nanog mailing list archives

Re: Strange BGP announcement.


From: Andrew Bangs <andrewb () demon net>
Date: Sun, 8 Nov 1998 18:40:22 +0000 (GMT)

On Auguest 6th Brett Frankenberge wrote:

:: Victor L. Belov writes ::

AS8263 encounted the same problem today. The problem is that cisco
handle this incorrect update normally, but it couses Bay Networks
routers to crash =() Seems to be another problem on the Internet.

Bays don't crash (at least not in the general case ... for example,
mine stayed up this time and the last time this happened), but they do
send a NOTIFY and bring down the BGP session, as required by the RFC. 
(I believe gated does this also.)

The reason this issue causes problems is that Cisco violates the RFC
and passes the bad announcement around, so it eventually reaches most
non-Cisco routers who properly terminate the BGP connection.  If Cisco
would do the NOTIFY upon receipt of the announcement, then the
information wouldn't spread, and only one router's worth of peerings
(i.e. the guy who "started" the bad annoucnement)  would be lost.

Neil J. McRae wrote:

Aug  6 13:46:20 BGP RECV 207.45.199.225+179 -> 207.45.199.226+1935
Aug  6 13:46:20 BGP RECV message type 2 (Update) length 71
Aug  6 13:46:20 BGP RECV flags 0x40 code Origin(1): Incomplete
Aug  6 13:46:20 BGP RECV flags 0x40 code ASPath(2): 6453 701 65525 ((65523)) 356
1 1691
Aug  6 13:46:20 BGP RECV flags 0x40 code NextHop(3): 207.45.199.225
Aug  6 13:46:20 BGP RECV        204.174.40/24, 204.239.26/24, 204.239.27/24, 204
.239.147/24
Aug  6 13:46:20
Aug  6 13:46:20 bnp_path_attr_eer: peer 207.45.199.225 (External AS 6453) bad up
date send NOTIFY flag 0 type 0  err_subcode 11, data 0
Aug  6 13:46:20 NOTIFICATION sent to 207.45.199.225 (External AS 6453): code 3 (
Update Message Error) subcode 11 (AS path attribute problem) data
Aug  6 13:46:20
Aug  6 13:46:20 BGP SEND 207.45.199.226+1935 -> 207.45.199.225+179
Aug  6 13:46:20 BGP SEND message type 3 (Notification) length 21
Aug  6 13:46:20 BGP SEND Notification code 3 (Update Message Error) subcode 11 (
AS path attribute problem)
Aug  6 13:46:20


Hmm. I'm seeing something similar tonight... seeing more than one
of my upstreams send me junk, and my routers send back a notify and 
drop the session (and my reading of the RFC matches Brett's).

Since this isn't directly my upstream's problem I've edited them out of the
log (actually, this could have come from more than one of my upstreams)

Nov  8 17:45:26 BGP RECV x.x.x.x+179 -> x.x.x.x+1161
Nov  8 17:45:26 BGP RECV message type 2 (Update) length 64
Nov  8 17:45:26 BGP RECV flags 0x40 code Origin(1): Incomplete
Nov  8 17:45:26 BGP RECV flags 0x40 code ASPath(2): (0x02 0x07 0x0f 0x7f 0x02 0xbd 0x0d 0xa5 0x03 0x30 0x03 0x2f 0x03 
0x2e)
Nov  8 17:45:26 BGP RECV flags 0x40 code NextHop(3): x.x.x.x
Nov  8 17:45:26 BGP RECV flags 0xc0 code Aggregator(7): 6218 206.53.128.254
Nov  8 17:45:26 BGP RECV        206.148.144/22
Nov  8 17:45:26 
Nov  8 17:45:26 bnp_path_attr_eer: peer x.x.x.x (External AS yyyy) bad update send NOTIFY flag 0 type 0  err_subcode 
11, data 0
Nov  8 17:45:26 NOTIFICATION sent to x.x.x.x (External AS yyyy): code 3 (Update Message Error) subcode 11 (AS path 
attribute problem) data
Nov  8 17:45:26 
Nov  8 17:45:26 BGP SEND x.x.x.x+1161 -> x.x.x.x+179
Nov  8 17:45:26 BGP SEND message type 3 (Notification) length 21
Nov  8 17:45:26 BGP SEND Notification code 3 (Update Message Error) subcode 11 (AS path attribute problem)
Nov  8 17:45:26 

(We saw the problem start around 1640 GMT tonight)

Problem at AS6218 perhaps ? (of course if this is the result of some
random corruption that can't be relied on... )

Anyone else see anything ? 


 Regards,
 Andrew
-- 
Andrew Bangs, Network Engineering Manager, Demon Internet Ltd
andrewb () demon net  http://www.demon.net/ http://www.demon.nl/
Network Engineering: +44 (0)181 371 1204   networks () demon net


Current thread: