[rbak-nsp] SEOS 6.4.1.1 and BGP problem (also 6.3.x.y series)

Jeff Tantsura jeff.nsp at gmail.com
Fri Oct 15 20:05:52 EDT 2010


Hi Marcin,

Yes, it is.
However if you look on any router in the wor

On Wed, Oct 13, 2010 at 6:48 AM, Marcin Kuczera <marcin at leon.pl> wrote:

>
> Hello,
>
> As I found, the most probable cause is aggregator = 0.0.0.0
>
> [bgp1]R1_SE100#show bgp route 82.116.64.0/19
> BGP ipv4 unicast routing table entry: 82.116.64.0/19, version 1836308
> Paths: total 2, best path count 1, best peer 193.111.38.97
> Advertised to non peer-group peers: 2
>    91.195.159.30  91.195.159.138
>
> 15744 13293 3356 2116 39197
>    Nexthop 212.106.159.142 (0), peer 212.106.159.142 (83.230.95.254), AS
> 15744
>    Origin IGP, localpref 200, med 0, weight 100, external
>    aggregator: 0.0.0.0, AS 39197
>    Community: 13000:9001
>
>
> 24724 6453 2116 39197
>    Nexthop 193.111.38.97 (0), peer 193.111.38.97 (193.111.37.1), AS 24724
>    Origin IGP, localpref 210, med 0, weight 100, external, best
>    aggregator: 0.0.0.0, AS 39197
>
> [bgp1]R1_SE100#
>
> (this update i.e. drops down all external sessions on other SEOS 6.4.1.1)
>
>
> More HEX dump below, this seems to be a very, very serious problem.
> Same problem with 6.3.x.y. series..
>
> Regards,
> Marcin
>
>
> [bgp1]R2_SE100#show bgp neighbor 212.106.159.142 malform update
> Dump logged malformed UPDATE messages for ??? (100 total entries):
> Oct 13 14:51:47 Malformed UPDATE msg (nbr 212.106.159.142, context
> 0x40080002, 97 bytes, repeated 0 times, reason: Invalid msg) -
>  ffff ffff ffff ffff ffff ffff ffff ffff 0061 0200 0000 4240 0101 0040
> 021a 0206 0000 3d80 0000 33ed 0000 0d1c 0000 0ddd 0000 0844 0000 991d 4
> 003 04d4 6a9f 8ec0 0708 0000 991d 0000 0000 c008 0c21 3c03 e833 ed04
> 6033 ed13 9215 5274 4014 57fc 40
> Oct 13 14:52:24 Malformed UPDATE msg (nbr 193.111.38.25, context
> 0x40080002, 78 bytes, repeated 1 times, reason: Invalid msg) -
>  ffff ffff ffff ffff ffff ffff ffff ffff 004e 0200 0000 2f40 0101 0040
> 0216 0205 0000 6094 0000 1935 0000 1d31 0000 1d32 0000 4445 4003 04c1 6
> f26 19c0 0708 0000 4445 0000 0000 187d 070c 187d 0705
> Oct 13 14:52:26 Malformed UPDATE msg (nbr 212.106.159.142, context
> 0x40080002, 97 bytes, repeated 0 times, reason: Invalid msg) -
>  ffff ffff ffff ffff ffff ffff ffff ffff 0061 0200 0000 4240 0101 0040
> 021a 0206 0000 3d80 0000 33ed 0000 0d1c 0000 0ddd 0000 0844 0000 991d 4
> 003 04d4 6a9f 8ec0 0708 0000 991d 0000 0000 c008 0c21 3c03 e833 ed04
> 6033 ed13 9215 5274 4014 57fc 40
> Oct 13 14:52:36 Malformed UPDATE msg (nbr 195.66.73.253, context
> 0x40080002, 89 bytes, repeated 0 times, reason: Invalid msg) -
>  ffff ffff ffff ffff ffff ffff ffff ffff 0059 0200 0000 3a40 0101 00c0
> 0708 0000 991d 0000 0000 5002 0012 0204 0000 6094 0000 1935 0000 0844 0
> 000 991d 4003 04c1 6f26 6180 0404 0000 0000 4005 0400 0000 d213 5274
> 4015 5274 40
> Oct 13 14:52:59 Malformed UPDATE msg (nbr 193.111.38.25, context
> 0x40080002, 78 bytes, repeated 0 times, reason: Invalid msg) -
>  ffff ffff ffff ffff ffff ffff ffff ffff 004e 0200 0000 2f40 0101 0040
> 0216 0205 0000 6094 0000 1935 0000 1d31 0000 1d32 0000 4445 4003 04c1 6
> f26 19c0 0708 0000 4445 0000 0000 187d 070c 187d 0705
> Oct 13 14:53:03 Malformed UPDATE msg (nbr 212.106.159.142, context
> 0x40080002, 97 bytes, repeated 0 times, reason: Invalid msg) -
>  ffff ffff ffff ffff ffff ffff ffff ffff 0061 0200 0000 4240 0101 0040
> 021a 0206 0000 3d80 0000 33ed 0000 0d1c 0000 0ddd 0000 0844 0000 991d 4
> 003 04d4 6a9f 8ec0 0708 0000 991d 0000 0000 c008 0c21 3c03 e833 ed04
> 6033 ed13 9215 5274 4014 57fc 40
> Oct 13 14:53:22 Malformed UPDATE msg (nbr 195.66.73.253, context
> 0x40080002, 89 bytes, repeated 0 times, reason: Invalid msg) -
>  ffff ffff ffff ffff ffff ffff ffff ffff 0059 0200 0000 3a40 0101 00c0
> 0708 0000 991d 0000 0000 5002 0012 0204 0000 6094 0000 1935 0000 0844 0
> 000 991d 4003 04c1 6f26 6180 0404 0000 0000 4005 0400 0000 d213 5274
> 4015 5274 40
> Oct 13 14:53:35 Malformed UPDATE msg (nbr 193.111.38.25, context
> 0x40080002, 78 bytes, repeated 0 times, reason: Invalid msg) -
>  ffff ffff ffff ffff ffff ffff ffff ffff 004e 0200 0000 2f40 0101 0040
> 0216 0205 0000 6094 0000 1935 0000 1d31 0000 1d32 0000 4445 4003 04c1 6
> f26 19c0 0708 0000 4445 0000 0000 187d 070c 187d 0705
> Oct 13 14:53:44 Malformed UPDATE msg (nbr 212.106.159.142, context
> 0x40080002, 97 bytes, repeated 0 times, reason: Invalid msg) -
>  ffff ffff ffff ffff ffff ffff ffff ffff 0061 0200 0000 4240 0101 0040
> 021a 0206 0000 3d80 0000 33ed 0000 0d1c 0000 0ddd 0000 0844 0000 991d 4
> 003 04d4 6a9f 8ec0 0708 0000 991d 0000 0000 c008 0c21 3c03 e833 ed04
> 6033 ed13 9215 5274 4014 57fc 40
> Oct 13 14:54:04 Malformed UPDATE msg (nbr 195.66.73.253, context
> 0x40080002, 89 bytes, repeated 0 times, reason: Invalid msg) -
>  ffff ffff ffff ffff ffff ffff ffff ffff 0059 0200 0000 3a40 0101 00c0
> 0708 0000 991d 0000 0000 5002 0012 0204 0000 6094 0000 1935 0000 0844 0
> 000 991d 4003 04c1 6f26 6180 0404 0000 0000 4005 0400 0000 d213 5274
> 4015 5274 40
> Oct 13 14:54:15 Malformed UPDATE msg (nbr 193.111.38.25, context
> 0x40080002, 78 bytes, repeated 0 times, reason: Invalid msg) -
>  ffff ffff ffff ffff ffff ffff ffff ffff 004e 0200 0000 2f40 0101 0040
> 0216 0205 0000 6094 0000 1935 0000 1d31 0000 1d32 0000 4445 4003 04c1 6
> f26 19c0 0708 0000 4445 0000 0000 187d 070c 187d 0705
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> David Freedman wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> The only other problem I can potentially see are in the communities:
>>
>>
>>  c0 080c 0000 3b41 0000 51cc 220a 220a
>>>
>>
>> 0000 3b41 = 0:15169
>> 0000 51cc = 0:20940
>> 220a 220a = 8714:8714
>>
>> RFC1997 reserves communities 0x0000000 -> 0x0000FFFF , perhaps this is
>> being checked and rejected?
>>
>> Dave.
>>
>>
>> Marcin Kuczera wrote:
>>
>>> David Freedman wrote:
>>> Well, I notice from this output the following:
>>>
>>>  c0 0708 0000 611f 0000 0000
>>>>>>
>>>>> c0 - optional transitive attribute follows
>>> 07 - AGGREGATOR
>>> 08 - of 8 bytes
>>> 0000611f - from AS 24863
>>> 00000000 - aggregated by 0.0.0.0
>>>
>>> According to RFC4271, sec 5.1.7:
>>>
>>>   AGGREGATOR is an optional transitive attribute, which MAY be included
>>>   in updates that are formed by aggregation (see Section 9.2.2.2).  A
>>>   BGP speaker that performs route aggregation MAY add the AGGREGATOR
>>>   attribute, which SHALL contain its own AS number and IP address.  The
>>>   IP address SHOULD be the same as the BGP Identifier of the speaker.
>>>
>>> It is possible that SEOS considers 0.0.0.0 to be an invalid BGP
>>> identifier and therefore an impossible aggregator
>>>
>>> For reference, this update covers the following prefixes:
>>>
>>> 41.178.0.0/24
>>> 41.196.4.0/22
>>> 41.196.8.0/22
>>> 41.196.12.0/22
>>> 41.196.16.0/22
>>> 41.196.24.0/22
>>> 41.196.36.0/23
>>>
>>>
>>> with AS_PATH 24724 15412 24863
>>>
>>> Since none of my SEOS boxes carry a full table can another SEOS operator
>>> with a full table confirm if they have these prefixes (and if so, what
>>> it shows as aggregator)
>>>
>>> I can tell you in Cisco IOS, I accept these prefixes.
>>>
>>>
>>>  Printouts below, it seems that all aggregators here are 0.0.0.0
>>>> 6.4.1.1 has probably some accidental bug or some unfinished function is
>>>> implemented here..
>>>> Regards,
>>>> Marcin
>>>>
>>>
>>>
>>>  [bgp1]RedBack_SE100#show bgp route 41.178.0.0/24
>>>> BGP ipv4 unicast routing table entry: 41.178.0.0/24, version 4979776
>>>> Paths: total 2, best path count 1, best peer 193.111.38.97
>>>> Advertised to non peer-group peers: 2
>>>>  91.195.159.30  91.195.159.138
>>>> 15744 13293 3356 15412 24863
>>>>  Nexthop 212.106.159.142 (0), peer 212.106.159.142 (83.230.95.254), AS
>>>> 15744
>>>>  Origin IGP, localpref 200, med 0, weight 100, external
>>>>  aggregator: 0.0.0.0, AS 24863
>>>>  Community: 13000:9001
>>>>
>>>
>>>  24724 15412 24863
>>>>  Nexthop 193.111.38.97 (0), peer 193.111.38.97 (193.111.37.1), AS 24724
>>>>  Origin incomplete, localpref 200, med 0, weight 100, external, best
>>>>  aggregator: 0.0.0.0, AS 24863
>>>>  Community: 0:15169 0:20940 8714:8714
>>>> [bgp1]RedBack_SE100#
>>>> [bgp1]RedBack_SE100#show bgp route 41.196.4.0/22
>>>> BGP ipv4 unicast routing table entry: 41.196.4.0/22, version 4979779
>>>> Paths: total 2, best path count 1, best peer 193.111.38.97
>>>> Advertised to non peer-group peers: 2
>>>>  91.195.159.30  91.195.159.138
>>>> 15744 13293 3356 15412 24863
>>>>  Nexthop 212.106.159.142 (0), peer 212.106.159.142 (83.230.95.254), AS
>>>> 15744
>>>>  Origin IGP, localpref 200, med 0, weight 100, external
>>>>  aggregator: 0.0.0.0, AS 24863
>>>>  Community: 13000:9001
>>>>
>>>
>>>  24724 15412 24863
>>>>  Nexthop 193.111.38.97 (0), peer 193.111.38.97 (193.111.37.1), AS 24724
>>>>  Origin incomplete, localpref 200, med 0, weight 100, external, best
>>>>  aggregator: 0.0.0.0, AS 24863
>>>>  Community: 0:15169 0:20940 8714:8714
>>>> [bgp1]RedBack_SE100#
>>>> [bgp1]RedBack_SE100#show bgp route 41.196.8.0/22
>>>> BGP ipv4 unicast routing table entry: 41.196.8.0/22, version 4979773
>>>> Paths: total 2, best path count 1, best peer 193.111.38.97
>>>> Advertised to non peer-group peers: 2
>>>>  91.195.159.30  91.195.159.138
>>>> 15744 13293 3356 15412 24863
>>>>  Nexthop 212.106.159.142 (0), peer 212.106.159.142 (83.230.95.254), AS
>>>> 15744
>>>>  Origin IGP, localpref 200, med 0, weight 100, external
>>>>  aggregator: 0.0.0.0, AS 24863
>>>>  Community: 13000:9001
>>>>
>>>
>>>  24724 15412 24863
>>>>  Nexthop 193.111.38.97 (0), peer 193.111.38.97 (193.111.37.1), AS 24724
>>>>  Origin incomplete, localpref 200, med 0, weight 100, external, best
>>>>  aggregator: 0.0.0.0, AS 24863
>>>>  Community: 0:15169 0:20940 8714:8714
>>>> [bgp1]RedBack_SE100#
>>>> [bgp1]RedBack_SE100#show bgp route 41.196.12.0/22
>>>> BGP ipv4 unicast routing table entry: 41.196.12.0/22, version 4979775
>>>> Paths: total 2, best path count 1, best peer 193.111.38.97
>>>> Advertised to non peer-group peers: 2
>>>>  91.195.159.30  91.195.159.138
>>>> 15744 13293 3356 15412 24863
>>>>  Nexthop 212.106.159.142 (0), peer 212.106.159.142 (83.230.95.254), AS
>>>> 15744
>>>>  Origin IGP, localpref 200, med 0, weight 100, external
>>>>  aggregator: 0.0.0.0, AS 24863
>>>>  Community: 13000:9001
>>>>
>>>
>>>  24724 15412 24863
>>>>  Nexthop 193.111.38.97 (0), peer 193.111.38.97 (193.111.37.1), AS 24724
>>>>  Origin incomplete, localpref 200, med 0, weight 100, external, best
>>>>  aggregator: 0.0.0.0, AS 24863
>>>>  Community: 0:15169 0:20940 8714:8714
>>>> [bgp1]RedBack_SE100#
>>>> [bgp1]RedBack_SE100#show bgp route 41.196.16.0/22
>>>> BGP ipv4 unicast routing table entry: 41.196.16.0/22, version 4979767
>>>> Paths: total 2, best path count 1, best peer 193.111.38.97
>>>> Advertised to non peer-group peers: 2
>>>>  91.195.159.30  91.195.159.138
>>>> 15744 13293 3356 15412 24863
>>>>  Nexthop 212.106.159.142 (0), peer 212.106.159.142 (83.230.95.254), AS
>>>> 15744
>>>>  Origin IGP, localpref 200, med 0, weight 100, external
>>>>  aggregator: 0.0.0.0, AS 24863
>>>>  Community: 13000:9001
>>>>
>>>
>>>  24724 15412 24863
>>>>  Nexthop 193.111.38.97 (0), peer 193.111.38.97 (193.111.37.1), AS 24724
>>>>  Origin incomplete, localpref 200, med 0, weight 100, external, best
>>>>  aggregator: 0.0.0.0, AS 24863
>>>>  Community: 0:15169 0:20940 8714:8714
>>>> [bgp1]RedBack_SE100#
>>>> [bgp1]RedBack_SE100#show bgp route 41.196.24.0/22
>>>> BGP ipv4 unicast routing table entry: 41.196.24.0/22, version 4979769
>>>> Paths: total 2, best path count 1, best peer 193.111.38.97
>>>> Advertised to non peer-group peers: 2
>>>>  91.195.159.30  91.195.159.138
>>>> 15744 13293 3356 15412 24863
>>>>  Nexthop 212.106.159.142 (0), peer 212.106.159.142 (83.230.95.254), AS
>>>> 15744
>>>>  Origin IGP, localpref 200, med 0, weight 100, external
>>>>  aggregator: 0.0.0.0, AS 24863
>>>>  Community: 13000:9001
>>>>
>>>
>>>  24724 15412 24863
>>>>  Nexthop 193.111.38.97 (0), peer 193.111.38.97 (193.111.37.1), AS 24724
>>>>  Origin incomplete, localpref 200, med 0, weight 100, external, best
>>>>  aggregator: 0.0.0.0, AS 24863
>>>>  Community: 0:15169 0:20940 8714:8714
>>>> [bgp1]RedBack_SE100#
>>>> [bgp1]RedBack_SE100#show bgp route 41.196.36.0/23
>>>> BGP ipv4 unicast routing table entry: 41.196.36.0/23, version 4979766
>>>> Paths: total 2, best path count 1, best peer 193.111.38.97
>>>> Advertised to non peer-group peers: 2
>>>>  91.195.159.30  91.195.159.138
>>>> 15744 13293 3356 15412 24863
>>>>  Nexthop 212.106.159.142 (0), peer 212.106.159.142 (83.230.95.254), AS
>>>> 15744
>>>>  Origin IGP, localpref 200, med 0, weight 100, external
>>>>  aggregator: 0.0.0.0, AS 24863
>>>>  Community: 13000:9001
>>>>
>>>
>>>  24724 15412 24863
>>>>  Nexthop 193.111.38.97 (0), peer 193.111.38.97 (193.111.37.1), AS 24724
>>>>  Origin incomplete, localpref 200, med 0, weight 100, external, best
>>>>  aggregator: 0.0.0.0, AS 24863
>>>>  Community: 0:15169 0:20940 8714:8714
>>>> [bgp1]RedBack_SE100#
>>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Dave
>>>
>>>
>>> Blake Willis wrote:
>>>
>>>>  On Sep 27, 2010, at 2:12 PM, Marcin Kuczera wrote:
>>>>>>
>>>>>>  [bgp1]se100-test#show bgp neighbor 195.66.73.253 malform update
>>>>>>> Dump logged malformed UPDATE messages for ??? (1 total entries):
>>>>>>> Sep 27 14:09:48 Malformed UPDATE msg (nbr 195.66.73.253, context
>>>>>>> 0x40080002, 120 bytes, repeated 4221 times, reason: Invalid msg) -
>>>>>>> ffff ffff ffff ffff ffff ffff ffff ffff 0078 0200 0000 4540 0101 02c0
>>>>>>> 0708 0000 611f 0000 0000 5002 000e 0203 0000 6094 0000 3c34 0000 611f
>>>>>>> 4
>>>>>>> 003 04c1 6f26 6180 0404 0000 0000 4005 0400 0000 c8c0 080c 0000 3b41
>>>>>>> 0000 51cc 220a 220a 1829 b200 1629 c404 1629 c408 1629 c40c 1629
>>>>>>> c410 162
>>>>>>> 9 c418 1729 c424
>>>>>>>
>>>>>> Ouch.  I think it's time to open a case with the TAC.  Looks like we
>>>>>> won't be testing 6.4 any time soon then...
>>>>>>
>>>>>>  Is there any possibility to ignore malformed updates instead of
>>>>>>> dropping down whole session ?
>>>>>>>
>>>>>> I don't think I've seen a knob like that from any vendor so far...
>>>>>>
>>>>>>  -Blake
>>>>>> _______________________________________________
>>>>>> redback-nsp mailing list
>>>>>> redback-nsp at puck.nether.net
>>>>>> https://puck.nether.net/mailman/listinfo/redback-nsp
>>>>>>
>>>>>>  7
>>>
>>>
>> - --
>>
>> David Freedman
>> Group Network Engineering
>>
>> david.freedman at uk.clara.net
>> Tel +44 (0) 20 7685 8000
>>
>> Claranet Group
>> 21 Southampton Row
>> London - WC1B 5HA - UK
>> http://www.claranet.com
>>
>> Company Registration: 3152737 - Place of registration: England
>>
>> All the information contained within this electronic message from
>> Claranet Ltd is covered by the disclaimer at
>> http://www.claranet.co.uk/disclaimer
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAkygxwgACgkQtFWeqpgEZrIAVQCgwCSQ6M/hXPMYQ/Z9CaPXOR2t
>> VMUAoM1PwML/PIHCsle0T7C9pV6oJec+
>> =Dnrb
>> -----END PGP SIGNATURE-----
>>
>>
>
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20101015/088b744b/attachment-0001.html>


More information about the redback-nsp mailing list