You can find more about arpnetworks at this link; https://www.arpnetworks.com/ . The folks at arp network are "A" okay to deal with. So if you need low cost VPS hosting and support for BSD+linux, they are the go to outfit.
So on to the problem with my ipv6 bgp-peer ;
May 30 02:35:34 s3 bgpd[4327]: neighbor 2607:f2f8:xxx::2 (DRS): state change OpenConfirm -> Established, reason: KEEPALIVE message received
May 30 02:35:40 s3 bgpd[4327]: neighbor 2607:f2f8:xxx::2 (DRS): received notification: error in UPDATE message, attribute list error
May 30 02:35:40 s3 bgpd[4327]: neighbor 2607:f2f8:xxx::2 (DRS): state change Established -> Idle, reason: NOTIFICATION received
Notice the NOTIFICATION received? Here's a decode of the notification from a packet capture;
Border Gateway Protocol
NOTIFICATION Message
Marker: 16 bytes
Length: 21 bytes
Type: NOTIFICATION Message (3)
Error code: UPDATE Message Error (3)
Error subcode: Malformed Attribute List (1)
Okay, so now what ?
Will you have to find the codes to try to figure out the issue. In this case we are looking at error#3 and subcode#1 (update) "malformed attribute list"
You can use this site for BGP errors referencing;
http://www.tcpipguide.com/free/t_BGPErrorReportingNotificationMessages-3.htm
(terse output )
code3
sub-code 1 ( update )
Okay, so we now known what's the code.
It's going to take me some time to go thru the sub-code to look at what could be the root cause to my issue(s). These code are very generic as to what to adjust or check, so you will probably have to play around and do some googling. Worst case, I will have to jump into the pfSense forum and post a question.
http://forum.pfsense.org/
This could be a mis-configuration or bug or something else going on.
Keep in mind the following; " Any time a BGP-NOTIFICATION comes in, it's typically a BGP Error and you session will always close "
You can using the following commands on cisco IOS, IOS-XR, pfSense, Junos to see if you ever received any notifications;
IOS;
show bgp neighbor 1.1.1.1
(snip)
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 1175 193635
Keepalives: 930840 806310
Route Refresh: 3 5
Total: 932019 999951
Default minimum time between advertisement runs is 0 seconds
IOS-XR;
show bgp neighbor 1.1.1.1 detail
(snip)
Message stats:
InQ depth: 0, OutQ depth: 0
Last_Sent Sent Last_Rcvd Rcvd
Open: May 31 21:20:59.997 15 May 31 21:21:00.044 14
Notification: May 31 21:00:46.271 10 --- 0
Update: May 31 21:21:59.539 2 May 31 21:23:00.191 287160
Keepalive: Jun 1 04:08:00.496 165432 Jun 1 04:07:34.513 182000
Route_Refresh: --- 0 --- 0
Total: 165459 469174
Minimum time between advertisement runs is 30 secs
OpenBGP;
bgpctl show neighbor MyUPLINKv6
( snip )
Message statistics:
Sent Received
Opens 1 1
Notifications 1 0
Updates 0 7863
Keepalives 1 1
Route Refresh 0 0
Total 3 7865
And finally Juniper;
show bgp neighbor 1.1.1.1
(snip)
Last traffic (seconds): Received 357 Sent 357 Checked 357
Input messages: Total 4 Updates 2 Refreshes 0 Octets 211
Output messages: Total 4 Updates 1 Refreshes 0 Octets 147
Output Queue[0]: 0
Output Queue[1]: 0
Trace options: all
In the mean time, I took the time to cleaned up my cfg and made my descriptions to reflect v4 and v6 in the neighbor statements and deployed some simple BOGON/MARTIAN protection within OpenBGPd using the proper syntax & lingo;
e.g
bgpctl show
Neighbor AS MsgRcvd MsgSent OutQ Up/Down State/PrfRcvd
MyUPLINKv6 25795 0 0 0 Never Active
MyUPLINKv4 25795 16795 26 0 02:21:46 92914
The Cfg I'm using
Hopefully I will figure out what's the issue & the why. So stay tuned. I've also upgraded to the latest snapshot.
Ken Felix
Freelance Network/Security Engineer
kfelix .at. hyperfeed .dot. com
^ ^
= ( * * )=
/ o \
No comments:
Post a Comment