Yep, got a reply from cisco. It's a cisco bug:
" CSCsj36133
Internally found severe defect: Resolved (R)
Invalid header length BGP notification when sending withdrawThe router that is running the affected software generates enough withdraws to fill an entire BGP update message and can generate an update message that is 1 or 2 bytes too large when formatting withdraws close to the 4096 size boundary. The error message you attached to the service request indicates that you're receiving the BGP update with the illegal header length from the provider, correct? This issue was caused when new features were introduced into the 12.4(20)T train. The fix has been integrated into 12.4(20)T2 and will also be integrated into 12.4(24)T, when it is released on CCO. The 12.4(15)T train is unaffected. So the affected routers could also safely move to the latest 12.4(15)T image." ---- Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 > -----Original Message----- > From: Renaud RAKOTOMALALA [mailto:ren...@rakotomalala.com] > Sent: Tuesday, February 24, 2009 10:49 AM > To: Matthew Huff; 'nanog@nanog.org' > Subject: Re: Illegal header length in BGP error > > Hello Matthew, > > We changed the motherboard from cisco one of our from 7206VXR (NPE-G1) > to 7206VXR (NPE-G2). > > Due to incompability with the IOS 12.3(4r)T3 we upgraded this IOS to > 12.4(12.2r)T. At the end we've got the same problem as you between one > of our 7200 in 12.3 and the new one in 12.4 .... > > We solved the problem by upgrading the cisco withe the IOS from > 12.4(12.2r) to 12.4(4)XD10 and the BGP session came back alive .... > > So now everything work fine between our 7200 (IOS 12.3) and the other > 7200 in IOS 12.4(4)XD10 > > I hope it could help you ... > > Cheers, > Renaud > > > Matthew Huff a écrit : > > One of our upstream providers flapped this morning, and since then > they are > > sending corrupted BPG data. I'm running 12.4(22)T on cisco 7200s. I'm > > getting no BGP errors from that providers and the number of routes > and basic > > sanity check looks okay. However, when it tries to redistribute the > bgp > > routes via iBGP to our other board routers, we get: > > > > 003372: Feb 24 09:17:13.963 EST: %BGP-5-ADJCHANGE: neighbor x.x.x.x > Down BGP > > Notification sent > > 003373: Feb 24 09:17:13.963 EST: %BGP-3-NOTIFICATION: sent to > neighbor > > x.x.x.x 1/2 (illegal header length) 2 bytes > > > > > > All routes have identical hardware and IOS versions. My google and > cisco > > search fu leads me to the AS path length bug, but the interesting > thing is > > that since we have "bgp maxas-limit 75" configured and a recent IOS, > we > > haven't had the problem before when other people were reporting > issues. I've > > also looked at the path mtu issue, and although we haven't had a > problem > > before I disabled bgp mtu path discovery, but have the same issues. > > > > Anyone seeing something like this today, and or does anyone have a > > suggestion on finding out more specific info (which as path for > example so I > > can filter it)? > >
Matthew Huff.vcf
Description: Binary data
smime.p7s
Description: S/MIME cryptographic signature
