[nsp-sec] 答复: Saudi Telecom Contact?

Schiller, Heather A heather.schiller at verizon.com
Fri Sep 9 14:12:52 EDT 2011 

"Juniper code is set to treat this attribute as unknown attribute and pass it, UNLESS "independent-domain" is configured under "routing-instance" hierarchy.  "

That seems specific to attribute 128 though... 
http://www.juniper.net/techpubs/en_US/junos11.2/topics/reference/configuration-statement/independent-domain-edit-routing-options.html 

Given that this has happened twice in a year, I wouldn't say its terribly common.. But it would be nice to be able to drop specific attributes. 

-----Original Message-----
From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Paul Goyette
Sent: Thursday, September 08, 2011 10:25 PM
To: 'nsp-security NSP'
Subject: Re: [nsp-sec] 答复: Saudi Telecom Contact?

----------- nsp-security Confidential --------

Long time no talk!  (Like, I've been lurking for the last three
years.)

Looks like we might be having a rash of customer reports with BGP sessions flapping etc.

Sep  8 18:58:19.179627 BGP RECV xx.xx.xxx.xxx+179 -> xx.xx.xxx.xxx+57435 Sep  8 18:58:19.179639 BGP RECV message type 2 (Update) length 85 Sep  8 18:58:19.179646 BGP RECV flags 0x40 code Origin(1): IGP Sep  8 18:58:19.179655 BGP RECV flags 0x40 code ASPath(2): 7018 6453 39386 25019 Sep  8 18:58:19.179663 BGP RECV flags 0x40 code NextHop(3): 12.88.174.133 Sep  8 18:58:19.179671 BGP RECV flags 0xe0 code AttrSet(128): Origin AS 64904
Sep  8 18:58:19.179678 BGP RECV     flags 0x40 code Origin(1): Incomplete
Sep  8 18:58:19.179687 BGP RECV     flags 0x40 code ASPath(2): 0 (0xfc 0xda)
Sep  8 18:58:19.179694 BGP RECV     flags 0x80 code MultiExitDisc(4): 1
Sep  8 18:58:19.179701 BGP RECV     flags 0x40 code LocalPref(5): 100
Sep  8 18:58:19.179709 BGP RECV         212.118.142.0/24
Sep  8 18:58:19.179937 bgp_read_v4_update: NOTIFICATION sent to xx.xx.xxx.xxx (External AS 7018): code 3 (Update Message Error) subcode 11 (AS path attribute problem)

Juniper code is set to treat this attribute as unknown attribute and pass it, UNLESS "independent-domain" is configured under "routing-instance" hierarchy.  Beginning with JUNOS 10.2 code, we have an option to totally drop specific attributes.

I haven't followed this whole thread and not sure I even have the whole thread.  But if there's anything I can help with, let me know.


> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security- 
> bounces at puck.nether.net] On Behalf Of Schiller, Heather A
> Sent: Thursday, September 08, 2011 6:31 PM
> To: 'nsp-security NSP'
> Subject: Re: [nsp-sec] 答复: Saudi Telecom Contact?
> 
> ----------- nsp-security Confidential --------
> 
> 
> There was a similar announcement of a prefix with an unknown attribute 
> around this time last year when RIPE tested attribute 99.  Cisco 
> discovered IOS-XR boxes didn't handle it very well..
> http://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml
> 
> Nanog thread from last year:
> http://mailman.nanog.org/pipermail/nanog/2010-August/024828.html
> 
> --Heather
> 
> -----Original Message-----
> From: Janish, Nathan [mailto:Nathan.Janish at Level3.com]
> Sent: Thursday, September 08, 2011 9:25 PM
> To: Schiller, Heather A; 王华; 'nsp-security NSP'
> Subject: RE: [nsp-sec] 答复: Saudi Telecom Contact?
> 
> That is correct.  If you have some involvement with 212.118.142.0/24 I 
> can put you in touch with people who have more information on the 
> matter.  Sorry, not a bgp guy so I'm unsure how the unknown attribute 
> affects traffic but I can connect you with our NOC if you can assist 
> with the fix.
> 
> Nate
> 
> -----Original Message-----
> From: Schiller, Heather A [mailto:heather.schiller at verizon.com]
> Sent: Thursday, September 08, 2011 7:11 PM
> To: 王华; Janish, Nathan; 'nsp-security NSP'
> Subject: RE: [nsp-sec] 答复: Saudi Telecom Contact?
> 
> 
> Unknown attribute 128
> 
> http://mailman.nanog.org/pipermail/nanog/2011-September/039832.html
> 
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security- 
> bounces at puck.nether.net] On Behalf Of ??
> Sent: Thursday, September 08, 2011 8:25 PM
> To: 'Janish, Nathan'; 'nsp-security NSP'
> Subject: [nsp-sec] 答复: Saudi Telecom Contact?
> 
> ----------- nsp-security Confidential --------
> 
> What's wrong with the route 212.118.142.0/24?
> 
> -----邮件原件-----
> 发件人: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] 代表 Janish, Nathan
> 发送时间: 2011年9月9日 7:38
> 收件人: nsp-security NSP
> 主题: [nsp-sec] Saudi Telecom Contact?
> 
> ----------- nsp-security Confidential --------
> 
> Anyone on list happen to have a contact at Saudi Telecom?
> 
> Thanks,
> 
> Nathan Janish
> Level3 Security
> 
> 
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp- 
> security community. Confidentiality is essential for effective 
> Internet security counter-measures.
> _______________________________________________
> 
> 
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp- 
> security community. Confidentiality is essential for effective 
> Internet security counter-measures.
> _______________________________________________
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp- 
> security community. Confidentiality is essential for effective 
> Internet security counter-measures.
> _______________________________________________



_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________

More information about the nsp-security mailing list