Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

BGP Session Teardown due to AS_CONFED_SEQUENCE in AS4_PATH



Article ID: JSA10395 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 4.0
Legacy Advisory Id:
Product Affected:
JUNOS 9.1 and above (released before 20090126), as mentioned in the PSN subsequently.
When sending a BGP UPDATE message, JUNOS may include the following segment types in the AS4_path attribute:


This inclusion is in violation of RFC 4893.

When the BGP UPDATE message is received by a BGP peer that is capable of processing the AS4_PATH attribute, the receiving peer determines that the AS4_PATH attribute is malformed and clears the BGP session (as is required by Section 6 of RFC 4271). Clearing the BGP session may cause service disruption. This problem is amplified by the transitive, optional nature of the AS4_PATH attribute. When a BGP speaker that cannot process the AS4_PATH attribute receives an UPDATE message containing a malformed AS4_PATH attribute, it may relay that malformed attribute to its BGP peers, causing those BGP sessions to reset.

This issue was mentioned on the NANOG mailing list ( and at the NANOG 45 Conference (

Juniper has validated the work done by Andy Davidson, NetSumo (, Jonathan Oddy, Hostway UK (, and Rob Shakir, GX Networks (

A fix has been completed and is currently being applied to all images which has yet to reach End of Engineering (EOE). Consequently, fixes will be available in the next scheduled releases of JUNOS (please check with your local Juniper technical representative).

The PR for this issue is 417046.

This only impact JUNOS from 9.1R1 forward. 4-byte ASNs were introduced in JUNOS in 9.1R1 (released before 20090126).
When available, upgrade JUNOS to insure that the combination of BGP confederation and 4Byte ASNs are not sent. In the mean time use of 4Byte ASNs and BGP Confederations are strongly discouraged.
Severity Level:
Severity Assessment:
Can generate BGP malformed attributes which can cause BGP sessions in RFC compliant routers to drop.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search