search

FRRouting / frr

The FRRouting Protocol Suite
https://frrouting.org/
Other
3.36k stars 1.25k forks source link

bgpd AS0 in AS PATH wrong behavior (sessions start flapping) #8941

Closed IvayloJ closed 3 years ago

IvayloJ commented 3 years ago

From frr 7.4 and up there are code to check for AS0 in as path and attributes if frr receive prefix with AS0 in the aspath sessions with the neighbor that announce it start to resets on prefix accepting and cause constantly flaps. This is wrong behavior it should just drop that update not to reset all the peer right ? And because the action is before to be applied any config filter rules there are no any mechanism to stop flapping or block the bad prefix announce from the config, the only option is to shutdown that neighbor.

Here is the error and the raw dump of the communication with such neighbor:

Last reset 00:00:05, Notification sent (UPDATE Message Error/Invalid Network Field) Message received that caused BGP to send a NOTIFICATION: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 005D0200 00004240 01010040 020E0203 0000220D 00008932 00000000 400304D4 5FB0A1C0 0808220D 005A220D 0050C010 18000222 0D000000 5A000322 0D000022 0D000222 0D000022 0D1455FF A0

raw communication dump: Update Message (2), length: 93 Origin (1), length: 1, Flags [T]: IGP 0x0000: 00 AS Path (2), length: 14, Flags [T]: 8717 35122 0 0x0000: 0203 0000 220d 0000 8932 0000 0000 Next Hop (3), length: 4, Flags [T]: 212.95.176.161 0x0000: d45f b0a1 Community (8), length: 8, Flags [OT]: 8717:90, 8717:80 0x0000: 220d 005a 220d 0050 Extended Community (16), length: 24, Flags [OT]: target (0x0002), Flags [none]: 8717:90 (= 0.0.0.90) origin (0x0003), Flags [none]: 8717:8717 (= 0.0.34.13) target (0x0002), Flags [none]: 8717:8717 (= 0.0.34.13) 0x0000: 0002 220d 0000 005a 0003 220d 0000 220d 0x0010: 0002 220d 0000 220d Updated routes: 85.255.160.0/20

bgpd.log

2021/06/28 21:35:29 BGP: [EC 33554436] Malformed AS path, AS number is 0 in the path from 212.95.176.161 2021/06/28 21:35:29 BGP: bgp_attr_malformed: attributes: , origin i 2021/06/28 21:35:29 BGP: [EC 33554487] 212.95.176.161: Attribute AS_PATH, parse error - treating as withdrawal 2021/06/28 21:35:29 BGP: [EC 33554454] 212.95.176.161 rcvd UPDATE with errors in attr(s)!! Withdrawing route. 2021/06/28 21:35:29 BGP: 212.95.176.161 rcvd UPDATE w/ attr: , origin i 2021/06/28 21:35:29 BGP: 212.95.176.161 rcvd UPDATE wlen 0 attrlen 66 alen 49 2021/06/28 21:35:29 BGP: [EC 33554454] 212.95.176.161 [Error] Update packet error (wrong prefix length 64 for afi 1) 2021/06/28 21:35:29 BGP: [EC 33554454] 212.95.176.161 [Error] Error parsing NLRI 2021/06/28 21:35:29 BGP: [BGP_GR] Peer 212.95.176.161 UNSET PEER_STATUS_NSF_MODE! 2021/06/28 21:35:29 BGP: [EC 33554454] bgp_process_packet: BGP UPDATE receipt failed for peer: 212.95.176.161

(Even breaking parsing of the update message ?)

The code that trigger this is in bgp_attr.c in functions bgp_attr_aspath if (aspath_check_as_zero(attr->aspath)) { flog_err( EC_BGP_ATTR_MAL_AS_PATH, "Malformed AS path, AS number is 0 in the path from %s", peer->host); return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_MAL_AS_PATH, 0); }

and in bgp_attr_as4_path if (aspath_check_as_zero(*as4_path)) { flog_err( EC_BGP_ATTR_MAL_AS_PATH, "Malformed AS path, AS number is 0 in the path from %s", peer->host); return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_MAL_AS_PATH, 0); } called from bgp_attr_parse

ton31337 commented 3 years ago

I'm able to replicate, fixing.

IvayloJ commented 3 years ago

No,

AS8717 connected to my AS60349 (frr 7.5.1 on that router), and transits this AS0 (nokia stupidness) from their customer AS35122. What is behind it I have no idea.

FRR 7.3.1 accept this prefix and install it normally but there are no checks for AS0 except if not configured in the route map rules.

I think the best will be just to discard update message that containing AS0 in as path, write message in the logs (better with info for the prefix that is discarded - yesterday took me 7 hours before to understand why the sessions start flapping :) and decode which prefix cause it) and continue processing.

PS: I can bet it is bad mikrotik device that announce with AS0. On mikrotik there are box to to specify prepends with label number/ASN or something like this, and if you write any number X there it start announce from src ASX than to prepend X times configured local AS.