Strange BGP announcement.

Brett Frankenberger brettf at netcom.com
Sun Nov 8 20:23:44 UTC 1998


:: Andrew Bangs writes ::
> 
> On Auguest 6th Brett Frankenberge wrote:
> > 
> > :: Victor L. Belov writes ::
> > > 
> > > AS8263 encounted the same problem today. The problem is that cisco
> > > handle this incorrect update normally, but it couses Bay Networks
> > > routers to crash =() Seems to be another problem on the Internet.
> > 
> > Bays don't crash (at least not in the general case ... for example,
> > mine stayed up this time and the last time this happened), but they do
> > send a NOTIFY and bring down the BGP session, as required by the RFC. 
> > (I believe gated does this also.)
> > 
> > The reason this issue causes problems is that Cisco violates the RFC
> > and passes the bad announcement around, so it eventually reaches most
> > non-Cisco routers who properly terminate the BGP connection.  If Cisco
> > would do the NOTIFY upon receipt of the announcement, then the
> > information wouldn't spread, and only one router's worth of peerings
> > (i.e. the guy who "started" the bad annoucnement)  would be lost.
> 
> Hmm. I'm seeing something similar tonight... seeing more than one
> of my upstreams send me junk, and my routers send back a notify and 
> drop the session (and my reading of the RFC matches Brett's).
> 
> Since this isn't directly my upstream's problem I've edited them out of the
> log (actually, this could have come from more than one of my upstreams)
> 
> Nov  8 17:45:26 BGP RECV x.x.x.x+179 -> x.x.x.x+1161
> Nov  8 17:45:26 BGP RECV message type 2 (Update) length 64
> Nov  8 17:45:26 BGP RECV flags 0x40 code Origin(1): Incomplete
> Nov  8 17:45:26 BGP RECV flags 0x40 code ASPath(2): (0x02 0x07 0x0f 0x7f 0x02 0xbd 0x0d 0xa5 0x03 0x30 0x03 0x2f 0x03 0x2e)
> Nov  8 17:45:26 BGP RECV flags 0x40 code NextHop(3): x.x.x.x
> Nov  8 17:45:26 BGP RECV flags 0xc0 code Aggregator(7): 6218 206.53.128.254
> Nov  8 17:45:26 BGP RECV        206.148.144/22
> Nov  8 17:45:26 
> Nov  8 17:45:26 bnp_path_attr_eer: peer x.x.x.x (External AS yyyy) bad update send NOTIFY flag 0 type 0  err_subcode 11, data 0
> Nov  8 17:45:26 NOTIFICATION sent to x.x.x.x (External AS yyyy): code 3 (Update Message Error) subcode 11 (AS path attribute problem) data
> Nov  8 17:45:26 
> Nov  8 17:45:26 BGP SEND x.x.x.x+1161 -> x.x.x.x+179
> Nov  8 17:45:26 BGP SEND message type 3 (Notification) length 21
> Nov  8 17:45:26 BGP SEND Notification code 3 (Update Message Error) subcode 11 (AS path attribute problem)
> Nov  8 17:45:26 
> 
> (We saw the problem start around 1640 GMT tonight)
> 
> Problem at AS6218 perhaps ? (of course if this is the result of some
> random corruption that can't be relied on... )
> 
> Anyone else see anything ? 

Oh, yeah.  Both my upstreams run Cisco, and both are sending me this
bogus announcement.  UUNet is reporting major routing instability ...
perhaps this is the cause ... (to get hard, you need Cisco's at the
edges and something else in the middle ... if everything is
RFC-compliant, then all you lose is the BGP session to wherever you
get the bad route from, and if you aren't buying transit, that should
only be a small fraction of your BGP sessions.)

Has Cisco fixed this yet?

ObConsipracyTheory: Cisco Marketing won't let them fix this because
they think it's good when all the non-Ciscos start dropping BGP
sessions.

          - Brett  (brettf at netcom.com)
 
------------------------------------------------------------------------------
                               ... Coming soon to a      | Brett Frankenberger
.sig near you ... a Humorous Quote ...                   | brettf at netcom.com
 




More information about the NANOG mailing list