[j-nsp] What does AS path attribute problem mean?

Keegan Holley keegan.holley at sungard.com
Fri Sep 9 15:00:43 EDT 2011


You can't filter it because the operation that causes the flap happens
before the route filters are evaluated.




2011/9/9 Clay Haynes <chaynes at centracomm.net>

> On Fri, Sep 9, 2011 at 1:07 PM, Jared Mauch <jared at puck.nether.net> wrote:
>
> >        Well, the update is well formatted and proper, the handling in
> JunOS
> > is buggy.  You don't want to just blackhole unkown items like this as you
> > can
> > create a significant problem for others similar to the bogon problems
> > that exist.
> >
> >        This type of a fix is ONLY a short term fix to workaround your
> buggy
> > software.
> >
> >        - Jared
> >
> > On Fri, Sep 09, 2011 at 12:58:36PM -0400, Andrew Parnell wrote:
> > > We noticed this as well on a couple of our M7i running 9.x series
> > > code, but not on others running 10.x.  This is being caused by a
> > > particular prefix (212.118.142.0/24):
> > >
> > > rpd[5239]: xx.xx.253.192 (Internal AS xx) Received BAD update for
> > > family inet-unicast(1), prefix 212.118.142.0/24
> > >
> > > The easy solution is to simply filter out the offending prefix.  There
> > > are many ways this can be done, but the following did the trick for
> > > us:
> > >
> > > policy-options {
> > >     prefix-list bad-prefixes {
> > >         212.118.142.0/24;
> > >     }
> > >     policy-statement BGP-Import {
> > >         term block-bad-prefixes {
> > >             from {
> > >                 prefix-list bad-prefixes;
> > >             }
> > >             then reject;
> > >         }
> > > }
> > >
> > > Apply something like this to your BGP import and/or export policy as
> > > appropriate and you should be fine.
> > >
> > > Andrew
> > >
> > > On Fri, Sep 9, 2011 at 11:41 AM, Markus <universe at truemetal.org>
> wrote:
> > > > All of a sudden without changing anything in the config I'm getting
> the
> > > > following on a M7i running 8.0R2.8:
> > > >
> > > > rpd[3019]: bgp_read_v4_update: NOTIFICATION sent to 89.146.xx.49
> > (External
> > > > AS xxxx): code 3 (Update Message Error) subcode 11 (AS path attribute
> > > > problem)
> > > >
> > > > The other end (Cisco) is getting:
> > > >
> > > > %BGP-3-NOTIFICATION: received from neighbor 89.146.xx.50 3/11
> (invalid
> > or
> > > > corrupt AS path) 0 bytes
> > > >
> > > > This is causing the BGP session to flap. It happens at arbitrary
> > intervals,
> > > > sometimes once a minute, sometimes just once in an hour. CFEB and RE
> > CPU are
> > > > at steady 100% when it happens.
> > > >
> > > > What can I do about this and what could be the cause? Help! :)
> > > >
> > > > Thanks!
> > > > Markus
> > > >
> > > > _______________________________________________
> > > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> > > >
> > > >
> ______________________________________________________________________
> > > > This email has been scanned by the MessageLabs Email Security System.
> > > > For more information please visit http://www.messagelabs.com/email
> > > >
> ______________________________________________________________________
> > > >
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> > --
> > Jared Mauch  | pgp key available via finger from jared at puck.nether.net
> > clue++;      | http://puck.nether.net/~jared/  My statements are only
> > mine.
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
>
>
> I have a case open with TAC on this. They recommended temporarily filtering
> out the bad prefix (as others have mentioned in this thread), and upgrading
> to JUNOS 10.2 or later which doesn't appear to have the issue. In the
> meantime they're looking for the root cause of the flap and seeing if
> there's a different way to fix it for older supported versions of JUNOS.
>
>
> Regards,
> Clay
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>


More information about the juniper-nsp mailing list