Mailing List Archive

BGP type 2 length 3294 is too large, attribute total length is 2314.
We have had one occurrence in July, and another just today, where over an hour period our BGP sessions have flapped repeatedly over an hour and logged this message:
Sep 7 05:38:38 $HOSTNAME bgpd[17794]: $IP: BGP type 2 length 3294 is too large, attribute total length is 2314. attr_endp is 0x7f4b8db1478d. endp is 0x7f4b8db143b1
(substituting $HOSTNAME and $IP for our real hostname and IP)

We’re running version 0.99.24.1 on debian 4, etch.

The most recent occurrence was 9/7/2017 between 05:38:38 UTC and 06:24:14 UTC. The previous occurrence was 6/20 at 6:15 UTC. The only other reference I’ve found is a previous message to this group on 7/17/2017 with someone running and older version that was encouraged top upgrade to 0.99.24, which is where we’re already at.

Has anyone else encountered this? Any suggestions?
This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,

you may review at https://www.amdocs.com/about/email-disclaimer <https://www.amdocs.com/about/email-disclaimer>
Re: BGP type 2 length 3294 is too large, attribute total length is 2314. [ In reply to ]
This was caused by

https://stat.ripe.net/data/bgplay/data.json?resource=AS262197&starttime=1504760781&rrcs=1


You need to add as-path filter to prevent tooo many prepends from others



W dniu 2017-09-07 o 23:37, Andrew Kerr pisze:
>
> We have had one occurrence in July, and another just today, where over
> an hour period our BGP sessions have flapped repeatedly over an hour
> and logged this message:
>
> Sep  7 05:38:38 $HOSTNAME bgpd[17794]: $IP: BGP type 2 length 3294 is
> too large, attribute total length is 2314.  attr_endp is
> 0x7f4b8db1478d.  endp is 0x7f4b8db143b1
>
> (substituting $HOSTNAME and $IP for our real hostname and IP)
>
> We’re running version 0.99.24.1 on debian 4, etch.
>
> The most recent occurrence was 9/7/2017 between 05:38:38 UTC and
> 06:24:14 UTC.  The previous occurrence was 6/20 at 6:15 UTC.  The only
> other reference I’ve found is a previous message to this group on
> 7/17/2017 with someone running and older version that was encouraged
> top upgrade to 0.99.24, which is where we’re already at.
>
> Has anyone else encountered this?  Any suggestions?
>
> This message and the information contained herein is proprietary and
> confidential and subject to the Amdocs policy statement,
> you may review at https://www.amdocs.com/about/email-disclaimer
>
>
> _______________________________________________
> Quagga-users mailing list
> Quagga-users@lists.quagga.net
> https://lists.quagga.net/mailman/listinfo/quagga-users
Re: BGP type 2 length 3294 is too large, attribute total length is 2314. [ In reply to ]
Hi Andrew

We observed this as well and are also looking into this (as we had one case where this caused flapping of our iBGP session).
My current understanding is that the oversize UPDATE mentioned by Pawel triggered a bug in Quagga which caused that the UPDATE message sent out by Quagga to its peers was malformed.
The error message you see in the logs is then emited by the peers of the Quagga host when they receive the malformed UPDATE message.

I'm currently preparing a bug-report and patch for Quagga regarding this.

As an immediate workaround to prevent this you could add an as-path filter to discard oversized UPDATEs with more than 255 AS_PATH entries.
Important point here is that this as-path filter is added on the peers of the host which logged the error message.
Adding the as-path filter only on the host with the error message will not be enough as the packet attribute validation is done before the as-path filter is applied.

Cheers
Andreas


On Thu, Sep 07, 2017 at 09:37:17PM +0000, Andrew Kerr wrote:
> We have had one occurrence in July, and another just today, where over an hour period our BGP sessions have flapped repeatedly over an hour and logged this message:
> Sep 7 05:38:38 $HOSTNAME bgpd[17794]: $IP: BGP type 2 length 3294 is too large, attribute total length is 2314. attr_endp is 0x7f4b8db1478d. endp is 0x7f4b8db143b1
> (substituting $HOSTNAME and $IP for our real hostname and IP)
>
> We???re running version 0.99.24.1 on debian 4, etch.
>
> The most recent occurrence was 9/7/2017 between 05:38:38 UTC and 06:24:14 UTC. The previous occurrence was 6/20 at 6:15 UTC. The only other reference I???ve found is a previous message to this group on 7/17/2017 with someone running and older version that was encouraged top upgrade to 0.99.24, which is where we???re already at.
>
> Has anyone else encountered this? Any suggestions?
> This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,
>
> you may review at https://www.amdocs.com/about/email-disclaimer <https://www.amdocs.com/about/email-disclaimer>

> _______________________________________________
> Quagga-users mailing list
> Quagga-users@lists.quagga.net
> https://lists.quagga.net/mailman/listinfo/quagga-users


--
andreas jaggi
lead engineer network services

open systems ag
raeffelstrasse 29
ch-8045 zurich
t: +41 58 100 10 10
f: +41 58 100 10 11
aj@open.ch

http://www.open.ch
_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users
Re: BGP type 2 length 3294 is too large, attribute total length is 2314. [ In reply to ]
Hi,

Cisco IOS seems to have a nice configuration setting

bgp maxas-path <num>

https://www.cisco.com/c/en/us/td/docs/ios/12_2/iproute/command/reference/fiprrp_r/1rfbgp1.html#wp1254976

which apparently quagga does not have.

So I set up an as-path access-list like so:

ip as-path access-list maxas-limit75 deny _[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+
ip as-path access-list maxas-limit75 permit .

which seems to work, but is not nice to read. I tried to use counting
regexes with braces ([0-9]{0,75}) without success. Is there a more
elegant way to do it than above?

Regards
Matthias Ferdinand
_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users
Re: BGP type 2 length 3294 is too large, attribute total length is 2314. [ In reply to ]
This was definitely the right answer, thank you for the help. I see that this has just been patched in frr.
https://github.com/donaldsharp/frr/commit/084002351fbfd6b4e2d9c4c218288b2324ad81cd

On 9/7/17, 9:15 PM, "Andreas Jaggi" <aj@open.ch> wrote:

Hi Andrew

We observed this as well and are also looking into this (as we had one case where this caused flapping of our iBGP session).
My current understanding is that the oversize UPDATE mentioned by Pawel triggered a bug in Quagga which caused that the UPDATE message sent out by Quagga to its peers was malformed.
The error message you see in the logs is then emited by the peers of the Quagga host when they receive the malformed UPDATE message.

I'm currently preparing a bug-report and patch for Quagga regarding this.

As an immediate workaround to prevent this you could add an as-path filter to discard oversized UPDATEs with more than 255 AS_PATH entries.
Important point here is that this as-path filter is added on the peers of the host which logged the error message.
Adding the as-path filter only on the host with the error message will not be enough as the packet attribute validation is done before the as-path filter is applied.

Cheers
Andreas


On Thu, Sep 07, 2017 at 09:37:17PM +0000, Andrew Kerr wrote:
> We have had one occurrence in July, and another just today, where over an hour period our BGP sessions have flapped repeatedly over an hour and logged this message:
> Sep 7 05:38:38 $HOSTNAME bgpd[17794]: $IP: BGP type 2 length 3294 is too large, attribute total length is 2314. attr_endp is 0x7f4b8db1478d. endp is 0x7f4b8db143b1
> (substituting $HOSTNAME and $IP for our real hostname and IP)
>
> We???re running version 0.99.24.1 on debian 4, etch.
>
> The most recent occurrence was 9/7/2017 between 05:38:38 UTC and 06:24:14 UTC. The previous occurrence was 6/20 at 6:15 UTC. The only other reference I???ve found is a previous message to this group on 7/17/2017 with someone running and older version that was encouraged top upgrade to 0.99.24, which is where we???re already at.
>
> Has anyone else encountered this? Any suggestions?
> This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,
>
> you may review at https://www.amdocs.com/about/email-disclaimer <https://www.amdocs.com/about/email-disclaimer>

> _______________________________________________
> Quagga-users mailing list
> Quagga-users@lists.quagga.net
> https://lists.quagga.net/mailman/listinfo/quagga-users


--
andreas jaggi
lead engineer network services

open systems ag
raeffelstrasse 29
ch-8045 zurich
t: +41 58 100 10 10
f: +41 58 100 10 11
aj@open.ch

http://www.open.ch


This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,

you may review at https://www.amdocs.com/about/email-disclaimer <https://www.amdocs.com/about/email-disclaimer>

_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users
Re: BGP type 2 length 3294 is too large, attribute total length is 2314. [ In reply to ]
Hi Matthias

We are using the following approach: ip as-path access-list limit-to-100 deny ^([0-9]+ ){99,}[0-9]+$

Cheers
Andreas


On Fri, Sep 08, 2017 at 04:52:47PM +0200, Matthias Ferdinand wrote:
> Hi,
>
> Cisco IOS seems to have a nice configuration setting
>
> bgp maxas-path <num>
>
> https://www.cisco.com/c/en/us/td/docs/ios/12_2/iproute/command/reference/fiprrp_r/1rfbgp1.html#wp1254976
>
> which apparently quagga does not have.
>
> So I set up an as-path access-list like so:
>
> ip as-path access-list maxas-limit75 deny _[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+
> ip as-path access-list maxas-limit75 permit .
>
> which seems to work, but is not nice to read. I tried to use counting
> regexes with braces ([0-9]{0,75}) without success. Is there a more
> elegant way to do it than above?
>
> Regards
> Matthias Ferdinand

--
andreas jaggi
lead engineer network services

open systems ag
raeffelstrasse 29
ch-8045 zurich
t: +41 58 100 10 10
f: +41 58 100 10 11
aj@open.ch

http://www.open.ch

_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users
Re: BGP type 2 length 3294 is too large, attribute total length is 2314. [ In reply to ]
On Sat, Sep 09, 2017 at 07:30:39AM +0200, Andreas Jaggi wrote:
> Hi Matthias
>
> We are using the following approach: ip as-path access-list limit-to-100 deny ^([0-9]+ ){99,}[0-9]+$

thanks! apparently I forgot the '+' sign after the digits when testing
the {} construct, and there are only so many single-digit ASes or long
AS paths made of single-digit ASes :-)

I used '_' (underscore) instead of ' ' (space). Underscore also matches
'{', ',' and '}' (confederation syntax?) and beginning and end of
string. But still my regex failed to match anything using '{' in the AS
path. Matching that would require '_+' as separator and a comma in the
character set.

E.g. 217.199.156.0/22 ends in 16637 9129 {64237,64512,65008,65011,65400}

I think your regex also misses that.

I now use this format:

ip as-path access-list maxas-limit75 deny ^([{},0-9]+ ){75}

This counts {a,b,c} path elements as a single entry, and the blank
requires that there is still something more following the list of 75
ASes.


Regards
Matthias



>
> Cheers
> Andreas
>
>
> On Fri, Sep 08, 2017 at 04:52:47PM +0200, Matthias Ferdinand wrote:
> > Hi,
> >
> > Cisco IOS seems to have a nice configuration setting
> >
> > bgp maxas-path <num>
> >
> > https://www.cisco.com/c/en/us/td/docs/ios/12_2/iproute/command/reference/fiprrp_r/1rfbgp1.html#wp1254976
> >
> > which apparently quagga does not have.
> >
> > So I set up an as-path access-list like so:
> >
> > ip as-path access-list maxas-limit75 deny _[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+
> > ip as-path access-list maxas-limit75 permit .
> >
> > which seems to work, but is not nice to read. I tried to use counting
> > regexes with braces ([0-9]{0,75}) without success. Is there a more
> > elegant way to do it than above?
> >
> > Regards
> > Matthias Ferdinand
>
> --
> andreas jaggi
> lead engineer network services
>
> open systems ag
> raeffelstrasse 29
> ch-8045 zurich
> t: +41 58 100 10 10
> f: +41 58 100 10 11
> aj@open.ch
>
> http://www.open.ch
_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users
Re: BGP type 2 length 3294 is too large, attribute total length is 2314. [ In reply to ]
Hello

Is it possible for you to pull in the code from the branch volatile/balajig
.

The branch has the fix for the problem with respect to AS-Path filtering.
If you could give it a spin and let me know, it might be helpful.

Thanks,
- Balaji



On Wed, Sep 13, 2017 at 9:05 PM, Matthias Ferdinand <mf@14v.de> wrote:

> On Sat, Sep 09, 2017 at 07:30:39AM +0200, Andreas Jaggi wrote:
> > Hi Matthias
> >
> > We are using the following approach: ip as-path access-list
> limit-to-100 deny ^([0-9]+ ){99,}[0-9]+$
>
> thanks! apparently I forgot the '+' sign after the digits when testing
> the {} construct, and there are only so many single-digit ASes or long
> AS paths made of single-digit ASes :-)
>
> I used '_' (underscore) instead of ' ' (space). Underscore also matches
> '{', ',' and '}' (confederation syntax?) and beginning and end of
> string. But still my regex failed to match anything using '{' in the AS
> path. Matching that would require '_+' as separator and a comma in the
> character set.
>
> E.g. 217.199.156.0/22 ends in 16637 9129 {64237,64512,65008,65011,65400}
>
> I think your regex also misses that.
>
> I now use this format:
>
> ip as-path access-list maxas-limit75 deny ^([{},0-9]+ ){75}
>
> This counts {a,b,c} path elements as a single entry, and the blank
> requires that there is still something more following the list of 75
> ASes.
>
>
> Regards
> Matthias
>
>
>
> >
> > Cheers
> > Andreas
> >
> >
> > On Fri, Sep 08, 2017 at 04:52:47PM +0200, Matthias Ferdinand wrote:
> > > Hi,
> > >
> > > Cisco IOS seems to have a nice configuration setting
> > >
> > > bgp maxas-path <num>
> > >
> > > https://www.cisco.com/c/en/us/td/docs/ios/12_2/iproute/
> command/reference/fiprrp_r/1rfbgp1.html#wp1254976
> > >
> > > which apparently quagga does not have.
> > >
> > > So I set up an as-path access-list like so:
> > >
> > > ip as-path access-list maxas-limit75 deny
> _[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-
> 9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_
> [0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-
> 9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_
> [0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-
> 9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_
> [0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-
> 9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_
> [0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+
> > > ip as-path access-list maxas-limit75 permit .
> > >
> > > which seems to work, but is not nice to read. I tried to use counting
> > > regexes with braces ([0-9]{0,75}) without success. Is there a more
> > > elegant way to do it than above?
> > >
> > > Regards
> > > Matthias Ferdinand
> >
> > --
> > andreas jaggi
> > lead engineer network services
> >
> > open systems ag
> > raeffelstrasse 29
> > ch-8045 zurich
> > t: +41 58 100 10 10
> > f: +41 58 100 10 11
> > aj@open.ch
> >
> > http://www.open.ch
> _______________________________________________
> Quagga-users mailing list
> Quagga-users@lists.quagga.net
> https://lists.quagga.net/mailman/listinfo/quagga-users
>
Re: BGP type 2 length 3294 is too large, attribute total length is 2314. [ In reply to ]
On Sun, Sep 17, 2017 at 10:14:54PM +0530, Balaji Gurudoss wrote:
> Hello
>
> Is it possible for you to pull in the code from the branch volatile/balajig
> .
>
> The branch has the fix for the problem with respect to AS-Path filtering.
> If you could give it a spin and let me know, it might be helpful.

Hi,

thank you, will that branch also contain a fix for the IPv6 BGP problem
described at https://bugzilla.quagga.net/show_bug.cgi?id=870 ?

Otherwise I would just try to apply Andreas Jaggi's patch from
https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html
to 0.99.24.1 as we will need working IPv6 BGP.

Regards
Matthias
_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users
Re: BGP type 2 length 3294 is too large, attribute total length is 2314. [ In reply to ]
Hi

On Mon, Sep 18, 2017 at 2:19 PM, Matthias Ferdinand <mf@14v.de> wrote:

> On Sun, Sep 17, 2017 at 10:14:54PM +0530, Balaji Gurudoss wrote:
> > Hello
> >
> > Is it possible for you to pull in the code from the branch
> volatile/balajig
> > .
> >
> > The branch has the fix for the problem with respect to AS-Path filtering.
> > If you could give it a spin and let me know, it might be helpful.
>
> Hi,
>
> thank you, will that branch also contain a fix for the IPv6 BGP problem
> described at https://bugzilla.quagga.net/show_bug.cgi?id=870 ?
>
Sorry, My branch does not contain that yet. We are working on this problem
and would try to close this at the earliest.


>
> Otherwise I would just try to apply Andreas Jaggi's patch from
> https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html
> to 0.99.24.1 as we will need working IPv6 BGP.
>
Yeah this patch is applied on my tree but its the latest so you might hit
the bug #870 with my code base. Would let you know about the #870 once we
fix it

Thanks,
- Balaji

>
> Regards
> Matthias
>
Re: BGP type 2 length 3294 is too large, attribute total length is 2314. [ In reply to ]
Hi.

We also got hit by this on CentOS / EL 7. See log below.

For now, I will try and apply filter as suggested using route maps:

router bgp 48894 :-)
..
neighbor 172.16.1.2 route-map r2out out
..
!
ip as-path access-list maxas-limit75 deny ^([{},0-9]+ ){75}
ip as-path access-list maxas-limit75 permit .
!
route-map r2out permit 10
match as-path maxas-limit75

It seems to work:

172.16.1.2      4 48894 200778604 245226444        0    0    0 00:05:26   655853


This is the affected package.
Name        : quagga
Arch        : x86_64
Version     : 0.99.22.4
Release     : 4.el7
Size        : 5.1 M
Repo        : installed

*Is anyone going to submit bug report to CentOS and RedHat bug trackers?**
**If no one answers, I will do it.*


Sep 30 23:30:13 r2 bgpd[1172]: %ADJCHANGE: neighbor 172.16.1.1 Up
Sep 30 23:30:29 r2 bgpd[1172]: 172.16.1.1: BGP type 2 length 3298 is too
large, attribute total length is 2307.  attr_endp is 0x7f58178a3e71. 
endp is 0x7f58178a3a8a
Sep 30 23:30:29 r2 bgpd[1172]: %NOTIFICATION: sent to neighbor
172.16.1.1 3/5 (UPDATE Message Error/Attribute Length Error) 0 bytes
Sep 30 23:30:29 r2 bgpd[1172]: Notification sent to neighbor 172.16.1.1:
type 3/5
Sep 30 23:30:29 r2 bgpd[1172]: %ADJCHANGE: neighbor 172.16.1.1 Down BGP
Notification send
Sep 30 23:30:38 r2 bgpd[1172]: %ADJCHANGE: neighbor 172.16.1.1 Up
Sep 30 23:30:54 r2 bgpd[1172]: 172.16.1.1: BGP type 2 length 3298 is too
large, attribute total length is 2307.  attr_endp is 0x7f58178a3e71. 
endp is 0x7f58178a3a8a
Sep 30 23:30:54 r2 bgpd[1172]: %NOTIFICATION: sent to neighbor
172.16.1.1 3/5 (UPDATE Message Error/Attribute Length Error) 0 bytes
Sep 30 23:30:54 r2 bgpd[1172]: Notification sent to neighbor 172.16.1.1:
type 3/5
Sep 30 23:30:54 r2 bgpd[1172]: %ADJCHANGE: neighbor 172.16.1.1 Down BGP
Notification send
Sep 30 23:31:10 r2 bgpd[1172]: %ADJCHANGE: neighbor 172.16.1.1 Up
Sep 30 23:31:27 r2 bgpd[1172]: 172.16.1.1: BGP type 2 length 3298 is too
large, attribute total length is 2307.  attr_endp is 0x7f58178a3e71. 
endp is 0x7f58178a3a8a
Sep 30 23:31:27 r2 bgpd[1172]: %NOTIFICATION: sent to neighbor
172.16.1.1 3/5 (UPDATE Message Error/Attribute Length Error) 0 bytes
Sep 30 23:31:27 r2 bgpd[1172]: Notification sent to neighbor 172.16.1.1:
type 3/5
Sep 30 23:31:27 r2 bgpd[1172]: %ADJCHANGE: neighbor 172.16.1.1 Down BGP
Notification send
Sep 30 23:31:43 r2 bgpd[1172]: %ADJCHANGE: neighbor 172.16.1.1 Up
Sep 30 23:31:58 r2 bgpd[1172]: 172.16.1.1: BGP type 2 length 3298 is too
large, attribute total length is 2307.  attr_endp is 0x7f58178a3e71. 
endp is 0x7f58178a3a8a
Sep 30 23:31:58 r2 bgpd[1172]: %NOTIFICATION: sent to neighbor
172.16.1.1 3/5 (UPDATE Message Error/Attribute Length Error) 0 bytes
Sep 30 23:31:58 r2 bgpd[1172]: Notification sent to neighbor 172.16.1.1:
type 3/5
Sep 30 23:31:58 r2 bgpd[1172]: %ADJCHANGE: neighbor 172.16.1.1 Down BGP
Notification send
Sep 30 23:32:12 r2 bgpd[1172]: %ADJCHANGE: neighbor 172.16.1.1 Up
Sep 30 23:32:22 r2 bgpd[1172]: 172.16.1.1: BGP type 2 length 3298 is too
large, attribute total length is 2307.  attr_endp is 0x7f58174c0a21. 
endp is 0x7f58174c063a
Sep 30 23:32:22 r2 bgpd[1172]: %NOTIFICATION: sent to neighbor
172.16.1.1 3/5 (UPDATE Message Error/Attribute Length Error) 0 bytes
Sep 30 23:32:22 r2 bgpd[1172]: Notification sent to neighbor 172.16.1.1:
type 3/5
Sep 30 23:32:22 r2 bgpd[1172]: %ADJCHANGE: neighbor 172.16.1.1 Down BGP
Notification send
Sep 30 23:32:33 r2 bgpd[1172]: %ADJCHANGE: neighbor 172.16.1.1 Up
Sep 30 23:32:48 r2 bgpd[1172]: %NOTIFICATION: received from neighbor
172.16.1.1 3/5 (UPDATE Message Error/Attribute Length Error) 0 bytes
Sep 30 23:32:48 r2 bgpd[1172]: %ADJCHANGE: neighbor 172.16.1.1 Down BGP
Notification received

Regards,
F.
Re: BGP type 2 length 3294 is too large, attribute total length is 2314. [ In reply to ]
Am 01.10.2017 um 00:50 schrieb France:
> Hi.
>
> We also got hit by this on CentOS / EL 7. See log below.
>
> For now, I will try and apply filter as suggested using route maps:
> router bgp 48894 :-)
> ..
> neighbor 172.16.1.2 route-map r2out out
> ..
> !
> ip as-path access-list maxas-limit75 deny ^([{},0-9]+ ){75}
> ip as-path access-list maxas-limit75 permit .
> !
> route-map r2out permit 10
> match as-path maxas-limit75
> It seems to work:
> 172.16.1.2      4 48894 200778604 245226444        0    0    0 00:05:26   655853

Hi,

we ran into the same issue. 4 Edge routers flapped internally and 2 of
them crashed.
Don't want to think about if all 4 crashed.

We also used the filter list last night and it works good.


Michael

_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users
Re: BGP type 2 length 3294 is too large, attribute total length is 2314. [ In reply to ]
The fix for this should be available in the next release

On Sun, 1 Oct 2017 at 11:08, Muenz, Michael <m.muenz@spam-fetish.org> wrote:

> Am 01.10.2017 um 00:50 schrieb France:
> > Hi.
> >
> > We also got hit by this on CentOS / EL 7. See log below.
> >
> > For now, I will try and apply filter as suggested using route maps:
> > router bgp 48894 :-)
> > ..
> > neighbor 172.16.1.2 route-map r2out out
> > ..
> > !
> > ip as-path access-list maxas-limit75 deny ^([{},0-9]+ ){75}
> > ip as-path access-list maxas-limit75 permit .
> > !
> > route-map r2out permit 10
> > match as-path maxas-limit75
> > It seems to work:
> > 172.16.1.2 4 48894 200778604 245226444 0 0 0
> 00:05:26 655853
>
> Hi,
>
> we ran into the same issue. 4 Edge routers flapped internally and 2 of
> them crashed.
> Don't want to think about if all 4 crashed.
>
> We also used the filter list last night and it works good.
>
>
> Michael
>
> _______________________________________________
> Quagga-users mailing list
> Quagga-users@lists.quagga.net
> https://lists.quagga.net/mailman/listinfo/quagga-users
>
Re: BGP type 2 length 3294 is too large, attribute total length is 2314. [ In reply to ]
On Oct 1, 2017, at 1:39 AM, Balaji Gurudoss <balajig81@gmail.com> wrote:
> The fix for this should be available in the next release

Great, but if that release isn't next week, quagga might as well shut down. This is breaking real sites right now, and will likely get worse. If FRR has this fixed and Quagga doesn't, what do you think will happen? It's like the BGP bug, but even worse.

And Balaji, I'm not attacking you (or Paul) - this isn't your job and if you've got other higher priority stuff, then that's just the way it is. But Quagga is closer to obsolescence and irrelevance than it has ever been and what happens in the next week or so will likely seal its fate.

/a


_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users
Re: BGP type 2 length 3294 is too large, attribute total length is 2314. [ In reply to ]
On Sun, 1 Oct 2017, Alexis Rosen wrote:

> And Balaji, I'm not attacking you (or Paul) - this isn't your job and
> if you've got other higher priority stuff, then that's just the way it
> is.

Well, help Balaji then.

I would turn Quagga 1.xx over to operators (which was where I came
from), if there were people and a body active to turn it over to. I
tried earlier this year to do so, but no interest/time with the few I
pinged.

Otherwise, the vampirical Bro-Exec types win.

I hope not. However, I've been sat on. It's out of my hands, whichever
way.

I will be enforcing my copyright though.

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users
Re: BGP type 2 length 3294 is too large, attribute total length is 2314. [ In reply to ]
Hi,

I think this is pretty critical. Especially, since this isn't the first
time.

The problem took a lot of stuff down the first time around in 2009.
Cisco and Juniper have had some sort of max-as filter in place since
that or before.

Why has this not been taken care of in Quagga ?

And yes .. we got hit, too. Quagga boxes don't have problems, when the
routes come in from other platform upstream, but exchanging the
malformed routes between Quagga boxes will result in flapping and if not
taken care of within a few hours it will also result in massive logfiles
.. For routers with small drives, the drive could end up full.

Kind regards,
Martin List-Petersen


On 01/10/17 08:39, Alexis Rosen wrote:
> On Oct 1, 2017, at 1:39 AM, Balaji Gurudoss <balajig81@gmail.com> wrote:
>> The fix for this should be available in the next release
>
> Great, but if that release isn't next week, quagga might as well shut down. This is breaking real sites right now, and will likely get worse. If FRR has this fixed and Quagga doesn't, what do you think will happen? It's like the BGP bug, but even worse.
>
> And Balaji, I'm not attacking you (or Paul) - this isn't your job and if you've got other higher priority stuff, then that's just the way it is. But Quagga is closer to obsolescence and irrelevance than it has ever been and what happens in the next week or so will likely seal its fate.
>
> /a
>
>
> _______________________________________________
> Quagga-users mailing list
> Quagga-users@lists.quagga.net
> https://lists.quagga.net/mailman/listinfo/quagga-users
>


--
Airwire Ltd. - Ag Nascadh Pobail an Iarthair
http://www.airwire.ie
Phone: 091-865 968
Registered Office: Moy, Kinvara, Co. Galway, 091-865 968 - Registered in
Ireland No. 508961
_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users