[j-nsp] Juniper and Cisco - BGP MPLS L2VPN VPLS interoperability

Aaron aaron1 at gvtc.com
Mon Nov 23 22:50:18 EST 2015 

Thanks Dave and Adam, et al, 

Interestingly I just found the following... I looked at the bgp l2vpn vpls all summary uptimes of my ME3600's and I saw lots of them that have been up longer than Nov 19th when the outage occurred.  So I went and looked at those ME3600's that have been up longer than that and found the following versions of IOS in my ME3600's and which ones were and were not affected by this outage.

ME3600 - IOS
15.2(4)S1 - NOT affected
15.2(4)S3 - affected
15.2(4)S5 - affected

ASR920 - IOS XE
03.15.00.S - NOT affected

Strange how my ME3600's running S1 were NOT affected by this, but the ME3600's running S3 and S5 were.

Log message seen on the 9k and ME3600 during outage...

ME3600...

Nov 19 09:19:09: %BGP-3-NOTIFICATION: sent to neighbor 10.101.0.2 3/10 (illegal network) 1 bytes 00
Nov 19 09:19:09: %BGP-4-MSGDUMP: unsupported or mal-formatted message received from 10.101.0.2:
FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 006A 0200 0000 5340 0101 0040 0200 4005
0400 0000 64C0 1010 0002 FFFF 0000 2774 800A 0502 0000 0064 800A 0400 0000 0180
0904 0000 0000 900E 0020 0019 4104 0A65 0CF8 0000 1500 010A 650C F880 0000 0200
0100 02C3 5001 0100 0200

ASR9k...

RP/0/RSP0/CPU0:Nov 19 09:19:09.383 : bgp[1043]: %ROUTING-BGP-5-ADJCHANGE : neighbor 10.101.8.28 Down - BGP Notification received, illegal network (VRF: default)

I'm wondering if this was an NLRI problem since we are seeing illegal network ...  I mean I was wondering previously if it was a capabilities exchange issue, but now I'm wondering if it's NLRI related.

Thanks group,

Aaron


-----Original Message-----
From: Adam Vitkovsky [mailto:Adam.Vitkovsky at gamma.co.uk] 
Sent: Monday, November 23, 2015 5:55 PM
To: Aaron; juniper-nsp at puck.nether.net; arseniev at btinternet.com
Subject: RE: [j-nsp] Juniper and Cisco - BGP MPLS L2VPN VPLS interoperability

Hi Aaron,


> From: Aaron [mailto:aaron1 at gvtc.com]
> Sent: Monday, November 23, 2015 7:58 PM I then enabled bgp mpls l2vpn, 
> and BAMMO !  now listen closely... this brought down about 20 other 
> bgp neighbor sessions with 20 different cisco me3600's all over my 
> network .  now please, listen closely again, we aren't talking about 
> an initial bgp session renegotiation, from this point forward the 
> ME3600's were not able to reestablish their bgp sessions at all !
>
Are the 20 different me3600's configured with l2vpn AF please?
Are the two RRs configured with l2vpn AF please?
Have you see the sessions bouncing on the me3600's Are you running code past 15.3(1)S that should be capable of BGP Enhanced Attribute Error Handling but now I'm not that sure if MEs do support it,

This really looks like the second case I mentioned where RRs relied an UPDATE message that ME3600's perceived as malformed cause they could not parse through it.
And either BGP enhanced error handling wasn't enabled or a mandatory attribute was affected they ought to reset the session over which such a malformed UPDATE message is received.
Once the session is re-established they receive the update again and reset the session again -so the whole process loops.
And only stops after the culprit attribute is removed from the update message.

> I did "rollback 1" on the juniper 5048 and 104 and finally the 
> me3600's were able to settle down and establish bgp neighboring with 
> the dual RR core and all is well.
>

adam


        Adam Vitkovsky
        IP Engineer

T:      0333 006 5936
E:      Adam.Vitkovsky at gamma.co.uk
W:      www.gamma.co.uk

This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of this email are confidential to the ordinary user of the email address to which it was addressed. This email is not intended to create any legal relationship. No one else may place any reliance upon it, or copy or forward all or any of it in any form (unless otherwise notified). If you receive this email in error, please accept our apologies, we would be obliged if you would telephone our postmaster on +44 (0) 808 178 9652 or email postmaster at gamma.co.uk

Gamma Telecom Limited, a company incorporated in England and Wales, with limited liability, with registered number 04340834, and whose registered office is at 5 Fleet Place London EC4M 7RD and whose principal place of business is at Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.

More information about the juniper-nsp mailing list