[nsp-sec] 答复: Saudi Telecom Contact?

Paul Goyette pgoyette at juniper.net
Fri Sep 9 14:17:48 EDT 2011 

Ask, and ye shall receive!


As indicated in an earlier private Email to Heather, we do
have a hidden knob for this, starting in Junos 10.3

set protocols bgp group blah drop-path-attributes [ 4 10 128 ]

:)


> -----Original Message-----
> From: Schiller, Heather A [mailto:heather.schiller at verizon.com]
> Sent: Friday, September 09, 2011 11:13 AM
> To: Paul Goyette; 'nsp-security NSP'
> Subject: RE: [nsp-sec] 答复: Saudi Telecom Contact?
> 
> 
> "Juniper code is set to treat this attribute as unknown attribute and
> pass it, UNLESS "independent-domain" is configured under "routing-
> instance" hierarchy.  "
> 
> That seems specific to attribute 128 though...
> http://www.juniper.net/techpubs/en_US/junos11.2/topics/reference/config
> uration-statement/independent-domain-edit-routing-options.html
> 
> Given that this has happened twice in a year, I wouldn't say its
> terribly common.. But it would be nice to be able to drop specific
> attributes.
> 
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of Paul Goyette
> Sent: Thursday, September 08, 2011 10:25 PM
> To: 'nsp-security NSP'
> Subject: Re: [nsp-sec] 答复: Saudi Telecom Contact?
> 
> ----------- nsp-security Confidential --------
> 
> Long time no talk!  (Like, I've been lurking for the last three
> years.)
> 
> Looks like we might be having a rash of customer reports with BGP
> sessions flapping etc.
> 
> Sep  8 18:58:19.179627 BGP RECV xx.xx.xxx.xxx+179 ->
> xx.xx.xxx.xxx+57435 Sep  8 18:58:19.179639 BGP RECV message type 2
> (Update) length 85 Sep  8 18:58:19.179646 BGP RECV flags 0x40 code
> Origin(1): IGP Sep  8 18:58:19.179655 BGP RECV flags 0x40 code
> ASPath(2): 7018 6453 39386 25019 Sep  8 18:58:19.179663 BGP RECV flags
> 0x40 code NextHop(3): 12.88.174.133 Sep  8 18:58:19.179671 BGP RECV
> flags 0xe0 code AttrSet(128): Origin AS 64904
> Sep  8 18:58:19.179678 BGP RECV     flags 0x40 code Origin(1):
> Incomplete
> Sep  8 18:58:19.179687 BGP RECV     flags 0x40 code ASPath(2): 0 (0xfc
> 0xda)
> Sep  8 18:58:19.179694 BGP RECV     flags 0x80 code MultiExitDisc(4): 1
> Sep  8 18:58:19.179701 BGP RECV     flags 0x40 code LocalPref(5): 100
> Sep  8 18:58:19.179709 BGP RECV         212.118.142.0/24
> Sep  8 18:58:19.179937 bgp_read_v4_update: NOTIFICATION sent to
> xx.xx.xxx.xxx (External AS 7018): code 3 (Update Message Error) subcode
> 11 (AS path attribute problem)
> 
> Juniper code is set to treat this attribute as unknown attribute and
> pass it, UNLESS "independent-domain" is configured under "routing-
> instance" hierarchy.  Beginning with JUNOS 10.2 code, we have an option
> to totally drop specific attributes.
> 
> I haven't followed this whole thread and not sure I even have the whole
> thread.  But if there's anything I can help with, let me know.
> 
> 
> > -----Original Message-----
> > From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> > bounces at puck.nether.net] On Behalf Of Schiller, Heather A
> > Sent: Thursday, September 08, 2011 6:31 PM
> > To: 'nsp-security NSP'
> > Subject: Re: [nsp-sec] 答复: Saudi Telecom Contact?
> >
> > ----------- nsp-security Confidential --------
> >
> >
> > There was a similar announcement of a prefix with an unknown
> attribute
> > around this time last year when RIPE tested attribute 99.  Cisco
> > discovered IOS-XR boxes didn't handle it very well..
> > http://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml
> >
> > Nanog thread from last year:
> > http://mailman.nanog.org/pipermail/nanog/2010-August/024828.html
> >
> > --Heather
> >
> > -----Original Message-----
> > From: Janish, Nathan [mailto:Nathan.Janish at Level3.com]
> > Sent: Thursday, September 08, 2011 9:25 PM
> > To: Schiller, Heather A; 王华; 'nsp-security NSP'
> > Subject: RE: [nsp-sec] 答复: Saudi Telecom Contact?
> >
> > That is correct.  If you have some involvement with 212.118.142.0/24
> I
> > can put you in touch with people who have more information on the
> > matter.  Sorry, not a bgp guy so I'm unsure how the unknown attribute
> > affects traffic but I can connect you with our NOC if you can assist
> > with the fix.
> >
> > Nate
> >
> > -----Original Message-----
> > From: Schiller, Heather A [mailto:heather.schiller at verizon.com]
> > Sent: Thursday, September 08, 2011 7:11 PM
> > To: 王华; Janish, Nathan; 'nsp-security NSP'
> > Subject: RE: [nsp-sec] 答复: Saudi Telecom Contact?
> >
> >
> > Unknown attribute 128
> >
> > http://mailman.nanog.org/pipermail/nanog/2011-September/039832.html
> >
> > -----Original Message-----
> > From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> > bounces at puck.nether.net] On Behalf Of ??
> > Sent: Thursday, September 08, 2011 8:25 PM
> > To: 'Janish, Nathan'; 'nsp-security NSP'
> > Subject: [nsp-sec] 答复: Saudi Telecom Contact?
> >
> > ----------- nsp-security Confidential --------
> >
> > What's wrong with the route 212.118.142.0/24?
> >
> > -----邮件原件-----
> > 发件人: nsp-security-bounces at puck.nether.net
> > [mailto:nsp-security-bounces at puck.nether.net] 代表 Janish, Nathan
> > 发送时间: 2011年9月9日 7:38
> > 收件人: nsp-security NSP
> > 主题: [nsp-sec] Saudi Telecom Contact?
> >
> > ----------- nsp-security Confidential --------
> >
> > Anyone on list happen to have a contact at Saudi Telecom?
> >
> > Thanks,
> >
> > Nathan Janish
> > Level3 Security
> >
> >
> >
> >
> >
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> >
> > Please do not Forward, CC, or BCC this E-mail outside of the nsp-
> > security community. Confidentiality is essential for effective
> > Internet security counter-measures.
> > _______________________________________________
> >
> >
> >
> >
> >
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> >
> > Please do not Forward, CC, or BCC this E-mail outside of the nsp-
> > security community. Confidentiality is essential for effective
> > Internet security counter-measures.
> > _______________________________________________
> >
> >
> >
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> >
> > Please do not Forward, CC, or BCC this E-mail outside of the nsp-
> > security community. Confidentiality is essential for effective
> > Internet security counter-measures.
> > _______________________________________________
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-
> security community. Confidentiality is essential for effective Internet
> security counter-measures.
> _______________________________________________

More information about the nsp-security mailing list