BGP update session reset due to AS4_aggregator attribute contains ASN 0
Article ID: 327355
Updated On:
Products
VMware NSX
Issue/Introduction
This document explains the behaviour on NSX 6.3.x when NSX receives a BGP update packet containing AS4_aggregator with ASN0
Symptoms:
BGP update session reset due to AS4_aggregator attribute contains ASN 0.
Symptoms:
BGP update session reset due to AS4_aggregator attribute contains ASN 0.
Environment
VMware NSX for vSphere 6.3.x
Cause
BGP speaker sends an update packet to NSX containing AS4_aggregator with ASN 0.
On packet capture for update send by BGP Neighbour should see a packet containing the following :
Path Attribute - AGGREGATOR : AS : 0 origin : 0.0.0.0
NSX 6.3.X includes the feature for ASN-4 , and fully supports RFC 4271 " A Border Gateway Protocol 4 (BGP-4)". RFC 6793, RFC 7606 and RFC 7607 are not supported.
Based on RFC 4721 and since we NSX doesn't supports RFC NSX version running 6.3.X will reset BGP sessions when AS4_aggregator attribute contains ASN 0 and renegotiate them.
You may found entries on NSX Edge logs like the example below where X.X.X.X is the IP for the BGP neighbour and YYYY is the name of the Switch :
2018-12-14T12:21:25+00:00 YYYY routing[988]: [user.emerg] EXCEPTION 0x4103-95 (0000): UPDATE message contains AS4_AGGREGATOR attribute with AS number 0.
2018-12-14T12:21:25+00:00 YYYY routing[988]: [user.err] PROBLEM 0x4102-46 (0000): NM has received an UPDATE message that failed to parse.
2018-12-14T12:21:25+00:00 YYYY routing[988]: [user.debug] DEV 0x4102-54 (0000): BGP Connection FSM state changed. Remote address: X.X.X.X ld state: Established New state: Idle)
2018-12-14T12:21:25+00:00 YYYY routing[988]: [user.emerg] EXCEPTION 0x4102-71 (0000): UPDATE Message Error (Optional Attribute Error): BGP NOTIFICATION sent to neighbor X.X.X.X (A
S: 65331)
2018-12-14T12:21:25+00:00 YYYY routing[988]: [user.info] AUDIT 0x4102-49 (0000): BGP: A connection's FSM state has deteriorated. Remote address: X.X.X.X (Old State: Established New State: Idle)
Packet captures for BGP updates received on NSX Edge contains on Path Attribute field Aggregator AS : 0 as per image below :
On packet capture for update send by BGP Neighbour should see a packet containing the following :
Path Attribute - AGGREGATOR : AS : 0 origin : 0.0.0.0
NSX 6.3.X includes the feature for ASN-4 , and fully supports RFC 4271 " A Border Gateway Protocol 4 (BGP-4)". RFC 6793, RFC 7606 and RFC 7607 are not supported.
Based on RFC 4721 and since we NSX doesn't supports RFC NSX version running 6.3.X will reset BGP sessions when AS4_aggregator attribute contains ASN 0 and renegotiate them.
You may found entries on NSX Edge logs like the example below where X.X.X.X is the IP for the BGP neighbour and YYYY is the name of the Switch :
2018-12-14T12:21:25+00:00 YYYY routing[988]: [user.emerg] EXCEPTION 0x4103-95 (0000): UPDATE message contains AS4_AGGREGATOR attribute with AS number 0.
2018-12-14T12:21:25+00:00 YYYY routing[988]: [user.err] PROBLEM 0x4102-46 (0000): NM has received an UPDATE message that failed to parse.
2018-12-14T12:21:25+00:00 YYYY routing[988]: [user.debug] DEV 0x4102-54 (0000): BGP Connection FSM state changed. Remote address: X.X.X.X ld state: Established New state: Idle)
2018-12-14T12:21:25+00:00 YYYY routing[988]: [user.emerg] EXCEPTION 0x4102-71 (0000): UPDATE Message Error (Optional Attribute Error): BGP NOTIFICATION sent to neighbor X.X.X.X (A
S: 65331)
2018-12-14T12:21:25+00:00 YYYY routing[988]: [user.info] AUDIT 0x4102-49 (0000): BGP: A connection's FSM state has deteriorated. Remote address: X.X.X.X (Old State: Established New State: Idle)
Packet captures for BGP updates received on NSX Edge contains on Path Attribute field Aggregator AS : 0 as per image below :
Resolution
NSX 6.4.0 and above supports the below mentioned RFCs :
RFC 4271 A Border Gateway Protocol 4 (BGP-4) : Fully supported.
RFC 6793 BGP Support for 4-Octet AS Number Space : Partially supports by supporting the attribute-discard mechanism, but do not support the processes to 'fix-up' some types of malformed attributes.
RFC 7607( Codification of AS 0 Processing) & RFC 7606(Revised Error Handling for BGP UPDATE Messages) : When the AS number is 0 in the AS4_PATH, AGGREGATOR and AS4_AGGREGATOR attributes we support the attribute-discard mechanism . We don't support the treat-as-withdraw mechanism for the AS_PATH attribute.
Based on this details above NSX 6.4.0 and above will not discard the packet or the update. Only applies attribute discard , that means the attribute which is malformed will not be considered while processing the update packet.
RFC 4271 A Border Gateway Protocol 4 (BGP-4) : Fully supported.
RFC 6793 BGP Support for 4-Octet AS Number Space : Partially supports by supporting the attribute-discard mechanism, but do not support the processes to 'fix-up' some types of malformed attributes.
RFC 7607( Codification of AS 0 Processing) & RFC 7606(Revised Error Handling for BGP UPDATE Messages) : When the AS number is 0 in the AS4_PATH, AGGREGATOR and AS4_AGGREGATOR attributes we support the attribute-discard mechanism . We don't support the treat-as-withdraw mechanism for the AS_PATH attribute.
Based on this details above NSX 6.4.0 and above will not discard the packet or the update. Only applies attribute discard , that means the attribute which is malformed will not be considered while processing the update packet.
Additional Information
Impact/Risks:
Route table for BGP IP protocol will be flushed out, causing a brief disruption on the service. BGP session need to be renegotiated and reestablished.
Route table for BGP IP protocol will be flushed out, causing a brief disruption on the service. BGP session need to be renegotiated and reestablished.
Feedback
Yes
No
Powered by
