[c-nsp] c12000 BGP problems

Gert Doering gert at greenie.muc.de
Fri Feb 11 04:03:19 EST 2005 

Hi,

On Fri, Feb 11, 2005 at 09:25:29AM +0100, Primoz Jeroncic wrote:
> I'm getting some strange problems with our c12008 and BGP running on it. We
> are using those routers on few locations and I don't have any problems
> with any of them except with one, which we are using at DECIX (IX in Frankfurt
> Germany). All BGP peers (around 90) are working fine except BGP peers
> with DECIX route servers. As soon as I configure BGP with 2 route
> servers utilization goes to 80 or 90% and I'm getting following errors:
> 
> Feb 11 08:57:25: BGP: 80.81.192.157 Bad attributes FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 005C 0200 0000 2740 0101 0040 0206 0202 201C 0761 4003 0450 51C1 3D80 0404 0000 0005 4006 00C0 0706 0761 1023 F322 140F C3B0 13C0 AA60 18C0 064C 18C0 0640 109B D00F 100E 110F C600 120F C5C0

You need to configure

   no bgp enforce-first-as

inside "router bgp ...".

The issue here is that the DECIX route servers run "transparent", that
is, will not add the DECIX RS AS to the AS path.  Since 12.2(18)S (on
7200s), the Cisco BGP implementation will check that the first AS in
the path matches the "neigh ... remote-as nnn" configuration, and drop
the BGP session if it mismatches.

I don't know when it was introduced into 12.0S on GSRs, but I assume
that it's the same issue.

<mini rant>
I think it's a cool and useful feature.  Making it a *global* setting,
instead of per-peer configuration option, immensely de-valuates it, as
it needs to be off on all IXP routers that utilize a route-server.

In addition, just making it the default without warning, *and* not 
printing a meaningful error message ("mismatching first AS in path",
instead of "bad attributes") would have been a *bit* nicer on the 
ISPs that happen to do 12.2(14)S->12.2(18)S upgrades...
</mini rant>

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de

More information about the cisco-nsp mailing list