4 byte ASNs through OpenBGPd to old Cisco IOS
Our IX's route servers run OpenBGPd 5.5. We are having a problem with a new customer getting turned up. He's getting back invalid or corrupt AS Path errors. There's a network on the IX that has a four byte ASN. They're running IOS 12.4.(15)T and is asking me if we support RFC 4893 which appears to be the 32 bit ASN specification altogether. They specifically highlighted this section: Two new attributes, AS4_PATH and AS4_AGGREGATOR, are introduced that can be used to propagate four-octet based AS path information across BGP speakers that do not support the four-octet AS numbers. Do any of you have any useful input other than they need to upgrade their IOS to something newer than 4.5 years old? ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
On 23/09/2015 21:37, Mike Hammett wrote:
Do any of you have any useful input other than they need to upgrade their IOS to something newer than 4.5 years old?
12.4.(15)T is known to be affected by a variety of security problems, for which cisco TAC will provide free upgrades - assuming they are available for that platform. This is regardless of the support situation for the device. Perhaps if they fixed their security problems with an upgrade, the newer software image might be more tolerant to strange asn32 attributes? Nick
On Wed Sep 23, 2015 at 03:37:31PM -0500, Mike Hammett wrote:
Do any of you have any useful input other than they need to upgrade their IOS to something newer than 4.5 years old?
I recently went through a very similar issue, and was convinced it was related to 32 bit ASNs. Are they seeing this error? Sep 1 08:40:41.506 UTC: %BGP-3-NOTIFICATION: sent to neighbor xxx.xxx.xxx.xxx 3/11 (invalid or corrupt AS path) 11 bytes 40020802 033C3424 580097 If so, have they configured "no bgp enforce-first-as" in their BGP router config? Simon
They did, and it now formed peering with the RSD. Thanks! 12.4.(24)T is the first version from that IOS train that natively supports 4 byte ASN's. We can upgrade at a more convenient time and date. :-) On 09/23/2015 05:04 PM, Simon Lockhart wrote:
On Wed Sep 23, 2015 at 03:37:31PM -0500, Mike Hammett wrote:
Do any of you have any useful input other than they need to upgrade their IOS to something newer than 4.5 years old? I recently went through a very similar issue, and was convinced it was related to 32 bit ASNs.
Are they seeing this error? Sep 1 08:40:41.506 UTC: %BGP-3-NOTIFICATION: sent to neighbor xxx.xxx.xxx.xxx 3/11 (invalid or corrupt AS path) 11 bytes 40020802 033C3424 580097
If so, have they configured "no bgp enforce-first-as" in their BGP router config?
Simon
Fearing you might be on here, I tried to be fairly non-offensive in my post. ;-) ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com ----- Original Message ----- From: "Richard Irving" <rirving@antient.org> To: "Simon Lockhart" <simon@slimey.org>, "Mike Hammett" <nanog@ics-il.net> Cc: "NANOG" <nanog@nanog.org> Sent: Wednesday, September 23, 2015 4:19:23 PM Subject: Re: 4 byte ASNs through OpenBGPd to old Cisco IOS They did, and it now formed peering with the RSD. Thanks! 12.4.(24)T is the first version from that IOS train that natively supports 4 byte ASN's. We can upgrade at a more convenient time and date. :-) On 09/23/2015 05:04 PM, Simon Lockhart wrote:
On Wed Sep 23, 2015 at 03:37:31PM -0500, Mike Hammett wrote:
Do any of you have any useful input other than they need to upgrade their IOS to something newer than 4.5 years old? I recently went through a very similar issue, and was convinced it was related to 32 bit ASNs.
Are they seeing this error? Sep 1 08:40:41.506 UTC: %BGP-3-NOTIFICATION: sent to neighbor xxx.xxx.xxx.xxx 3/11 (invalid or corrupt AS path) 11 bytes 40020802 033C3424 580097
If so, have they configured "no bgp enforce-first-as" in their BGP router config?
Simon
FWIW, I have single digit NANOG shirts in my closet... of course, I couldn't /*fit* into them/... anymore. It has been almos_t_ 20 years..... Time flies.... eh ? Seems like just yesterday Bill, John, I and /*Moses*/ were all having lunch in Denver. ;-) On 09/23/2015 05:20 PM, Mike Hammett wrote:
Fearing you might be on here, I tried to be fairly non-offensive in my post. ;-)
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
------------------------------------------------------------------------ *From: *"Richard Irving" <rirving@antient.org> *To: *"Simon Lockhart" <simon@slimey.org>, "Mike Hammett" <nanog@ics-il.net> *Cc: *"NANOG" <nanog@nanog.org> *Sent: *Wednesday, September 23, 2015 4:19:23 PM *Subject: *Re: 4 byte ASNs through OpenBGPd to old Cisco IOS
Typo.
They did, and it *has* now formed peering with the RSD.
Thanks!
12.4.(24)T is the first version from that IOS train that natively supports 4 byte ASN's.
We can upgrade at a more convenient time and date.
:-)
On Wed Sep 23, 2015 at 03:37:31PM -0500, Mike Hammett wrote:
Do any of you have any useful input other than they need to upgrade
On 09/23/2015 05:04 PM, Simon Lockhart wrote: their IOS
to something newer than 4.5 years old? I recently went through a very similar issue, and was convinced it was related to 32 bit ASNs.
Are they seeing this error? Sep 1 08:40:41.506 UTC: %BGP-3-NOTIFICATION: sent to neighbor xxx.xxx.xxx.xxx 3/11 (invalid or corrupt AS path) 11 bytes 40020802 033C3424 580097
If so, have they configured "no bgp enforce-first-as" in their BGP router config?
Simon
participants (4)
-
Mike Hammett
-
Nick Hilliard
-
Richard Irving
-
Simon Lockhart