[j-nsp] Juniper BGP invalid attributes
Richard A Steenbergen
ras at e-gerbil.net
Tue Mar 17 21:48:12 EDT 2009
On Tue, Mar 17, 2009 at 08:23:13PM -0500, Richard A Steenbergen wrote:
> Ok got some packet captures of the invalid update, it looks like
> 193.5.68.0/23 was being announced and propagated globally with the
> leaked confederations in AS4_PATH issue described in PSN-2009-01-200.
Actually it looks like this is even weirder... The behavior we're seeing
is that junos 9.2r1 9.2r2 9.2r3 are all processing, mangling, and then
propagating the route with the invalid as4_path, like so:
http://www.paste-it.net/public/o83f44b/
This causes other IBGP speakers to drop those bgp sessions with code 3
subcode 1, vs just the immediately obvious behavior of dropping the bgp
session where the invalid as4_path came into the network (with code 3
subcode 11).
The PSN seems to indicate that any code built after 2009-01-26 has the
fix. I'm actually seeing 9.3r2 not drop the session over the as4_path
itself (even though it has a build date of 2008-12-17), but it IS still
dropping the ibgp sessions from the 9.2r1/2/3 speakers who are mangling
the route.
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list