North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Strange BGP announcement

  • From: Enke Chen
  • Date: Tue Nov 10 15:32:52 1998

Andrew,

> In each case the ASPath attribute says it consists of an AS_SEQUENCE of
> N ASes, but the data only shows N-1 ASes.

Yep, an invalid as-path attribute was injected from somewhere. Our as-path
sanity check code failed to catch this case. 

We have opened the following ddts:

======
Bug ID   : CSCdk63586          Project: CSC.sys        Status : O      3 encls
Product  : all                 Found  : customer-use   Care Update: N
Versions : 11.1CC
Headline : BGP: Tighten as-path sanity check

                               -- Release-note --
 
When the total bytes (2*seglen) of an as-path segment is equal
to the as-path attribute length, the as-path sanity check would
fail and such a bad attribute would be accepted.
 
The workaround is to identify and get rid of the announcement
of prefixes with the bad attributes.
======

We have a fix and it is is being reviewed.

-- Enke

----------------------------------------------------------------------------

   * To: "Craig A. Huegen" <[email protected]>
   * Subject: Re: Strange BGP announcement.
   * From: Andrew Bangs <[email protected]>
   * Date: Mon, 9 Nov 1998 13:24:55 +0000 (GMT)
   * Cc: [email protected]
   * Content-Transfer-Encoding: 7bit
   * Content-Type: text/plain; charset=US-ASCII
   * In-Reply-To: <[email protected]> from "Craig A.
     Huegen" at Nov 8, 98 02:30:28 pm
   * Sender: [email protected]

----------------------------------------------------------------------------

Craig A. Huegen wrote:

>
> After looking over the RFC, I see that 0 can be used for non-routed
> networks, so no one's implementation should be hanging up on it.

I agree. I'm not sure that that is what is happening, though.... see below.

>
> (Regardless, the use of AS 0 as a prepend should be discouraged =)

Yup.

However, I'm not seeing AS0 in the stuff I posted:

>
> ==>==>> Nov  8 17:45:26 BGP RECV flags 0x40 code ASPath(2): (0x02 0x07 0x0f 0x7f 0x02 0xbd 0x0d 0xa5 0x03 0x30 0x03 0x2f 0x03 0x2e)

John Scudder at IENG gave me the clue by decoding the above ASPath:

        0x02 = AS_SEQUENCE
        0x07 = 7 ASes in sequence
        0x0f7f = 3967
        0x02bd =  701
        0x0da5 = 3493
        0x0330 =  816
        0x032f =  815
        0x032e =  814

and I decided to take a closer look at the other's I'd logged:

Nov  8 19:29:35 BGP RECV flags 0x40 code ASPath(2): (0x02 0x08 0x18 0xcb 0x0d 0xe9 0x02 0xbd 0x0d 0xa5 0x03 0x30 0x03 0x2f 0x03 0x2e)

0x02    AS_SEQUENCE
0x08    8 ASes in sequence
0x18cb  6347
0x0de9  3561
0x02bd   701
0x0da5  3493
0x0330   816
0x032f   815
0x032e   814

Nov  8 16:56:32 BGP RECV flags 0x40 code ASPath(2): (0x02 0x03 0x18 0xcb 0x0d 0xe9)
0x02   AS_SEQUENCE
0x03   3 ASes in sequence
0x18cb  6347
0x0de9  3561

In each case the ASPath attribute says it consists of an AS_SEQUENCE of
N ASes, but the data only shows N-1 ASes.

Could it be that your router somehow 'pads' the tail of the AS_PATH
with enough zeros until it makes the right length ?  I think it's
hiding the truth from you.

When I was talking through the problem with one of my upstreams they
mentioned 'AS0' at the end of the AS_PATH. It seems that their routers
were happy to pad the AS to the right length internally, but the Update
that was sent to my router was definitely malformed (and not padded
with AS0) which caused a (correct IMHO) NOTIFY message to be sent
back.

Did anyone else capture any problematic Update messages yesterday ?
Do they show the same problem ?

I'm beginning to believe that this is a bug in at least the Cisco
BGP implementation (since that's what my upstreams use to peer with
me).

(I haven't seen any mention of how the bad routes got into the
world in the first place. Anyone know ?)

 Regards,
 Andrew
--
Andrew Bangs, Network Engineering Manager, Demon Internet Ltd
[email protected]  http://www.demon.net/ http://www.demon.nl/
Network Engineering: +44 (0)181 371 1204   [email protected]

----------------------------------------------------------------------------

   * References:
        o Re: Strange BGP announcement.
             + From: "Craig A. Huegen" <[email protected]>

----------------------------------------------------------------------------

   * Prev: Cisco IOS 12.0 x 11.1CC
   * Next: Re: Strange BGP announcement.
   * Index(es):
        o Main
        o Thread

[ Merit | Subject Index ]