Knowledge Search


×
 

JUNOSe tears down BGP session when receiving an UPDATE message with AS4_PATH attribute containing illegal AS_CONFED_SEQUENCE or AS_CONFED_SET

  [KB13623] Show Article Properties


Summary:
An E-series router running an unpatched release of JUNOSe (see Fixed Release below) may see BGP sessions flapping constantly after a certain update has been received. The E-series router is the one terminating the session and is sending a NOTIFICATION with Code 3 (Update Message Error) and Subcode 9 (error with optional attribute).

Here is an example of a message logged on a peer router running JUNOS when receiving this notification:

Jan 01 15:58:25.388607 bgp_read_v4_message: NOTIFICATION received from
10.0.0.1 (Internal AS 100): code 3 (Update Message Error) subcode 9 (error with optional attribute), Data: e0 11 10 03 02

This can be confirmed on the E-series router itself by changing the log severity for category bgpMessages to warning:
ERX(config)# log severity warning bgpMessages
which would then uncover the following two warning messages after a flap:

WARNING 01/01/2008 19:34:52 bgpMessages (default,10.0.0.2): UPDATE message from peer 10.0.0.2 in core: new-as-path contains segment type confed-sequence (not allowed)

WARNING 01/01/2008 19:34:52 bgpMessages (default,10.0.0.2): Send NOTIFICATION message to peer 172.26.26.104 in core error-code = 3 (update message), error-subcode = 9 (optional attribute error), data = e0 11 10 03 02 00 00 fe 00 00 00 fe 01 02 01 00 00 00 0a

As detailed in the message above, this is due to an incoming UPDATE including a new AS4_PATH attribute (introduced to support 4-byte ASNs, per RFC 4893) containing an AS_CONFED_SEQUENCE or an AS_CONFED_SET, which is considered illegal, as per RFC 4893.

This defect is being tracked via CQ 88706.

Symptoms:

Solution:
Resolved in the release(s) indicated in the Fixed Release field below.

Workaround:
In order to stop the BGP session flaps, a per-neighbor configuration option exists that will cause JUNOSe to ignore any illegal or incorrectly formatted attributes:
ERX(config)# router bgp <AS#>
ERX(config-router)# neighbor <x.x.x.x> lenient
Provided log category bgpMessages has been set to log severity warning by configuring:
ERX(config)# log severity warning bgpMessages
a message will still be logged when an illegal attribute is received:

WARNING 01/01/2008 19:34:52 bgpMessages (default,10.0.0.2): UPDATE message from peer 10.0.0.2 in core: new-as-path contains segment type confed-sequence (not allowed)

Fixed Release:
JUNOSe 8-1-4p0-4, 8-2-4p0-7, 9-0-2p0-1, 9-1-2p0-1, 9-2-1p0-1, 9-3-0p0-1, 10-0-0
Related Links: