[j-nsp] Unknown Attribute 28 in BGP
Saku Ytti
saku at ytti.fi
Sun Jun 11 11:24:27 EDT 2023
set protocols bgp drop-path-attributes 28 works if your release is too
old for set protocols bgp bgp-error-tolerance, and is preferable in
some ways, as it will protect your downstream as well.
On Sun, 11 Jun 2023 at 17:25, Einar Bjarni Halldórsson via juniper-nsp
<juniper-nsp at puck.nether.net> wrote:
>
> Hi,
>
> We have two MX204 edge routers, each with a connection to a different
> upstream provider (and some IXP peerings on both).
>
> Last week the IPv6 transit session on one of them starting flapping. It
> turns out that we got hit with
> https://labs.ripe.net/author/emileaben/unknown-attribute-28-a-source-of-entropy-in-interdomain-routing/
>
> It only happened on one of our edge routers, so I assume for now that
> either our other transit provider filtered the affected route updates,
> or stripped the attribute.
>
> The post from RIPE links to
> https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html
> but I can't see that bgp-error-tolerance helps us, since this type of
> malformed update is always fatal.
>
> Our edge routers are both running Junos 18.2R3-S3.11. I was planning on
> upgrading to 22.2R3 regardless of this error, but it would be nice to
> know that this problem has been fixed in later version, or mitigations
> introduced that can be used.
>
> Anybody know about this problem in particular, or have ideas on
> mitigating malformed BGP updates?
>
> .einar
> ISNIC
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
--
++ytti
More information about the juniper-nsp
mailing list