[nsp-sec] 答复: Saudi Telecom Contact?

Paul Goyette pgoyette at juniper.net
Thu Sep 8 22:25:21 EDT 2011 

Long time no talk!  (Like, I've been lurking for the last three
years.)

Looks like we might be having a rash of customer reports with
BGP sessions flapping etc.

Sep  8 18:58:19.179627 BGP RECV xx.xx.xxx.xxx+179 -> xx.xx.xxx.xxx+57435 
Sep  8 18:58:19.179639 BGP RECV message type 2 (Update) length 85 
Sep  8 18:58:19.179646 BGP RECV flags 0x40 code Origin(1): IGP 
Sep  8 18:58:19.179655 BGP RECV flags 0x40 code ASPath(2): 7018 6453 39386 25019 
Sep  8 18:58:19.179663 BGP RECV flags 0x40 code NextHop(3): 12.88.174.133 
Sep  8 18:58:19.179671 BGP RECV flags 0xe0 code AttrSet(128): Origin AS 64904
Sep  8 18:58:19.179678 BGP RECV     flags 0x40 code Origin(1): Incomplete
Sep  8 18:58:19.179687 BGP RECV     flags 0x40 code ASPath(2): 0 (0xfc 0xda)
Sep  8 18:58:19.179694 BGP RECV     flags 0x80 code MultiExitDisc(4): 1
Sep  8 18:58:19.179701 BGP RECV     flags 0x40 code LocalPref(5): 100
Sep  8 18:58:19.179709 BGP RECV         212.118.142.0/24
Sep  8 18:58:19.179937 bgp_read_v4_update: NOTIFICATION sent to xx.xx.xxx.xxx (External AS 7018): code 3 (Update Message Error) subcode 11 (AS path attribute problem)

Juniper code is set to treat this attribute as unknown attribute 
and pass it, UNLESS "independent-domain" is configured under 
"routing-instance" hierarchy.  Beginning with JUNOS 10.2 code,
we have an option to totally drop specific attributes.

I haven't followed this whole thread and not sure I even have
the whole thread.  But if there's anything I can help with, let
me know.


> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of Schiller, Heather A
> Sent: Thursday, September 08, 2011 6:31 PM
> To: 'nsp-security NSP'
> Subject: Re: [nsp-sec] 答复: Saudi Telecom Contact?
> 
> ----------- nsp-security Confidential --------
> 
> 
> There was a similar announcement of a prefix with an unknown attribute
> around this time last year when RIPE tested attribute 99.  Cisco
> discovered IOS-XR boxes didn't handle it very well..
> http://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml
> 
> Nanog thread from last year:
> http://mailman.nanog.org/pipermail/nanog/2010-August/024828.html
> 
> --Heather
> 
> -----Original Message-----
> From: Janish, Nathan [mailto:Nathan.Janish at Level3.com]
> Sent: Thursday, September 08, 2011 9:25 PM
> To: Schiller, Heather A; 王华; 'nsp-security NSP'
> Subject: RE: [nsp-sec] 答复: Saudi Telecom Contact?
> 
> That is correct.  If you have some involvement with 212.118.142.0/24 I
> can put you in touch with people who have more information on the
> matter.  Sorry, not a bgp guy so I'm unsure how the unknown attribute
> affects traffic but I can connect you with our NOC if you can assist
> with the fix.
> 
> Nate
> 
> -----Original Message-----
> From: Schiller, Heather A [mailto:heather.schiller at verizon.com]
> Sent: Thursday, September 08, 2011 7:11 PM
> To: 王华; Janish, Nathan; 'nsp-security NSP'
> Subject: RE: [nsp-sec] 答复: Saudi Telecom Contact?
> 
> 
> Unknown attribute 128
> 
> http://mailman.nanog.org/pipermail/nanog/2011-September/039832.html
> 
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of ??
> Sent: Thursday, September 08, 2011 8:25 PM
> To: 'Janish, Nathan'; 'nsp-security NSP'
> Subject: [nsp-sec] 答复: Saudi Telecom Contact?
> 
> ----------- nsp-security Confidential --------
> 
> What's wrong with the route 212.118.142.0/24?
> 
> -----邮件原件-----
> 发件人: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] 代表 Janish, Nathan
> 发送时间: 2011年9月9日 7:38
> 收件人: nsp-security NSP
> 主题: [nsp-sec] Saudi Telecom Contact?
> 
> ----------- nsp-security Confidential --------
> 
> Anyone on list happen to have a contact at Saudi Telecom?
> 
> Thanks,
> 
> Nathan Janish
> Level3 Security
> 
> 
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-
> security community. Confidentiality is essential for effective Internet
> security counter-measures.
> _______________________________________________
> 
> 
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-
> security community. Confidentiality is essential for effective Internet
> security counter-measures.
> _______________________________________________
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-
> security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________

More information about the nsp-security mailing list