Invalid symbol in ASN errors

On Fri, Dec 16, 2022 at 06:40:39PM -0800, Mo Shivji wrote:

Hi

I seem to be getting the following errors when I do the following

~$ /usr/bin/bgpq3 -3b -l xxx -f 8359 AS-MTU ERROR:Invalid symbol in AS number: '?' in AS271754

~$ /usr/bin/bgpq3 -3b -l xxx -f 9002 AS-RETN ERROR:Invalid symbol in AS number: 'â' in AS271754

~$ /usr/bin/bgpq3 -3b -l xxx -f 9498 AS9498:AS-BHARTI-IN ERROR:Invalid symbol in AS number: '?' in AS271754

~$ /usr/bin/bgpq3 -3b -l xxx -f 45474 AS45474:AS-NEXUSGUARD ERROR:Invalid symbol in AS number: '?' in AS271754

I spoke to RADB and they said it was an issue with BGPQ3. Have tested with versions 0.1.33 and 0.1.35 .

Any ideas if anyone can replicate this ? I have been able to over 5 different servers and if I choose a different source its pretty clean.

Root cause analysis: in Brazilian registry (source: TC, whois.bgp.net.br) there is an object AS268459:AS-CLICKNAVEGUE-CUSTOMERS, and this object contains reference to AS271754 that is separated not by newline or space but rather by UTF-8 U+2002 aka 0xE2 0x80 0x82 aka EN Space:

whois -h whois.bgp.net.br AS268459:AS-CLICKNAVEGUE-CUSTOMERS | grep AS271 | hd

00000000 6d 65 6d 62 65 72 73 3a 20 20 20 20 20 20 20 20 |members: | 00000010 41 53 32 37 31 37 35 34 e2 80 82 23 20 56 65 6c |AS271754...# Vel| 00000020 6f 73 63 68 0a |osch.| 00000025

(hd is a hexdump on freebsd, on linux you can use od -t x1z to get about the same output)

When RADB mirrors data from this registry, it mirrors it byte-by-byte and replies with this UTF-8 space in both whois reply:

whois -h whois.ra.net AS268459:AS-CLICKNAVEGUE-CUSTOMERS | grep AS271 | hd

00000000 6d 65 6d 62 65 72 73 3a 20 20 20 20 20 20 20 20 |members: | 00000010 41 53 32 37 31 37 35 34 e2 80 82 23 20 56 65 6c |AS271754...# Vel| 00000020 6f 73 63 68 0a |osch.| 00000025

and as a response to bgpq3. The minimal test case you can demonstrate to RADB is

bgpq3 -b3f 271754 -ddddd -S TC AS268459:AS-CLICKNAVEGUE-CUSTOMERS

DEBUG: bgpq_expander.c:797 bgpq_expand Acquired sendbuf of 1059840 bytes DEBUG: bgpq_expander.c:829 bgpq_expand Requesting sources !sTC DEBUG: bgpq_expander.c:833 bgpq_expand Got answer C DEBUG: bgpq_expander.c:635 bgpq_expand_irrd expander: sending '!iAS268459:AS-CLICKNAVEGUE-CUSTOMERS,1 ' DEBUG: bgpq_expander.c:659 bgpq_expand_irrd expander: initially got 18 bytes, 'A12 AS271754 C ' DEBUG: bgpq_expander.c:721 bgpq_expand_irrd expander: final reply of 12 bytes, AS271754 return code C ERROR:Invalid symbol in AS number: '�' in AS271754

What can be done here: a) change bgpq3 to handle multibyte (utf-8) spaces as well as ordinary space. Not sure if this is a good idea: after all, RPSL (RFC2622) specifies that it's ascii-only:

Note that RPSL is case insensitive and only the characters from the ASCII character set can be used.

so, objects having non-ascii characters shall be treated as malformed.

b) ask RADB and / or TC to correct their mirroring / input validation procedures so that objects containting non-ascii characters will not appear in databases (and in their output to bgpq3).

c) you can limit list of trusted sources (-S) to include only RIR-backed registries, so this object (from source: TC) will not be included in RADB output and will not cause error.

d) you can use -L flag of bgpq3 to limit recursion depth: as-set with invalid symbol buried deep enough to be included in AS-RETN only at seventh level of recursion (-L 6 and smaller values do not traverse this as-set), for AS-MTU it's on 18'th level, for AS9498:AS-BHARTI-IN - on 15'th, and for AS45474:AS-NEXUSGUARD on 5'th).

e) and, finally, you can just ignore this error: after all, this ASN appears to be member of more than one as-set, and is included in final output.

Thanks Mo

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.*Message ID: @.***>

snar / bgpq3

Invalid symbol in ASN errors #73