Completely agree, the real fix is to update the old/buggy software, however this does solve the immediate problem of my BGP sessions flapping spontaneously. We're already planning to do a batch of code upgrades "soon", so unless this becomes more than just a one-off incident, I'd rather not rush into software updates on this particular Friday.
Andrew On Fri, Sep 9, 2011 at 1:07 PM, Jared Mauch <ja...@puck.nether.net> wrote: > Well, the update is well formatted and proper, the handling in JunOS > is buggy. You don't want to just blackhole unkown items like this as you can > create a significant problem for others similar to the bogon problems > that exist. > > This type of a fix is ONLY a short term fix to workaround your buggy > software. > > - Jared > > On Fri, Sep 09, 2011 at 12:58:36PM -0400, Andrew Parnell wrote: >> We noticed this as well on a couple of our M7i running 9.x series >> code, but not on others running 10.x. This is being caused by a >> particular prefix (212.118.142.0/24): >> >> rpd[5239]: xx.xx.253.192 (Internal AS xx) Received BAD update for >> family inet-unicast(1), prefix 212.118.142.0/24 >> >> The easy solution is to simply filter out the offending prefix. There >> are many ways this can be done, but the following did the trick for >> us: >> >> policy-options { >> prefix-list bad-prefixes { >> 212.118.142.0/24; >> } >> policy-statement BGP-Import { >> term block-bad-prefixes { >> from { >> prefix-list bad-prefixes; >> } >> then reject; >> } >> } >> >> Apply something like this to your BGP import and/or export policy as >> appropriate and you should be fine. >> >> Andrew >> >> On Fri, Sep 9, 2011 at 11:41 AM, Markus <unive...@truemetal.org> wrote: >> > All of a sudden without changing anything in the config I'm getting the >> > following on a M7i running 8.0R2.8: >> > >> > rpd[3019]: bgp_read_v4_update: NOTIFICATION sent to 89.146.xx.49 (External >> > AS xxxx): code 3 (Update Message Error) subcode 11 (AS path attribute >> > problem) >> > >> > The other end (Cisco) is getting: >> > >> > %BGP-3-NOTIFICATION: received from neighbor 89.146.xx.50 3/11 (invalid or >> > corrupt AS path) 0 bytes >> > >> > This is causing the BGP session to flap. It happens at arbitrary intervals, >> > sometimes once a minute, sometimes just once in an hour. CFEB and RE CPU >> > are >> > at steady 100% when it happens. >> > >> > What can I do about this and what could be the cause? Help! :) >> > >> > Thanks! >> > Markus >> > >> > _______________________________________________ >> > juniper-nsp mailing list juniper-nsp@puck.nether.net >> > https://puck.nether.net/mailman/listinfo/juniper-nsp >> > >> > ______________________________________________________________________ >> > This email has been scanned by the MessageLabs Email Security System. >> > For more information please visit http://www.messagelabs.com/email >> > ______________________________________________________________________ >> > >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp > > -- > Jared Mauch | pgp key available via finger from ja...@puck.nether.net > clue++; | http://puck.nether.net/~jared/ My statements are only mine. > > ______________________________________________________________________ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > ______________________________________________________________________ > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp