route server down?
Did I miss something or is the 2nd mice route server down since right before 22:00 CDT last night? James Urwiller Network Architect Stealth Broadband james.urwiller@stealthbroadband.com
I was wondering the same thing – I show Apr 29 21:50:26. [cid:image003.jpg@01D61EC1.77027720][cid:image005.png@01D61EC1.77027720]<http://www.wctatel.net/> Steve Savoy Network Administrator Winnebago Cooperative Telecom Assn. 704 E Main St | Lake Mills, IA 50450 Phone 641.592.6105 | Toll Free 800.592.6105 | Fax 641.592.6067 Email stevesavoy@wctatel.com<mailto:stevesavoy@wctatel.com> [Facebook]<https://www.facebook.com/WCTAtel/> [YouTube]<https://www.youtube.com/channel/UCM__0MiAl63zt93t2aKpOXQ> From: MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> On Behalf Of James Urwiller Sent: Thursday, April 30, 2020 7:30 AM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: [MICE-DISCUSS] route server down? Did I miss something or is the 2nd mice route server down since right before 22:00 CDT last night? James Urwiller Network Architect Stealth Broadband james.urwiller@stealthbroadband.com<mailto:james.urwiller@stealthbroadband.com> [cid:image009.jpg@01D61EC1.77027720] ________________________________ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 Confidentiality Notice: This correspondence is the property of Winnebago Cooperative Telecom Association and is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
Both our BGP sessions are up and I just pinged them both as well. On Thu, Apr 30, 2020 at 7:32 AM Steve Savoy <stevesavoy@wctatel.com> wrote:
I was wondering the same thing – I show Apr 29 21:50:26.
* Steve Savoy*
* Network Administrator*
*Winnebago Cooperative Telecom Assn.*
704 E Main St | Lake Mills, IA 50450
Phone 641.592.6105 | Toll Free 800.592.6105 | Fax 641.592.6067
Email stevesavoy@wctatel.com
[image: Facebook] <https://www.facebook.com/WCTAtel/>
[image: YouTube] <https://www.youtube.com/channel/UCM__0MiAl63zt93t2aKpOXQ>
*From:* MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> * On Behalf Of *James Urwiller *Sent:* Thursday, April 30, 2020 7:30 AM *To:* MICE-DISCUSS@LISTS.IPHOUSE.NET *Subject:* [MICE-DISCUSS] route server down?
Did I miss something or is the 2nd mice route server down since right before 22:00 CDT last night?
James Urwiller
Network Architect
Stealth Broadband
james.urwiller@stealthbroadband.com
------------------------------
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
Confidentiality Notice: This correspondence is the property of Winnebago Cooperative Telecom Association and is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
------------------------------
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
-- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
04-29-21:53:02 CDT for me. James Urwiller Network Architect Stealth Broadband james.urwiller@stealthbroadband.com *From:* MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> *On Behalf Of *David Farmer *Sent:* Thursday, April 30, 2020 07:36 *To:* MICE-DISCUSS@LISTS.IPHOUSE.NET *Subject:* Re: [MICE-DISCUSS] route server down? Both our BGP sessions are up and I just pinged them both as well. On Thu, Apr 30, 2020 at 7:32 AM Steve Savoy <stevesavoy@wctatel.com> wrote: I was wondering the same thing – I show Apr 29 21:50:26. <http://www.wctatel.net/> * Steve Savoy* * Network Administrator* *Winnebago Cooperative Telecom Assn.* 704 E Main St | Lake Mills, IA 50450 Phone 641.592.6105 | Toll Free 800.592.6105 | Fax 641.592.6067 Email stevesavoy@wctatel.com [image: Facebook] <https://www.facebook.com/WCTAtel/> [image: YouTube] <https://www.youtube.com/channel/UCM__0MiAl63zt93t2aKpOXQ> *From:* MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> *On Behalf Of *James Urwiller *Sent:* Thursday, April 30, 2020 7:30 AM *To:* MICE-DISCUSS@LISTS.IPHOUSE.NET *Subject:* [MICE-DISCUSS] route server down? Did I miss something or is the 2nd mice route server down since right before 22:00 CDT last night? James Urwiller Network Architect Stealth Broadband james.urwiller@stealthbroadband.com ------------------------------ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 Confidentiality Notice: This correspondence is the property of Winnebago Cooperative Telecom Association and is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ------------------------------ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 -- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 =============================================== ------------------------------ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
We're running IOS XR, I found these droppings in our logs; RP/0/RP0/CPU0:Apr 29 21:50:26.798 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23 RP/0/RP1/CPU0:Apr 29 21:50:26.797 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23 Maybe try resting you BGP sessions. On Thu, Apr 30, 2020 at 7:39 AM James Urwiller < james.urwiller@turnkey-telecom.com> wrote:
04-29-21:53:02 CDT for me.
James Urwiller
Network Architect
Stealth Broadband
james.urwiller@stealthbroadband.com
*From:* MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> *On Behalf Of *David Farmer *Sent:* Thursday, April 30, 2020 07:36 *To:* MICE-DISCUSS@LISTS.IPHOUSE.NET *Subject:* Re: [MICE-DISCUSS] route server down?
Both our BGP sessions are up and I just pinged them both as well.
On Thu, Apr 30, 2020 at 7:32 AM Steve Savoy <stevesavoy@wctatel.com> wrote:
I was wondering the same thing – I show Apr 29 21:50:26.
* Steve Savoy*
* Network Administrator*
*Winnebago Cooperative Telecom Assn.*
704 E Main St | Lake Mills, IA 50450
Phone 641.592.6105 | Toll Free 800.592.6105 | Fax 641.592.6067
Email stevesavoy@wctatel.com
[image: Facebook] <https://www.facebook.com/WCTAtel/>
[image: YouTube] <https://www.youtube.com/channel/UCM__0MiAl63zt93t2aKpOXQ>
*From:* MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> *On Behalf Of *James Urwiller *Sent:* Thursday, April 30, 2020 7:30 AM *To:* MICE-DISCUSS@LISTS.IPHOUSE.NET *Subject:* [MICE-DISCUSS] route server down?
Did I miss something or is the 2nd mice route server down since right before 22:00 CDT last night?
James Urwiller
Network Architect
Stealth Broadband
james.urwiller@stealthbroadband.com
------------------------------
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
Confidentiality Notice: This correspondence is the property of Winnebago Cooperative Telecom Association and is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
------------------------------
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
--
=============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
------------------------------
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
------------------------------
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
-- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
On 4/30/20 7:49 AM, David Farmer wrote:
We're running IOS XR, I found these droppings in our logs;
RP/0/RP0/CPU0:Apr 29 21:50:26.798 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23 RP/0/RP1/CPU0:Apr 29 21:50:26.797 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23
Maybe try resting you BGP sessions.
We're seeing a weird next-hop ip on that prefix (rfc1918) and its hidden on our net. Is 10.223.129.2 something internal to route server #2?
show route 198.179.154.0 hidden detail
inet.0: 795967 destinations, 2081403 routes (795589 active, 0 holddown, 1604 hidden) 198.179.154.0/23 (3 entries, 1 announced) BGP Next hop type: Router, Next hop index: 0 Address: 0x113614cc Next-hop reference count: 1 Source: 206.108.255.2 Next hop: 10.223.129.2 via xe-0/1/5.300, selected Session Id: 0x0 State: <Hidden Ext> Inactive reason: Unusable path Local AS: 65400 Peer AS: 53679 Age: 10:02:05 Validation State: unverified Task: BGP_53679.206.108.255.2 AS path: I Communities: target:21693:1000 Router ID: 206.108.255.2 Hidden reason: protocol nexthop is not on the interface -- Chris Wopat Network Engineer, WiscNet wopat@wiscnet.net 608-210-3965
On Thu, Apr 30, 2020 at 7:55 AM Chris Wopat <wopat@wiscnet.net> wrote:
On 4/30/20 7:49 AM, David Farmer wrote:
We're running IOS XR, I found these droppings in our logs;
RP/0/RP0/CPU0:Apr 29 21:50:26.798 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23 RP/0/RP1/CPU0:Apr 29 21:50:26.797 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23
Maybe try resting you BGP sessions.
We're seeing a weird next-hop ip on that prefix (rfc1918) and its hidden on our net.
Is 10.223.129.2 something internal to route server #2?
show route 198.179.154.0 hidden detail
inet.0: 795967 destinations, 2081403 routes (795589 active, 0 holddown, 1604 hidden) 198.179.154.0/23 (3 entries, 1 announced) BGP Next hop type: Router, Next hop index: 0 Address: 0x113614cc Next-hop reference count: 1 Source: 206.108.255.2 Next hop: 10.223.129.2 via xe-0/1/5.300, selected Session Id: 0x0 State: <Hidden Ext> Inactive reason: Unusable path Local AS: 65400 Peer AS: 53679 Age: 10:02:05 Validation State: unverified Task: BGP_53679.206.108.255.2 AS path: I Communities: target:21693:1000 Router ID: 206.108.255.2 Hidden reason: protocol nexthop is not on the interface
Here is what I see; BGP routing table entry for 198.179.154.0/23 Versions: Process bRIB/RIB SendTblVer Speaker 14008256 14008256 Last Modified: Apr 29 21:50:26.404 for 10:08:07 Paths: (1 available, best #1) Advertised IPv4 Unicast paths to update-groups (with more than one peer): 1.2 1.7 1.11 1.18 Advertised IPv4 Unicast paths to peers (in unique update groups): 146.57.254.0 146.57.252.9 146.57.252.217 146.57.248.131 146.57.253.81 146.57.253.9 146.57.253.157 146.57.255.184 Path #1: Received by speaker 1 Advertised IPv4 Unicast paths to update-groups (with more than one peer): 1.2 1.7 1.11 1.18 Advertised IPv4 Unicast paths to peers (in unique update groups): 146.57.254.0 146.57.252.9 146.57.252.217 146.57.248.131 146.57.253.81 146.57.253.9 146.57.253.157 146.57.255.184 21693 206.108.255.115 from 206.108.255.1 (206.108.255.1) Origin IGP, localpref 180, valid, external, best, group-best, import-candidate Received Path ID 0, Local Path ID 1, version 14008256 Community: 57:12 57:10500 57:10505 Extended community: RT:21693:1000 Origin-AS validity: not-found It is an Xcel Energy Prefix, which jives with ARIN; -- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
We're seeing the same with a good next-hop from RS1. On Thu, Apr 30, 2020 at 7:55 AM Chris Wopat <wopat@wiscnet.net> wrote:
On 4/30/20 7:49 AM, David Farmer wrote:
We're running IOS XR, I found these droppings in our logs;
RP/0/RP0/CPU0:Apr 29 21:50:26.798 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23 RP/0/RP1/CPU0:Apr 29 21:50:26.797 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23
Maybe try resting you BGP sessions.
We're seeing a weird next-hop ip on that prefix (rfc1918) and its hidden on our net.
Is 10.223.129.2 something internal to route server #2?
show route 198.179.154.0 hidden detail
inet.0: 795967 destinations, 2081403 routes (795589 active, 0 holddown, 1604 hidden) 198.179.154.0/23 (3 entries, 1 announced) BGP Next hop type: Router, Next hop index: 0 Address: 0x113614cc Next-hop reference count: 1 Source: 206.108.255.2 Next hop: 10.223.129.2 via xe-0/1/5.300, selected Session Id: 0x0 State: <Hidden Ext> Inactive reason: Unusable path Local AS: 65400 Peer AS: 53679 Age: 10:02:05 Validation State: unverified Task: BGP_53679.206.108.255.2 AS path: I Communities: target:21693:1000 Router ID: 206.108.255.2 Hidden reason: protocol nexthop is not on the interface
-- Chris Wopat Network Engineer, WiscNet wopat@wiscnet.net 608-210-3965
-- Jay Hanke, President South Front Networks jayhanke@southfront.io Phone 612-204-0000
someone with Access should see what route server 2 sees for that prefix, and maybe kick it over after look at it. On Thu, Apr 30, 2020 at 8:04 AM Jay Hanke <jayhanke@southfront.io> wrote:
We're seeing the same with a good next-hop from RS1.
On Thu, Apr 30, 2020 at 7:55 AM Chris Wopat <wopat@wiscnet.net> wrote:
On 4/30/20 7:49 AM, David Farmer wrote:
We're running IOS XR, I found these droppings in our logs;
RP/0/RP0/CPU0:Apr 29 21:50:26.798 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23 RP/0/RP1/CPU0:Apr 29 21:50:26.797 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23
Maybe try resting you BGP sessions.
We're seeing a weird next-hop ip on that prefix (rfc1918) and its hidden on our net.
Is 10.223.129.2 something internal to route server #2?
show route 198.179.154.0 hidden detail
inet.0: 795967 destinations, 2081403 routes (795589 active, 0 holddown, 1604 hidden) 198.179.154.0/23 (3 entries, 1 announced) BGP Next hop type: Router, Next hop index: 0 Address: 0x113614cc Next-hop reference count: 1 Source: 206.108.255.2 Next hop: 10.223.129.2 via xe-0/1/5.300, selected Session Id: 0x0 State: <Hidden Ext> Inactive reason: Unusable path Local AS: 65400 Peer AS: 53679 Age: 10:02:05 Validation State: unverified Task: BGP_53679.206.108.255.2 AS path: I Communities: target:21693:1000 Router ID: 206.108.255.2 Hidden reason: protocol nexthop is not on the interface
-- Chris Wopat Network Engineer, WiscNet wopat@wiscnet.net 608-210-3965
-- Jay Hanke, President South Front Networks jayhanke@southfront.io Phone 612-204-0000
-- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
I emailed xcel about the invalid next-hop address. We should filter invalid next hops on the route servers. There also appears to be an issue with how some routers handle the invalid next hop. Are all the peers with the issue of losing the session to RS2 running Brocade? On Thu, Apr 30, 2020 at 8:17 AM David Farmer <farmer@umn.edu> wrote:
someone with Access should see what route server 2 sees for that prefix, and maybe kick it over after look at it.
On Thu, Apr 30, 2020 at 8:04 AM Jay Hanke <jayhanke@southfront.io> wrote:
We're seeing the same with a good next-hop from RS1.
On Thu, Apr 30, 2020 at 7:55 AM Chris Wopat <wopat@wiscnet.net> wrote:
On 4/30/20 7:49 AM, David Farmer wrote:
We're running IOS XR, I found these droppings in our logs;
RP/0/RP0/CPU0:Apr 29 21:50:26.798 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23 RP/0/RP1/CPU0:Apr 29 21:50:26.797 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23
Maybe try resting you BGP sessions.
We're seeing a weird next-hop ip on that prefix (rfc1918) and its hidden on our net.
Is 10.223.129.2 something internal to route server #2?
show route 198.179.154.0 hidden detail
inet.0: 795967 destinations, 2081403 routes (795589 active, 0 holddown, 1604 hidden) 198.179.154.0/23 (3 entries, 1 announced) BGP Next hop type: Router, Next hop index: 0 Address: 0x113614cc Next-hop reference count: 1 Source: 206.108.255.2 Next hop: 10.223.129.2 via xe-0/1/5.300, selected Session Id: 0x0 State: <Hidden Ext> Inactive reason: Unusable path Local AS: 65400 Peer AS: 53679 Age: 10:02:05 Validation State: unverified Task: BGP_53679.206.108.255.2 AS path: I Communities: target:21693:1000 Router ID: 206.108.255.2 Hidden reason: protocol nexthop is not on the interface
-- Chris Wopat Network Engineer, WiscNet wopat@wiscnet.net 608-210-3965
-- Jay Hanke, President South Front Networks jayhanke@southfront.io Phone 612-204-0000
-- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
________________________________
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
-- Jay Hanke, President South Front Networks jayhanke@southfront.io Phone 612-204-0000
I am running brocade, yes. James Urwiller Network Architect Stealth Broadband james.urwiller@stealthbroadband.com -----Original Message----- From: MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> On Behalf Of Jay Hanke Sent: Thursday, April 30, 2020 08:24 To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: Re: [MICE-DISCUSS] route server down? I emailed xcel about the invalid next-hop address. We should filter invalid next hops on the route servers. There also appears to be an issue with how some routers handle the invalid next hop. Are all the peers with the issue of losing the session to RS2 running Brocade? On Thu, Apr 30, 2020 at 8:17 AM David Farmer <farmer@umn.edu> wrote:
someone with Access should see what route server 2 sees for that prefix, and maybe kick it over after look at it.
On Thu, Apr 30, 2020 at 8:04 AM Jay Hanke <jayhanke@southfront.io> wrote:
We're seeing the same with a good next-hop from RS1.
On Thu, Apr 30, 2020 at 7:55 AM Chris Wopat <wopat@wiscnet.net> wrote:
On 4/30/20 7:49 AM, David Farmer wrote:
We're running IOS XR, I found these droppings in our logs;
RP/0/RP0/CPU0:Apr 29 21:50:26.798 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23 RP/0/RP1/CPU0:Apr 29 21:50:26.797 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23
Maybe try resting you BGP sessions.
We're seeing a weird next-hop ip on that prefix (rfc1918) and its hidden on our net.
Is 10.223.129.2 something internal to route server #2?
show route 198.179.154.0 hidden detail
inet.0: 795967 destinations, 2081403 routes (795589 active, 0 holddown, 1604 hidden) 198.179.154.0/23 (3 entries, 1 announced) BGP Next hop type: Router, Next hop index: 0 Address: 0x113614cc Next-hop reference count: 1 Source: 206.108.255.2 Next hop: 10.223.129.2 via xe-0/1/5.300, selected Session Id: 0x0 State: <Hidden Ext> Inactive reason: Unusable path Local AS: 65400 Peer AS: 53679 Age: 10:02:05 Validation State: unverified Task: BGP_53679.206.108.255.2 AS path: I Communities: target:21693:1000 Router ID: 206.108.255.2 Hidden reason: protocol nexthop is not on the interface
-- Chris Wopat Network Engineer, WiscNet wopat@wiscnet.net 608-210-3965
-- Jay Hanke, President South Front Networks jayhanke@southfront.io Phone 612-204-0000
-- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
________________________________
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
-- Jay Hanke, President South Front Networks jayhanke@southfront.io Phone 612-204-0000
I am running Brocade as well. Steve Savoy WCTA Sent from my iPhone
On Apr 30, 2020, at 8:26 AM, James Urwiller <james.urwiller@turnkey-telecom.com> wrote:
I am running brocade, yes.
James Urwiller Network Architect Stealth Broadband james.urwiller@stealthbroadband.com
-----Original Message----- From: MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> On Behalf Of Jay Hanke Sent: Thursday, April 30, 2020 08:24 To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: Re: [MICE-DISCUSS] route server down?
I emailed xcel about the invalid next-hop address.
We should filter invalid next hops on the route servers.
There also appears to be an issue with how some routers handle the invalid next hop.
Are all the peers with the issue of losing the session to RS2 running Brocade?
On Thu, Apr 30, 2020 at 8:17 AM David Farmer <farmer@umn.edu> wrote:
someone with Access should see what route server 2 sees for that prefix, and maybe kick it over after look at it.
On Thu, Apr 30, 2020 at 8:04 AM Jay Hanke <jayhanke@southfront.io> wrote:
We're seeing the same with a good next-hop from RS1.
On Thu, Apr 30, 2020 at 7:55 AM Chris Wopat <wopat@wiscnet.net> wrote:
On 4/30/20 7:49 AM, David Farmer wrote:
We're running IOS XR, I found these droppings in our logs;
RP/0/RP0/CPU0:Apr 29 21:50:26.798 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23 RP/0/RP1/CPU0:Apr 29 21:50:26.797 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23
Maybe try resting you BGP sessions.
We're seeing a weird next-hop ip on that prefix (rfc1918) and its hidden on our net.
Is 10.223.129.2 something internal to route server #2?
show route 198.179.154.0 hidden detail
inet.0: 795967 destinations, 2081403 routes (795589 active, 0 holddown, 1604 hidden) 198.179.154.0/23 (3 entries, 1 announced) BGP Next hop type: Router, Next hop index: 0 Address: 0x113614cc Next-hop reference count: 1 Source: 206.108.255.2 Next hop: 10.223.129.2 via xe-0/1/5.300, selected Session Id: 0x0 State: <Hidden Ext> Inactive reason: Unusable path Local AS: 65400 Peer AS: 53679 Age: 10:02:05 Validation State: unverified Task: BGP_53679.206.108.255.2 AS path: I Communities: target:21693:1000 Router ID: 206.108.255.2 Hidden reason: protocol nexthop is not on the interface
-- Chris Wopat Network Engineer, WiscNet wopat@wiscnet.net 608-210-3965
-- Jay Hanke, President South Front Networks jayhanke@southfront.io Phone 612-204-0000
-- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
________________________________
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
-- Jay Hanke, President South Front Networks jayhanke@southfront.io Phone 612-204-0000
Confidentiality Notice: This correspondence is the property of Winnebago Cooperative Telecom Association and is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
I think it was more than just an invalid next-hop. If it was simply an invalid next-hop that shouldn't have created a malformed BGP update. Unless the invalid next-hop caused BIRD to send out a malformed BGP update. On Thu, Apr 30, 2020 at 8:24 AM Jay Hanke <jayhanke@southfront.io> wrote:
I emailed xcel about the invalid next-hop address.
We should filter invalid next hops on the route servers.
There also appears to be an issue with how some routers handle the invalid next hop.
Are all the peers with the issue of losing the session to RS2 running Brocade?
On Thu, Apr 30, 2020 at 8:17 AM David Farmer <farmer@umn.edu> wrote:
someone with Access should see what route server 2 sees for that prefix,
and maybe kick it over after look at it.
On Thu, Apr 30, 2020 at 8:04 AM Jay Hanke <jayhanke@southfront.io>
wrote:
We're seeing the same with a good next-hop from RS1.
On Thu, Apr 30, 2020 at 7:55 AM Chris Wopat <wopat@wiscnet.net> wrote:
On 4/30/20 7:49 AM, David Farmer wrote:
We're running IOS XR, I found these droppings in our logs;
RP/0/RP0/CPU0:Apr 29 21:50:26.798 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0),
Data
[400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23 RP/0/RP1/CPU0:Apr 29 21:50:26.797 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23
Maybe try resting you BGP sessions.
We're seeing a weird next-hop ip on that prefix (rfc1918) and its hidden on our net.
Is 10.223.129.2 something internal to route server #2?
show route 198.179.154.0 hidden detail
inet.0: 795967 destinations, 2081403 routes (795589 active, 0 holddown, 1604 hidden) 198.179.154.0/23 (3 entries, 1 announced) BGP Next hop type: Router, Next hop index: 0 Address: 0x113614cc Next-hop reference count: 1 Source: 206.108.255.2 Next hop: 10.223.129.2 via xe-0/1/5.300, selected Session Id: 0x0 State: <Hidden Ext> Inactive reason: Unusable path Local AS: 65400 Peer AS: 53679 Age: 10:02:05 Validation State: unverified Task: BGP_53679.206.108.255.2 AS path: I Communities: target:21693:1000 Router ID: 206.108.255.2 Hidden reason: protocol nexthop is not on the interface
-- Chris Wopat Network Engineer, WiscNet wopat@wiscnet.net 608-210-3965
-- Jay Hanke, President South Front Networks jayhanke@southfront.io Phone 612-204-0000
-- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
________________________________
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
-- Jay Hanke, President South Front Networks jayhanke@southfront.io Phone 612-204-0000
-- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
On Thu, Apr 30, 2020 at 8:37 AM David Farmer <farmer@umn.edu> wrote:
I think it was more than just an invalid next-hop. If it was simply an invalid next-hop that shouldn't have created a malformed BGP update. Unless the invalid next-hop caused BIRD to send out a malformed BGP update.
The problem left here successfully.... :)
I received a message from Xcel that they have corrected their RS2 config to match RS1. How are things looking for the brocade folks? -----Original Message----- From: MICE Discuss [mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET] On Behalf Of Jay Hanke Sent: Thursday, April 30, 2020 8:40 AM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: Re: [MICE-DISCUSS] route server down? On Thu, Apr 30, 2020 at 8:37 AM David Farmer <farmer@umn.edu> wrote:
I think it was more than just an invalid next-hop. If it was simply an invalid next-hop that shouldn't have created a malformed BGP update. Unless the invalid next-hop caused BIRD to send out a malformed BGP update.
The problem left here successfully.... :)
Looks like that did it.. back to established! James Urwiller Network Architect Stealth Broadband james.urwiller@stealthbroadband.com -----Original Message----- From: MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> On Behalf Of Jeremy Lumby Sent: Thursday, April 30, 2020 09:07 To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: Re: [MICE-DISCUSS] route server down? I received a message from Xcel that they have corrected their RS2 config to match RS1. How are things looking for the brocade folks? -----Original Message----- From: MICE Discuss [mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET] On Behalf Of Jay Hanke Sent: Thursday, April 30, 2020 8:40 AM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: Re: [MICE-DISCUSS] route server down? On Thu, Apr 30, 2020 at 8:37 AM David Farmer <farmer@umn.edu> wrote:
I think it was more than just an invalid next-hop. If it was simply an invalid next-hop that shouldn't have created a malformed BGP update. Unless the invalid next-hop caused BIRD to send out a malformed BGP update.
The problem left here successfully.... :)
On 4/30/20 9:11 AM, Steve Howard wrote:
We are also receiving some routes from Xcel with the bogus ASN 65500 in the path:
*> 192.234.135.0/24 206.108.255.115 125 0 21693 65500 i *> 192.234.136.0/24 206.108.255.115 125 0 21693 65500 i *> 192.234.137.0/24 206.108.255.115 125 0 21693 65500 i *> 192.234.138.0/24 206.108.255.115 125 0 21693 65500 i *> 192.234.140.0/24 206.108.255.115 125 0 21693 65500 i
Although, I don't think that should cause a route server problem.
While they should be removing their private ASN when sending, most vendors have a remove-private-as type of flag that you should be able to set on your end too for additional sanity. -- Chris Wopat Network Engineer, WiscNet wopat@wiscnet.net 608-210-3965
Do we need to submit a bug to the developers of BIRD? Frank From: MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> On Behalf Of David Farmer Sent: Thursday, April 30, 2020 8:37 AM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: Re: [MICE-DISCUSS] route server down? I think it was more than just an invalid next-hop. If it was simply an invalid next-hop that shouldn't have created a malformed BGP update. Unless the invalid next-hop caused BIRD to send out a malformed BGP update. On Thu, Apr 30, 2020 at 8:24 AM Jay Hanke <jayhanke@southfront.io<mailto:jayhanke@southfront.io>> wrote: I emailed xcel about the invalid next-hop address. We should filter invalid next hops on the route servers. There also appears to be an issue with how some routers handle the invalid next hop. Are all the peers with the issue of losing the session to RS2 running Brocade? On Thu, Apr 30, 2020 at 8:17 AM David Farmer <farmer@umn.edu<mailto:farmer@umn.edu>> wrote:
someone with Access should see what route server 2 sees for that prefix, and maybe kick it over after look at it.
On Thu, Apr 30, 2020 at 8:04 AM Jay Hanke <jayhanke@southfront.io<mailto:jayhanke@southfront.io>> wrote:
We're seeing the same with a good next-hop from RS1.
On Thu, Apr 30, 2020 at 7:55 AM Chris Wopat <wopat@wiscnet.net<mailto:wopat@wiscnet.net>> wrote:
On 4/30/20 7:49 AM, David Farmer wrote:
We're running IOS XR, I found these droppings in our logs;
RP/0/RP0/CPU0:Apr 29 21:50:26.798 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23<https://urldefense.proofpoint.com/v2/url?u=http-3A__198.179.154.0_23&d=DwMFa...> RP/0/RP1/CPU0:Apr 29 21:50:26.797 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23<https://urldefense.proofpoint.com/v2/url?u=http-3A__198.179.154.0_23&d=DwMFa...>
Maybe try resting you BGP sessions.
We're seeing a weird next-hop ip on that prefix (rfc1918) and its hidden on our net.
Is 10.223.129.2 something internal to route server #2?
show route 198.179.154.0 hidden detail
inet.0: 795967 destinations, 2081403 routes (795589 active, 0 holddown, 1604 hidden) 198.179.154.0/23<https://urldefense.proofpoint.com/v2/url?u=http-3A__198.179.154.0_23&d=DwMFa...> (3 entries, 1 announced) BGP Next hop type: Router, Next hop index: 0 Address: 0x113614cc Next-hop reference count: 1 Source: 206.108.255.2 Next hop: 10.223.129.2 via xe-0/1/5.300, selected Session Id: 0x0 State: <Hidden Ext> Inactive reason: Unusable path Local AS: 65400 Peer AS: 53679 Age: 10:02:05 Validation State: unverified Task: BGP_53679.206.108.255.2 AS path: I Communities: target:21693:1000 Router ID: 206.108.255.2 Hidden reason: protocol nexthop is not on the interface
-- Chris Wopat Network Engineer, WiscNet wopat@wiscnet.net<mailto:wopat@wiscnet.net> 608-210-3965
-- Jay Hanke, President South Front Networks jayhanke@southfront.io<mailto:jayhanke@southfront.io> Phone 612-204-0000
-- =============================================== David Farmer Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu> Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
________________________________
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1<https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.iphouse.net_cgi-2Dbin_wa-3FSUBED1-3DMICE-2DDISCUSS-26A-3D1&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=xqx0yD1kWOETi5_MVFlMPPxb5us_12870MpQFRgCEns&m=HC4viek-LcVI3v4xHZ-kdoMqXk9oP6L6JJphz73kmL8&s=1aL3YJ1V-gX14CJG-PYa38ULVB_ddLzb5TCjLjM4BiQ&e=>
-- Jay Hanke, President South Front Networks jayhanke@southfront.io<mailto:jayhanke@southfront.io> Phone 612-204-0000 -- =============================================== David Farmer Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu> Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 =============================================== ________________________________ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1<https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.iphouse.net_cgi-2Dbin_wa-3FSUBED1-3DMICE-2DDISCUSS-26A-3D1&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=xqx0yD1kWOETi5_MVFlMPPxb5us_12870MpQFRgCEns&m=HC4viek-LcVI3v4xHZ-kdoMqXk9oP6L6JJphz73kmL8&s=1aL3YJ1V-gX14CJG-PYa38ULVB_ddLzb5TCjLjM4BiQ&e=>
I think we've come up with some methods for potentially creating filters for this situation to roll out in the future. I don't think its' BIRD place to impose restrictions on what a BGP peer is advertising, even if it is bogus. Clearly its only a bug with Brocade, because other vendors (especially Juniper) didn't care that it was announced this way, I just had a bogus route inserted from them, but it didn't affect any of my BGP sessions with MICE. On Wed, May 06, 2020 at 04:45:33PM +0000, Frank Bulk wrote:
Do we need to submit a bug to the developers of BIRD?
Frank
From: MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> On Behalf Of David Farmer Sent: Thursday, April 30, 2020 8:37 AM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: Re: [MICE-DISCUSS] route server down?
I think it was more than just an invalid next-hop. If it was simply an invalid next-hop that shouldn't have created a malformed BGP update. Unless the invalid next-hop caused BIRD to send out a malformed BGP update.
On Thu, Apr 30, 2020 at 8:24 AM Jay Hanke <jayhanke@southfront.io<mailto:jayhanke@southfront.io>> wrote: I emailed xcel about the invalid next-hop address.
We should filter invalid next hops on the route servers.
There also appears to be an issue with how some routers handle the invalid next hop.
Are all the peers with the issue of losing the session to RS2 running Brocade?
On Thu, Apr 30, 2020 at 8:17 AM David Farmer <farmer@umn.edu<mailto:farmer@umn.edu>> wrote:
someone with Access should see what route server 2 sees for that prefix, and maybe kick it over after look at it.
On Thu, Apr 30, 2020 at 8:04 AM Jay Hanke <jayhanke@southfront.io<mailto:jayhanke@southfront.io>> wrote:
We're seeing the same with a good next-hop from RS1.
On Thu, Apr 30, 2020 at 7:55 AM Chris Wopat <wopat@wiscnet.net<mailto:wopat@wiscnet.net>> wrote:
On 4/30/20 7:49 AM, David Farmer wrote:
We're running IOS XR, I found these droppings in our logs;
RP/0/RP0/CPU0:Apr 29 21:50:26.798 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23<https://urldefense.proofpoint.com/v2/url?u=http-3A__198.179.154.0_23&d=DwMFa...> RP/0/RP1/CPU0:Apr 29 21:50:26.797 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23<https://urldefense.proofpoint.com/v2/url?u=http-3A__198.179.154.0_23&d=DwMFa...>
Maybe try resting you BGP sessions.
We're seeing a weird next-hop ip on that prefix (rfc1918) and its hidden on our net.
Is 10.223.129.2 something internal to route server #2?
show route 198.179.154.0 hidden detail
inet.0: 795967 destinations, 2081403 routes (795589 active, 0 holddown, 1604 hidden) 198.179.154.0/23<https://urldefense.proofpoint.com/v2/url?u=http-3A__198.179.154.0_23&d=DwMFa...> (3 entries, 1 announced) BGP Next hop type: Router, Next hop index: 0 Address: 0x113614cc Next-hop reference count: 1 Source: 206.108.255.2 Next hop: 10.223.129.2 via xe-0/1/5.300, selected Session Id: 0x0 State: <Hidden Ext> Inactive reason: Unusable path Local AS: 65400 Peer AS: 53679 Age: 10:02:05 Validation State: unverified Task: BGP_53679.206.108.255.2 AS path: I Communities: target:21693:1000 Router ID: 206.108.255.2 Hidden reason: protocol nexthop is not on the interface
-- Chris Wopat Network Engineer, WiscNet wopat@wiscnet.net<mailto:wopat@wiscnet.net> 608-210-3965
-- Jay Hanke, President South Front Networks jayhanke@southfront.io<mailto:jayhanke@southfront.io> Phone 612-204-0000
-- =============================================== David Farmer Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu> Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
________________________________
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1<https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.iphouse.net_cgi-2Dbin_wa-3FSUBED1-3DMICE-2DDISCUSS-26A-3D1&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=xqx0yD1kWOETi5_MVFlMPPxb5us_12870MpQFRgCEns&m=HC4viek-LcVI3v4xHZ-kdoMqXk9oP6L6JJphz73kmL8&s=1aL3YJ1V-gX14CJG-PYa38ULVB_ddLzb5TCjLjM4BiQ&e=>
-- Jay Hanke, President South Front Networks jayhanke@southfront.io<mailto:jayhanke@southfront.io> Phone 612-204-0000
-- =============================================== David Farmer Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu> Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
________________________________
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1<https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.iphouse.net_cgi-2Dbin_wa-3FSUBED1-3DMICE-2DDISCUSS-26A-3D1&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=xqx0yD1kWOETi5_MVFlMPPxb5us_12870MpQFRgCEns&m=HC4viek-LcVI3v4xHZ-kdoMqXk9oP6L6JJphz73kmL8&s=1aL3YJ1V-gX14CJG-PYa38ULVB_ddLzb5TCjLjM4BiQ&e=>
-- Doug McIntyre <merlyn@iphouse.net> ~.~ ipHouse ~.~ Network Engineer/Provisioning/Jack of all Trades
My IOS XR router detected a malformed BGP message, logs are in the thread below, but it treated it as a withdrawal per RFC7606. The Brocades saw the error and closed the BGP session, which is what many older BGP implementations do. I'm not sure the reason for the malformed BGP message, it could have something to do the next-hop, or it could be for some completely unrelated reason, but it as far as I can tell, BIRD put a malformed BGP message on the wire. IOS XR said "hey look that's bad, and I'm going to ignore it", and Brocade said, "hey that's bad, and you're bad so I'm not going to talk to you", I think the Junipers reacted much as IOS XR did, but that doesn't mean there wasn't a bad message. Thanks On Wed, May 6, 2020 at 11:49 AM Doug McIntyre <merlyn@iphouse.net> wrote:
I think we've come up with some methods for potentially creating filters for this situation to roll out in the future.
I don't think its' BIRD place to impose restrictions on what a BGP peer is advertising, even if it is bogus.
Clearly its only a bug with Brocade, because other vendors (especially Juniper) didn't care that it was announced this way, I just had a bogus route inserted from them, but it didn't affect any of my BGP sessions with MICE.
On Wed, May 06, 2020 at 04:45:33PM +0000, Frank Bulk wrote:
Do we need to submit a bug to the developers of BIRD?
Frank
From: MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> On Behalf Of David Farmer Sent: Thursday, April 30, 2020 8:37 AM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: Re: [MICE-DISCUSS] route server down?
I think it was more than just an invalid next-hop. If it was simply an invalid next-hop that shouldn't have created a malformed BGP update. Unless the invalid next-hop caused BIRD to send out a malformed BGP update.
On Thu, Apr 30, 2020 at 8:24 AM Jay Hanke <jayhanke@southfront.io<mailto: jayhanke@southfront.io>> wrote: I emailed xcel about the invalid next-hop address.
We should filter invalid next hops on the route servers.
There also appears to be an issue with how some routers handle the invalid next hop.
Are all the peers with the issue of losing the session to RS2 running Brocade?
On Thu, Apr 30, 2020 at 8:17 AM David Farmer <farmer@umn.edu<mailto: farmer@umn.edu>> wrote:
someone with Access should see what route server 2 sees for that
prefix, and maybe kick it over after look at it.
On Thu, Apr 30, 2020 at 8:04 AM Jay Hanke <jayhanke@southfront.io
<mailto:jayhanke@southfront.io>> wrote:
We're seeing the same with a good next-hop from RS1.
On Thu, Apr 30, 2020 at 7:55 AM Chris Wopat <wopat@wiscnet.net<mailto:
wopat@wiscnet.net>> wrote:
On 4/30/20 7:49 AM, David Farmer wrote:
We're running IOS XR, I found these droppings in our logs;
RP/0/RP0/CPU0:Apr 29 21:50:26.798 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received
from
neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23< https://urldefense.proofpoint.com/v2/url?u=http-3A__198.179.154.0_23&d=DwMFa...
RP/0/RP1/CPU0:Apr 29 21:50:26.797 CDT: bgp[1068]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error flags 0x00000200, action taken "TreatAsWdr". Error details: "Error 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23< https://urldefense.proofpoint.com/v2/url?u=http-3A__198.179.154.0_23&d=DwMFa...
Maybe try resting you BGP sessions.
We're seeing a weird next-hop ip on that prefix (rfc1918) and its hidden on our net.
Is 10.223.129.2 something internal to route server #2?
show route 198.179.154.0 hidden detail
inet.0: 795967 destinations, 2081403 routes (795589 active, 0 holddown, 1604 hidden) 198.179.154.0/23< https://urldefense.proofpoint.com/v2/url?u=http-3A__198.179.154.0_23&d=DwMFa...> (3 entries, 1 announced) BGP Next hop type: Router, Next hop index: 0 Address: 0x113614cc Next-hop reference count: 1 Source: 206.108.255.2 Next hop: 10.223.129.2 via xe-0/1/5.300, selected Session Id: 0x0 State: <Hidden Ext> Inactive reason: Unusable path Local AS: 65400 Peer AS: 53679 Age: 10:02:05 Validation State: unverified Task: BGP_53679.206.108.255.2 AS path: I Communities: target:21693:1000 Router ID: 206.108.255.2 Hidden reason: protocol nexthop is not on the interface
-- Chris Wopat Network Engineer, WiscNet wopat@wiscnet.net<mailto:wopat@wiscnet.net> 608-210-3965
-- Jay Hanke, President South Front Networks jayhanke@southfront.io<mailto:jayhanke@southfront.io> Phone 612-204-0000
-- =============================================== David Farmer Email:farmer@umn.edu<mailto: Email%3Afarmer@umn.edu> Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
________________________________
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1<; https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.iphouse.net_cgi-2D...
-- Jay Hanke, President South Front Networks jayhanke@southfront.io<mailto:jayhanke@southfront.io> Phone 612-204-0000
-- =============================================== David Farmer Email:farmer@umn.edu<mailto: Email%3Afarmer@umn.edu> Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
________________________________
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1<; https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.iphouse.net_cgi-2D...
-- Doug McIntyre <merlyn@iphouse.net> ~.~ ipHouse ~.~ Network Engineer/Provisioning/Jack of all Trades
-- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
IOS XR said "hey look that's bad, and I'm going to ignore it", and Brocade said, "hey that's bad, and you're bad so I'm not going to talk to you", I think the Junipers reacted much as IOS XR did, but that doesn't mean there wasn't a bad message.
I can confirm the Juniper reaction, it got marked as "invalid" with unreachable next hop. I don't think it threw an actual error, just put it in the naughty pile and ignored it.
On 5/6/20 12:09 PM, David Farmer wrote:
BIRD put a malformed BGP message on the wire
From what I'm seeing here, I would agree. Ideally, someone should report this to the BIRD developers. That said, for such a bug report to be useful, we may need more information. If it was just the RFC 1918 next-hop that triggered this, then this should be trivially reproducible. But if it was something else, we may not have enough information to get to the bottom of this.
-- Richard
I can ping it still also, the BGP session changed from established to ACTIV. James Urwiller Network Architect Stealth Broadband james.urwiller@stealthbroadband.com *From:* MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> *On Behalf Of *David Farmer *Sent:* Thursday, April 30, 2020 07:36 *To:* MICE-DISCUSS@LISTS.IPHOUSE.NET *Subject:* Re: [MICE-DISCUSS] route server down? Both our BGP sessions are up and I just pinged them both as well. On Thu, Apr 30, 2020 at 7:32 AM Steve Savoy <stevesavoy@wctatel.com> wrote: I was wondering the same thing – I show Apr 29 21:50:26. <http://www.wctatel.net/> * Steve Savoy* * Network Administrator* *Winnebago Cooperative Telecom Assn.* 704 E Main St | Lake Mills, IA 50450 Phone 641.592.6105 | Toll Free 800.592.6105 | Fax 641.592.6067 Email stevesavoy@wctatel.com [image: Facebook] <https://www.facebook.com/WCTAtel/> [image: YouTube] <https://www.youtube.com/channel/UCM__0MiAl63zt93t2aKpOXQ> *From:* MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> *On Behalf Of *James Urwiller *Sent:* Thursday, April 30, 2020 7:30 AM *To:* MICE-DISCUSS@LISTS.IPHOUSE.NET *Subject:* [MICE-DISCUSS] route server down? Did I miss something or is the 2nd mice route server down since right before 22:00 CDT last night? James Urwiller Network Architect Stealth Broadband james.urwiller@stealthbroadband.com ------------------------------ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 Confidentiality Notice: This correspondence is the property of Winnebago Cooperative Telecom Association and is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ------------------------------ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 -- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 =============================================== ------------------------------ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
My Router shows the following: BGP: Peer (VRF: default-vrf) 206.108.255.2 DOWN (Attribute Length Error) Steve Savoy WCTA From: MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> On Behalf Of James Urwiller Sent: Thursday, April 30, 2020 7:40 AM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: Re: [MICE-DISCUSS] route server down? I can ping it still also, the BGP session changed from established to ACTIV. James Urwiller Network Architect Stealth Broadband james.urwiller@stealthbroadband.com<mailto:james.urwiller@stealthbroadband.com> [cid:image001.jpg@01D61EC2.F46F6C80] From: MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET<mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET>> On Behalf Of David Farmer Sent: Thursday, April 30, 2020 07:36 To: MICE-DISCUSS@LISTS.IPHOUSE.NET<mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET> Subject: Re: [MICE-DISCUSS] route server down? Both our BGP sessions are up and I just pinged them both as well. On Thu, Apr 30, 2020 at 7:32 AM Steve Savoy <stevesavoy@wctatel.com<mailto:stevesavoy@wctatel.com>> wrote: I was wondering the same thing – I show Apr 29 21:50:26. [cid:image002.jpg@01D61EC2.F46F6C80][cid:image003.png@01D61EC2.F46F6C80]<http://www.wctatel.net/> Steve Savoy Network Administrator Winnebago Cooperative Telecom Assn. 704 E Main St | Lake Mills, IA 50450 Phone 641.592.6105 | Toll Free 800.592.6105 | Fax 641.592.6067 Email stevesavoy@wctatel.com<mailto:stevesavoy@wctatel.com> [Facebook]<https://www.facebook.com/WCTAtel/> [YouTube]<https://www.youtube.com/channel/UCM__0MiAl63zt93t2aKpOXQ> From: MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET<mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET>> On Behalf Of James Urwiller Sent: Thursday, April 30, 2020 7:30 AM To: MICE-DISCUSS@LISTS.IPHOUSE.NET<mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET> Subject: [MICE-DISCUSS] route server down? Did I miss something or is the 2nd mice route server down since right before 22:00 CDT last night? James Urwiller Network Architect Stealth Broadband james.urwiller@stealthbroadband.com<mailto:james.urwiller@stealthbroadband.com> [cid:image001.jpg@01D61EC2.F46F6C80] ________________________________ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 Confidentiality Notice: This correspondence is the property of Winnebago Cooperative Telecom Association and is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ________________________________ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 -- =============================================== David Farmer Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu> Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 =============================================== ________________________________ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 ________________________________ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 Confidentiality Notice: This correspondence is the property of Winnebago Cooperative Telecom Association and is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
I also have the attribute length error in logs. James Urwiller Network Architect Stealth Broadband james.urwiller@stealthbroadband.com *From:* MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> *On Behalf Of *Steve Savoy *Sent:* Thursday, April 30, 2020 07:43 *To:* MICE-DISCUSS@LISTS.IPHOUSE.NET *Subject:* Re: [MICE-DISCUSS] route server down? My Router shows the following: BGP: Peer (VRF: default-vrf) 206.108.255.2 DOWN (Attribute Length Error) Steve Savoy WCTA *From:* MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> *On Behalf Of *James Urwiller *Sent:* Thursday, April 30, 2020 7:40 AM *To:* MICE-DISCUSS@LISTS.IPHOUSE.NET *Subject:* Re: [MICE-DISCUSS] route server down? I can ping it still also, the BGP session changed from established to ACTIV. James Urwiller Network Architect Stealth Broadband james.urwiller@stealthbroadband.com *From:* MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> *On Behalf Of *David Farmer *Sent:* Thursday, April 30, 2020 07:36 *To:* MICE-DISCUSS@LISTS.IPHOUSE.NET *Subject:* Re: [MICE-DISCUSS] route server down? Both our BGP sessions are up and I just pinged them both as well. On Thu, Apr 30, 2020 at 7:32 AM Steve Savoy <stevesavoy@wctatel.com> wrote: I was wondering the same thing – I show Apr 29 21:50:26. <http://www.wctatel.net/> * Steve Savoy* * Network Administrator* *Winnebago Cooperative Telecom Assn.* 704 E Main St | Lake Mills, IA 50450 Phone 641.592.6105 | Toll Free 800.592.6105 | Fax 641.592.6067 Email stevesavoy@wctatel.com [image: Facebook] <https://www.facebook.com/WCTAtel/> [image: YouTube] <https://www.youtube.com/channel/UCM__0MiAl63zt93t2aKpOXQ> *From:* MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> *On Behalf Of *James Urwiller *Sent:* Thursday, April 30, 2020 7:30 AM *To:* MICE-DISCUSS@LISTS.IPHOUSE.NET *Subject:* [MICE-DISCUSS] route server down? Did I miss something or is the 2nd mice route server down since right before 22:00 CDT last night? James Urwiller Network Architect Stealth Broadband james.urwiller@stealthbroadband.com ------------------------------ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 Confidentiality Notice: This correspondence is the property of Winnebago Cooperative Telecom Association and is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ------------------------------ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 -- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 =============================================== ------------------------------ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 ------------------------------ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 Confidentiality Notice: This correspondence is the property of Winnebago Cooperative Telecom Association and is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ------------------------------ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
participants (11)
-
Chris Wopat -
Danny Meister -
David Farmer -
Doug McIntyre -
Frank Bulk -
James Urwiller -
Jay Hanke -
Jeremy Lumby -
Richard Laager -
Steve Howard -
Steve Savoy