I want to ask if anyone else is seeing the same issue.
My bgp session is still dropping with "bad VPNv4 withdraw prefix", and I
got to the point where it looks like the problem is only where
MP_UNREACH_NLRI is set, so only on withdraw routes.
Below is the update packet that breaks the session.
08:01:36.428448 00:22:83:fd:5f:17 > 00:50:56:98:72:03, ethertype IPv4
(0x0800), length 159: (tos 0xc0, ttl 3, id 9667, offset 0, flags [none],
proto TCP (6), length 145)
1.1.1.1.54387 > 2.2.2.2.179: Flags [P.], cksum 0x70a6 (correct), seq
227603:227696, ack 279, win 16384, options [nop,nop,TS val 3964286829 ecr
1952858686], length 93: BGP, length: 93
Update Message (2), length: 93
Multi-Protocol Unreach NLRI (15), length: 66, Flags [OE]:
AFI: IPv4 (1), SAFI: labeled VPN Unicast (128)
RD: xxxxx:323 (= 0.0.1.67), 192.168.1.0/24, label:0 (BOGUS:
Bottom of Stack NOT set!)
RD: xxxxx:323 (= 0.0.1.67), 101.100.99.1/32, label:0 (BOGUS:
Bottom of Stack NOT set!)
RD: xxxxx:323 (= 0.0.1.67), 10.0.0.0/30, label:0 (BOGUS:
Bottom of Stack NOT set!)
RD: xxxxx:323 (= 0.0.1.67), 101.100.99.0/30, label:0 (BOGUS:
Bottom of Stack NOT set!)
0x0000: 0001 8070 0000 0000 002e 4500 0001 43c0
0x0010: a801 7800 0000 0000 2e45 0000 0143 6564
0x0020: 6301 7600 0000 0000 2e45 0000 0143 0a00
0x0030: 0000 7600 0000 0000 2e45 0000 0143 6564
0x0040: 6300
0x0000: 45c0 0091 25c3 0000 0306 bc63 29c1 20fe E...%......c)...
0x0010: c429 c598 d473 00b3 3fcb 57db 61e3 e6f6 .)...s..?.W.a...
0x0020: 8018 4000 70a6 0000 0101 080a ec4a 376d ..@.p........J7m
0x0030: 7466 423e ffff ffff ffff ffff ffff ffff tfB>............
0x0040: ffff ffff 005d 0200 0000 4690 0f00 4200 .....]....F...B.
0x0050: 0180 7000 0000 0000 2e45 0000 0143 c0a8 ..p......E...C..
0x0060: 0178 0000 0000 002e 4500 0001 4365 6463 .x......E...Cedc
0x0070: 0176 0000 0000 002e 4500 0001 430a 0000 .v......E...C...
0x0080: 0076 0000 0000 002e 4500 0001 4365 6463 .v......E...Cedc
0x0090: 00 .
08:01:36.429221 00:50:56:98:72:03 > 00:00:5e:00:01:01, ethertype IPv4
(0x0800), length 153: (tos 0xc0, ttl 1, id 27301, offset 0, flags [none],
proto TCP (6), length 139)
2.2.2.2.179 > 1.1.1.1.54387: Flags [P.], cksum 0x2449 (correct), seq
279:366, ack 227696, win 6516, options [nop,nop,TS val 1952858724 ecr
3964286829], length 87: BGP, length: 87
Notification Message (3), length: 87, UPDATE Message Error (3),
subcode Optional Attribute Error (9)
0x0000: 45c0 008b 6aa5 0000 0106 7987 c429 c598 E...j.....y..)..
0x0010: 29c1 20fe 00b3 d473 61e3 e6f6 3fcb 5838 )......sa...?.X8
0x0020: 8018 1974 2449 0000 0101 080a 7466 4264 ...t$I......tfBd
0x0030: ec4a 376d ffff ffff ffff ffff ffff ffff .J7m............
0x0040: ffff ffff 0057 0303 0900 0180 7000 0000 .....W......p...
0x0050: 0000 2e45 0000 0143 c0a8 0178 0000 0000 ...E...C...x....
0x0060: 002e 4500 0001 4365 6463 0176 0000 0000 ..E...Cedc.v....
0x0070: 002e 4500 0001 430a 0000 0076 0000 0000 ..E...C....v....
0x0080: 002e 4500 0001 4365 6463 00 ..E...Cedc.
I had a look in the code and I followed Henning Brauer suggestion and in
the function rde_update_dispatch() there are 2 different if statements, one
for MP_UNREACH_NLRI and one for MP_REACH_NLRI, but both of these when
matched on case AID_VPN_IPv4 goes to the function rde_update_get_vpn4()
which is where I believe the problem is.
It looks like the checks implemented in rde_update_get_vpn4() works
successfully for MP_REACH_NLRI but not for MP_UNREACH_NLRI. I tried to
create another function specifically for MP_UNREACH_NLRI and change it to
what needs to be done, but I do not have the skills yet to understand the
code fully and get the correct info from the structures, this is where I
would like to ask for assistance if someone can help me to confirm that I
am on the right track with the testing, and possibly with building the new
function correctly?
Just to make sure you have all the info. Current setup is between Junos
11.4 and OpenBSD running current bgpd, configured as ebgp currently only
exporting vrf routes.
Please let me know if there is anymore info I can provide you with.
