Dear Experts,
We had established our whole network on BGP-VPNv4 & L2VPN. Where we used BGP-VPLS & VRF for client delivery. Last few day we observed issue in our whole Network BGP session for VPNv4 has been flapped in random manner. We had do everything for resolving issue even too we had upgrade Router Board to latest firmware 6.43.8 stable version. But we have not got any success. Any body can please tips us for resolving issue. We had got error as BGP attributes Malformed & attributes flags error.

RouterOS closes connection whenever it receives malformed update.
There are two possibilities, either remote peer sent actually malformed packet or packet contained attributes that RouterOS do not understand and think that they are malformed. I would suggest to run packet sniffer to catch which packet contained malformed update and see what exactly that was.

I'm experiencing the same sort of issues. I've got sniffer working, I can see one half of the conversation presently.. doing some more to see both.

I do see this in the notification message back - from wireshark:

Border Gateway Protocol - NOTIFICATION Message
Marker: ffffffffffffffffffffffffffffffff
Length: 169
Type: NOTIFICATION Message (3)
Major error Code: UPDATE Message Error (3)
Minor error Code (Update Message): Attribute Flags Error (4)
Data: 001091001100000001000007d00066001000100013910011...


0000 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
0010 00 a9 03 03 04 00 10 91 00 11 00 00 00 01 00 00 ................
0020 07 d0 00 66 00 10 00 10 00 13 91 00 11 00 00 00 ...f............
0030 01 00 00 07 d0 00 66 00 20 00 10 00 14 91 00 11 ......f. .......
0040 00 00 00 01 00 00 07 d0 00 66 4e 20 00 10 00 15 .........fN ....
0050 91 00 11 00 00 00 01 00 00 07 d0 00 66 00 30 00 ............f.0.
0060 10 00 11 91 00 11 00 00 00 01 00 00 07 d0 00 66 ...............f
0070 00 40 00 10 00 12 91 00 11 00 00 00 01 00 00 07 .@..............
0080 d0 00 66 00 50 00 10 00 17 91 00 11 00 00 00 01 ..f.P...........
0090 00 00 07 d0 00 66 00 60 00 10 00 01 01 00 11 00 .....f.`........
00a0 00 00 01 00 00 07 d0 00 66 ........f


Any ideas?

Sean

One packet before should be update message with attribute flag error. Notification message just informs remote peer that malformed packet was received and connection will be closed.

I sent this to Mikrotik support havn't heard back - Ticket#2019012122000025

Here is the update that is causing the issue..

Transmission Control Protocol, Src Port: 47671, Dst Port: 179, Seq: 1, Ack: 1, Len: 222
Border Gateway Protocol - UPDATE Message
Marker: ffffffffffffffffffffffffffffffff
Length: 222
Type: UPDATE Message (2)
Withdrawn Routes Length: 0
Total Path Attribute Length: 199
Path attributes
Path Attribute - MP_UNREACH_NLRI
Flags: 0x80, Optional, Non-transitive, Complete
Type Code: MP_UNREACH_NLRI (15)
Length: 19
Address family identifier (AFI): IPv4 (1)
Subsequent address family identifier (SAFI): Labeled VPN Unicast (128)
Withdrawn routes (16 bytes)
Path Attribute - AS_PATH
Flags: 0x00, Well-known, Non-transitive, Complete
Type Code: AS_PATH (2)
Length: 177
[Expert Info (Error/Undecoded): ASN length uncalculated by heuristic : 255]



Raw Here

I sent this to Mikrotik support havn't heard back - Ticket#2019012122000025

Here is the update that is causing the issue..

Transmission Control Protocol, Src Port: 47671, Dst Port: 179, Seq: 1, Ack: 1, Len: 222
Border Gateway Protocol - UPDATE Message
Marker: ffffffffffffffffffffffffffffffff
Length: 222
Type: UPDATE Message (2)
Withdrawn Routes Length: 0
Total Path Attribute Length: 199
Path attributes
Path Attribute - MP_UNREACH_NLRI
Flags: 0x80, Optional, Non-transitive, Complete
Type Code: MP_UNREACH_NLRI (15)
Length: 19
Address family identifier (AFI): IPv4 (1)
Subsequent address family identifier (SAFI): Labeled VPN Unicast (128)
Withdrawn routes (16 bytes)
Path Attribute - AS_PATH
Flags: 0x00, Well-known, Non-transitive, Complete
Type Code: AS_PATH (2)
Length: 177
[Expert Info (Error/Undecoded): ASN length uncalculated by heuristic : 255]



Raw Here

Code: Select all

0000   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
0010   00 de 02 00 00 00 c7 80 0f 13 00 01 80 75 00 00  .............u..
0020   31 00 02 00 06 0b 85 00 01 4c 08 27 18 00 02 b1  1........L.'....
0030   00 11 00 00 00 01 00 00 07 d0 00 66 00 10 00 10  ...........f....
0040   00 03 b1 00 11 00 00 00 01 00 00 07 d0 00 66 00  ..............f.
0050   20 00 10 00 07 b1 00 11 00 00 00 01 00 00 07 d0   ...............
0060   00 66 4e 20 00 10 00 09 b1 00 11 00 00 00 01 00  .fN ............
0070   00 07 d0 00 66 00 30 00 10 00 04 b1 00 11 00 00  ....f.0.........
0080   00 01 00 00 07 d0 00 66 00 40 00 10 00 05 b1 00  .......f.@......
0090   11 00 00 00 01 00 00 07 d0 00 66 00 50 00 10 00  ..........f.P...
00a0   06 b1 00 11 00 00 00 01 00 00 07 d0 00 66 00 60  .............f.`
00b0   00 10 00 01 01 00 11 00 00 00 01 00 00 07 d0 00  ................
00c0   66 00 70 00 10 00 08 b1 f1 00 11 00 00 00 01 00  f.p.............
00d0   00 07 d0 00 68 00 30 00 10 00 10 f1 00 11        ....h.0.......

MT must take this BGP issues seriously, don't wait any longer for any reason.