Re: [j-nsp] Unknown Attribute 28 in BGP
On 6/11/23 15:24, Saku Ytti wrote:
set protocols bgp drop-path-attributes 28 works if your release is too
old for set protocols bgp bgp-error-tolerance, and is preferable in
some ways, as it will protect your downstream as well.
18.2R3-S3.11 supports protocols bgp bgp-error-tolerance, but reading
through the docs, I see:
The bgp-error-tolerance statement overrides this behavior so that the following
BGP error handling is in effect:
For fatal errors, Junos OS sends a notification message titled Error Code
Update Message and resets the BGP session. An error in the MP_{UN}REACH
attribute is considered to be fatal. The presence of multiple MP_{UN}REACH
attributes in one BGP update is also considered to be a fatal error. Junos OS
resets the BGP session if it cannot parse the NLRI field or the BGP update
correctly. Failure to parse the BGP update packet can happen when the attribute
length does not match the length of the attribute value.
I read this section so that even if I configure bgp-error-tolerance, it
won't make a difference since junos considers this a fatal error and
resets the BGP session.
.einar
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Unknown Attribute 28 in BGP
set protocols bgp drop-path-attributes 28 works if your release is too old for set protocols bgp bgp-error-tolerance, and is preferable in some ways, as it will protect your downstream as well. On Sun, 11 Jun 2023 at 17:25, Einar Bjarni Halldórsson via juniper-nsp wrote: > > Hi, > > We have two MX204 edge routers, each with a connection to a different > upstream provider (and some IXP peerings on both). > > Last week the IPv6 transit session on one of them starting flapping. It > turns out that we got hit with > https://labs.ripe.net/author/emileaben/unknown-attribute-28-a-source-of-entropy-in-interdomain-routing/ > > It only happened on one of our edge routers, so I assume for now that > either our other transit provider filtered the affected route updates, > or stripped the attribute. > > The post from RIPE links to > https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html > but I can't see that bgp-error-tolerance helps us, since this type of > malformed update is always fatal. > > Our edge routers are both running Junos 18.2R3-S3.11. I was planning on > upgrading to 22.2R3 regardless of this error, but it would be nice to > know that this problem has been fixed in later version, or mitigations > introduced that can be used. > > Anybody know about this problem in particular, or have ideas on > mitigating malformed BGP updates? > > .einar > ISNIC > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp -- ++ytti ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Unknown Attribute 28 in BGP
Hi, We have two MX204 edge routers, each with a connection to a different upstream provider (and some IXP peerings on both). Last week the IPv6 transit session on one of them starting flapping. It turns out that we got hit with https://labs.ripe.net/author/emileaben/unknown-attribute-28-a-source-of-entropy-in-interdomain-routing/ It only happened on one of our edge routers, so I assume for now that either our other transit provider filtered the affected route updates, or stripped the attribute. The post from RIPE links to https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html but I can't see that bgp-error-tolerance helps us, since this type of malformed update is always fatal. Our edge routers are both running Junos 18.2R3-S3.11. I was planning on upgrading to 22.2R3 regardless of this error, but it would be nice to know that this problem has been fixed in later version, or mitigations introduced that can be used. Anybody know about this problem in particular, or have ideas on mitigating malformed BGP updates? .einar ISNIC ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Fwd: Port-channel not working Juniper vs Cisco
Dear experts we've an issue in setting up a port-channel between a Juniper EX4400 and a Cisco Nexus N9K-C93180YC-EX over an SX 1 Gbs link. We've implemented the following configuration but on Juniper side it is interface flapping while on Cisco side it remains down. Light levels seem ok. Has anyone ever experienced the same ? Any suggestions ? Thanks in advance for any hint Kind regards James JUNIPER * > show configuration interfaces ae10 | display set set interfaces ae10 description "to Cisco leaf" set interfaces ae10 aggregated-ether-options lacp active set interfaces ae10 aggregated-ether-options lacp periodic fast set interfaces ae10 unit 0 family ethernet-switching interface-mode trunk set interfaces ae10 unit 0 family ethernet-switching vlan members 301 > show configuration interfaces ge-0/2/3 | display set set interfaces ge-0/2/3 description "to Cisco leaf" set interfaces ge-0/2/3 ether-options 802.3ad ae10 > show vlans VLAN_301 Routing instanceVLAN name Tag Interfaces default-switch VLAN_301 301 ae10.0 CISCO *** interface Ethernet1/41 description <[To EX4400]> switchport switchport mode trunk switchport trunk allowed vlan 301 channel-group 41 mode active no shutdown interface port-channel41 description <[To EX4400]> switchport switchport mode trunk switchport trunk allowed vlan 301 # sh vlan id 301 VLAN Name StatusPorts - --- 301 P2P_xxx activePo1, Po41, Eth1/1, Eth1/41 VLAN Type Vlan-mode --- 301 enet CE Remote SPAN VLAN Disabled Primary Secondary Type Ports --- - --- --- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
