[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bird-users
Subject:    Re: Malformed AS_PATH error
From:       Ondrej Zajicek <santiago () crfreenet ! org>
Date:       2014-11-07 11:07:29
Message-ID: 20141107110729.B9954FD01 () mail ! crfreenet ! org
[Download RAW message or body]


On Fri, Nov 07, 2014 at 09:15:25AM +0000, Jiřík Tomáš wrote:
> Thanks for your answer, but that does not really solve the problem. I have already \
> run debug on the protocol, but I am unable to find which of the routes cause this \
> error.  Even so I am accepting only prefixes which originating just from my peer, \
> for testing purpose and I still have this issue.  So I have a few additional \
> questions:

> How is malformed route marked in the log? Or is the last route before announced \
> error the one which causing this error? And if yes, what can I do for stopping BIRD \
> to process this route? Can I protect BIRD from dropping connection when he received \
> malformed path? 

Well, unfortunately it seems that the malformed prefix is not logged, nor
are logged all received routes. Last route logged as exported before
announced error is the last sane one, the next one (not logged) is the
one causing the problem. There is probably no simple way to see broken
routes, You can try to use 'tcpdump -n -s 0 -vv' during exchange to see
all received routes, then compare it to routes logged as exported during
that exchange.

> Under the protection I mean, if there is possible way how to tell BIRD to drop \
> malformed routes and continue working with good routes?  If not is the only \
> possibility to tell my peer to filter that route for me?

Only possibility is to tell the peer to filter it.

Generally, BGP standard says that the BGP session should be dropped in
almost any error. We changed that in a way that if the error is limited
to one prefix, we could withdraw the prefix and keep the session [*], but
in this specific error (malformed AS_PATH) we forgot to make the change
and the general behavior (drop the session) is used. We will fix that.


[*] This is also a change discussed in draft-ietf-idr-error-handling .

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]