#通知
由于老板技术不精,炸了上游路由器,被上游挂频道
现在已经联系我们的NOC写新的路由规则。
如果此次事件对同行造成影响,在此说声抱歉。
事件发生过程:
1. 我们的客户要求将国际优化调整为大陆优化,老板把prefix的国际优化juniper的term下面的from删除
2. 由于juniper删除term的from,then还会保留,所以将全部的规则accept出去。
3. 经过常规show检查发现问题,然后在一分钟内将规则修正,但是造成了一些观者节点有波动(例如GSL的探测器)因此给我方和上游寄送了email
Juniper在只有then的情况下如果包含accept会将路由全部发出造成路由泄漏。并且juniper的policy真的很难用,不如Cisco的语法
Due to our boss lacking technical skills, he messed up the upstream router and got our session cut off by the provider.
We’ve already contacted our NOC to write a new set of routing rules.
If this incident caused any impact to our peers, we sincerely apologize.
Incident details:
1. Our client requested to switch from international optimization to mainland China optimization. The boss deleted the from clause under the Juniper term used for international prefix optimization.
2. On Juniper, when you delete the from clause but keep the then action (which included accept), it ends up accepting and leaking everything.
3. The issue was noticed through a routine show check, and we fixed the rule within a minute. However, during that short time, some observer nodes (like GSL’s probe) detected fluctuations, which led to emails being sent to both us and our upstream.
lain.sh
由于老板技术不精,炸了上游路由器,被上游挂频道
现在已经联系我们的NOC写新的路由规则。
如果此次事件对同行造成影响,在此说声抱歉。
事件发生过程:
1. 我们的客户要求将国际优化调整为大陆优化,老板把prefix的国际优化juniper的term下面的from删除
2. 由于juniper删除term的from,then还会保留,所以将全部的规则accept出去。
3. 经过常规show检查发现问题,然后在一分钟内将规则修正,但是造成了一些观者节点有波动(例如GSL的探测器)因此给我方和上游寄送了email
Juniper在只有then的情况下如果包含accept会将路由全部发出造成路由泄漏。并且juniper的policy真的很难用,不如Cisco的语法
Due to our boss lacking technical skills, he messed up the upstream router and got our session cut off by the provider.
We’ve already contacted our NOC to write a new set of routing rules.
If this incident caused any impact to our peers, we sincerely apologize.
Incident details:
1. Our client requested to switch from international optimization to mainland China optimization. The boss deleted the from clause under the Juniper term used for international prefix optimization.
2. On Juniper, when you delete the from clause but keep the then action (which included accept), it ends up accepting and leaking everything.
3. The issue was noticed through a routine show check, and we fixed the rule within a minute. However, during that short time, some observer nodes (like GSL’s probe) detected fluctuations, which led to emails being sent to both us and our upstream.
lain.sh