Re: OpenBGPD Flaps, 32bit ASn in the wild.

[tico]

tico wrote:
Ditto.

This has just caused me the same problems. Alex at Hurricane Electric 
found this for me, and my ipv4 BGP sessions have *only* stabilized 
after filtering out this prefix (4.4-RELEASE on i386).

I'll post up MRT dumps if anyone's interested.
-Tico

Peter Bristow wrote:
Hi All,

The AS at the company I work for running (OpenBSD 4.2 and 4.3) as 
well as
the AS run by a associate of mine (OpenBSD 4.4) experienced rather wild
route flaps earlier today. Quoted from Andy Davidson's post to nanog.

"It seems that the prefix causing OpenBGPd speakers to die is
91.207.218.0/23, which is originated by a 4-byte ASN speaker.

OpenBGPd is checking AS4_PATH to ensure that it contains only AS_SET and
AS_SEQUENCE types, as per RFC4893.  When processing the UPDATE for
91.207.218.0/23 it sees :

91.207.218.0/23
 Path Attributes - Origin: Incomplete
 Flags: 0x40 (Well-known, Transitive, Complete)
 Origin: Incomplete (2)
 AS_PATH: xx xx 35320 23456 (13 bytes)
 AS4_PATH: (65044 65057) 196629 (7 bytes)

RFC4893 is clear on the matter :

"
  To prevent the possible propagation of confederation path segments
  outside of a confederation, the path segment types AS_CONFED_SEQUENCE
  and AS_CONFED_SET [RFC3065] are declared invalid for the AS4_PATH
  attribute.
"

OpenBGPd is therefore dropping the sessions when this update is 
received.
 Unideal if this attribute is learned on multiple upstreams...

The impact today is fairly limited as there are relatively few bgp 
speakers
honouring the 4-byte ASN protocol extension rules, but as code that 
support
these features creeps around the internet, the next time this happens 
the
impact could be much greater, so we need to understand which 
implementation
of which BGP software caused this illegal origination.

Modifying the OpenBGPd software to permit AS_CONFED_SEQUENCE, 
AS_CONFED_SET
in an as4_path causes the path to be accepted and the session is not 
torn
down.  This isn't a great fix."
From looking at the source this would appear to be
'expected' behavior however it does leave you without any internet
connectivity. I'm not as much of a BGP guru as I should be but what 
would be
the impact of dropping the route/update rather than dropping the 
session?

Pete Bristow

Here's more information about my setup, just for completeness' sake:
dmesg:
OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz ("GenuineIntel" 686-class) 2.80 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
real mem  = 1072132096 (1022MB)
avail mem = 1028272128 (980MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 08/16/06, BIOS32 rev. 0 @ 0xfb6d0, 
SMBIOS rev. 2.3 @ 0xf0800 (41 entries)
bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date 08/16/2006
bios0: Supermicro P4SC8
apm0 at bios0: Power Management spec V1.2 (slowidle)
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf0000/0xdf64
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde80/224 (12 entries)
pcibios0: PCI Exclusive IRQs: 5 9 10 11 12
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 6300ESB LPC" rev 0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc0000/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82875P Host" rev 0x02
ppb0 at pci0 dev 3 function 0 "Intel 82875P CSA" rev 0x02
pci1 at ppb0 bus 1
em0 at pci1 dev 1 function 0 "Intel PRO/1000CT (82547GI)" rev 0x00: irq 
11, address 00:30:48:8a:26:8e
ppb1 at pci0 dev 28 function 0 "Intel 6300ESB PCIX" rev 0x02
pci2 at ppb1 bus 2
uhci0 at pci0 dev 29 function 0 "Intel 6300ESB USB" rev 0x02: irq 12
uhci1 at pci0 dev 29 function 1 "Intel 6300ESB USB" rev 0x02: irq 10
"Intel 6300ESB WDT" rev 0x02 at pci0 dev 29 function 4 not configured
"Intel 6300ESB APIC" rev 0x02 at pci0 dev 29 function 5 not configured
ehci0 at pci0 dev 29 function 7 "Intel 6300ESB USB" rev 0x02: irq 5
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb2 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x0a
pci3 at ppb2 bus 3
vga1 at pci3 dev 9 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
drm at vga1 unsupported
em1 at pci3 dev 10 function 0 "Intel PRO/1000MT (82541GI)" rev 0x00: irq 
10, address 00:30:48:8a:26:8f
ichpcib0 at pci0 dev 31 function 0 "Intel 6300ESB LPC" rev 0x02: 24-bit 
timer at 3579545Hz
pciide0 at pci0 dev 31 function 1 "Intel 6300ESB IDE" rev 0x02: DMA, 
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: <WDC WD2500JB-57REA0>
wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
ichiic0 at pci0 dev 31 function 3 "Intel 6300ESB SMBus" rev 0x02: irq 9
iic0 at ichiic0
lm1 at iic0 addr 0x2d: W83627HF
spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC3200CL3.0
spdmem1 at iic0 addr 0x52: 512MB DDR SDRAM non-parity PC3200CL3.0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x41
lm2 at wbsio0 port 0x290/8: W83627HF
lm1 detached
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask f765 netmask ff65 ttymask ffff
mtrr: Pentium Pro MTRR support
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
umass0 at uhub0 port 2 configuration 1 interface 0 "BUFFALO INC. BUFFALO 
INC. USB-SATA Bridge" rev 2.00/0.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0: <ST310003, 40AS, SD15> SCSI2 0/direct fixed
sd0: 953869MB, 121601 cyl, 255 head, 63 sec, 512 bytes/sec, 1953525168 
sec total

censored bgpd.conf :
HE_edge0="64.62.180.89"
HE_edge0v6="2001:470:1:53:0000:0000:0000:1"

AS 30708
router-id 208.86.95.250
fib-update yes
#dump updates in "/tmp/all-in-%H%M" 300
#log updates

network 208.86.92.0/22
#network 2607:f618::/32
network 2607:F618:0000:0000:0000:0000:0000:0000/32

# neighbors and peers
group "peering Hurricane" {
       remote-as 6939
       neighbor $HE_edge0 {
               descr   "Hurricane_rtr0_v4"
               announce IPv4 unicast
               announce IPv6 none
               announce self
               #tcp md5sig password XXXXX
       }
       neighbor $HE_edge0v6 {
               descr "Hurricane_rtr0_v6"
               #announce capabilities no
               announce IPv6 unicast
               announce IPv4 none
               announce self
       }
}

# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from any inet prefixlen 8 - 24
allow from any inet6 prefixlen 12 - 48

# do not accept a default route
deny from any inet prefix 0.0.0.0/0 prefixlen = 0
#deny from any prefix 0.0.0.0/0

# filter bogus networks
deny from any inet prefix 10.0.0.0/8 prefixlen >= 8
deny from any inet prefix 172.16.0.0/12 prefixlen >= 12
deny from any inet prefix 192.168.0.0/16 prefixlen >= 16
deny from any inet prefix 169.254.0.0/16 prefixlen >= 16
#allow from any inet6 prefixlen 8 - 128

# blacklist
deny from any inet prefix 91.207.218.0/23 prefixlen = 23
--------------------------

This is what showed up in my /var/log/daemon right before the v4 session 
would die:
Dec 10 20:10:52 earth bgpd[16706]: neighbor 64.62.180.89 
(Hurricane_rtr0_v4) AS6
939: update 58.25.192.0/18 via 64.62.180.89
Dec 10 20:10:52 earth bgpd[16706]: neighbor 64.62.180.89 
(Hurricane_rtr0_v4) AS6
939: update 121.77.0.0/18 via 64.62.180.89
Dec 10 20:10:52 earth bgpd[2494]: neighbor 64.62.180.89 
(Hurricane_rtr0_v4): sta
te change Established -> Idle, reason: Fatal error

or
Dec 10 19:36:29 earth bgpd[16706]: neighbor 64.62.180.89 
(Hurricane_rtr0_v4) AS6
939: update 213.227.230.0/23 via 64.62.180.89
Dec 10 19:36:29 earth bgpd[16706]: neighbor 64.62.180.89 
(Hurricane_rtr0_v4) AS6
939: update 213.227.232.0/21 via 64.62.180.89
Dec 10 19:36:29 earth bgpd[2494]: neighbor 64.62.180.89 
(Hurricane_rtr0_v4): sta
te change Established -> Idle, reason: Fatal error
Dec 10 19:36:40 earth bgpd[2494]: neighbor 64.62.180.89 
(Hurricane_rtr0_v4): sta
te change Idle -> Active, reason: Start

A snippet from bgpctl sho nei :
BGP neighbor is 64.62.180.89, remote AS 6939
Description: Hurricane_rtr0_v4
 BGP version 4, remote router-id 216.218.252.162
 BGP state = Idle, down for 00:00:04
 Last read 00:00:04, holdtime 240s, keepalive interval 80s

 Message statistics:
                 Sent       Received 
 Opens                 1178       1178
 Notifications         1178          0
 Updates               1178   33280889
 Keepalives           42201       1210
 Route Refresh            0          0
 Total                45735   33283277

 Update statistics:
                 Sent       Received 
 Updates                  0          0
 Withdraws                0          0

 Last error: AS-Path unacceptable
----------------

I have MRT dumps from bgpd while I was trying to troubleshoot this 
available online. Beware. They're large:
http://earth.raapid.net/extra/

Regards,
Tico