nanog mailing list archives
Re: JunOS/FRR/Nokia et al BGP critical issue
From: "Jakob Heitz \(jheitz\) via NANOG" <nanog () nanog org>
Date: Wed, 30 Aug 2023 15:23:26 +0000
You may treat-as-withdraw instead of discard.
However, this attribute does not affect routing.
It only affects whether a sender of packets to the route will add the entropy
label or not to the MPLS header, if such an MPLS header is added.
Therefore, it is safe to discard the attribute.
Kind Regards,
Jakob
From: Jakob Heitz (jheitz) <jheitz () cisco com>
Date: Wednesday, August 30, 2023 at 8:15 AM
To: nanog () nanog org <nanog () nanog org>
Subject: Re: JunOS/FRR/Nokia et al BGP critical issue
IOS-XR passes on the attribute by default.
Some other routers incorrectly claim it to be malformed and reset the BGP session.
IOS-XR has a configuration to discard an attribute, so it will not pass it on.
It will pass the route with all its other attributes.
Here is an example configuration:
router bgp {asn}
attribute-filter group block_elc
attribute 28 discard
!
neighbor {ip address}
update in filtering
attribute-filter group block_elc
!
!
!
More info:
https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/routing/command/reference/b-routing-cr-asr9000/bgp-commands.html#wp3145726977
https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r7-8/routing/configuration/guide/b-routing-cg-asr9000-78x/implementing-bgp.html#concept_77EE033C2F0C4BDDB8423C25FA71E3F9
Kind Regards,
Jakob
From: Jakob Heitz (jheitz) <jheitz () cisco com>
Date: Wednesday, August 30, 2023 at 7:43 AM
To: nanog () nanog org <nanog () nanog org>
Subject: Re: JunOS/FRR/Nokia et al BGP critical issue
The blog was updated. Correct link:
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
The attribute was not malformed.
This is the hex dump of the attribute: “E0 1C 00”
It is described here.
https://www.rfc-editor.org/rfc/rfc6790#section-5.2
This attribute is deprecated, but that does not prevent routers from originating it or passing it on.
Kind Regards,
Jakob
----------------- Original message --------------
From: Mike Lyon <mike.lyon () gmail com>
To: NANOG list <nanog () nanog org>
Ran across this article today and haven't seen posts about it so i
figured I would share:
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling?fbclid=IwAR13ePY43Vf3u4X8PDyCDT39DtyXczAKkv6CGXOQbcQv90Y3aIAmTkJxn7k_aem_Ad0hzj2Mh_WlbFZug-vGdlJJdXr2Xo0RFIsPwAU2GviPz6xZDib76YHwFuzU7E0_sJk&mibextid=Zxz2cZ
Curious if anyone on the list is running VyOS and has experienced any problems?
Cheers,
Mike
--
Mike Lyon
mike.lyon () gmail com
http://www.linkedin.com/in/mlyon
Current thread:
- Re: JunOS/FRR/Nokia et al BGP critical issue, (continued)
- Re: JunOS/FRR/Nokia et al BGP critical issue Mark Prosser (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Jeff Tantsura (Aug 31)
- Re: JunOS/FRR/Nokia et al BGP critical issue William Herrin (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Eugeniu Patrascu (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Tom Beecher (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Eugeniu Patrascu (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Jakob Heitz (jheitz) via NANOG (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue jeffm (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Tom Beecher (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Steve Noble (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue jeffm (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Jakob Heitz (jheitz) via NANOG (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Jakob Heitz (jheitz) via NANOG (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Mark Prosser (Aug 30)