These did not kick our sessions, but we got them also:
Via AS6939 ip4 peer in Denver:
May 20 01:01:51 MDT: %BGP-6-ATTR_WRONG_LEN: BGP update error:
XXX.XXX.XXX.XXX Wrong length 1 for PrefixSID attribute (dropped by error
handling)
May 20 01:02:16 MDT: %BGP-6-ATTR_WRONG_LEN: BGP update error:
XXX.XXX.XXX.XXX Wrong length 1 for PrefixSID attribute (dropped by error
handling)
Via AS3356 ip4 peer in Los Angeles:
May 20 01:02:12 MDT: %BGP-6-ATTR_WRONG_LEN: BGP update error:
XXX.XXX.XXX.XXX Wrong length 1 for PrefixSID attribute (dropped by error
handling)
May 20 01:02:38 MDT: %BGP-6-ATTR_WRONG_LEN: BGP update error:
XXX.XXX.XXX.XXX Wrong length 1 for PrefixSID attribute (dropped by error
handling)
Via AS3356 ip4 peer in Seattle:
May 20 01:02:07 MDT: %BGP-6-ATTR_WRONG_LEN: BGP update error:
XXX.XXX.XXX.XXX Wrong length 1 for PrefixSID attribute (dropped by error
handling)
May 20 01:02:37 MDT: %BGP-6-ATTR_WRONG_LEN: BGP update error:
XXX.XXX.XXX.XXX Wrong length 1 for PrefixSID attribute (dropped by error
handling)
On 5/20/25 07:31, Simon Lockhart via NANOG wrote:
Did anyone see BGP flaps this morning at about 07:01 UTC as a result of BGP
malformed update?
It flapped one of our iBGP sessions:
May 20 08:01:51.150 BST: %BGP-3-NOTIFICATION: received from neighbor
XXX.XXX.XXX.XXX 3/1 (update malformed) 31 bytes E0281C00 00000000 00000000
00000000 00
Another ISP saw the same thing...
code 3 (Update Message Error) subcode 1 (invalid attribute list), Data:
e0 28 1c 00 00 00
Is there a new BGP rogue update out there?
Simon
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/GQP6V6BONTN2BPD7XSGW27WLZE5F3L7K/
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/3H4GL64ELMU7BNJRSDACVIK7MTPPWINO/
