From owner-freebsd-hackers@FreeBSD.ORG  Wed Aug 13 04:56:56 2014
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id CC45FB2F
 for <hackers@freebsd.org>; Wed, 13 Aug 2014 04:56:56 +0000 (UTC)
Received: from fun.ee.lbl.gov (fun.ee.lbl.gov [IPv6:2620:83:8000:102::ca])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "fun.ee.lbl.gov", Issuer "ACS 2" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id B61602930
 for <hackers@freebsd.org>; Wed, 13 Aug 2014 04:56:56 +0000 (UTC)
Received: from ice.ee.lbl.gov (ice.ee.lbl.gov [131.243.2.213])
 (authenticated bits=0)
 by fun.ee.lbl.gov (8.14.9/8.14.9) with ESMTP id s7D4uuWB030375
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
 for <hackers@freebsd.org>; Tue, 12 Aug 2014 21:56:56 -0700 (PDT)
Message-ID: <53EAF018.4020604@ee.lbl.gov>
Date: Tue, 12 Aug 2014 21:56:56 -0700
From: Craig Leres <leres@ee.lbl.gov>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: hackers@freebsd.org
Subject: Re: death of the Internet predicted.  Film at 11.
References: <CA7C5596-C06A-426A-8087-57E040E08E4E@netgate.com>
In-Reply-To: <CA7C5596-C06A-426A-8087-57E040E08E4E@netgate.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Aug 2014 04:56:56 -0000

I was impacted by this this morning. I had ssh and imaps sessions from
my comcast address at home to a vps at arpnetworks.com and they all died
overnight. But it was a very strange failure. icmp and udp still worked
but tcp couldn't make the round trip. And this was true for several
different cidr's arpnetworks.com has. But everything worked fine from
other locations like from lbl.

TCAM is pretty bizarre; I believe access lists use them and one time Bro
installed too many and overran the TCAM. This was not straight forward
to recover from (e.g. just removing a bunch of ACLs did not unfrob the
router).

		Craig