[j-nsp] Juniper BGP invalid attributes
Richard A Steenbergen
ras at e-gerbil.net
Wed Mar 18 19:08:28 EDT 2009
On Wed, Mar 18, 2009 at 01:49:52PM -0400, Bryan Socha wrote:
> Does anyone know what Junos revisions for the M series will fix this?
> We ended up just filtering out the offending announcement but would
> prefer to update and avoid future ones. Richard's list looks like all E
> series releases.
Well, it depends what you mean by "fix". Other than 9.1R1 (I haven't
heard any reports of problems on other versions), regular JUNOS doesn't
actually have a problem with the invalid attribute itself. It has a
problem with GENERATING the invalid attribute which is toxic to other
routers (like JUNOSe), and it has a problem under 9.1R1 with generating
invalid updates in response to the invalid attribute which cause all bgp
neighbors who receive the prefix to drop the session with the 9.1R1
router, but thats it.
I don't think there is any code which blocks the route upon receipt of
the invalid attribute, without tearing down the session. Since this is
an optional transitive attribute which will be propagated by all non AS4
speaking routers anyways, this wouldn't be very effective as a means of
protection. So basically, there is nothing to fix other than the bigger
picture of how BGP errors are handled in general.
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list