Profile picture
, 7 tweets, 2 min read
My Authors
Read all threads
Some thoughts on CL outage, sorry @ioshints too lazy to blog this right now 🙂

First problem was input validation. It shouldn't have been possible to enter wildcards, but the validation failed (buggy code). It would make sense to add more logic here... 1/x
It shouldn't be allowed to filter traffic belong to CL infra, BGP, ISIS, loopbacks, management etc etc...

Second problem was this was implemented without running tests (from what I can tell). The rule could have been tested on a virtual device first. CP is easy to simulate. 2/x
The fault should have been caught in these tests and and the rules should not have made it to production.

Furthermore, there should be a ruleset, a safety net, of rules you can't override. You shouldn't be able to filter out traffic from the router itself. Think CP. 3/x
Having a global FlowSpec implementation seems VERY risky. There should be interfaces where you don't implement FlowSpec. It should be used for Edge, not Core. From what I can tell, far too many interfaces were affected.

4/x
If customer advertises something to you, you don't want that to affect your own infra or other customers. Once again, global implementation seems very risky. This should be scoped to where customer has their interfaces... 5/x
An option to having FlowSpec on devices directly, would be to have FS speaker somewhere else. Adverties NLRI to it, then use standard automation tool Southbound to implement standard ACLs. Maybe not as fully featured but probably a safer implementation. @ytti 6/x
In the end, shit happens. And it was on a Sunday. Still, 5h of outages for a pretty basic problem. Not nearly as complex as the DWDM outage some years ago. This should have been resolved faster.

Many lessons to learn on improving MTTR. 7/7.
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with Daniel Dib

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @danieldibswe see all

Profile picture
Daniel Dib
@danieldibswe
I've been working for the same company, Conscia, for more than five years now. This thread will describe why I have stayed and will help managers and leaders to understand how you can keep high performers around.

This is going to take a number of tweets.
Everything starts with culture. You can't fake culture. Forget about ping pong tables, free lunch and things of that nature. Those are fine but they are NOT culture. I don't, and probably most other high performers, have zero fucks to give about things like that.
Culture is something you build from the ground. With passionate employees that want to improve and that want to help others improve. You can try to, and can have some results improving culture, but if the company was built on shit culture, results won't be good.
Read 13 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!