Well, the update is well formatted and proper, the handling in JunOS is buggy. You don't want to just blackhole unkown items like this as you can create a significant problem for others similar to the bogon problems that exist.
This type of a fix is ONLY a short term fix to workaround your buggy software. - Jared On Fri, Sep 09, 2011 at 12:58:36PM -0400, Andrew Parnell wrote: > We noticed this as well on a couple of our M7i running 9.x series > code, but not on others running 10.x. This is being caused by a > particular prefix (212.118.142.0/24): > > rpd[5239]: xx.xx.253.192 (Internal AS xx) Received BAD update for > family inet-unicast(1), prefix 212.118.142.0/24 > > The easy solution is to simply filter out the offending prefix. There > are many ways this can be done, but the following did the trick for > us: > > policy-options { > prefix-list bad-prefixes { > 212.118.142.0/24; > } > policy-statement BGP-Import { > term block-bad-prefixes { > from { > prefix-list bad-prefixes; > } > then reject; > } > } > > Apply something like this to your BGP import and/or export policy as > appropriate and you should be fine. > > Andrew > > On Fri, Sep 9, 2011 at 11:41 AM, Markus <unive...@truemetal.org> wrote: > > All of a sudden without changing anything in the config I'm getting the > > following on a M7i running 8.0R2.8: > > > > rpd[3019]: bgp_read_v4_update: NOTIFICATION sent to 89.146.xx.49 (External > > AS xxxx): code 3 (Update Message Error) subcode 11 (AS path attribute > > problem) > > > > The other end (Cisco) is getting: > > > > %BGP-3-NOTIFICATION: received from neighbor 89.146.xx.50 3/11 (invalid or > > corrupt AS path) 0 bytes > > > > This is causing the BGP session to flap. It happens at arbitrary intervals, > > sometimes once a minute, sometimes just once in an hour. CFEB and RE CPU are > > at steady 100% when it happens. > > > > What can I do about this and what could be the cause? Help! :) > > > > Thanks! > > Markus > > > > _______________________________________________ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > > ______________________________________________________________________ > > This email has been scanned by the MessageLabs Email Security System. > > For more information please visit http://www.messagelabs.com/email > > ______________________________________________________________________ > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp -- Jared Mauch | pgp key available via finger from ja...@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp