set protocols bgp drop-path-attributes 28 works if your release is too old for set protocols bgp bgp-error-tolerance, and is preferable in some ways, as it will protect your downstream as well.
On Sun, 11 Jun 2023 at 17:25, Einar Bjarni Halldórsson via juniper-nsp <juniper-nsp@puck.nether.net> wrote: > > Hi, > > We have two MX204 edge routers, each with a connection to a different > upstream provider (and some IXP peerings on both). > > Last week the IPv6 transit session on one of them starting flapping. It > turns out that we got hit with > https://labs.ripe.net/author/emileaben/unknown-attribute-28-a-source-of-entropy-in-interdomain-routing/ > > It only happened on one of our edge routers, so I assume for now that > either our other transit provider filtered the affected route updates, > or stripped the attribute. > > The post from RIPE links to > https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html > but I can't see that bgp-error-tolerance helps us, since this type of > malformed update is always fatal. > > Our edge routers are both running Junos 18.2R3-S3.11. I was planning on > upgrading to 22.2R3 regardless of this error, but it would be nice to > know that this problem has been fixed in later version, or mitigations > introduced that can be used. > > Anybody know about this problem in particular, or have ideas on > mitigating malformed BGP updates? > > .einar > ISNIC > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp -- ++ytti _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp