as possible during the error handling process. Error handling for some of the categories are controlled by
configuration commands to enable or disable the default behavior.
According to the base BGP specification, a BGP speaker that receives an UPDATE message containing a
malformed attribute is required to reset the session over which the offending attribute was received. This
behavior is undesirable as a session reset would impact not only routes with the offending attribute, but also
other valid routes exchanged over the session.
BGP Attribute Filtering
The BGP Attribute Filter feature checks integrity of BGP updates in BGP update messages and optimizes
reaction when detecting invalid attributes. BGP Update message contains a list of mandatory and optional
attributes. These attributes in the update message include MED, LOCAL_PREF, COMMUNITY etc. In some
cases, if the attributes are malformed, there is a need to filter these attributes at the receiving end of the router.
The BGP Attribute Filter functionality filters the attributes received in the incoming update message. The
attribute filter can also be used to filter any attributes that may potentially cause undesirable behavior on the
receiving router.
Some of the BGP updates are malformed due to wrong formatting of attributes such as the network layer
reachability information (NLRI) or other fields in the update message. These malformed updates, when
received, causes undesirable behavior on the receiving routers. Such undesirable behavior may be encountered
during update message parsing or during re-advertisement of received NLRIs. In such scenarios, its better to
filter these corrupted attributes at the receiving end.
BGP Attribute Filter Actions
The Attribute-filtering is configured by specifying a single or a range of attribute codes and an associated
action. The allowed actions are:
• " Treat-as-withdraw"— The associated IPv4-unicast or MP_REACH NLRIs, if present, are withdrawn
from the neighbor's Adj-RIB-In.
• "Discard Attribute"—The matching attributes alone are discarded and the rest of the Update message
is processed normally.
When a received Update message contains one or more filtered attributes, the configured action is applied on
the message. Optionally, the Update message is also stored to facilitate further debugging and a syslog message
is generated on the console.
When an attribute matches the filter, further processing of the attribute is stopped and the corresponding action
is taken.
Use the attribute-filter group command to enter Attribute-filter group command mode. Use the attribute
command in attribute-filter group command mode to either discard an attribute or treat the update message
as a "Withdraw" action.
BGP Error Handling and Attribute Filtering Syslog Messages
When a router receives a malformed update packet, an ios_msg of type
ROUTING-BGP-3-MALFORM_UPDATE is printed on the console. This is rate limited to 1 message per
minute across all neighbors. For malformed packets that result in actions "Discard Attribute" (A5) or "Local
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 5.3.x
73
Implementing BGP
BGP Attribute Filtering
To Next Page
Loading...
Need help?
General
