An E-series router running an unpatched release of JUNOSe (see Fixed Release below) may see BGP sessions flapping constantly after a certain update has been received. The E-series router is the one terminating the session and is sending a NOTIFICATION with Code 3 (Update Message Error) and Subcode 9 (error with optional attribute).
Here is an example of a message logged on a peer router running JUNOS when receiving this notification:
Jan 01 15:58:25.388607 bgp_read_v4_message: NOTIFICATION received from 10.0.0.1 (Internal AS 100): code 3 (Update Message Error) subcode 9 (error with optional attribute), Data: e0 11 10 03 02
This can be confirmed on the E-series router itself by changing the log severity for category bgpMessages to warning:
ERX(config)# log severity warning bgpMessages
which would then uncover the following two warning messages after a flap:
WARNING 01/01/2008 19:34:52 bgpMessages (default,10.0.0.2): UPDATE message from peer 10.0.0.2 in core: new-as-path contains segment type confed-sequence (not allowed)
WARNING 01/01/2008 19:34:52 bgpMessages (default,10.0.0.2): Send NOTIFICATION message to peer 172.26.26.104 in core error-code = 3 (update message), error-subcode = 9 (optional attribute error), data = e0 11 10 03 02 00 00 fe 00 00 00 fe 01 02 01 00 00 00 0a
As detailed in the message above, this is due to an incoming UPDATE including a new AS4_PATH attribute (introduced to support 4-byte ASNs, per RFC 4893) containing an AS_CONFED_SEQUENCE or an AS_CONFED_SET, which is considered illegal, as per RFC 4893.
This defect is being tracked via CQ 88706.
Resolved in the release(s) indicated in the Fixed Release field below.
Workaround: In order to stop the BGP session flaps, a per-neighbor configuration option exists that will cause JUNOSe to ignore any illegal or incorrectly formatted attributes: