[j-nsp] Juniper BGP invalid attributes

Richard A Steenbergen ras at e-gerbil.net
Wed Mar 18 19:08:28 EDT 2009


On Wed, Mar 18, 2009 at 01:49:52PM -0400, Bryan Socha wrote:
> Does anyone know what Junos revisions for the M series will fix this?
> We ended up just filtering out the offending announcement but would
> prefer to update and avoid future ones.  Richard's list looks like all E
> series releases.

Well, it depends what you mean by "fix". Other than 9.1R1 (I haven't
heard any reports of problems on other versions), regular JUNOS doesn't
actually have a problem with the invalid attribute itself. It has a 
problem with GENERATING the invalid attribute which is toxic to other 
routers (like JUNOSe), and it has a problem under 9.1R1 with generating 
invalid updates in response to the invalid attribute which cause all bgp 
neighbors who receive the prefix to drop the session with the 9.1R1 
router, but thats it.

I don't think there is any code which blocks the route upon receipt of 
the invalid attribute, without tearing down the session. Since this is 
an optional transitive attribute which will be propagated by all non AS4 
speaking routers anyways, this wouldn't be very effective as a means of 
protection. So basically, there is nothing to fix other than the bigger 
picture of how BGP errors are handled in general.

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)


More information about the juniper-nsp mailing list