[rbak-nsp] SeOS 12.1.1.12p13 issue
Marcin Kuczera
marcin at leon.pl
Fri May 11 04:37:12 EDT 2018
On 2018-05-01 01:42, Olivier Benghozi wrote:
> Hi Roman,
>
> Brandon Leeberg in this ML also recently posted about the same issue
> (with the same prefix by the way), running SEOS-12.1.1.9
> and 12.1.1.12p13. Nothing seems bad with this route.
>
> In fact, I found back a pcap capture (from december 2017) of a BGP
> session from one of my Juniper MX gears toward a BGP/Netflow
> collector, where I can see this route.
> And I can see after all that there's a difference between your version
> and what was transmitted by this MX
> For the AGGREGATOR attribute, the "partial" bit is at 0 in my capture
> (meaning tat the attribute is "complete", that is everything is OK),
> whereas in your case it is set at 1 (so the attribute begins with c0
> instead of e0).
>
> In Brandon's case the "partial" bit was also at 1.
> So I suppose that this is what the SE code doesn't like.
>
> There's no serious reason for this flag to be set to 1 for this prefix
> (or it means that a BGP router transmitted this announcement without
> understanding what AGGREGATOR attribute was, which is ridiculous).
> That's probably a problem on the originator's side.
> But there's no reason for SEOS to consider this attribute as bad (and
> no reason to close the session since RFC7606, but SEOS is now a dead end).
This is also what comes from our analyse.
It looks like an implementation bug.
The biggest issue that SEOS is in "end of maintenance state". However,
they still release some newer patches (12.1.1.12p14)..
I have sent this info to a person who worked as routing chief in
Ericsson some time ago, maybe he has some actual contact... but no
response for now...
We are also facing lot of EPPA3 crashes and have no idea what to turn off...
Regards,
Marcin
>
> However I guess that on Brandon case, the sessions was staying alive
> (juste error messages in the logs)...
>
> Seems like a bug to me, I guess that only an Ericsson TAC engineer
> could help fix this SEOS BGP piece of code.
>
>
> Olivier
>
>> On 30 apr. 2018 at 23:54, Соловьёв Роман Анатольевич
>> <romanse at serdi.ru <mailto:romanse at serdi.ru>> wrote :
>>
>>
>> Hi. Some issue is detected with SeOS version
>> SEOS-12.1.1.12p13-Release
>> The issue is about BGP protocol handling.
>> The problem is, that SeOS close a BGP session on receiving
>> mailformed UPDATE message from a peer. The peer is Juniper.
>>
>> On the peer side:
>>
>> bgp_read_v4_message:11175: NOTIFICATION received from
>> 5.143.236.222 (External AS 48711): code 3 (Update Message Error)
>> subcode 4 (attribute flags error), Data: e0 07 08 00 03 02 Apr
>> 30 09:52:06 2018
>>
>>
>> *On SeOS side:*
>>
>> bgp neighbor 5.143.236.221
>> BGP neighbor: 5.143.236.221, remote AS: 12389, external link
>> Version: 4, router identifier: 178.34.128.3
>> State: Idle for 00:00:25
>> Last read 00:00:25, last send 00:00:25
>> Hold time: configured 180, negotiated 0
>> Keepalive time: configured 30, negotiated 0
>> Local restart timer 120 sec, stale route retain timer 180 sec
>> Received restart timer 0 sec, flag 0x0
>> Number of hops external BGP neighbor may be away: 1
>> Minimum time between advertisement runs: 30 secs
>> Source (local) IP address: 0.0.0.0
>> Received messages: 0 (0 bytes), notifications: 0, in queue: 0
>> Sent messages: 0 (0 bytes), notifications: 289, out queue: 0
>> Last active open: 06:10:23, reason: Have not registered with RIB
>> Reset count: 289, last reset time: 00:00:25, reset reason:
>> N*otification sent (update: attribute flags error)*
>>
>> show bgp neighbor 5.143.236.221 malform update
>> Apr 30 10:42:23 Malformed UPDATE msg (nbr 5.143.236.221, context
>> 0x40080002, 80 bytes, repeated 1512 times, reason: Invalid msg) -
>> ffff ffff ffff ffff ffff ffff ffff ffff 0050 0200 0000 3540 0101
>> 0040 020e 0203 0000 3065 0000 0c97 0003 02ed 4003 0405 8fec dd40
>> 0600 e007 0800 0302 ed5b dc3f 01c0 0808 3065 0006 3065 0007 185b dc3f
>>
>> Lets parse this data.
>> ffff ffff ffff ffff ffff ffff ffff ffff - the init marker
>> 0050 - totak message length - 80 bytes
>>
>> *02* - UPDATE
>> *0000* Length of Withdrawn Routes
>> *0035* Total size of attributes (*53 bytes*)
>>
>> Attributes:
>> *40 01 01 00*
>> ORIGIN (IGP)
>>
>> *40 02 0e 02 03 0000 3065 0000 0c97 0003 02ed*
>> 40-flags
>> 02 - AS_PATH
>> 0e - length - 14 *bytes
>> *
>> 02 - segment type AS_SEQUENCE
>> 03 - 3 AS length
>> 0000 3065 0000 0c97 0003 02ed - ASN itself (12389,3223,197357)
>>
>> *40 03 04 05 8f ec dd
>> *NEXT_HOP**5.143.236.221*
>> *
>> *
>> *
>> *40 06 00
>> *an empty ATOMIC_AGGREGATE attribute
>>
>> *e0 07 08 0003 02ed 5b dc 3f 01 *
>> AGGREGATOR AS 197357 IP 93.220.63.1
>>
>> *c0 08 08 3065 0006 3065 0007
>> *
>> COMMUNITY 12389:6 12389:7*
>> *
>>
>> *18 5b dc 3f
>> *
>> Prefixes* *91.220.63.0/24 <http://91.220.63.0/24>*
>> *
>> According the notification message SeOS threats the AGGREGATOR
>> attribute flags as mailfomed:
>> *e0 07 08 0003 02ed 5b dc 3f 01 *
>> I don't see anything wrong with it.
>> IMHO the AGGRETATOR attribute is composed with all RFC requirements
>>
>> Can somebody explain me such unexpected behavior?
>>
>
>
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
--
Marcin Kuczera / Wiceprezes Zarządu / CTO
+48 32 440 80 71/ marcin.kuczera at leon.pl <mailto:marcin.kuczera at leon.pl>
Leon Sp. z o.o.
ul. Kilińskiego 33d, 44-200 Rybnik
http://www.leon.pl/
INTERNET | TELEWIZJA | TELEFON
KRS 0000223101 Sąd Rejonowy w Gliwicach
Kapitał zakładowy 576.700 zł
NIP: 6332068698
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20180511/5141e3b1/attachment.html>
More information about the redback-nsp
mailing list