[j-nsp] What does AS path attribute problem mean?

Keegan Holley keegan.holley at sungard.com
Fri Sep 9 14:24:02 EDT 2011 

I'm hearing this may not be fixed until 10.3 and later.  I'm still waiting
for confirmation from juniper though.  I'm not sure if I would consider this
a bug or a misinterpretation of the RFC.  That message is for malformed
routes/updates not for routes/updates with things we don't like in them.
Either way it needs to go.


2011/9/9 Andrew Parnell <andrew at parnell.ca>

> Completely agree, the real fix is to update the old/buggy software,
> however this does solve the immediate problem of my BGP sessions
> flapping spontaneously.  We're already planning to do a batch of code
> upgrades "soon", so unless this becomes more than just a one-off
> incident, I'd rather not rush into software updates on this particular
> Friday.
>
> Andrew
>
> On Fri, Sep 9, 2011 at 1:07 PM, Jared Mauch <jared at puck.nether.net> wrote:
> >        Well, the update is well formatted and proper, the handling in
> JunOS is buggy.  You don't want to just blackhole unkown items like this as
> you can
> > create a significant problem for others similar to the bogon problems
> > that exist.
> >
> >        This type of a fix is ONLY a short term fix to workaround your
> buggy
> > software.
> >
> >        - Jared
> >
> > On Fri, Sep 09, 2011 at 12:58:36PM -0400, Andrew Parnell wrote:
> >> We noticed this as well on a couple of our M7i running 9.x series
> >> code, but not on others running 10.x.  This is being caused by a
> >> particular prefix (212.118.142.0/24):
> >>
> >> rpd[5239]: xx.xx.253.192 (Internal AS xx) Received BAD update for
> >> family inet-unicast(1), prefix 212.118.142.0/24
> >>
> >> The easy solution is to simply filter out the offending prefix.  There
> >> are many ways this can be done, but the following did the trick for
> >> us:
> >>
> >> policy-options {
> >>     prefix-list bad-prefixes {
> >>         212.118.142.0/24;
> >>     }
> >>     policy-statement BGP-Import {
> >>         term block-bad-prefixes {
> >>             from {
> >>                 prefix-list bad-prefixes;
> >>             }
> >>             then reject;
> >>         }
> >> }
> >>
> >> Apply something like this to your BGP import and/or export policy as
> >> appropriate and you should be fine.
> >>
> >> Andrew
> >>
> >> On Fri, Sep 9, 2011 at 11:41 AM, Markus <universe at truemetal.org> wrote:
> >> > All of a sudden without changing anything in the config I'm getting
> the
> >> > following on a M7i running 8.0R2.8:
> >> >
> >> > rpd[3019]: bgp_read_v4_update: NOTIFICATION sent to 89.146.xx.49
> (External
> >> > AS xxxx): code 3 (Update Message Error) subcode 11 (AS path attribute
> >> > problem)
> >> >
> >> > The other end (Cisco) is getting:
> >> >
> >> > %BGP-3-NOTIFICATION: received from neighbor 89.146.xx.50 3/11 (invalid
> or
> >> > corrupt AS path) 0 bytes
> >> >
> >> > This is causing the BGP session to flap. It happens at arbitrary
> intervals,
> >> > sometimes once a minute, sometimes just once in an hour. CFEB and RE
> CPU are
> >> > at steady 100% when it happens.
> >> >
> >> > What can I do about this and what could be the cause? Help! :)
> >> >
> >> > Thanks!
> >> > Markus
> >> >
> >> > _______________________________________________
> >> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >> >
> >> > ______________________________________________________________________
> >> > This email has been scanned by the MessageLabs Email Security System.
> >> > For more information please visit http://www.messagelabs.com/email
> >> > ______________________________________________________________________
> >> >
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> > --
> > Jared Mauch  | pgp key available via finger from jared at puck.nether.net
> > clue++;      | http://puck.nether.net/~jared/  My statements are only
> mine.
> >
> > ______________________________________________________________________
> > This email has been scanned by the MessageLabs Email Security System.
> > For more information please visit http://www.messagelabs.com/email
> > ______________________________________________________________________
> >
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>

More information about the juniper-nsp mailing list