[c-nsp] %BGP-6-MSGDUMP_LIMIT: unsupported or mal-formatted message

Discussion:

Antonio Prado

2013-11-26 11:16:29 UTC

Hello,

if I set the maxas-limit, whenever the router receives a longer path, it
complains:

020250: Nov 26 12:09:52: %BGP-6-MSGDUMP_LIMIT: unsupported or
mal-formatted message received from xx.xx.xxx.243:
FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 007A 0200 1C18 67F5 0C16 C773
C412 2966
4011 2966 8016 67F0 E812 2965 C018 C03A E800 4340 0101 0040 022E 020B
0000 0CC5
0000 1A6A 0000 00D1 0000 02D1 0000 69B8 0000 179D 0000 6A02 0000 6A02
0000 6A02
0000 6A02 0000 69AB 4003 043E 5676 F3C0 0804 1A6A 001F 18D6 068F

platform: Cisco 7204VXR (NPE-G2) processor (revision A) with
1966080K/65536K bytes of memory
ios: c7200p-spservicesk9-mz.152-4.S4.bin

It doesn't seem harmful, I mean no session reset or flap.
Anyone else is experiencing the same?

thank you
--
antonio
_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Saku Ytti

2013-11-26 20:11:20 UTC

Permalink

On (2013-11-26 12:16 +0100), Antonio Prado wrote:
>
> if I set the maxas-limit, whenever the router receives a longer path, it
> complains:
>
> 020250: Nov 26 12:09:52: %BGP-6-MSGDUMP_LIMIT: unsupported or
> mal-formatted message received from xx.xx.xxx.243:

I'm guessing this might happen because max-prefix bites while packet is being
received. So remaining packet is incomplete and thus invalid.

I'm not 100% sure about this, but if you put that hexdump through 'text2pcap',
I'm betting it won't be recognized as BGP until you fix the 'size' bytes.

Interestingly, I don't believe this behaviour could be seen in IOS-XR or JunOS
or such, since it's quite untypical for userland process to start processing
packet before it's received. But IOS specifically has dedicated TCP/IP
implementation for BGP and another implementation for rest of the system.
--
++ytti
_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Mark Tinka

2013-11-27 03:26:13 UTC

Permalink

On Tuesday, November 26, 2013 10:11:20 PM Saku Ytti wrote:

> Interestingly, I don't believe this behaviour could be
> seen in IOS-XR or JunOS or such, since it's quite
> untypical for userland process to start processing
> packet before it's received. But IOS specifically has
> dedicated TCP/IP implementation for BGP and another
> implementation for rest of the system.

While we're on the subject:

***@hmmh# run show route 193.105.15.0

inet.0: 466528 destinations, 467107 routes (466496 active, 31 holddown, 1 hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both

193.105.15.0/24 *[BGP/170] 4d 21:28:09, MED 90, localpref 110
AS path: 3257 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404
50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404
50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404
50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404
50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404
50404 50404 50404 50404 50404 50404 50404 I
> to a.b.c.d via xe-0/0/2.0

[edit]
***@hmmh#

Reeks of Mikrotik to me.

Mark.

Martin Moens

2013-11-27 08:50:16 UTC

Permalink

Looks like the want to be *_very_* sure there traffic flows through as174 :-)
M

> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-***@puck.nether.net] On Behalf Of
> Mark Tinka
> Sent: 27 November 2013 04:26
> To: cisco-***@puck.nether.net
> Subject: Re: [c-nsp] %BGP-6-MSGDUMP_LIMIT: unsupported or mal-formatted
> message
>
> On Tuesday, November 26, 2013 10:11:20 PM Saku Ytti wrote:
>
> > Interestingly, I don't believe this behaviour could be
> > seen in IOS-XR or JunOS or such, since it's quite
> > untypical for userland process to start processing
> > packet before it's received. But IOS specifically has
> > dedicated TCP/IP implementation for BGP and another
> > implementation for rest of the system.
>
> While we're on the subject:
>
> ***@hmmh# run show route 193.105.15.0
>
> inet.0: 466528 destinations, 467107 routes (466496 active, 31 holddown, 1
> hidden)
> Restart Complete
> + = Active Route, - = Last Active, * = Both
>
> 193.105.15.0/24 *[BGP/170] 4d 21:28:09, MED 90, localpref 110
> AS path: 3257 50404 50404 50404 50404 50404 50404
> 50404 50404 50404 50404 50404 50404 50404 50404
> 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404
> 50404 50404 50404 50404 50404 50404 50404 50404
> 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404
> 50404 50404 50404 50404 50404 50404 50404 50404
> 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404
> 50404 50404 50404 50404 50404 50404 50404 50404
> 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404
> 50404 50404 50404 50404 50404 50404 50404 50404
> 50404 50404 50404 50404 50404 50404 50404 I
> > to a.b.c.d via xe-0/0/2.0
>
> [edit]
> ***@hmmh#
>
> Reeks of Mikrotik to me.
>
> Mark.

_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Antonio Prado

2013-11-27 16:40:09 UTC

Permalink

On 26/11/13 21:11, Saku Ytti wrote:
> Interestingly, I don't believe this behaviour could be seen in IOS-XR or JunOS
> or such, since it's quite untypical for userland process to start processing
> packet before it's received. But IOS specifically has dedicated TCP/IP
> implementation for BGP and another implementation for rest of the system.

well, I tested on different IOS versions: actually it doesn't show on
151-4.M1 and 124-24.T8 and 123-21 for instance.

just on 152-4.S4
--
antonio
_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Lukas Tribus

2013-11-27 18:01:22 UTC

Permalink

Hi!

> well, I tested on different IOS versions: actually it doesn't show on
> 151-4.M1 and 124-24.T8 and 123-21 for instance.
>
> just on 152-4.S4

15M, 12.4, etc are ISR branches, while 15S or 12.2SR are 7600 branches.

On the 7200 you have the choice between the two, but they are fundamentally
different.

Regards,

Lukas
_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Antonio Prado

2013-11-27 19:06:51 UTC

Permalink

Il 27/11/13 19:01, Lukas Tribus ha scritto:
> 15M, 12.4, etc are ISR branches, while 15S or 12.2SR are 7600
> branches. On the 7200 you have the choice between the two, but they
> are fundamentally different
thank you, exactly what I meant by saying "different versions"
--
antonio

_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/