Obsolete BGP Attributes in the LACNIC Region
28/01/2025
By Guillermo Pereyra, Security Analyst, and Elisa Peirano, R&D Data Analyst, at LACNIC
In 2023, numerous BGP sessions were shut down because of the presence of obsolete attributes in BGP announcements. This incident, which affected the connectivity of several autonomous systems (AS), highlighted the importance of maintaining a robust and up-to-date routing infrastructure.
What Are BGP Attributes?
The Border Gateway Protocol (BGP) is essential for the operation of the Internet, as it allows Autonomous Systems to exchange routing information. BGP UPDATE messages play a key role in this process, as they announce new routes, modify existing ones, or withdraw those that are no longer valid. These messages contain attributes that describe the characteristics of the route, such as the IP prefix and the list of ASs through which the traffic traverses.
Over time, certain BGP attributes become obsolete due to technological advancements or changes in operational needs. The IANA and IETF working groups are responsible for managing the creation and obsolescence of these attributes.
The presence of obsolete BGP attributes can lead to various problems, such as the following:
- Router incompatibility: Different software versions may interpret obsolete attributes differently, potentially leading to BGP sessions being dropped or the propagation of incorrect information.
- Security vulnerabilities: Obsolete attributes can be exploited by hackers to manipulate traffic or disrupt service.
- Unnecessary complexity: The persistence of obsolete attributes adds to the complexity of network management and makes it more difficult to troubleshoot.
The Case of the ‘Entropy Label’ Attribute
On 2 June 2023, a Brazilian Autonomous System (AS) announced one of its routes with attribute 28 (Entropy Label) enabled and marked as transitive, indicating that it should be propagated to other routers.
However, the BGP Entropy Label attribute caused BGP sessions to drop on routers beyond the AS’s direct peers. This issue was observed across different BGP implementations, where certain versions failed to handle this attribute correctly.
This flaw was classified as a vulnerability, and the need to maintain consistency in BGP implementations considering the state of obsolete attributes was highlighted to avoid similar disruptions in the future.
List of devices vulnerable to attacks with malformed BGP attributes:
- CVE-2023-4481 (Juniper)
- CVE-2023-38802 (FRR)
- CVE-2023-38283 (OpenBGPd)
- CVE-2023-40457 (EXOS)
Analysis of Obsolete Attributes in the LACNIC Region
LACNIC conducted a study on the presence of obsolete attributes in BGP announcements observed by the LACNIC collector (RRC24) between October 2022 and October 2024. BVIEWS and UPDATES files were analyzed separately.
BVIEWS Analysis
Results revealed the presence of three obsolete attributes:
- No. 20: Connector Attribute
- No. 21: AS_PATHLIMIT
- No. 243: Deprecated [RFC8093]
Sixteen different ASNs were identified as origins of the announcements containing these obsolete attributes. The graph shows an increase in the number of announcements with attribute 21 towards the end of the period.
When analyzing the number of announcements for each ASN individually, it was observed that three ASNs began announcing with attribute 21 starting on 21 August 2024. Additionally, a fourth ASN showed a significant increase in announcements around the same dates, contributing to the overall increase.
Announcements with attribute No. 28 (Entropy Label) were not found in the data obtained from the BVIEWS, which is mentioned in the articles that originated this analysis. Therefore, we decided to analyze the UPDATES messages for the same period.
UPDATES Analysis
Results revealed the presence of three obsolete attributes:
- No. 20: Connector Attribute
- No. 21: AS_PATHLIMIT
- No. 28: Entropy Label
- No. 243: Unidentified
The number of updates with each of the obsolete attributes mentioned above observed during the period that was considered is shown below.
For attribute No. 20, a high variability in the number of updates was observed, with peaks ranging from 200 to 750 per day. On 11 June 2023, there was a peak of more than 26,000 updates.
In the case of attribute No. 21, an increase in the number of update messages can be noticed since the start of October 2022. The peak of 1,170 updates occurred on 1st February 2024.
As for attribute No. 243, its presence was observed for approximately one year within the period considered from 8 December 2022 to 13 November 2023, as illustrated in the image below:
Finally, attribute No. 28, which, as mentioned earlier, was classified as a vulnerability by CMU. In the case of the LACNIC RRC24 collector, this attribute was rare, as shown in the following image:
In the case of UPDATE messages, 23 ASNs were identified as the origin of announcements with obsolete attributes from 11 different countries, including Argentina and Brazil in the LACNIC region.
The table below shows the number of UPDATE messages with obsolete attributes by country of the originating ASN:
| Country | # updates |
| Australia | 34603 |
| USA | 23488 |
| United Kingdom | 5236 |
| Hong Kong | 2055 |
| Argentina | 712 |
| China | 38 |
| Cambodia | 36 |
| India | 23 |
| Canada | 18 |
| Brazil | 4 |
| Poland | 2 |
Mitigation
To mitigate the risks associated with UPDATE messages containing obsolete attributes, BGP implementations must support RFC 7606. This recommendation provides guidelines on how to handle errors in UPDATE messages without restarting the entire BGP session, ensuring greater stability when dealing with unknown or unimplemented attributes.
Some vendors enable this error handling by default, while others require it to be manually enabled.
Configuration Examples:
Juniper
set protocols bgp bgp-error-tolerance
Nokia
[router bgp group]
error-handling update-fault-tolerance
Details for other vendors can be found in the references listed below.
Implementing these mitigation strategies helps strengthen the resilience and security of BGP routing, minimizing the risk of disruptions and improving long-term connectivity stability.
References
https://www.kb.cert.org/vuls/id/347067
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of LACNIC.