<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 2018-05-01 01:42, Olivier Benghozi
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:8E133F67-1C45-47C0-B892-099A31670154@wifirst.fr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
Hi Roman,
<div class=""><br class="">
</div>
<div class="">Brandon Leeberg in this ML also recently posted
about the same issue (with the same prefix by the way),
running SEOS-12.1.1.9 and 12.1.1.12p13. Nothing seems bad with
this route.<br class="">
<div><br class="">
</div>
<div>In fact, I found back a pcap capture (from december 2017)
of a BGP session from one of my Juniper MX gears toward a
BGP/Netflow collector, where I can see this route.</div>
<div>And I can see after all that there's a difference between
your version and what was transmitted by this MX</div>
<div>For the AGGREGATOR attribute, the "partial" bit is at 0 in
my capture (meaning tat the attribute is "complete", that is
everything is OK), whereas in your case it is set at 1 (so the
attribute begins with c0 instead of e0).</div>
<div><br class="">
</div>
<div>In Brandon's case the "partial" bit was also at 1.</div>
<div>So I suppose that this is what the SE code doesn't like.</div>
<div><br class="">
</div>
<div>There's no serious reason for this flag to be set to 1 for
this prefix (or it means that a BGP router transmitted this
announcement without understanding what AGGREGATOR attribute
was, which is ridiculous). That's probably a problem on the
originator's side.</div>
<div>But there's no reason for SEOS to consider this attribute
as bad (and no reason to close the session since RFC7606, but
SEOS is now a dead end).</div>
</div>
</blockquote>
<br>
This is also what comes from our analyse.<br>
It looks like an implementation bug.<br>
<br>
The biggest issue that SEOS is in "end of maintenance state".
However, they still release some newer patches (12.1.1.12p14)..<br>
<br>
I have sent this info to a person who worked as routing chief in
Ericsson some time ago, maybe he has some actual contact... but no
response for now...<br>
<br>
We are also facing lot of EPPA3 crashes and have no idea what to
turn off...<br>
<br>
Regards,<br>
Marcin<br>
<br>
<br>
<br>
<br>
<blockquote type="cite"
cite="mid:8E133F67-1C45-47C0-B892-099A31670154@wifirst.fr">
<div class="">
<div><br class="">
</div>
<div>However I guess that on Brandon case, the sessions was
staying alive (juste error messages in the logs)...</div>
<div>
<div><br class="">
</div>
<div>Seems like a bug to me, I guess that only an Ericsson TAC
engineer could help fix this SEOS BGP piece of code.</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">Olivier</div>
<div class=""><br class="">
</div>
<blockquote type="cite" class="">
<div class="">On 30 apr. 2018 at 23:54, Соловьёв Роман
Анатольевич <<a href="mailto:romanse@serdi.ru" class=""
moz-do-not-send="true">romanse@serdi.ru</a>> wrote :</div>
<br class="Apple-interchange-newline">
<div class=""><br class="">
<blockquote class="">
<div dir="ltr" class="">
<div class="">
<div class="">
<div class="">Hi. Some issue is detected with SeOS
version SEOS-12.1.1.12p13-Release<br class="">
</div>
<div class="">The issue is about BGP protocol
handling. <br class="">
</div>
<div class="">The problem is, that SeOS close a
BGP session on receiving mailformed UPDATE
message from a peer. The peer is Juniper. <br
class="">
</div>
<div class=""><br class="">
On the peer side:<br class="">
<p class=""><font class="" size="4"><span
style="font-family:Calibri,sans-serif;color:rgb(31,73,125);"
class="" lang="EN-US">bgp_read_v4_message:11175:
NOTIFICATION received from 5.143.236.222
(External AS 48711): code 3 (Update
Message Error) subcode 4 (attribute flags
error), Data: e0 <span class=""><span
class="">07 08 00 03 02</span></span>
Apr 30 09:52:06 2018</span></font></p>
</div>
<div class=""><br class="">
<b class="">On SeOS side:</b><br class="">
<br class="">
bgp neighbor 5.143.236.221<br class="">
BGP neighbor: 5.143.236.221, remote AS: 12389,
external link<br class="">
Version: 4, router identifier: 178.34.128.3<br
class="">
State: Idle for 00:00:25<br class="">
Last read 00:00:25, last send 00:00:25<br
class="">
Hold time: configured 180, negotiated 0<br
class="">
Keepalive time: configured 30, negotiated 0<br
class="">
Local restart timer 120 sec, stale route
retain timer 180 sec<br class="">
Received restart timer 0 sec, flag 0x0<br
class="">
Number of hops external BGP neighbor may be
away: 1<br class="">
Minimum time between advertisement runs: 30
secs<br class="">
Source (local) IP address: 0.0.0.0<br class="">
Received messages: 0 (0 bytes), notifications:
0, in queue: 0<br class="">
Sent messages: 0 (0 bytes), notifications:
289, out queue: 0<br class="">
Last active open: 06:10:23, reason: Have not
registered with RIB<br class="">
Reset count: 289, last reset time: 00:00:25,
reset reason: N<b class="">otification sent
(update: attribute flags error)</b><br
class="">
<br class="">
show bgp neighbor 5.143.236.221 malform update <br
class="">
Apr 30 10:42:23 Malformed UPDATE msg (nbr
5.143.236.221, context 0x<span class=""><span
class="">40080002</span></span>, 80 bytes,
repeated 1512 times, reason: Invalid msg) - <br
class="">
ffff ffff ffff ffff ffff ffff ffff ffff <span
class=""><span class="">0050 0200 0000 3540
0101 0040 020</span></span>e <span class=""><span
class="">0203 0000 3065 0000</span></span>
0c<span class=""><span class="">97 0003 02</span></span>ed
<span class=""><span class="">4003 0405 8</span></span>fec
dd40 0600 e<span class=""><span class="">007
0800 0302</span></span> ed5b dc3f 01c0 <span
class=""><span class="">0808 3065 0006 3065
0007 185</span></span>b dc3f<br class="">
</div>
<br class="">
</div>
Lets parse this data.<br class="">
ffff ffff ffff ffff ffff ffff ffff ffff - the init
marker<br class="">
</div>
0050 - totak message length - 80 bytes<br class="">
<div class=""><br class="">
<b class="">02</b> - UPDATE <br class="">
<div class=""><b class="">0000</b> Length of
Withdrawn Routes <br class="">
<b class="">0035</b> Total size of attributes (<b
class="">53 bytes</b>)<br class="">
</div>
<div class=""><br class="">
</div>
<div class="">Attributes:<br class="">
</div>
<div class=""><b class=""><span class=""><span
class="">40 01 01 00</span></span></b><br
class="">
ORIGIN (IGP) <br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><b class="">40 02 0e <span class=""><span
class="">02 03 0000 3065 0000 0</span></span>c<span
class=""><span class="">97 0003 02</span></span>ed</b><br
class="">
</div>
<div class="">40-flags<br class="">
</div>
<div class="">02 - AS_PATH<br class="">
</div>
<div class="">0e - length - 14 <b class="">bytes<br
class="">
</b></div>
<div class="">02 - segment type AS_SEQUENCE <br
class="">
03 - 3 AS length<br class="">
<span class=""><span class="">0000 3065 0000 0</span></span>c<span
class=""><span class="">97 0003 02</span></span>ed
- ASN itself (12389,3223,197357)<br class="">
</div>
<div class=""><br class="">
<b class=""><span class=""><span class="">40 03 04
05 8</span></span>f ec dd<br class="">
</b>NEXT_HOP<b class=""> </b>5.143.236.221<b
class=""><br class="">
</b></div>
<div class=""><b class=""><br class="">
</b></div>
<div class=""><b class="">40 06 00 <br class="">
</b>an empty ATOMIC_AGGREGATE attribute<br
class="">
</div>
<div class=""><br class="">
<b class="">e<span class=""><span class="">0 07 08
0003 02</span></span>ed 5b dc 3f 01 </b><br
class="">
AGGREGATOR AS 197357 IP 93.220.63.1<br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><b class="">c<span class=""><span
class="">0 08 08 3065 0006 3065 0007</span></span>
<br class="">
</b></div>
<div class="">COMMUNITY 12389:6 12389:7<b class=""><br
class="">
</b></div>
<div class=""><br class="">
<b class="">18 5b dc 3f <br class="">
</b></div>
Prefixes<b class=""> </b><a
href="http://91.220.63.0/24" target="_blank"
class="" moz-do-not-send="true">91.220.63.0/24</a><b
class=""><br class="">
</b><br class="">
</div>
<div class="">According the notification message SeOS
threats the AGGREGATOR attribute flags as mailfomed:<br
class="">
<b class="">e<span class=""><span class="">0 07 08
0003 02</span></span>ed 5b dc 3f 01 </b></div>
<div class="">I don't see anything wrong with it. <br
class="">
IMHO the AGGRETATOR attribute is composed with all
RFC requirements<br class="">
</div>
<div class=""><br class="">
Can somebody explain me such unexpected behavior?<br
class="">
</div>
<div class=""><br class="">
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
<br class="">
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
redback-nsp mailing list
<a class="moz-txt-link-abbreviated" href="mailto:redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/redback-nsp">https://puck.nether.net/mailman/listinfo/redback-nsp</a>
</pre>
</blockquote>
<p><br>
</p>
<div class="moz-signature">-- <br>
<p style="font-family: Helvetica, Arial, sans-serif; font-size:
12px; line-height: 14px; color: #999999;"><span id="name-input"
class="txt" style="font-weight: bold;">Marcin Kuczera</span> <span
id="title-sep">/</span> <span id="title-input" class="txt"
style="color: #999;">Wiceprezes Zarządu / CTO<span><br>
<span id="mobile-input" class="txt" style="color: #999;">+48
32 440 80 71<span id="email-sep" class="txt">/</span> <a
id="email-input" class="link email" style="color:
#51930b;" href="mailto:marcin.kuczera@leon.pl">marcin.kuczera@leon.pl</a></span></span></span></p>
<p style="font-family: Helvetica, Arial, sans-serif; font-size:
12px; line-height: 14px;"><span id="company-input" class="txt"
style="font-weight: bold; color: #999;">Leon Sp. z o.o.</span>
<span id="office-sep" class="txt" style="color: #999;"> </span>
<span id="address-sep"><br>
</span> <span id="address-input" class="txt" style="color:
#999;">ul. Kilińskiego 33d, 44-200 Rybnik </span><br>
<a id="website-input" class="link" style="color: #51930b;"
href="http://www.leon.pl/">http://www.leon.pl/</a></p>
<p id="disclaimer-input" class="txt" style="font-family:
Helvetica, Arial, sans-serif; color: #999999; font-size: 12px;
line-height: 14px;">INTERNET | TELEWIZJA | TELEFON</p>
<p style="font-family: Helvetica, Arial, sans-serif; font-size:
12px; line-height: 14px;"><span id="office-sep" class="txt"
style="color: #999;">KRS 0000223101 Sąd Rejonowy w Gliwicach<br>
<span id="mobile-input" class="txt" style="color: #999;"></span><span
id="mobile-input" class="txt" style="color: #999;"> Kapitał
zakładowy 576.700 zł<br>
<span id="mobile-input" class="txt" style="color: #999;"></span><span
id="mobile-input" class="txt" style="color: #999;"> NIP:
6332068698</span></span></span></p>
</div>
</body>
</html>