Andrew,
In each case the ASPath attribute says it consists of an AS_SEQUENCE of N ASes, but the data only shows N-1 ASes.
Yep, an invalid as-path attribute was injected from somewhere. Our as-path sanity check code failed to catch this case. We have opened the following ddts: ====== Bug ID : CSCdk63586 Project: CSC.sys Status : O 3 encls Product : all Found : customer-use Care Update: N Versions : 11.1CC Headline : BGP: Tighten as-path sanity check -- Release-note -- When the total bytes (2*seglen) of an as-path segment is equal to the as-path attribute length, the as-path sanity check would fail and such a bad attribute would be accepted. The workaround is to identify and get rid of the announcement of prefixes with the bad attributes. ====== We have a fix and it is is being reviewed. -- Enke ---------------------------------------------------------------------------- * To: "Craig A. Huegen" <chuegen@quadrunner.com> * Subject: Re: Strange BGP announcement. * From: Andrew Bangs <andrewb@demon.net> * Date: Mon, 9 Nov 1998 13:24:55 +0000 (GMT) * Cc: nanog@merit.edu * Content-Transfer-Encoding: 7bit * Content-Type: text/plain; charset=US-ASCII * In-Reply-To: <19981108143028.A8630@quadrunner.com> from "Craig A. Huegen" at Nov 8, 98 02:30:28 pm * Sender: owner-nanog@merit.edu ---------------------------------------------------------------------------- Craig A. Huegen wrote:
After looking over the RFC, I see that 0 can be used for non-routed networks, so no one's implementation should be hanging up on it.
I agree. I'm not sure that that is what is happening, though.... see below.
(Regardless, the use of AS 0 as a prepend should be discouraged =)
Yup. However, I'm not seeing AS0 in the stuff I posted:
==>==>> Nov 8 17:45:26 BGP RECV flags 0x40 code ASPath(2): (0x02 0x07 0x0f 0x7f 0x02 0xbd 0x0d 0xa5 0x03 0x30 0x03 0x2f 0x03 0x2e)
John Scudder at IENG gave me the clue by decoding the above ASPath: 0x02 = AS_SEQUENCE 0x07 = 7 ASes in sequence 0x0f7f = 3967 0x02bd = 701 0x0da5 = 3493 0x0330 = 816 0x032f = 815 0x032e = 814 and I decided to take a closer look at the other's I'd logged: Nov 8 19:29:35 BGP RECV flags 0x40 code ASPath(2): (0x02 0x08 0x18 0xcb 0x0d 0xe9 0x02 0xbd 0x0d 0xa5 0x03 0x30 0x03 0x2f 0x03 0x2e) 0x02 AS_SEQUENCE 0x08 8 ASes in sequence 0x18cb 6347 0x0de9 3561 0x02bd 701 0x0da5 3493 0x0330 816 0x032f 815 0x032e 814 Nov 8 16:56:32 BGP RECV flags 0x40 code ASPath(2): (0x02 0x03 0x18 0xcb 0x0d 0xe9) 0x02 AS_SEQUENCE 0x03 3 ASes in sequence 0x18cb 6347 0x0de9 3561 In each case the ASPath attribute says it consists of an AS_SEQUENCE of N ASes, but the data only shows N-1 ASes. Could it be that your router somehow 'pads' the tail of the AS_PATH with enough zeros until it makes the right length ? I think it's hiding the truth from you. When I was talking through the problem with one of my upstreams they mentioned 'AS0' at the end of the AS_PATH. It seems that their routers were happy to pad the AS to the right length internally, but the Update that was sent to my router was definitely malformed (and not padded with AS0) which caused a (correct IMHO) NOTIFY message to be sent back. Did anyone else capture any problematic Update messages yesterday ? Do they show the same problem ? I'm beginning to believe that this is a bug in at least the Cisco BGP implementation (since that's what my upstreams use to peer with me). (I haven't seen any mention of how the bad routes got into the world in the first place. Anyone know ?) Regards, Andrew -- Andrew Bangs, Network Engineering Manager, Demon Internet Ltd andrewb@demon.net http://www.demon.net/ http://www.demon.nl/ Network Engineering: +44 (0)181 371 1204 networks@demon.net ---------------------------------------------------------------------------- * References: o Re: Strange BGP announcement. + From: "Craig A. Huegen" <chuegen@quadrunner.com> ---------------------------------------------------------------------------- * Prev: Cisco IOS 12.0 x 11.1CC * Next: Re: Strange BGP announcement. * Index(es): o Main o Thread [ Merit | Subject Index ]
Yep, an invalid as-path attribute was injected from somewhere. Our as-path sanity check code failed to catch this case.
thank you for this nice code, which caused our gated to crash... Where may i send my bill to :-)))
We have opened the following ddts:
====== Bug ID : CSCdk63586 Project: CSC.sys Status : O 3 encls Product : all Found : customer-use Care Update: N Versions : 11.1CC Headline : BGP: Tighten as-path sanity check
fine to see, that it is corrected in 12.0(2)S. This will be another reason for cisco to force everybody to throw away 11.1.X up to 11.3.X.... Winfried Winfried Haug * Geschaeftsfuehrer * eMail: wh@seicom.net Laiblinsplatz 12 * 72793 Pfullingen * tel. +49 7121 9770 0 Hauptstaetterstr. 66 * 70178 Stuttgart * fax. +49 7121 9770 19 ------->> seicom.NET - making information available <<------- Internet access, network&security consulting and firewalls 34 Mbit USA (Teleglobe) * 100 Mbit DE-CIX * 34 Mbit WIN
Date: Fri, 13 Nov 1998 21:38:41 +0100 From: "Winfried Haug" <haug@seicom.NET> To: "Enke Chen" <enkechen@cisco.com>, "Andrew Bangs" <andrewb@demon.net> CC: <nanog@merit.edu>
Yep, an invalid as-path attribute was injected from somewhere. Our as-path sanity check code failed to catch this case.
thank you for this nice code, which caused our gated to crash... Where may i send my bill to :-)))
I suggest the bill be sent to the guy/vendor that injected the bad path :-)
We have opened the following ddts:
====== Bug ID : CSCdk63586 Project: CSC.sys Status : O 3 encls Product : all Found : customer-use Care Update: N Versions : 11.1CC Headline : BGP: Tighten as-path sanity check
fine to see, that it is corrected in 12.0(2)S.
It is being patched into many other versions that are of interest to customers.
This will be another reason for cisco to force everybody to throw away 11.1.X up to 11.3.X....
That might be ***your*** reason, but not Cisco's as far as I can tell :-) -- Enke
Winfried
Winfried Haug * Geschaeftsfuehrer * eMail: wh@seicom.net Laiblinsplatz 12 * 72793 Pfullingen * tel. +49 7121 9770 0 Hauptstaetterstr. 66 * 70178 Stuttgart * fax. +49 7121 9770 19
------->> seicom.NET - making information available <<-------
Internet access, network&security consulting and firewalls 34 Mbit USA (Teleglobe) * 100 Mbit DE-CIX * 34 Mbit WIN
Date: Fri, 13 Nov 1998 21:38:41 +0100 From: "Winfried Haug" <haug@seicom.NET> To: "Enke Chen" <enkechen@cisco.com>, "Andrew Bangs" <andrewb@demon.net> CC: <nanog@merit.edu>
Yep, an invalid as-path attribute was injected from somewhere. Our as-path sanity check code failed to catch this case.
thank you for this nice code, which caused our gated to crash... Where may i send my bill to :-)))
I suggest the bill be sent to the guy/vendor that injected the bad path :-)
Hmm. If the upstream had been running code that did what the RFC says then Winfried wouldn't have a bill to send to anybody... It isn't like this was the first time we've seen this problem, either.
We have opened the following ddts:
====== Bug ID : CSCdk63586 Project: CSC.sys Status : O 3 encls Product : all Found : customer-use Care Update: N
"customer-use" ? *rofl* Regards, Andrew
At 01:00 AM 11/14/98 +0000, Andrew Bangs wrote:
thank you for this nice code, which caused our gated to crash... Where may i send my bill to :-)))
I suggest the bill be sent to the guy/vendor that injected the bad path :-)
Hmm. If the upstream had been running code that did what the RFC says then Winfried wouldn't have a bill to send to anybody... It isn't like this was the first time we've seen this problem, either.
You really want all backbone routers to ignore AS-Path length in the BGP route selection process? I think I like it better the way it is now - at least for the near future. Hrmm.... Perhaps if the vendors covered the RFC error code type stuff at least, then they could add kewl, new features like "as-path length" as a step in the route selection process.
Andrew
TTFN, patrick I Am Not An Isp www.ianai.net "Think of it as evolution in action." - Niven & Pournelle
patrick@ianai.net wrote:
At 01:00 AM 11/14/98 +0000, Andrew Bangs wrote:
thank you for this nice code, which caused our gated to crash... Where may i send my bill to :-)))
I suggest the bill be sent to the guy/vendor that injected the bad path :-)
Hmm. If the upstream had been running code that did what the RFC says then Winfried wouldn't have a bill to send to anybody... It isn't like this was the first time we've seen this problem, either.
You really want all backbone routers to ignore AS-Path length in the BGP route selection process? I think I like it better the way it is now - at least for the near future.
I don't recall saying that, or anything about route selection. I don't want all backbone routers (or any of them, for that matter) ignoring Update messages (or worse, propagating the announcements) with malformed AS_PATH attributes when they should be returning a NOTIFY and closing the BGP session. Regards, Andrew -- Andrew Bangs, Network Engineering Manager, Demon Internet Ltd andrewb@demon.net http://www.demon.net/ http://www.demon.nl/
At 07:47 PM 11/17/98 +0000, Andrew Bangs wrote:
patrick@ianai.net wrote:
I don't recall saying that, or anything about route selection. I don't want all backbone routers (or any of them, for that matter) ignoring Update messages (or worse, propagating the announcements) with malformed AS_PATH attributes when they should be returning a NOTIFY and closing the BGP session.
You said you wanted routers that followed the RFC. The RFC does not mention list AS_PATH length as a route selection criteria. I have been told that the draft for the next rev specifically prohibits using AS_PATH length as a route selection criteria. I kinda like using AS_PATH length. It's not perfect - and I'm definitely open to suggestions - but for now it's working. And changing that in today's environment would be ... monumental to say the least. OTOH, I completely agree that the routers should have *not* passed on malformed announcements, and behaving improperly to certain errors.
Andrew Bangs, Network Engineering Manager, Demon Internet Ltd
TTFN, patrick I Am Not An Isp www.ianai.net "Think of it as evolution in action." - Niven & Pournelle
On Mon, 16 Nov 1998, I Am Not An Isp wrote:
At 01:00 AM 11/14/98 +0000, Andrew Bangs wrote:
You really want all backbone routers to ignore AS-Path length in the BGP route selection process? I think I like it better the way it is now - at least for the near future.
Hrmm.... Perhaps if the vendors covered the RFC error code type stuff at least, then they could add kewl, new features like "as-path length" as a step in the route selection process.
TTFN, patrick
You appear to have misunderstood the problem. The issue has nothing to do with route selection, or are you talking about FastPath(TM, Pat Pending) here? The issue is that an invalid as-path attribute was injected from somewhere. The cisco as-path sanity check code failed to pick it up. Bug ID : CSCdk63586 Project: CSC.sys Status : O 3 encls Product : all Found : customer-use Care Update: N Versions : 11.1CC Headline : BGP: Tighten as-path sanity check -- Release-note -- When the total bytes (2*seglen) of an as-path segment is equal to the as-path attribute length, the as-path sanity check would fail and such a bad attribute would be accepted. The workaround is to identify and get rid of the announcement of prefixes with the bad attributes. /vijay
On Fri, 13 Nov 1998, Winfried Haug wrote:
fine to see, that it is corrected in 12.0(2)S. This will be another reason for cisco to force everybody to throw away 11.1.X up to 11.3.X.... Winfried
And then there are those of us that still have an AGS+ hiding in back, on 9.1.2.
participants (6)
-
Andrew Bangs
-
Christopher E. Brown
-
Enke Chen
-
I Am Not An Isp
-
Vijay Gill
-
Winfried Haug