[j-nsp] What does AS path attribute problem mean?

Andrew Parnell andrew at parnell.ca
Fri Sep 9 14:17:38 EDT 2011


Completely agree, the real fix is to update the old/buggy software,
however this does solve the immediate problem of my BGP sessions
flapping spontaneously.  We're already planning to do a batch of code
upgrades "soon", so unless this becomes more than just a one-off
incident, I'd rather not rush into software updates on this particular
Friday.

Andrew

On Fri, Sep 9, 2011 at 1:07 PM, Jared Mauch <jared at puck.nether.net> wrote:
>        Well, the update is well formatted and proper, the handling in JunOS is buggy.  You don't want to just blackhole unkown items like this as you can
> create a significant problem for others similar to the bogon problems
> that exist.
>
>        This type of a fix is ONLY a short term fix to workaround your buggy
> software.
>
>        - Jared
>
> On Fri, Sep 09, 2011 at 12:58:36PM -0400, Andrew Parnell wrote:
>> We noticed this as well on a couple of our M7i running 9.x series
>> code, but not on others running 10.x.  This is being caused by a
>> particular prefix (212.118.142.0/24):
>>
>> rpd[5239]: xx.xx.253.192 (Internal AS xx) Received BAD update for
>> family inet-unicast(1), prefix 212.118.142.0/24
>>
>> The easy solution is to simply filter out the offending prefix.  There
>> are many ways this can be done, but the following did the trick for
>> us:
>>
>> policy-options {
>>     prefix-list bad-prefixes {
>>         212.118.142.0/24;
>>     }
>>     policy-statement BGP-Import {
>>         term block-bad-prefixes {
>>             from {
>>                 prefix-list bad-prefixes;
>>             }
>>             then reject;
>>         }
>> }
>>
>> Apply something like this to your BGP import and/or export policy as
>> appropriate and you should be fine.
>>
>> Andrew
>>
>> On Fri, Sep 9, 2011 at 11:41 AM, Markus <universe at truemetal.org> wrote:
>> > All of a sudden without changing anything in the config I'm getting the
>> > following on a M7i running 8.0R2.8:
>> >
>> > rpd[3019]: bgp_read_v4_update: NOTIFICATION sent to 89.146.xx.49 (External
>> > AS xxxx): code 3 (Update Message Error) subcode 11 (AS path attribute
>> > problem)
>> >
>> > The other end (Cisco) is getting:
>> >
>> > %BGP-3-NOTIFICATION: received from neighbor 89.146.xx.50 3/11 (invalid or
>> > corrupt AS path) 0 bytes
>> >
>> > This is causing the BGP session to flap. It happens at arbitrary intervals,
>> > sometimes once a minute, sometimes just once in an hour. CFEB and RE CPU are
>> > at steady 100% when it happens.
>> >
>> > What can I do about this and what could be the cause? Help! :)
>> >
>> > Thanks!
>> > Markus
>> >
>> > _______________________________________________
>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >
>> > ______________________________________________________________________
>> > This email has been scanned by the MessageLabs Email Security System.
>> > For more information please visit http://www.messagelabs.com/email
>> > ______________________________________________________________________
>> >
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> --
> Jared Mauch  | pgp key available via finger from jared at puck.nether.net
> clue++;      | http://puck.nether.net/~jared/  My statements are only mine.
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>



More information about the juniper-nsp mailing list