nanog mailing list archives
Re: JunOS/FRR/Nokia et al BGP critical issue
From: "Jakob Heitz \(jheitz\) via NANOG" <nanog () nanog org>
Date: Wed, 30 Aug 2023 15:15:03 +0000
IOS-XR passes on the attribute by default.
Some other routers incorrectly claim it to be malformed and reset the BGP session.
IOS-XR has a configuration to discard an attribute, so it will not pass it on.
It will pass the route with all its other attributes.
Here is an example configuration:
router bgp {asn}
attribute-filter group block_elc
attribute 28 discard
!
neighbor {ip address}
update in filtering
attribute-filter group block_elc
!
!
!
More info:
https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/routing/command/reference/b-routing-cr-asr9000/bgp-commands.html#wp3145726977
https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r7-8/routing/configuration/guide/b-routing-cg-asr9000-78x/implementing-bgp.html#concept_77EE033C2F0C4BDDB8423C25FA71E3F9
Kind Regards,
Jakob
From: Jakob Heitz (jheitz) <jheitz () cisco com>
Date: Wednesday, August 30, 2023 at 7:43 AM
To: nanog () nanog org <nanog () nanog org>
Subject: Re: JunOS/FRR/Nokia et al BGP critical issue
The blog was updated. Correct link:
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
The attribute was not malformed.
This is the hex dump of the attribute: “E0 1C 00”
It is described here.
https://www.rfc-editor.org/rfc/rfc6790#section-5.2
This attribute is deprecated, but that does not prevent routers from originating it or passing it on.
Kind Regards,
Jakob
----------------- Original message --------------
From: Mike Lyon <mike.lyon () gmail com>
To: NANOG list <nanog () nanog org>
Ran across this article today and haven't seen posts about it so i
figured I would share:
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling?fbclid=IwAR13ePY43Vf3u4X8PDyCDT39DtyXczAKkv6CGXOQbcQv90Y3aIAmTkJxn7k_aem_Ad0hzj2Mh_WlbFZug-vGdlJJdXr2Xo0RFIsPwAU2GviPz6xZDib76YHwFuzU7E0_sJk&mibextid=Zxz2cZ
Curious if anyone on the list is running VyOS and has experienced any problems?
Cheers,
Mike
--
Mike Lyon
mike.lyon () gmail com
http://www.linkedin.com/in/mlyon
Current thread:
- JunOS/FRR/Nokia et al BGP critical issue Mike Lyon (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Mark Prosser (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Jeff Tantsura (Aug 31)
- Re: JunOS/FRR/Nokia et al BGP critical issue William Herrin (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Eugeniu Patrascu (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Tom Beecher (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Eugeniu Patrascu (Aug 30)
- <Possible follow-ups>
- Re: JunOS/FRR/Nokia et al BGP critical issue Jakob Heitz (jheitz) via NANOG (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue jeffm (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Tom Beecher (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Steve Noble (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue jeffm (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Jakob Heitz (jheitz) via NANOG (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Jakob Heitz (jheitz) via NANOG (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Mark Prosser (Aug 30)