[rbak-nsp] BGP errors - upstream says related to 4byte AS?

Olivier Benghozi olivier.benghozi at wifirst.fr
Sat Mar 24 20:01:43 EDT 2018

Hi Brandon,

This mess in 2011 was due to an empty AGGREGATOR attribute, interpreted as ASN 0, and ridiculously overzealous SEOS behaviour (the RFC was dumb and it was strictly implemented).
https://mailman.nanog.org/pipermail/nanog/2011-December/042524.html <https://mailman.nanog.org/pipermail/nanog/2011-December/042524.html>

It was fixed in SEOS 11.x. Last ones were 12.x.
If you run some older XCRP3, you're in trouble.

About your notification message, its decoding gives:

0020 (length)
03 (message type: notification)
03 (error code: update message error)
04 (error subcode: Attribute Flags Error)
Attribute not recognised:
e0 (attribute flags: optional, transitive, partial [that is, not understood by a previous router on the path])
07 (attribute type code: AGGREGATOR)
08 (attribute length: 8, as expected for an AGGREGATOR with 32 bits ASN)
00 03 02 ed (aggregator AS: 197357, or AS "3:749" for SEOS)
Missing: the aggregator IP.

A matching prefix in the DFZ is, Aggregator [197357]. But there's nothing wrong with it.
From NTT the AS Path is: 2914 3223 197357 I

There's no AS4_AGGREGATOR here, as it looks like your sessions is AS4 enabled (you can check the capabilities negotiated with sh bgp neighbor: CapSent / CapRcvd both containing 4byteAS, on SEOS). AS4_AGGREGATOR is used with non-AS4 routers.

Anyway, your option will probably be, as usual: update SEOS...

Olivier Benghozi

> Le 24 mars 2018 à 21:27, Brandon Leeberg <brandonl at localtel.net> a écrit :
> send NOTIFICATION: 3/4 (update: attribute flags error) with 11 byte data. mxReadMs=5897
> notification msg sent (nbr, context 0x40080002 32 bytes, repeated 167 times, code 3/4 (update: attribute flags error) -
>  0000 0000 ffff ffff ffff ffff ffff ffff ffff ffff 0020 0303 04e0 0708 0003 02ed
> We have TONS of these, but only on the session with the one provider (NTT). NTT claims that it is due to 4-byte AS being enabled (I can’t find how to disable it). Our side hasn’t changed, but they did an update. They claim that out of hundreds of neighbors, we are the only ones having a problem. 
> This was their response: “What looks like is happening is that when the attribute AS4_AGGREGATOR has a 4byte ASN it is not being properly handled by your device.
> While talking with our dev group about the pcap data and tracking down which update is the culprit one of our devs pointed out this thread which looks to match up:
> https://mailman.nanog.org/pipermail/nanog/2011-December/042519.html <https://mailman.nanog.org/pipermail/nanog/2011-December/042519.html> “
> both we the upstream provider have 2byte ASNs. 
> Any help would be greatly appreciated. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20180325/4cb5c25e/attachment.html>

More information about the redback-nsp mailing list