[j-nsp] What does AS path attribute problem mean?
Jerry Jones
jjones at danrj.com
Fri Sep 23 17:45:28 EDT 2011
Looks like JUniper issued a note today on this.
PSN-2011-09-380
On Sep 20, 2011, at 9:45 AM, Juniper GOWEX wrote:
Hi Experts,
The attributes problems have appearedagain:
/Sep 19 20:46:43 router1.net LEV[2625]: bgp_path_attr_error: NOTIFICATION sent to 149.X.X.X (External AS XXX): code 3 (Update Message Error) subcode 11 (AS path attribute problem)/
and looking at the Juniper KB I found a workaround :
/"In order to stop the BGP session flaps, a per-neighbor
configuration option exists that will cause JUNOSe to ignore any
illegal or incorrectly formatted attributes:
/
/ERX(config)#*router bgp*//<AS#>
ERX(config-router)#*neighbor*//<x.x.x.x>* lenient*/
/Provided log category |*bgpMessages*| has been set to log
severity warning by configuring:
/
/ERX(config)#*log severity warning bgpMessages*/
/a message will still be logged when an illegal attribute is
received:
|WARNING 01/01/2008 19:34:52 bgpMessages (default,10.0.0.2):
UPDATE message from peer 10.0.0.2 in core: new-as-path contains
segment type confed-sequence (not allowed). "|
/
http://kb.juniper.net/InfoCenter/index?page=content&id=KB13623&actp=RSS
Does anyone know or configuredthis workarround ? . Do you think this could avoid the BGP session flaps?
Thanks in advance for your support
Best Regards
Isidoro
El 09/09/2011 18:58, Andrew Parnell escribió:
> We noticed this as well on a couple of our M7i running 9.x series
> code, but not on others running 10.x. This is being caused by a
> particular prefix (212.118.142.0/24):
>
> rpd[5239]: xx.xx.253.192 (Internal AS xx) Received BAD update for
> family inet-unicast(1), prefix 212.118.142.0/24
>
> The easy solution is to simply filter out the offending prefix. There
> are many ways this can be done, but the following did the trick for
> us:
>
> policy-options {
> prefix-list bad-prefixes {
> 212.118.142.0/24;
> }
> policy-statement BGP-Import {
> term block-bad-prefixes {
> from {
> prefix-list bad-prefixes;
> }
> then reject;
> }
> }
>
> Apply something like this to your BGP import and/or export policy as
> appropriate and you should be fine.
>
> Andrew
>
> On Fri, Sep 9, 2011 at 11:41 AM, Markus<universe at truemetal.org> wrote:
>> All of a sudden without changing anything in the config I'm getting the
>> following on a M7i running 8.0R2.8:
>>
>> rpd[3019]: bgp_read_v4_update: NOTIFICATION sent to 89.146.xx.49 (External
>> AS xxxx): code 3 (Update Message Error) subcode 11 (AS path attribute
>> problem)
>>
>> The other end (Cisco) is getting:
>>
>> %BGP-3-NOTIFICATION: received from neighbor 89.146.xx.50 3/11 (invalid or
>> corrupt AS path) 0 bytes
>>
>> This is causing the BGP session to flap. It happens at arbitrary intervals,
>> sometimes once a minute, sometimes just once in an hour. CFEB and RE CPU are
>> at steady 100% when it happens.
>>
>> What can I do about this and what could be the cause? Help! :)
>>
>> Thanks!
>> Markus
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>> ______________________________________________________________________
>> This email has been scanned by the MessageLabs Email Security System.
>> For more information please visit http://www.messagelabs.com/email
>> ______________________________________________________________________
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list