[rbak-nsp] SEOS 6.4.1.1 and BGP problem (also 6.3.x.y series)

Marcin Kuczera marcin at leon.pl
Wed Oct 13 09:48:43 EDT 2010


Hello,

As I found, the most probable cause is aggregator = 0.0.0.0

[bgp1]R1_SE100#show bgp route 82.116.64.0/19
BGP ipv4 unicast routing table entry: 82.116.64.0/19, version 1836308
Paths: total 2, best path count 1, best peer 193.111.38.97
Advertised to non peer-group peers: 2
     91.195.159.30  91.195.159.138

15744 13293 3356 2116 39197
     Nexthop 212.106.159.142 (0), peer 212.106.159.142 (83.230.95.254), AS
15744
     Origin IGP, localpref 200, med 0, weight 100, external
     aggregator: 0.0.0.0, AS 39197
     Community: 13000:9001


24724 6453 2116 39197
     Nexthop 193.111.38.97 (0), peer 193.111.38.97 (193.111.37.1), AS 24724
     Origin IGP, localpref 210, med 0, weight 100, external, best
     aggregator: 0.0.0.0, AS 39197

[bgp1]R1_SE100#

(this update i.e. drops down all external sessions on other SEOS 6.4.1.1)


More HEX dump below, this seems to be a very, very serious problem.
Same problem with 6.3.x.y. series..

Regards,
Marcin


[bgp1]R2_SE100#show bgp neighbor 212.106.159.142 malform update
Dump logged malformed UPDATE messages for ??? (100 total entries):
Oct 13 14:51:47 Malformed UPDATE msg (nbr 212.106.159.142, context
0x40080002, 97 bytes, repeated 0 times, reason: Invalid msg) -
   ffff ffff ffff ffff ffff ffff ffff ffff 0061 0200 0000 4240 0101 0040
021a 0206 0000 3d80 0000 33ed 0000 0d1c 0000 0ddd 0000 0844 0000 991d 4
003 04d4 6a9f 8ec0 0708 0000 991d 0000 0000 c008 0c21 3c03 e833 ed04
6033 ed13 9215 5274 4014 57fc 40
Oct 13 14:52:24 Malformed UPDATE msg (nbr 193.111.38.25, context
0x40080002, 78 bytes, repeated 1 times, reason: Invalid msg) -
   ffff ffff ffff ffff ffff ffff ffff ffff 004e 0200 0000 2f40 0101 0040
0216 0205 0000 6094 0000 1935 0000 1d31 0000 1d32 0000 4445 4003 04c1 6
f26 19c0 0708 0000 4445 0000 0000 187d 070c 187d 0705
Oct 13 14:52:26 Malformed UPDATE msg (nbr 212.106.159.142, context
0x40080002, 97 bytes, repeated 0 times, reason: Invalid msg) -
   ffff ffff ffff ffff ffff ffff ffff ffff 0061 0200 0000 4240 0101 0040
021a 0206 0000 3d80 0000 33ed 0000 0d1c 0000 0ddd 0000 0844 0000 991d 4
003 04d4 6a9f 8ec0 0708 0000 991d 0000 0000 c008 0c21 3c03 e833 ed04
6033 ed13 9215 5274 4014 57fc 40
Oct 13 14:52:36 Malformed UPDATE msg (nbr 195.66.73.253, context
0x40080002, 89 bytes, repeated 0 times, reason: Invalid msg) -
   ffff ffff ffff ffff ffff ffff ffff ffff 0059 0200 0000 3a40 0101 00c0
0708 0000 991d 0000 0000 5002 0012 0204 0000 6094 0000 1935 0000 0844 0
000 991d 4003 04c1 6f26 6180 0404 0000 0000 4005 0400 0000 d213 5274
4015 5274 40
Oct 13 14:52:59 Malformed UPDATE msg (nbr 193.111.38.25, context
0x40080002, 78 bytes, repeated 0 times, reason: Invalid msg) -
   ffff ffff ffff ffff ffff ffff ffff ffff 004e 0200 0000 2f40 0101 0040
0216 0205 0000 6094 0000 1935 0000 1d31 0000 1d32 0000 4445 4003 04c1 6
f26 19c0 0708 0000 4445 0000 0000 187d 070c 187d 0705
Oct 13 14:53:03 Malformed UPDATE msg (nbr 212.106.159.142, context
0x40080002, 97 bytes, repeated 0 times, reason: Invalid msg) -
   ffff ffff ffff ffff ffff ffff ffff ffff 0061 0200 0000 4240 0101 0040
021a 0206 0000 3d80 0000 33ed 0000 0d1c 0000 0ddd 0000 0844 0000 991d 4
003 04d4 6a9f 8ec0 0708 0000 991d 0000 0000 c008 0c21 3c03 e833 ed04
6033 ed13 9215 5274 4014 57fc 40
Oct 13 14:53:22 Malformed UPDATE msg (nbr 195.66.73.253, context
0x40080002, 89 bytes, repeated 0 times, reason: Invalid msg) -
   ffff ffff ffff ffff ffff ffff ffff ffff 0059 0200 0000 3a40 0101 00c0
0708 0000 991d 0000 0000 5002 0012 0204 0000 6094 0000 1935 0000 0844 0
000 991d 4003 04c1 6f26 6180 0404 0000 0000 4005 0400 0000 d213 5274
4015 5274 40
Oct 13 14:53:35 Malformed UPDATE msg (nbr 193.111.38.25, context
0x40080002, 78 bytes, repeated 0 times, reason: Invalid msg) -
   ffff ffff ffff ffff ffff ffff ffff ffff 004e 0200 0000 2f40 0101 0040
0216 0205 0000 6094 0000 1935 0000 1d31 0000 1d32 0000 4445 4003 04c1 6
f26 19c0 0708 0000 4445 0000 0000 187d 070c 187d 0705
Oct 13 14:53:44 Malformed UPDATE msg (nbr 212.106.159.142, context
0x40080002, 97 bytes, repeated 0 times, reason: Invalid msg) -
   ffff ffff ffff ffff ffff ffff ffff ffff 0061 0200 0000 4240 0101 0040
021a 0206 0000 3d80 0000 33ed 0000 0d1c 0000 0ddd 0000 0844 0000 991d 4
003 04d4 6a9f 8ec0 0708 0000 991d 0000 0000 c008 0c21 3c03 e833 ed04
6033 ed13 9215 5274 4014 57fc 40
Oct 13 14:54:04 Malformed UPDATE msg (nbr 195.66.73.253, context
0x40080002, 89 bytes, repeated 0 times, reason: Invalid msg) -
   ffff ffff ffff ffff ffff ffff ffff ffff 0059 0200 0000 3a40 0101 00c0
0708 0000 991d 0000 0000 5002 0012 0204 0000 6094 0000 1935 0000 0844 0
000 991d 4003 04c1 6f26 6180 0404 0000 0000 4005 0400 0000 d213 5274
4015 5274 40
Oct 13 14:54:15 Malformed UPDATE msg (nbr 193.111.38.25, context
0x40080002, 78 bytes, repeated 0 times, reason: Invalid msg) -
   ffff ffff ffff ffff ffff ffff ffff ffff 004e 0200 0000 2f40 0101 0040
0216 0205 0000 6094 0000 1935 0000 1d31 0000 1d32 0000 4445 4003 04c1 6
f26 19c0 0708 0000 4445 0000 0000 187d 070c 187d 0705















David Freedman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> The only other problem I can potentially see are in the communities:
> 
> 
>> c0 080c 0000 3b41 0000 51cc 220a 220a
> 
> 0000 3b41 = 0:15169
> 0000 51cc = 0:20940
> 220a 220a = 8714:8714
> 
> RFC1997 reserves communities 0x0000000 -> 0x0000FFFF , perhaps this is
> being checked and rejected?
> 
> Dave.
> 
> 
> Marcin Kuczera wrote:
>> David Freedman wrote:
>> Well, I notice from this output the following:
>>
>>>>> c0 0708 0000 611f 0000 0000
>> c0 - optional transitive attribute follows
>> 07 - AGGREGATOR
>> 08 - of 8 bytes
>> 0000611f - from AS 24863
>> 00000000 - aggregated by 0.0.0.0
>>
>> According to RFC4271, sec 5.1.7:
>>
>>    AGGREGATOR is an optional transitive attribute, which MAY be included
>>    in updates that are formed by aggregation (see Section 9.2.2.2).  A
>>    BGP speaker that performs route aggregation MAY add the AGGREGATOR
>>    attribute, which SHALL contain its own AS number and IP address.  The
>>    IP address SHOULD be the same as the BGP Identifier of the speaker.
>>
>> It is possible that SEOS considers 0.0.0.0 to be an invalid BGP
>> identifier and therefore an impossible aggregator
>>
>> For reference, this update covers the following prefixes:
>>
>> 41.178.0.0/24
>> 41.196.4.0/22
>> 41.196.8.0/22
>> 41.196.12.0/22
>> 41.196.16.0/22
>> 41.196.24.0/22
>> 41.196.36.0/23
>>
>>
>> with AS_PATH 24724 15412 24863
>>
>> Since none of my SEOS boxes carry a full table can another SEOS operator
>> with a full table confirm if they have these prefixes (and if so, what
>> it shows as aggregator)
>>
>> I can tell you in Cisco IOS, I accept these prefixes.
>>
>>
>>> Printouts below, it seems that all aggregators here are 0.0.0.0
>>> 6.4.1.1 has probably some accidental bug or some unfinished function is
>>> implemented here..
>>> Regards,
>>> Marcin
>>
>>
>>> [bgp1]RedBack_SE100#show bgp route 41.178.0.0/24
>>> BGP ipv4 unicast routing table entry: 41.178.0.0/24, version 4979776
>>> Paths: total 2, best path count 1, best peer 193.111.38.97
>>> Advertised to non peer-group peers: 2
>>>   91.195.159.30  91.195.159.138
>>> 15744 13293 3356 15412 24863
>>>   Nexthop 212.106.159.142 (0), peer 212.106.159.142 (83.230.95.254), AS
>>> 15744
>>>   Origin IGP, localpref 200, med 0, weight 100, external
>>>   aggregator: 0.0.0.0, AS 24863
>>>   Community: 13000:9001
>>
>>> 24724 15412 24863
>>>   Nexthop 193.111.38.97 (0), peer 193.111.38.97 (193.111.37.1), AS 24724
>>>   Origin incomplete, localpref 200, med 0, weight 100, external, best
>>>   aggregator: 0.0.0.0, AS 24863
>>>   Community: 0:15169 0:20940 8714:8714
>>> [bgp1]RedBack_SE100#
>>> [bgp1]RedBack_SE100#show bgp route 41.196.4.0/22
>>> BGP ipv4 unicast routing table entry: 41.196.4.0/22, version 4979779
>>> Paths: total 2, best path count 1, best peer 193.111.38.97
>>> Advertised to non peer-group peers: 2
>>>   91.195.159.30  91.195.159.138
>>> 15744 13293 3356 15412 24863
>>>   Nexthop 212.106.159.142 (0), peer 212.106.159.142 (83.230.95.254), AS
>>> 15744
>>>   Origin IGP, localpref 200, med 0, weight 100, external
>>>   aggregator: 0.0.0.0, AS 24863
>>>   Community: 13000:9001
>>
>>> 24724 15412 24863
>>>   Nexthop 193.111.38.97 (0), peer 193.111.38.97 (193.111.37.1), AS 24724
>>>   Origin incomplete, localpref 200, med 0, weight 100, external, best
>>>   aggregator: 0.0.0.0, AS 24863
>>>   Community: 0:15169 0:20940 8714:8714
>>> [bgp1]RedBack_SE100#
>>> [bgp1]RedBack_SE100#show bgp route 41.196.8.0/22
>>> BGP ipv4 unicast routing table entry: 41.196.8.0/22, version 4979773
>>> Paths: total 2, best path count 1, best peer 193.111.38.97
>>> Advertised to non peer-group peers: 2
>>>   91.195.159.30  91.195.159.138
>>> 15744 13293 3356 15412 24863
>>>   Nexthop 212.106.159.142 (0), peer 212.106.159.142 (83.230.95.254), AS
>>> 15744
>>>   Origin IGP, localpref 200, med 0, weight 100, external
>>>   aggregator: 0.0.0.0, AS 24863
>>>   Community: 13000:9001
>>
>>> 24724 15412 24863
>>>   Nexthop 193.111.38.97 (0), peer 193.111.38.97 (193.111.37.1), AS 24724
>>>   Origin incomplete, localpref 200, med 0, weight 100, external, best
>>>   aggregator: 0.0.0.0, AS 24863
>>>   Community: 0:15169 0:20940 8714:8714
>>> [bgp1]RedBack_SE100#
>>> [bgp1]RedBack_SE100#show bgp route 41.196.12.0/22
>>> BGP ipv4 unicast routing table entry: 41.196.12.0/22, version 4979775
>>> Paths: total 2, best path count 1, best peer 193.111.38.97
>>> Advertised to non peer-group peers: 2
>>>   91.195.159.30  91.195.159.138
>>> 15744 13293 3356 15412 24863
>>>   Nexthop 212.106.159.142 (0), peer 212.106.159.142 (83.230.95.254), AS
>>> 15744
>>>   Origin IGP, localpref 200, med 0, weight 100, external
>>>   aggregator: 0.0.0.0, AS 24863
>>>   Community: 13000:9001
>>
>>> 24724 15412 24863
>>>   Nexthop 193.111.38.97 (0), peer 193.111.38.97 (193.111.37.1), AS 24724
>>>   Origin incomplete, localpref 200, med 0, weight 100, external, best
>>>   aggregator: 0.0.0.0, AS 24863
>>>   Community: 0:15169 0:20940 8714:8714
>>> [bgp1]RedBack_SE100#
>>> [bgp1]RedBack_SE100#show bgp route 41.196.16.0/22
>>> BGP ipv4 unicast routing table entry: 41.196.16.0/22, version 4979767
>>> Paths: total 2, best path count 1, best peer 193.111.38.97
>>> Advertised to non peer-group peers: 2
>>>   91.195.159.30  91.195.159.138
>>> 15744 13293 3356 15412 24863
>>>   Nexthop 212.106.159.142 (0), peer 212.106.159.142 (83.230.95.254), AS
>>> 15744
>>>   Origin IGP, localpref 200, med 0, weight 100, external
>>>   aggregator: 0.0.0.0, AS 24863
>>>   Community: 13000:9001
>>
>>> 24724 15412 24863
>>>   Nexthop 193.111.38.97 (0), peer 193.111.38.97 (193.111.37.1), AS 24724
>>>   Origin incomplete, localpref 200, med 0, weight 100, external, best
>>>   aggregator: 0.0.0.0, AS 24863
>>>   Community: 0:15169 0:20940 8714:8714
>>> [bgp1]RedBack_SE100#
>>> [bgp1]RedBack_SE100#show bgp route 41.196.24.0/22
>>> BGP ipv4 unicast routing table entry: 41.196.24.0/22, version 4979769
>>> Paths: total 2, best path count 1, best peer 193.111.38.97
>>> Advertised to non peer-group peers: 2
>>>   91.195.159.30  91.195.159.138
>>> 15744 13293 3356 15412 24863
>>>   Nexthop 212.106.159.142 (0), peer 212.106.159.142 (83.230.95.254), AS
>>> 15744
>>>   Origin IGP, localpref 200, med 0, weight 100, external
>>>   aggregator: 0.0.0.0, AS 24863
>>>   Community: 13000:9001
>>
>>> 24724 15412 24863
>>>   Nexthop 193.111.38.97 (0), peer 193.111.38.97 (193.111.37.1), AS 24724
>>>   Origin incomplete, localpref 200, med 0, weight 100, external, best
>>>   aggregator: 0.0.0.0, AS 24863
>>>   Community: 0:15169 0:20940 8714:8714
>>> [bgp1]RedBack_SE100#
>>> [bgp1]RedBack_SE100#show bgp route 41.196.36.0/23
>>> BGP ipv4 unicast routing table entry: 41.196.36.0/23, version 4979766
>>> Paths: total 2, best path count 1, best peer 193.111.38.97
>>> Advertised to non peer-group peers: 2
>>>   91.195.159.30  91.195.159.138
>>> 15744 13293 3356 15412 24863
>>>   Nexthop 212.106.159.142 (0), peer 212.106.159.142 (83.230.95.254), AS
>>> 15744
>>>   Origin IGP, localpref 200, med 0, weight 100, external
>>>   aggregator: 0.0.0.0, AS 24863
>>>   Community: 13000:9001
>>
>>> 24724 15412 24863
>>>   Nexthop 193.111.38.97 (0), peer 193.111.38.97 (193.111.37.1), AS 24724
>>>   Origin incomplete, localpref 200, med 0, weight 100, external, best
>>>   aggregator: 0.0.0.0, AS 24863
>>>   Community: 0:15169 0:20940 8714:8714
>>> [bgp1]RedBack_SE100#
>>
>>
>>
>>
>>
>>
>>
>> Dave
>>
>>
>> Blake Willis wrote:
>>>>> On Sep 27, 2010, at 2:12 PM, Marcin Kuczera wrote:
>>>>>
>>>>>> [bgp1]se100-test#show bgp neighbor 195.66.73.253 malform update
>>>>>> Dump logged malformed UPDATE messages for ??? (1 total entries):
>>>>>> Sep 27 14:09:48 Malformed UPDATE msg (nbr 195.66.73.253, context
>>>>>> 0x40080002, 120 bytes, repeated 4221 times, reason: Invalid msg) -
>>>>>> ffff ffff ffff ffff ffff ffff ffff ffff 0078 0200 0000 4540 0101 02c0
>>>>>> 0708 0000 611f 0000 0000 5002 000e 0203 0000 6094 0000 3c34 0000 611f 4
>>>>>> 003 04c1 6f26 6180 0404 0000 0000 4005 0400 0000 c8c0 080c 0000 3b41
>>>>>> 0000 51cc 220a 220a 1829 b200 1629 c404 1629 c408 1629 c40c 1629
>>>>>> c410 162
>>>>>> 9 c418 1729 c424
>>>>> Ouch.  I think it's time to open a case with the TAC.  Looks like we
>>>>> won't be testing 6.4 any time soon then...
>>>>>
>>>>>> Is there any possibility to ignore malformed updates instead of
>>>>>> dropping down whole session ?
>>>>> I don't think I've seen a knob like that from any vendor so far...
>>>>>
>>>>>  -Blake
>>>>> _______________________________________________
>>>>> redback-nsp mailing list
>>>>> redback-nsp at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/redback-nsp
>>>>>
>> 7
>>
> 
> - --
> 
> David Freedman
> Group Network Engineering
> 
> david.freedman at uk.clara.net
> Tel +44 (0) 20 7685 8000
> 
> Claranet Group
> 21 Southampton Row
> London - WC1B 5HA - UK
> http://www.claranet.com
> 
> Company Registration: 3152737 - Place of registration: England
> 
> All the information contained within this electronic message from
> Claranet Ltd is covered by the disclaimer at
> http://www.claranet.co.uk/disclaimer
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iEYEARECAAYFAkygxwgACgkQtFWeqpgEZrIAVQCgwCSQ6M/hXPMYQ/Z9CaPXOR2t
> VMUAoM1PwML/PIHCsle0T7C9pV6oJec+
> =Dnrb
> -----END PGP SIGNATURE-----
> 





More information about the redback-nsp mailing list