Comment # 9
on bug 12568
from Christoph Loibl
Hi Everyone,
I am together with Martin working on a larger Flowspec vendor interop-test
(including most of the major router vendors).
> Please note that certain routers also suffer from BUG's on this field ... As
> an example, JunOS was not encoding the value properly ...
I can confirm that a comparable bug can be found (but not in the release that
we are using on Juniper in the LAB). 2 other vendors actually have troubles
with sending such larger flowspec updates but are able to correctly parse large
packets on reception (while the do not understand wrong encoded messages and
tear down the session).
> Would it be possible to load a little bit more the NLRI such that we go
> above 255 bytes and see how the field is coded by the router ?
We can generate a large NLRI (above 255 of length) if you want. The pcap that
is included with this case is actually containing a update message generated by
Juniper (this is fine - size just above 240). The second update is from a Cisco
(triggered by the update received from Juniper) and is as you motioned ("...
certain routers also suffer ...") also wrong. (So it is actually fine if
wireshark is unable to parse the Cisco update (basically all routers are unable
to understand this update from cisco and issue a notify message), but the
Juniper update (the first) is perfectly valid.
Cheers Stoffi
You are receiving this mail because:
- You are watching all bug changes.
