These did not kick our sessions, but we got them also: Via AS6939 ip4 peer in Denver: May 20 01:01:51 MDT: %BGP-6-ATTR_WRONG_LEN: BGP update error: XXX.XXX.XXX.XXX Wrong length 1 for PrefixSID attribute (dropped by error handling) May 20 01:02:16 MDT: %BGP-6-ATTR_WRONG_LEN: BGP update error: XXX.XXX.XXX.XXX Wrong length 1 for PrefixSID attribute (dropped by error handling) Via AS3356 ip4 peer in Los Angeles: May 20 01:02:12 MDT: %BGP-6-ATTR_WRONG_LEN: BGP update error: XXX.XXX.XXX.XXX Wrong length 1 for PrefixSID attribute (dropped by error handling) May 20 01:02:38 MDT: %BGP-6-ATTR_WRONG_LEN: BGP update error: XXX.XXX.XXX.XXX Wrong length 1 for PrefixSID attribute (dropped by error handling) Via AS3356 ip4 peer in Seattle: May 20 01:02:07 MDT: %BGP-6-ATTR_WRONG_LEN: BGP update error: XXX.XXX.XXX.XXX Wrong length 1 for PrefixSID attribute (dropped by error handling) May 20 01:02:37 MDT: %BGP-6-ATTR_WRONG_LEN: BGP update error: XXX.XXX.XXX.XXX Wrong length 1 for PrefixSID attribute (dropped by error handling) On 5/20/25 07:31, Simon Lockhart via NANOG wrote:
Did anyone see BGP flaps this morning at about 07:01 UTC as a result of BGP malformed update?
It flapped one of our iBGP sessions:
May 20 08:01:51.150 BST: %BGP-3-NOTIFICATION: received from neighbor XXX.XXX.XXX.XXX 3/1 (update malformed) 31 bytes E0281C00 00000000 00000000 00000000 00
Another ISP saw the same thing...
code 3 (Update Message Error) subcode 1 (invalid attribute list), Data: e0 28 1c 00 00 00
Is there a new BGP rogue update out there?
Simon _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/GQP6V6BO...