One of our downstream customers was messaging me asking if we had any issues at that time, apparently they noticed two of their upstreams flap and their logs indicate the same on those BGP sessions: Bgp: %BGP-3-NOTIFICATION: sent to neighbor XXX.XXX.XXX.XXX (VRF default AS 3356) 3/1 (Update Message Error/invalid attribute list) 31 bytes They aren't on the list, but I passed along your e-mail in case they want to compare notes. Interestingly, we have one of the same upstreams as them and did not see the same error. John Stitt ________________________________ From: Simon Lockhart via NANOG <nanog@lists.nanog.org> Sent: Tuesday, May 20, 2025 8:31 AM To: nanog@lists.nanog.org <nanog@lists.nanog.org> Cc: Simon Lockhart <simon@slimey.org> Subject: BGP malformed update/attribute list Did anyone see BGP flaps this morning at about 07:01 UTC as a result of BGP malformed update? It flapped one of our iBGP sessions: May 20 08:01:51.150 BST: %BGP-3-NOTIFICATION: received from neighbor XXX.XXX.XXX.XXX 3/1 (update malformed) 31 bytes E0281C00 00000000 00000000 00000000 00 Another ISP saw the same thing... code 3 (Update Message Error) subcode 1 (invalid attribute list), Data: e0 28 1c 00 00 00 Is there a new BGP rogue update out there? Simon _______________________________________________ NANOG mailing list https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.nanog.org%2Farchives%2Flist%2Fnanog%40lists.nanog.org%2Fmessage%2FGQP6V6BONTN2BPD7XSGW27WLZE5F3L7K%2F&data=05%7C02%7Cjstitt%40hop-electric.com%7C396ed4564a8043cbd5b708dd97a2c54a%7C7707c291b2534ee2bcd6557cdf0fea43%7C0%7C0%7C638833447553368201%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=AD0xiF%2FGvVs89oREhSTi1AGNasvaWxYUfPEMmAD%2By7c%3D&reserved=0<https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/GQP6V6BONTN2BPD7XSGW27WLZE5F3L7K/> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are not expecting this message contact the sender directly via phone/text to verify.