Andrew,
In each case the ASPath attribute says it consists of an AS_SEQUENCE of N ASes, but the data only shows N-1 ASes.
Yep, an invalid as-path attribute was injected from somewhere. Our as-path sanity check code failed to catch this case. We have opened the following ddts: ====== Bug ID : CSCdk63586 Project: CSC.sys Status : O 3 encls Product : all Found : customer-use Care Update: N Versions : 11.1CC Headline : BGP: Tighten as-path sanity check -- Release-note -- When the total bytes (2*seglen) of an as-path segment is equal to the as-path attribute length, the as-path sanity check would fail and such a bad attribute would be accepted. The workaround is to identify and get rid of the announcement of prefixes with the bad attributes. ====== We have a fix and it is is being reviewed. -- Enke ---------------------------------------------------------------------------- * To: "Craig A. Huegen" <chuegen@quadrunner.com> * Subject: Re: Strange BGP announcement. * From: Andrew Bangs <andrewb@demon.net> * Date: Mon, 9 Nov 1998 13:24:55 +0000 (GMT) * Cc: nanog@merit.edu * Content-Transfer-Encoding: 7bit * Content-Type: text/plain; charset=US-ASCII * In-Reply-To: <19981108143028.A8630@quadrunner.com> from "Craig A. Huegen" at Nov 8, 98 02:30:28 pm * Sender: owner-nanog@merit.edu ---------------------------------------------------------------------------- Craig A. Huegen wrote:
After looking over the RFC, I see that 0 can be used for non-routed networks, so no one's implementation should be hanging up on it.
I agree. I'm not sure that that is what is happening, though.... see below.
(Regardless, the use of AS 0 as a prepend should be discouraged =)
Yup. However, I'm not seeing AS0 in the stuff I posted:
==>==>> Nov 8 17:45:26 BGP RECV flags 0x40 code ASPath(2): (0x02 0x07 0x0f 0x7f 0x02 0xbd 0x0d 0xa5 0x03 0x30 0x03 0x2f 0x03 0x2e)
John Scudder at IENG gave me the clue by decoding the above ASPath: 0x02 = AS_SEQUENCE 0x07 = 7 ASes in sequence 0x0f7f = 3967 0x02bd = 701 0x0da5 = 3493 0x0330 = 816 0x032f = 815 0x032e = 814 and I decided to take a closer look at the other's I'd logged: Nov 8 19:29:35 BGP RECV flags 0x40 code ASPath(2): (0x02 0x08 0x18 0xcb 0x0d 0xe9 0x02 0xbd 0x0d 0xa5 0x03 0x30 0x03 0x2f 0x03 0x2e) 0x02 AS_SEQUENCE 0x08 8 ASes in sequence 0x18cb 6347 0x0de9 3561 0x02bd 701 0x0da5 3493 0x0330 816 0x032f 815 0x032e 814 Nov 8 16:56:32 BGP RECV flags 0x40 code ASPath(2): (0x02 0x03 0x18 0xcb 0x0d 0xe9) 0x02 AS_SEQUENCE 0x03 3 ASes in sequence 0x18cb 6347 0x0de9 3561 In each case the ASPath attribute says it consists of an AS_SEQUENCE of N ASes, but the data only shows N-1 ASes. Could it be that your router somehow 'pads' the tail of the AS_PATH with enough zeros until it makes the right length ? I think it's hiding the truth from you. When I was talking through the problem with one of my upstreams they mentioned 'AS0' at the end of the AS_PATH. It seems that their routers were happy to pad the AS to the right length internally, but the Update that was sent to my router was definitely malformed (and not padded with AS0) which caused a (correct IMHO) NOTIFY message to be sent back. Did anyone else capture any problematic Update messages yesterday ? Do they show the same problem ? I'm beginning to believe that this is a bug in at least the Cisco BGP implementation (since that's what my upstreams use to peer with me). (I haven't seen any mention of how the bad routes got into the world in the first place. Anyone know ?) Regards, Andrew -- Andrew Bangs, Network Engineering Manager, Demon Internet Ltd andrewb@demon.net http://www.demon.net/ http://www.demon.nl/ Network Engineering: +44 (0)181 371 1204 networks@demon.net ---------------------------------------------------------------------------- * References: o Re: Strange BGP announcement. + From: "Craig A. Huegen" <chuegen@quadrunner.com> ---------------------------------------------------------------------------- * Prev: Cisco IOS 12.0 x 11.1CC * Next: Re: Strange BGP announcement. * Index(es): o Main o Thread [ Merit | Subject Index ]