BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP Toolkit
0 likes197 views
The document discusses the "Real-Time BGP Toolkit", which collects BGP routing data from networks worldwide in real-time and stores the full history. This allows analyzing routing behaviors, detecting issues like hijacks. The toolkit found some BGP implementation bugs still present, like broken 4-byte AS support and misconfigured AS numbers. It encourages networks to check their BGP tables and configurations to address such issues.
![High unassigned AS number
30
‣ High number created on EBGP peer between a
NetIron (Extreme) and some Juniper Router
• Peer is a 2-byte AS peer
• Happened on different routers, different software versions
• Clean up with a hard reset of the eBGP session
• Probably bug on NetIron XMR code
‣ Still a mystery – Anyone seen this before?
‣ Check your BGP tables if you have NetIron’s:
- show ip bgp regex [0-9]{7}
- Will get routing entries with 7 or more digit AS numbers](https://image.slidesharecdn.com/bgp-bugs-hiccups-and-weird-stuff-issues-seen-by-rt-bgp-toolkit1-180912235528/85/BGP-Bugs-Hiccups-and-weird-stuff-Issues-seen-by-RT-BGP-Toolkit-30-320.jpg)
BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP Toolkit
- 1. 1 BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP Toolkit APNIC 46 Martin Winter, Hurricane Electric
- 2. About me… 2 ‣ Martin Winter • Researcher @ HE.NET, working on RT-BGP • Otherwise working on FRRouting
- 3. 3 “Real-Time BGP Toolkit” A quick Introduction ?
- 4. Traditional Looking Glass 4 ‣ Classic Looking Glass shows view of single entity • View of routing table from various location within the network of the same company
- 5. Traditional Looking Glass 5 ‣ Classic Looking Glass mostly simple router output • Showing current data from a single router at specific location.
- 7. Breaking the single Entity view 7 Getting feeds from everywhere
- 8. Breaking the single Entity view 8 Getting feeds from everywhere • Welcoming BGP feed from everyone with an AS • Multiple regional feeds welcome too • See https://rt-bgp.he.net to join • No cost to join • Who announced which route first? • Where did some bad announcement start? • Who leaks which routes? • Bogus BGP announcements? • à With real-time notification for your networks
- 9. Not just Real-Time. History too 9 Store it all. Every single update. From every peer.
- 10. Not just Real-Time. History too 10 Store it all. Every single update. From every peer. • Who announced a specific route previously? • From which AS? • Did someone leak a route for 3 seconds? • Did any metrics change?
- 11. Compare the BGP feeds 11 Compare BGP routes between ISPs
- 12. Compare the BGP feeds 12 Compare BGP routes between ISPs • Ever wonder why you have a full table with 1000 routes less than others? • How does AS-PATH compare for a route? • Do I get different source AS for same route?
- 13. Compare the BGP feeds 13 Compare BGP routes between ISPs
- 14. Register routes with your AS 14 Get notifications on important events
- 15. Register routes with your AS 15 Get notifications on important events Notifications for • Routes seen announced with different source AS (Hijack?) • More specific blocks are seen (Hijack?) • Various bad announcements
- 16. Current (initial) features ‣ Search for specific route (Current and past time) • Show all current paths received for the route • Search for peers which don’t have the prefix • Highlight different source AS for route ‣ Search for specific AS number • Show all routes received from the AS ‣ Unassigned AS number reports • Show routes sourced by unassigned AS numbers • Show routes with unassigned AS anywhere in AS path 16
- 17. Current (initial) features ‣ Timeline of updates for a given prefix ‣ Hijacking detection (routes are registered with account) • Detect more specific routes ‣ BGPplay 17
- 18. Prefix hijack report 18 + additional email notifications
- 19. Peer comparison 19 Please be aware of slight update delays between peers
- 20. Unassigned AS Report 20 Current & past unassigned/private AS numbers announced
- 21. Unassigned AS Report – Prefix view 21 Current view of prefix
- 22. 22 BGP Bugs, Hiccups and weird stuff Interesting things found in BGP tables
- 23. BGP Attribute 21 ?? ‣ Anyone remember draft-ietf-idr-as-pathlimit ‣ Hint: Expired 11 years ago ‣ From the draft: This document describes the 'AS path limit' (AS_PATHLIMIT) path attribute for BGP. This is an optional, transitive path attribute that is designed to help limit the distribution of routing information in the Internet. By default, prefixes advertised into the BGP graph are distributed freely, and if not blocked by policy will propagate globally. This is harmful to the scalability of the routing subsystem since information that only has a local effect on routing will cause state creation throughout the default-free zone. This attribute can be attached to a particular path to limit its scope to a subset of the Internet. 23 AS_PATHLIMIT
- 24. BGP Attribute 21 ?? ‣ Seen from from 3 originating AS • 2 out of 3 answered inquiry • Both use the same firewall vendor (Palo Alto Networks) • Still supported in current code (as of 8.1) - https://www.paloaltonetworks.com/documentation/81/pan- os/web-interface-help/network/network-virtual- routers/bgp/bgp-redist-rules-tab 24 AS_PATHLIMIT
- 25. Broken 4-byte AS implementation? ‣ RT-BGP uses 4-byte AS to force extended attributes ‣ One large vendor sends BGP OPEN without 4-byte BGP option to us (but configuration shows 4-byte AS for us correctly configured) ‣ Receiving BGP open from us (with correct 4-byte AS in BGP option) is rejected as incorrect AS ‣ Seen on Foundry Brocade Extreme NetIron XMR 25 Is 4-byte AS support still a new thing?
- 26. Broken 4-byte AS implementation ‣ Configuration looks good… 26 Is 4-byte AS support still a new thing? isp_router# sh run | incl 64.62.153.98 neighbor 64.62.153.98 remote-as 393338 neighbor 64.62.153.98 next-hop-self neighbor 64.62.153.98 ebgp-multihop 250 neighbor 64.62.153.98 update-source loopback 1 neighbor 64.62.153.98 remove-private-as neighbor 64.62.153.98 filter-list 2 in neighbor 64.62.153.98 route-map out TRANSITout
- 27. Broken 4-byte AS implementation ‣ Configuration looks good… • But missing AS4 enable! 27 Is 4-byte AS support still a new thing? isp_router# sh run | incl 64.62.153.98 neighbor 64.62.153.98 remote-as 393338 neighbor 64.62.153.98 next-hop-self neighbor 64.62.153.98 ebgp-multihop 250 neighbor 64.62.153.98 update-source loopback 1 neighbor 64.62.153.98 remove-private-as neighbor 64.62.153.98 filter-list 2 in neighbor 64.62.153.98 route-map out TRANSITout isp_router(config-bgp)# capability as4 enable Dear Brocade (now Extreme): Please DON’T accept config with 4-byte AS if you have the support not enabled and definitly don’t try to OPEN a session to a 4-byte neighbor without having 4-byte support enabled (and then rejecting the session because of AS mismatch)
- 28. High unassigned AS number 28
- 29. High unassigned AS number 29
- 30. High unassigned AS number 30 ‣ High number created on EBGP peer between a NetIron (Extreme) and some Juniper Router • Peer is a 2-byte AS peer • Happened on different routers, different software versions • Clean up with a hard reset of the eBGP session • Probably bug on NetIron XMR code ‣ Still a mystery – Anyone seen this before? ‣ Check your BGP tables if you have NetIron’s: - show ip bgp regex [0-9]{7} - Will get routing entries with 7 or more digit AS numbers
- 31. 31 BGP Misconfigurations Could we please agree to only use assigned AS numbers?
- 32. Unassigned AS-Numbers ‣ Comparing the world against the IANA list of assigned AS numbers • https://www.iana.org/assignments/as-numbers/as-numbers.xhtml 32 Ignoring the leaks of private AS space
- 33. Unassigned AS-Numbers ‣ Comparing the world against the IANA list of assigned AS numbers • https://www.iana.org/assignments/as-numbers/as-numbers.xhtml 33 Ignoring the leaks of private AS space
- 34. Unassigned AS-Numbers ‣ Comparing the world against the IANA list of assigned AS numbers • https://www.iana.org/assignments/as-numbers/as-numbers.xhtml 34 Ignoring the leaks of private AS space
- 35. Reserved AS-Numbers 35 In the APNIC region AS-Paths Netnam Vietnam … 9304 45903 24176 24176 24176 24173 65535 … 58879 2914 24176 24173 65535 … 9304 45903 24176 24173 65535 … 9304 45903 24176 24176 24176 24173 65535 AS24176, AS24173: Netnam Vietnam à Please Fix! AS45903: CMC Telecom Vietnam AS9304: HGC Global Hong Kong à Consider filtering! RFC 7300 – Reservation of Last AS number
- 36. Reserved AS-Numbers 36 In the APNIC region AS-Path Power Line Co, Hong Kong … 131477 132839 65535 AS132839: Power Line Co à Please Fix! AS45903: Shanghai Huajuan Information Technology Co., Ltd. à Consider filtering! RFC 7300 – Reservation of Last AS number
- 37. Reserved AS-Numbers 37 In the APNIC region AS-Paths AOFEI Data Hong Kong … 58879 2914 135391 64500 AS135391: AOFEI Data à Please Fix! AS2914: NTT America AS58879: Shanghai Anchang Network Security Technology à Consider filtering! RFC 5398 – AS for Documentation Use
- 38. 38 Try It https://rt-bgp.he.net Peer with it AS 393338 Set up peering at https://rt-bgp.he.net (create an account & login, then look for the menu option to add peering) Contact Us RT-BGP Toolkit Martin Winter rtbgp@he.net mwinter@he.net