[nsp-sec] 94.125.216.0/21 - ASN 47868 SUPRO-AS

Mike Lewinski mike at rockynet.com
Tue Feb 17 14:49:30 EST 2009 

German Martinez wrote:
> On Mon Feb 16, 2009, Mike Lewinski wrote:
> 
>> We did have "bgp maxas-limit 75" configured prior to this event and that 
>> should have helped but didn't. Completely dropping ALL received routes also 
>> didn't help. I'm pretty sure the only thing that is going to permanently 
>> fix this is an IOS upgrade and I'm working to get that into the pipeline.
>>
>> Everything I see shows CSCdr54230 addressed back in '04. I'm running an IOS 
>> compiled in '07 (12.2(18)S13) so that's a little puzzling.
> 
> did you have this command explicitly configure in your routers?
> According to Cisco:

I did - since this past October actually (see 
http://www.gossamer-threads.com/lists/nanog/users/109412 ).

In fact I have log messages from before the event that confirm this. We 
decided after months of watching "malloc fail" events that we'd rather 
not allocate more memory for other people's shenanigans and that was the 
motive for configuring this.

Working good on Feb 13:

Feb 13 16:45:08 lsvl-gw-1 324: Feb 13 16:45:07 MST: %BGP-6-ASPATH: Long 
AS path 209 3356 39412 39625 39625 39625 39625 39625 39625 39625 39625 
39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 
39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 
39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 
39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 
39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 
39625 39625 39625 39625 39625 39625 39625 39625 39625 received from 
63.224.65.109: More than configured MAXAS-LIMIT

Not working on Feb 16:

Feb 16 09:24:27 lsvl-gw-1 328: Feb 16 09:24:27 MST: %BGP-6-ASPATH: Long 
AS path 209 3356 29113 47868 47868 47868 47868 47868 47868 47868 47868 
47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 
47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 
47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 
47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 
47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 
47868 47868 47868 47868 47868 47868 47868 47868 47868 received from 
63.224.65.109: Has more than 255 AS

Feb 16 09:24:27 lsvl-gw-1 329: Feb 16 09:24:27 MST: %BGP-5-ADJCHANGE: 
neighbor 63.224.65.109 Down BGP Notification sent

Feb 16 09:24:27 lsvl-gw-1 330: Feb 16 09:24:27 MST: %BGP-3-NOTIFICATION: 
sent to neighbor 63.224.65.109 3/11 (invalid or corrupt AS path) 516 
bytes 50020200 02FF00D1 0D1C71B9 BAFCBAFC BA

I actually removed the " bgp maxas-limit 75" when things started to 
crash, thinking that maybe it was causing the problem somehow. It made 
no difference at all to have it or not.

More information about the nsp-security mailing list