[j-nsp] BGP session going down on "invalid attribute list"
Hank Nussbacher
hank at efes.iucc.ac.il
Thu Jan 4 09:41:02 EST 2007
At 01:47 PM 04-01-07 +0100, Rutger Bevaart wrote:
>Hello list,
>
>Yesterday we had a BGP session fall away under our feet, and we don't
>completely understand why. We have a Juniper M7i running JUNOS 7.4.
>
>Logging shows:
>Jan 3 16:37:18 juniper rpd[2727]: bgp_read_v4_update: NOTIFICATION sent
>to *.21 (External AS X): code 3 (Update Message Error) subcode 1 (invalid
>attribute list)
>Jan 3 16:37:18 juniper rpd[2727]: bgp_event: peer .21 (External AS X) old
>state Established event RecvUpdate new state Idle
>Jan 3 16:37:26 juniper rpd[2727]: bgp_pp_recv: rejecting connection from
>.21 (External AS X), peer in state Idle
>
>We checked with our peer, and it seems that they received an advertisement
>containing a private AS:
>
>our peer (AS X) <---> peer 1 <---> peer 2 <---> AS65422.
>
>We do filter on private-AS'es using:
>
> policy-statement filter-private-as {
> from as-path private;
> then reject;
> }
>
>Our Cisco router has a BGP session to the same peer AS (and must have
>received the same invalid attribute). However, the BGP session did not go
>down.
>
>a) Has anybody seen this behaviour before?
>
>b) Does an upgrade of JUNOS resolve the issue of the BGP session going
>down, or is that expected behaviour?
>
>c) Can I apply alternative filtering to make sure routes with a private AS
>in the path are always rejected?
Maybe someone sent you a 32bit ASN?
-Hank
>Regards
>Rutger
>
>
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
>+++++++++++++++++++++++++++++++++++++++++++
> This Mail Was Scanned By Mail-seCure System
> at the Tel-Aviv University CC.
More information about the juniper-nsp
mailing list