[f-nsp] Netiron AS4 capabilities

Bogdan-Stefan Rotariu bogdan at rotariu.ro
Thu Jun 29 08:37:03 EDT 2023 

Thank you Jörg for the quick update.

Yes, I had a few messages with Mikrotik regarding this issue, and they keep saying that the devices are old, and almost I agree with them because I cannot duplicate the issue using Quagga/FRR/Bird and Cisco IOS/XR BGP. That is why I am asking the experts.

Mikrotik said this in their last reply:

"As it was mentioned before, RouterOS sends ASes encoded in 4bytes even if ASN fit in 2bytes because RFC states
"

" A BGP speaker that advertises such a capability to a particular peer, and receives from that peer the advertisement of such a capability, MUST encode AS numbers as four-octet entities in both the AS_PATH attribute and the AGGREGATOR attribute in the updates it sends to the peer and MUST assume that these attributes in the updates received from the peer encode AS numbers as four-octet entities. "

"

 

No matter you like it or not, that old software on remote peers are not RFC compliant, there were other customers who complained about the same problem, upgrade of this old software fixes the problem.

 

 We will not make hacks just to support software from 2007 that are not current RFC compliant."




> On 29 Jun 2023, at 15:31, Jörg Kost <jk at ip-clear.de> wrote:
> 
> Hello Bogdan,
> 
> According  to https://www.rfc-editor.org/rfc/rfc4271.html,
> 
> "the AGGREGATOR is an attribute of length 6", not 8.
> 
> According to https://www.rfc-editor.org/rfc/rfc6793.html,
> 
> "the AS4_AGGREGATOR attribute in an UPDATE message SHALL be considered malformed if the attribute length is not 8".
> 
> I think it looks like a bug in the Mikrotik BGP code that tries to encode AS4 in an AS attribute.
> 
> BR
> Jörg
> 
> 
> On 29 Jun 2023, at 13:44, Bogdan-Stefan Rotariu wrote:
> 
>> Hi there,
>> 
>> We have some CER2024 in our network, and we are starting to encounter issues when receiving prefixes from Mikrotik CCR2216 that is running with ROSv7. Has anyone any ideea except replacing the CER’s?
>> 
>> The peer is has AS4 capability negociated:
>> 
>>   Neighbor AS4 Capability Negotiation:
>>     Peer Negotiated AS4  capability
>>     Peer configured for AS4  capability
>> 
>> We are running version 6.3.0.fT183:
>> 
>> IronWare : Version 6.3.0fT183 Copyright (c) 2017-2019 Extreme Networks, Inc.
>> Compiled on Jul 14 2022 at 21:38:40 labeled as ce06300f
>> (18589108 bytes) from Primary
>> 
>> last-packet-with-error decode shows :
>> 
>> Received Message Length: 94
>> BGP Message:
>> 0xffffffff  0xffffffff  0xffffffff  0xffffffff  0x005e0200
>> 0x00004340  0x01010050  0x02001602  0x05000022  0x04000015
>> 0xe60000ad  0x820000ad  0x820000ad  0x82400304  0x0a0b010f
>> 0x40050400  0x00006440  0x0600d008  0x00042204  0x0064d007
>> 0x00080000  0xad825509  0x1f8617c3  0xd204
>> 
>> BGP Header
>> Marker:   0xffffffff  0xffffffff  0xffffffff  0xffffffff
>> Message Length: (0x005e) 94
>> Message Type: (0x02) UPDATE
>> 
>> UPDATE Message
>> Unfeasible route length: (0x0000) 0
>> Update path attributes
>> Total Path Attribute length: (0x0043) 67
>> Flags : (0x40) Well Known, Transitive, Complete
>> Type  : (0x01) Origin
>> Length: (0x01) 1
>> Origin: (0x00) IGP
>> 
>> Flags : (0x50) Well Known, Transitive, Complete, Extended length
>> Type  : (0x02) AS Path
>> Length: (0x0016) 22
>>  Segment Type  : (0x02) AS Sequence
>>  Segment Length: (0x05) 5
>>  AS Numbers    : (0x0000) 0, (0x2204) 8708, (0x0000) 0, (0x15e6) 5606, (0x0000) 0,
>>  Segment Type  : (0xad) Unknown(173)
>>  Segment Length: (0x82) 130
>>  AS Numbers    : (0x0000) 0, (0xad82) 44418, (0x0000) 0, (0xad82) 44418,
>> 
>> Flags : (0x40) Well Known, Transitive, Complete
>> Type  : (0x03) Next Hop
>> Length: (0x04) 4
>> Next Hop IP address: (0x0a0b010f) 10.11.1.15
>> 
>> Flags : (0x40) Well Known, Transitive, Complete
>> Type  : (0x05) Local Preference
>> Length: (0x04) 4
>> Local Preference: (0x00000064) 100
>> 
>> Flags : (0x40) Well Known, Transitive, Complete
>> Type  : (0x06) Atomic Aggregate
>> Length: (0x00) 0
>> 
>> Flags : (0xd0) Optional, Transitive, Complete, Extended length
>> Type  : (0x08) Community
>> Length: (0x0004) 4
>> Community List: (0x22040064) 8708:100
>> 
>> Flags : (0xd0) Optional, Transitive, Complete, Extended length
>> Type  : (0x07) Aggregator
>> Length: (0x0008) 8
>> Error: Invalid AGGREGATOR attribute length 8
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/foundry-nsp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20230629/33192a49/attachment.htm>

More information about the foundry-nsp mailing list