Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] All BGP neighbors reset when "clear bgp neighbor" is run without suffix on versions prior to Junos 16.x

0

0

Article ID: KB37506 KB Last Updated: 17 Sep 2021Version: 1.0
Summary:

Customers may see the "bgp_peer_mgmt_clear" message log for all Border Gateway Protocol (BGP) neighbors, with all logs generated with the same timestamp and all BGP neighbors reset.

This article explains that the message is seen due to the clear bgp neighbor command being run without a specific neighbor or suffix on devices that are running Junos OS versions prior to Junos OS Release 16.x (Junos OS Release 15.1F6-S8.1). On devices running Junos OS Release 16.x and later, however, the clear bgp neighbor command is not allowed to run without a suffix or a specific neighbor.

The recommendation is to therefore upgrade to Junos OS Release 16.x and later to prevent accidental clearing of all BGP neighbors.

Symptoms:

Customers see the "bgp_peer_mgmt_clear" message log for all BGP neighbors, even though they wanted to clear only one specific BGP neighbor.

The log message of BGP reset for each BGP peer is recorded at the exact same time as shown here:

Sep 15 18:17:41.385  jtac-mx240-r2021-re0 rpd[20389]: noblock_funopen: task MGMT.local socket 46 bgp_peer_mgmt_clear:7281: NOTIFICATION sent to 10.10.10.2 (External AS 65002): code 6 (Cease) subcode 9 (Hard Reset) [code 6 (Cease) subcode 4 (Administratively Reset)], Reason: Management session cleared BGP neighbor
Sep 15 18:17:41.385  jtac-mx240-r2021-re0 rpd[20389]: bgp_peer_mgmt_clear:7281: NOTIFICATION sent to 100.100.100.2 (External AS 65002): code 6 (Cease) subcode 9 (Hard Reset) [code 6 (Cease) subcode 4 (Administratively Reset)], Reason: Management session cleared BGP neighbor
Sep 15 18:17:41.385  jtac-mx240-r2021-re0 rpd[20389]: bgp_peer_mgmt_clear:7281: NOTIFICATION sent to 101.101.101.2 (External AS 65002): code 6 (Cease) subcode 9 (Hard Reset) [code 6 (Cease) subcode 4 (Administratively Reset)], Reason: Management session cleared BGP neighbor
Sep 15 18:17:41.386  jtac-mx240-r2021-re0 rpd[20389]: bgp_peer_mgmt_clear:7281: NOTIFICATION sent to 192.168.2.2 (Internal AS 65001): code 6 (Cease) subcode 9 (Hard Reset) [code 6 (Cease) subcode 4 (Administratively Reset)], Reason: Management session cleared BGP neighbor
Sep 15 18:17:41.387  jtac-mx240-r2021-re0 Internal:rpd[23797]: bgp_read_v4_message:12351: NOTIFICATION received from 192.168.1.1 (Internal AS 65001): code 6 (Cease) subcode 9 (Hard Reset) [code 6 (Cease) subcode 4 (Administratively Reset)]

In this case, the customer meant to clear only one specific BGP neighbor, but accidentally ran the command without a suffix, which resulted in all BGP peers getting reset.

Cause:

In routers that are running Junos OS Release 15.1F6-S8.1, the command clear bgp neighbor can be run without any suffix or specific option at the end.

labroot@jtac-mx240-r2021-re0> clear bgp neighbor ?
Possible completions:
  <[Enter]>            Execute this command
  <neighbor>           Particular BGP neighbor to clear
  all                  Clear All BGP neighbors
  as                    Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format
  fabric               Internal fabric state
  gracefully           Allow peer to start graceful restart receiving-speaker mode, if possible
  instance             Name of BGP instance
  logical-system       Name of logical system, or 'all'
  malformed-route      Clear malformed routes
  soft                 Soft reset outbound state
  soft-inbound         Soft reset inbound state by issuing Refresh
  soft-minimum-igp     Soft reset outbound state with refresh of minimum igp MED
  stale-routes         Clear stale routes
  |                    Pipe through a command

labroot@jtac-mx240-r2021-re0> show version         
Hostname: jtac-mx240-r2021-re0
Model: mx240
Junos: 15.1F6-S8.1

So if this command is issued without a specific option or suffix, all four BGP neighbors will be cleared, and re-established again.

labroot@jtac-mx240-r2021-re0> clear bgp neighbor
Cleared 4 connections

A log message indicating a BGP reset for each BGP peer is recorded at the exact same time as shown below:

Sep 15 18:17:41.385  jtac-mx240-r2021-re0 rpd[20389]: noblock_funopen: task MGMT.local socket 46 bgp_peer_mgmt_clear:7281: NOTIFICATION sent to 10.10.10.2 (External AS 65002): code 6 (Cease) subcode 9 (Hard Reset) [code 6 (Cease) subcode 4 (Administratively Reset)], Reason: Management session cleared BGP neighbor
Sep 15 18:17:41.385  jtac-mx240-r2021-re0 rpd[20389]: bgp_peer_mgmt_clear:7281: NOTIFICATION sent to 100.100.100.2 (External AS 65002): code 6 (Cease) subcode 9 (Hard Reset) [code 6 (Cease) subcode 4 (Administratively Reset)], Reason: Management session cleared BGP neighbor
Sep 15 18:17:41.385  jtac-mx240-r2021-re0 rpd[20389]: bgp_peer_mgmt_clear:7281: NOTIFICATION sent to 101.101.101.2 (External AS 65002): code 6 (Cease) subcode 9 (Hard Reset) [code 6 (Cease) subcode 4 (Administratively Reset)], Reason: Management session cleared BGP neighbor
Sep 15 18:17:41.386  jtac-mx240-r2021-re0 rpd[20389]: bgp_peer_mgmt_clear:7281: NOTIFICATION sent to 192.168.2.2 (Internal AS 65001): code 6 (Cease) subcode 9 (Hard Reset) [code 6 (Cease) subcode 4 (Administratively Reset)], Reason: Management session cleared BGP neighbor
Sep 15 18:17:41.387  jtac-mx240-r2021-re0 Internal:rpd[23797]: bgp_read_v4_message:12351: NOTIFICATION received from 192.168.1.1 (Internal AS 65001): code 6 (Cease) subcode 9 (Hard Reset) [code 6 (Cease) subcode 4 (Administratively Reset)]

In devices that are running earlier versions of Junos OS, such as Junos OS 15.x, when the clear bgp neighbor command is run without a suffix by accident, all BGP peers will be reset. To prevent customers from running this command without any suffix, a change was made from Junos OS Release 16.x, wherein this command will not be allowed to run without a suffix. A "missing argument" error will be reported. 

For example, when you run the command without a suffix on Junos OS 16.1R1.11, you will see the "missing argument" error reported as shown below:

labroot@jtac-mx240-r2600-re0> clear bgp neighbor ?
Possible completions:
  <neighbor>           Particular BGP neighbor to clear
  all                  Clear All BGP neighbors
  as                    Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format
  fabric               Internal fabric state
  gracefully           Allow peer to start graceful restart receiving-speaker mode, if possible
  instance             Name of BGP instance
  logical-system       Name of logical system, or 'all'
  malformed-route      Clear malformed routes
  soft                 Soft reset outbound state
  soft-inbound         Soft reset inbound state by issuing Refresh
  soft-minimum-igp     Soft reset outbound state with refresh of minimum igp MED
  stale-routes         Clear stale routes

labroot@jtac-mx240-r2600-re0> clear bgp neighbor   
                                                 ^
missing argument.

labroot@jtac-mx240-r2600-re0> show version
Hostname: jtac-mx240-r2600-re0
Model: mx240
Junos: 16.1R1.11
Solution:

To prevent this issue, upgrade the Junos OS version on your device to Junos OS Release 16.x or later. Because clear bgp neighbor command will not be allowed to run without a suffix or options at the end, it will prevent all BGP neighbors from being reset accidentally. 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search