Knowledge Search


JUNOSe tears down BGP session when receiving an UPDATE message with AS4_PATH attribute containing illegal AS_CONFED_SEQUENCE or AS_CONFED_SET types

  [JSA10397] Show Article Properties

Legacy Advisory Id:
Product Affected:
ERX 310/700/705/1410/1440, E120, E320

When an E-series router running an affected release of JUNOSe receives a BGP UPDATE message containing an AS4_PATH attribute which itself contains an AS_CONFED_SEQUENCE or AS_CONFED_SET type, the BGP session to the peer is torn down; it is considered illegal per RFC 4893. While the stated reaction is technically correct, it is undesirable and is inconsistent with the "de facto" behavior of other BGP implementations.

The E-series router terminates the session via a NOTIFICATION message that includes Code 3 (Update Message Error) and Subcode 9 (error with optional attribute). This causes the BGP session to "flap" -- to reconnect and fail again repeatedly -- because the erroneous but otherwise passable UPDATE message is immediately transmitted by the peer again each time after the connection is re-established.

This issue is tracked internally as CQ 88706.

No other Juniper Networks products are affected by this vulnerability.

The following JUNOSe software releases (used on E-series routers) contain modified code to ignore the illegal extended attribute: 8.1.4p0-4, 8.2.4p0-7, 9.0.2p0-1, 9.1.2p0-1, 9.2.1p0-1, 9.3.0p0-1, 10.0.0

If bgpMessages logging is enabled at WARNING level or lower, the following log message will be displayed:

WARNING 01/01/2008 19:34:52 bgpMessages (default, UPDATE message from peer in core: new-as-path contains segment type confed-sequence (not allowed)

In order to stop the BGP session flaps, a per-neighbor configuration option exists that will cause JUNOSe to ignore any illegal or incorrectly formatted attributes:
ERX(config)#router bgp <AS#>
ERX(config-router)#neighbor <x.x.x.x> lenient
Note that the workaround is less ideal than the recommended software upgrade. When 'lenient' is configured, the BGP session does not drop, but the contents of the update are ignored. In patched releases of JUNOSe, the BGP update is "repaired", ignoring the illegal attribute and consuming the reachability changes found in the remainder of the update.

Juniper Networks recommends that 'lenient' switch only be used as a temporary workaround while plans are made to upgrade to a later release of JUNOSe.
Related Links:
Risk Level:
Risk Assessment:
Receipt of BGP malformed attributes can cause BGP sessions to drop. While this behavior is technically correct according to RFC 4893, it is undesirable in production networks.