%BGP-3-NOTIFICATION: received from neighbor X.X.X.X 3/5 (invalid length for attribute) 1036 bytes

Unanswered Question
Apr 21st, 2010

Hi Sir...

We had some bgp neighbor fail and flapping in a while and we had no idea to fix it till now. Device show us some error message that list below...

Apr 20 14:24:20.238 CST: %BGP-5-ADJCHANGE: neighbor X.X.X.X Up
Apr 20 14:24:21.166 CST: %BGP-3-NOTIFICATION: received from neighbor X.X.X.X  3/5 (invalid length for attribute) 1036 bytes D0100408 000212C9 000003E9 000212C9 00
Apr 20 14:24:21.166 CST: %BGP-5-ADJCHANGE: neighbor X.X.X.X  Down BGP Notification received

Would somebody help us for this case?

Thanks you!

sean

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Hi Karuppu...

Sorry for late response and thanks your help...

this is the summary bgp command that listed below...And the device is 7507MX with IOS 12.0(30)S1 service provider feature.

==============================

interface Serial0/1/1
ip address X.X.X.X 255.255.255.252
no ip redirects
no ip directed-broadcast
no ip proxy-arp
load-interval 30
carrier-delay 5
mpls bgp forwarding
tag-switching ip
dsu bandwidth 44210
framing c-bit
cablelength 200
clock source internal
!
router bgp AAAA
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor X.X.X.X remote-as BBBB
!
address-family vpnv4
neighbor X.X.X.X activate
neighbor X.X.X.X send-community extended
neighbor X.X.X.X route-map customer-in in
neighbor X.X.X.X route-map customer-out out
neighbor X.X.X.X maximum-prefix 5000
exit-address-family
!
route-map customer-out permit 10
match extcommunity 7
set metric 20
!
route-map customer-in permit 10
match extcommunity 7
!
ip extcommunity-list 7 permit rt 65001:608094
ip extcommunity-list 7 permit rt 65001:902062
ip extcommunity-list 7 permit rt 65001:905141
ip extcommunity-list 7 permit rt 65001:609251
ip extcommunity-list 7 permit rt 65001:117
ip extcommunity-list 7 permit rt 65001:88888
!

==========================================

MP-eBGP receive routes from ASBR device that is filtered by route-map.  And this MP-eBGP had been worked for a long time. But suddenly, the  error message appear  and neighbor flapping continualy. And we cannot  figure it out till now.

Thanks You!

Sean

Giuseppe Larosa Tue, 05/11/2010 - 00:45

Hello Sean,

if you are receiving MP eBGP routes for inter-AS VPNs it is likely that the peer has recently added some BGP communities or BGP extended communities causing an overflow of one field

You should contact them explaining your issue.

Hope to help

Giuseppe

Hi Giuseppe...

The BGP peer is GSR router and we had contacted the GSR owner. The GSR is another servie provider that received route update from downstream customers and they did not changed or tuned any configuration when the problem appear. The GSR receive the same error message from our device and the BGP neighber flapping too. It seems like that GSR is a victim also for this case.

Till now, the error message tell us that the device received update contained malformed BGP communities. And that error makes bgp neighbor flapping. Would some debug or command could tell us that what bgp communities makes bgp neighber flapping?

Thanks you!

Sean

Giuseppe Larosa Tue, 05/11/2010 - 03:30

Hello Sean,

if the link is a LAN you could put a sniffer and you could capture the BGP packets sent by GSR to your router and with a common clock you could relate the BGP notification with the offending message.

if the link is of WAN type this is not possible

Hope to help

Giuseppe

tyllin Tue, 05/11/2010 - 10:00

Hi Giuseppe...

Yes, this is a T3 wan PA module using coaxial cable and BNC connector and it is difficult to sniffer.

Some debug command had been configured on the device about bgp neighbor update. we terminate the debug asap because of the high CPU consume. And nothing special within the debug logs.

We reviewed the syslogs and found some other new error messages that listed below. Would these messages help this case? and what it mean?

Thanks you!

Sean

=========================================

Apr 20 14:42:58.779 CST: %BGP-3-NOTIFICATION: sent to neighbor X.X.X.X 3/10 (illegal network) 1 bytes 00 FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0058 0200 0000 4140 0101 0240 0204 0201 4570 C010 1000 0226 C400 0026 C400 0245 7000 001F 4180 0E20 0001 800C 0000 0000 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D

========================================

========================================

Apr 20 16:36:15.281 CST: %BGP-3-NOTIFICATION: sent to neighbor X.X.X.X 3/4 (invalid flags for attribute) 16 bytes 0D0B0D0B 0D0B0D0B 0D0B0D0B 0D0B0D0B


Apr 20 16:36:15.281 CST: BGP: 218.96.253.231 Bad attributes FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0079 0200 0000 6240 0101 0240 0204 0201 4570 C010 2000 0226 C400 0026 C400 0245 7000 0000 0100 0245 7000 001F 5F00 0245 700D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B

=======================================

======================================

Apr 20 16:44:53.433 CST: %BGP-3-NOTIFICATION: sent to neighbor X.X.X.X 3/4 (invalid flags for attribute) 14 bytes 0B0D0B0D 0B0D0B0D 0B0D0B0D 0B0D


Apr 20 16:44:53.433 CST: BGP: 218.96.253.231 Bad attributes FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 019C 0200 0001 8540 0101 0240 020E 0206 4570 FEB4 26D3 2570 240D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0B0D 0045 7000 001F 48AC 1300 5074 03B2 C100 0045 7000 001F 48AC 1300 2074 03B6 7100 0045 7000 001F 48AC 1300 1076 03B7 4100 0045 7000 001F 48AC 1300 0476 03BC 9100 0045 7000 001F 48AC 1300 0078 03BE 8100 0045 7000 001F 48AC 100B 6578 03C9 5100 0045 7000 001F 48AC 1005 6578 03CB 4100 0045 7000 001F 48AC 1005 6478 03CD A100 0045 7000 001F 48AC 0701 0170 0957 A100 0045 7000 001F 48DB 579B 7009 6701 0000 4570 0000 1F48 C0A8 6970 0967 5100 0045 7000 001F 48C0 A800 7409 7121 0000 4570 0000 1F48 AC13 0040 6809 7781 0000 4570 0000 1F48 A8A8 7009 7791 0000 4570 0000 1F48 3D1F 3770 0979 9100 0045 7000 001F 480A C8C8 7808 3561 0000 4570 0000 1F48 AC10 1E65 7808 3851 0000 4570 0000 1F48 AC10 0065

=====================================

Giuseppe Larosa Thu, 04/22/2010 - 01:51

Hello Sean,

what IOS image is running  on your router and what device is the BGP peer?

the message clearly states that a BGP advertisement from the peer was containing a BGP attribute in the form of type length value and that the value field 1036 -> 1036 octets  was not a valid expected value.

Be careful that the BGP peer may be misbehaving or it is trying to send to you a too long AS path attribute (for example)

>> : received from neighbor X.X.X.X  3/5

means sent notification for having received a malformed BGP update (3) with a BGP attribute lenght out of range (5)

the router is protecting itself from possible SW errors that would be caused by accepting the update

Are you protecting your router from too long AS paths with max-as command ?

Hope to help

Giuseppe

Hi Giuseppe...

The device is 7507MX with IOS version 12.0(30)S1 service provider feature. Definitely, there is a BGP Bugs about too long AS-Path. I am not sure that the device and IOS had fixed this or not. But the config had worked for a long time but this error message is the first time that appear. And we had no idea to fix this...Maybe something wrong about route update. Would some command or debug could help us to figure it out?

Thanks You!

Sean

tyllin Thu, 12/30/2010 - 18:35

Dear  CHENG-HSIN LIN :

I encountered the same problem like yours.

My device is 7513 with IOS version 12.0(30)S1.

You mention there is a BGP Bugs about too long AS-Path.

I have looked for the Bug with Cisco BUG Toolkit , but I can't find.

Could you tell me where you find it??

Thanks

tyllin Tue, 01/04/2011 - 00:05

Dear  Larosa :

Thanks for your help . I have read the article.

But it seems nothing to my problem. Because I don't config "as-prepend" & "bgp maxas-limit"

when the upstream router config below

******************************************

neighbor 61.31.244.194 send-community both

neighbor 61.31.244.194 route-map cust-community in

******************************************

the error message show :

%BGP-5-ADJCHANGE: neighbor x.x.x.x vpn vrf c109a071 Down BGP Notification received

%BGP-5-ADJCHANGE: neighbor x.x.x.x vpn vrf c109a071 Up

%BGP-3-NOTIFICATION: received from neighbor x.x.x.x 3/5 (invalid length for attribute) 1444 bytes D01005A0 00

02121D 00000821 000212C9 00

when I remove the config : It's ok.

Upstream Router (7513 + 12.0(30)S1):

ip vrf c109a071

rd 9924:1041

route-target export 9924:1041

route-target import 9924:1041

!

router bgp 9924

ip vrf forwarding c109a071

address-family ipv4 vrf c109a071

redistribute connected

redistribute static

neighbor x.x.x.x remote-as 65001

neighbor x.x.x.x activate

neighbor x.x.x.x as-override

neighbor x.x.x.x soft-reconfiguration inbound

neighbor x.x.x.x maximum-prefix 500 80 restart 10

!

ip community-list standard pref150 permit 650379414

ip community-list standard pref200 permit 650379464

route-map cust-community permit 10

match community pref200

set local-preference 200

route-map cust-community permit 20

match community pref150

set local-preference 150

!

route-map cust-community permit 1000

Downstream Router (65093 + 12.2(17d)SXB1):

router bgp 65001

no synchronization

bgp log-neighbor-changes

redistribute connected

redistribute static

neighbor x.x.x.x remote-as 9924

neighbor x.x.x.x soft-reconfiguration inbound

neighbor x.x.x.x route-map Primary_BGP_out out

default-information originate

no auto-summary

!

access-list 91 remark Control BGP out

access-list 91 permit any

!

route-map Primary_BGP_out permit 10

match ip address 91

set community 200

Thanks

milan.kulik Tue, 01/04/2011 - 04:07

Hi,

so it seems the extended communities sent from the upstream router might be breaking the BGP session?

What about trying

neighbor 61.31.244.194 send-community standard

instead of

neighbor 61.31.244.194 send-community both?

I'm also not sure if the downstream router config works OK

without

neighbor x.x.x.x send-community standard

But it's difficult to advise without knowing the detailed purpose of sending communities between your routers.

BR,

Milan

cadet alain Tue, 01/04/2011 - 04:34

Hi Milan,

Isn't he doing so to propagate its route-targets which are extended communities  ?

Regards.


Alain.

milan.kulik Tue, 01/04/2011 - 04:49

Hi,

I'm not sure.

I always thought this was done for vpnv4 neighbors, but not for ipv4  neighbors?

BR,

Milan

Giuseppe Larosa Tue, 01/04/2011 - 11:37

Hello Alain,

>> Isn't he doing so to propagate its route-targets which are extended communities  ?

from what we have seen up to now this should be an eBGP session between a PE and a CE so extended communities shouldn't be of use as noted by Milan

Hope to help

Giuseppe

Giuseppe Larosa Tue, 01/04/2011 - 11:40

Hello Tyllin,

>> But it seems nothing to my problem. Because I don't config "as-prepend" & "bgp maxas-limit"

when the upstream router config below

******************************************

neighbor 61.31.244.194 send-community both

neighbor 61.31.244.194 route-map cust-community in

******************************************

the error message show :

%BGP-5-ADJCHANGE: neighbor x.x.x.x vpn vrf c109a071 Down BGP Notification received

%BGP-5-ADJCHANGE: neighbor x.x.x.x vpn vrf c109a071 Up

%BGP-3-NOTIFICATION: received from neighbor x.x.x.x 3/5 (invalid length for attribute) 1444 bytes D01005A0 00

02121D 00000821 000212C9 00

What is the router that complains of 3/5 (invalid length for attribute)  the PE node or the CE node?

as noted by Milan you should use

send-community on both sides and not send-community both only on PE side

Hope to help

Giuseppe

cadet alain Tue, 01/04/2011 - 13:28

Hi Milan,Giuseppe,

Thanks for clarifications about the extended communities

Regards.

alain.

tyllin Tue, 01/04/2011 - 19:46

Dear  Eveybody :

Thanks for help again^^

The below config  & eroor log is on Upstream Router (7513)

******************************************

neighbor 61.31.244.194 send-community both

neighbor 61.31.244.194 route-map cust-community in

%BGP-5-ADJCHANGE: neighbor x.x.x.x vpn vrf c109a071 Down BGP Notification received

%BGP-5-ADJCHANGE: neighbor x.x.x.x vpn vrf c109a071 Up

%BGP-3-NOTIFICATION: received from neighbor x.x.x.x 3/5 (invalid length for attribute) 1444 bytes D01005A0 00

02121D 00000821 000212C9 00

******************************************

I'll try to set up send-community both side

Thanks

German Garay Sun, 02/02/2014 - 15:51

Hi, I am having a problem of communication between two ASR9000 router (ver 4.2.1)  and a 7604 router (

RSP720 ios 122-33.SRE2 ),  I am configuring the  ASR as VPNv4 RR,  but the peer with the 7600 never establishing

the config. the equipment is as follows

ASR:

router bgp 22222

address-family ipv4 unicast

  redistribute connected

!

address-family vpnv4 unicast

!

address-family l2vpn vpls-vpws

!

neighbor X.X.X.X

  remote-as 22222

  update-source Loopback0

  address-family ipv4 unicast

   next-hop-self

   soft-reconfiguration inbound

  !

  address-family vpnv4 unicast

   route-reflector-client

   soft-reconfiguration inbound

  !


7600

router bgp 2222

neighbor y.y.y.y remote-as 22222

neighbor y.y.y.y update-source Loopback4090

address-family ipv4

no synchronization

bgp redistribute-internal

  no neighbor y.y.y.y activate

address-family vpnv4

  neighbor y.y.y.y activate

  neighbor y.y.y.y send-community both

address-family ipv4 vrf PEPE

  no synchronization

  bgp redistribute-internal

  redistribute static

  redistribute connected

neighbor PEPE peer-group

neighbor  PEPE remote-as 22222

neighbor PEPE route-reflector-client

neighbor PEPE soft-reconfiguration inbound

neighbor 192.168.95.9 peer-group PEPE

neighbor 192.168.95.9 activate

and more vrf with similar configurations  .................

VPNv4 falla.gif

log error in ASR

RP/0/RSP0/CPU0:Feb  2 16:24:45.198 : bgp[1044]: %ROUTING-BGP-5-ADJCHANGE : neighbor x.x.x.x Up (VRF:default)

RP/0/RSP0/CPU0:Feb  2 16:24:45.236 : bgp[1044]: %ROUTING-BGP-5-ADJCHANGE : neighbor x.x.x.x Down - BGP Notification sent, illegal network (VRF: default)

RP/0/RSP0/CPU0:Feb  2 16:24:54.418 : bgp[1044]: %ROUTING-BGP-5-ADJCHANGE : neighbor x.x.x.x Up (VRF: default)

RP/0/RSP0/CPU0:Feb  2 16:24:54.452 : bgp[1044]: %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor x.x.x.x - message length 101 bytes, error flags 0x00000008, action taken "Reset". Error details: "Error 0x00000008, Field "MP_REACH-NLRI", Attribute 14 (Flags 0x00, Length 0), Data [53]"

log 7604

Feb  2 16:24:13.839: %BGP-5-ADJCHANGE: neighbor y.y.y.y Up

Feb  2 16:24:13.839: %BGP-3-NOTIFICATION: received from neighbor y.y.y.y 3/10 (illegal network) 1 bytes 53

Feb  2 16:24:13.839: %BGP-5-ADJCHANGE: neighbor y.y.y.y Down Peer closed the session

Feb  2 16:24:13.839: %BGP_SESSION-5-ADJCHANGE: neighbor y.y.y.y VPNv4 Unicast topology base removed from session  Peer closed the session

I would appreciate any help from already thank you very much for your time

Sergio

Actions

This Discussion

Related Content