 |
 |
On Thu, Apr 30, 2020 at 7:55 AM Chris Wopat <[log in to unmask]> wrote: > On 4/30/20 7:49 AM, David Farmer wrote: > > > We're running IOS XR, I found these droppings in our logs; > > > > RP/0/RP0/CPU0:Apr 29 21:50:26.798 CDT: bgp[1068]: > %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from > neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error > flags 0x00000200, action taken "TreatAsWdr". Error details: "Error > 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data > [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23 > RP/0/RP1/CPU0:Apr 29 21:50:26.797 CDT: bgp[1068]: > %ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from > neighbor 206.108.255.2 (VRF: default) - message length 59 bytes, error > flags 0x00000200, action taken "TreatAsWdr". Error details: "Error > 0x00000200, Field "Attr-data", Attribute 2 (Flags 0x40, Length 0), Data > [400200]". NLRIs: [IPv4 Unicast] 198.179.154.0/23 > > > > Maybe try resting you BGP sessions. > > > We're seeing a weird next-hop ip on that prefix (rfc1918) and its hidden > on our net. > > Is 10.223.129.2 something internal to route server #2? > > > show route 198.179.154.0 hidden detail > > inet.0: 795967 destinations, 2081403 routes (795589 active, 0 holddown, > 1604 hidden) > 198.179.154.0/23 (3 entries, 1 announced) > BGP > Next hop type: Router, Next hop index: 0 > Address: 0x113614cc > Next-hop reference count: 1 > Source: 206.108.255.2 > Next hop: 10.223.129.2 via xe-0/1/5.300, selected > Session Id: 0x0 > State:> Inactive reason: Unusable path > Local AS: 65400 Peer AS: 53679 > Age: 10:02:05 > Validation State: unverified > Task: BGP_53679.206.108.255.2 > AS path: I > Communities: target:21693:1000 > Router ID: 206.108.255.2 > Hidden reason: protocol nexthop is not on the interface > Here is what I see; BGP routing table entry for 198.179.154.0/23 Versions: Process bRIB/RIB SendTblVer Speaker 14008256 14008256 Last Modified: Apr 29 21:50:26.404 for 10:08:07 Paths: (1 available, best #1) Advertised IPv4 Unicast paths to update-groups (with more than one peer): 1.2 1.7 1.11 1.18 Advertised IPv4 Unicast paths to peers (in unique update groups): 146.57.254.0 146.57.252.9 146.57.252.217 146.57.248.131 146.57.253.81 146.57.253.9 146.57.253.157 146.57.255.184 Path #1: Received by speaker 1 Advertised IPv4 Unicast paths to update-groups (with more than one peer): 1.2 1.7 1.11 1.18 Advertised IPv4 Unicast paths to peers (in unique update groups): 146.57.254.0 146.57.252.9 146.57.252.217 146.57.248.131 146.57.253.81 146.57.253.9 146.57.253.157 146.57.255.184 21693 206.108.255.115 from 206.108.255.1 (206.108.255.1) Origin IGP, localpref 180, valid, external, best, group-best, import-candidate Received Path ID 0, Local Path ID 1, version 14008256 Community: 57:12 57:10500 57:10505 Extended community: RT:21693:1000 Origin-AS validity: not-found It is an Xcel Energy Prefix, which jives with ARIN; -- =============================================== David Farmer Email:[log in to unmask] Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================