discuss details about the experiment.

More from Cisco Subnet:


All of today's Cisco news and blogs

Cisco wants to be the standard

Wendell Odom: Tons of Answers at Networkers

Forget Apple. RIM should fear Cisco's Cius

Why You Can No Longer Afford to Consider Presence an Optional Component

The Next Generation of Routing Architecture

Hands on with the Android tablet "Cius" that Cisco announced at Cisco Live

High Availability, Headless Communists, and Other Random Thoughts from Networkers

Lieberman Cybersecurity Bill Could Change IT Procurement

Like RSS readers? Subscribe to the Cisco Subnet RSS feed

 Follow all Cisco Subnet bloggers on Twitter.Jim Duffy on Twitter


Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.

IT Salary Survey: The results are in