BGPd : Announce received prefix to another peer
Hello, I'm trying to re-announce a received subnet from peer A to peer B. Here's what I've done : #peer A neighbor $peer4_IP { remote-as $peer4_AS descr $peer4_NAME local-address $LOCAL_ADDR holdtime20 holdtime min3 announceself set weight 200 set localpref 200 } #peer B neighbor $peer3_IP { remote-as $peer3_AS descr $peer3_NAME multihop2 local-address $LOCAL_ADDR holdtime180 holdtime min3 announceself set localpref 150 } allow to $peer3_IP prefix / /24 prefix that I wan to redistribute to peer A/ prefixlen = 32 set prepend-self 1 Can anybody tell me what's wrong and how I can do that ? Second question : how can I check the route I'm announcing to a neighbor with bgpctl (something like bgpctl show neighbor NEIGH1 advertised-routes) ? Thanks Cédric -- OCEANET --- [AGENCE DU MANS] 7, rue des Frênes ZAC de la Pointe 72190 SARGE LES LE MANS [t] +33 (0)2.43.50.26.50 [f] +33 (0)2.43.72.21.14 [AGENCE D'ANGERS] 5, rue Fleming Angers Technopole 49066 ANGERS [t] +33 (0)2.41.19.28.65 [f] +33 (0)2.52.19.22.00 http://www.oceanet.com http://www.oceanet-telecom.com
General question about openbgpd and PF
Hi, Simple and general question : Is it a good thing to run PF on an openbgpd server (for security reasons), or should I de-activate PF ? Regards, Cédric -- OCEANET --- [AGENCE DU MANS] 7, rue des Frênes ZAC de la Pointe 72190 SARGE LES LE MANS [t] +33 (0)2.43.50.26.50 [f] +33 (0)2.43.72.21.14 [AGENCE D'ANGERS] 5, rue Fleming Angers Technopole 49066 ANGERS [t] +33 (0)2.41.19.28.65 [f] +33 (0)2.52.19.22.00 http://www.oceanet.com http://www.oceanet-telecom.com
Re: openBGPd - 2/4byte AS prepend
Hi Stuart, Thanks for the reply, our partner updated his software a few days ago, so it works now with a 32b ASN. Regards, Cédric Le 11/08/2013 00:23, Stuart Henderson a écrit : On 2013-08-02, OCEANET - Cédric BASSAGET ced...@oceanet.com wrote: Always working on my problem, if anybody can help me please. Here's a tcpdump of BGP exchanges between the neighbor (192.168.53.118) and me (192.168.53.113) : _Open from my neighbor, no 4 Byte AS capability :_ 17:26:04.529327 IP (tos 0xc0, ttl 1, id 16154, offset 0, flags [DF], proto TCP (6), length 79) 192.168.53.113.44169 192.168.53.118.bgp: Flags [P.], cksum 0x6e87 (correct), seq 687533061:687533100, ack 2368601536, win 16384, length 39: BGP, length: 39 Open Message (1), length: 39 Version 4, my AS 65426, Holdtime 20s, ID 46.226.128.1 Optional parameters, length: 10 Option Capabilities Advertisement (2), length: 8 Multiprotocol Extensions (1), length: 4 AFI IPv4 (1), SAFI Unicast (1) 0x: 0001 0001 _Open from me, 4 Byte AS capability :_ 17:26:04.530298 IP (tos 0xc0, ttl 1, id 61896, offset 0, flags [DF], proto TCP (6), length 93) 192.168.53.118.bgp 192.168.53.113.44169: Flags [P.], cksum 0x7ecf (correct), seq 1:54, ack 39, win 16345, length 53: BGP, length: 53 Open Message (1), length: 53 Version 4, my AS 35330, Holdtime 180s, ID 192.168.53.118 Optional parameters, length: 24 Option Capabilities Advertisement (2), length: 6 Multiprotocol Extensions (1), length: 4 AFI IPv4 (1), SAFI Unicast (1) 0x: 0001 0001 Option Capabilities Advertisement (2), length: 2 Route Refresh (Cisco) (128), length: 0 Option Capabilities Advertisement (2), length: 2 Route Refresh (2), length: 0 Option Capabilities Advertisement (2), length: 6 * 32-Bit AS Number (65), length: 4** ** 4 Byte AS 35330* 0x: 8a02 _Keepalives..._ 17:26:04.530350 IP (tos 0xc0, ttl 1, id 61897, offset 0, flags [DF], proto TCP (6), length 59) 192.168.53.118.bgp 192.168.53.113.44169: Flags [P.], cksum 0x320e (correct), seq 54:73, ack 39, win 16345, length 19: BGP, length: 19 Keepalive Message (4), length: 19 17:26:04.530479 IP (tos 0xc0, ttl 1, id 28050, offset 0, flags [DF], proto TCP (6), length 59) 192.168.53.113.44169 192.168.53.118.bgp: Flags [P.], cksum 0x31e7 (correct), seq 39:58, ack 73, win 16365, length 19: BGP, length: 19 Keepalive Message (4), length: 19 _Update :_ 17:26:04.530926 IP (tos 0xc0, ttl 1, id 37630, offset 0, flags [DF], proto TCP (6), length 94) 192.168.53.113.44169 192.168.53.118.bgp: Flags [P.], cksum 0x4a46 (correct), seq 58:112, ack 73, win 16384, length 54: BGP, length: 54 Update Message (2), length: 54 Origin (1), length: 1, Flags [T]: IGP 0x: 00 * AS Path (2), length: 4, Flags [T]: 23456 * 0x: 0201 5ba0 Next Hop (3), length: 4, Flags [T]: 192.168.53.113 0x: c0a8 3571 * AS4 Path (17), length: 6, Flags [OT]: 4 byte AS* 0x: 0201 0003 039c Updated routes: net/21 _Error notification :_ 17:26:04.531860 IP (tos 0xc0, ttl 1, id 61899, offset 0, flags [DF], proto TCP (6), length 68) 192.168.53.118.bgp 192.168.53.113.44169: Flags [P.], cksum 0xc800 (correct), seq 73:101, ack 112, win 16272, length 28: BGP, length: 28 *Notification Message (3), length: 28, UPDATE Message Error (3), subcode Malformed AS_PATH (11)* Regards, C�dric I think this is a config error, bgpd behaviour seems correct according to RFC 4893. To represent 4-octet AS numbers (which are not mapped from 2-octets) as 2-octet AS numbers in the AS path information encoded with 2-octet AS numbers, this document reserves a 2-octet AS number. We denote this special AS number as AS_TRANS for ease of description in the rest of this specification. This AS number is also placed in the My Autonomous System field of the OPEN message originated by a NEW BGP speaker, if the speaker does not have a (globally unique) 2-octet AS number. so, the rfc says: 1. in the OPEN you use either AS_TRANS or a unique other 16-bit AS number but, 2. in AS_PATH when talking to an old bgp speaker, you use AS_TRANS (*not* some other ASN) to replace any 32-bit ASN. additionally, whenever peers that handle 32-bit ASN talk to each other, they *always* use just AS_PATH (writing 32-bit ASNs in full), but when they talk to an old 16-bit-only peer, they *regenerate* AS_PATH as 16 bits by writing AS_TRANS in place of any 32-bit ASNs in the path - so even if you were allowed to use a number other than AS_TRANS in the (16-bit) path, that would be overwritten anyway when the update is received by another 32-bit speaker and then passed on to another 16-bit speaker. I think your options are: - ask the 16-bit-only peer to update
BGPD, filtering announced routes
Hi, We used to have two cisco routers for BGP, ans we changed for openbsd servers with bgpd. I'm looking for a feature that was simple on cisco : re-announce a learner subnet to a neighbor. In cisco, I had : router bgp MY_AS bgp router-id 46.226.x.x neighbor 46.18.x.x remote-as NEIGH1_AS neighbor 46.18.x.x description neigh1 address-family ipv4 neighbor 46.18.x.x activate neighbor 46.18.x.x route-map neigh1_voip_in in neighbor 46.18.x.x route-map neigh1_voip_out out route-map neigh1_voip_in permit 10 match ip address prefix-list neigh1_subnets_voip route-map neigh1_voip_in deny 100 match ip address prefix-list REFUSE_ALL route-map neigh1_voip_out permit 10 match ip address prefix-list voice_subnets set as-path prepend MY_AS route-map neigh1_voip_out deny 100 match ip address prefix-list REFUSE_ALL ip prefix-list voice_subnets seq 9 permit 91.213.x.x/24 le 32 == the subnet I want to redistribute to neigh1 ip prefix-list neigh1_subnets_voip seq 10 permit 46.18.x.x/26 le 32 == the subnet that neigh1 announces to me ip prefix-list REFUSE_ALL seq 10 permit 0.0.0.0/0 le 32 I'm trying to do the same thing with bgpd, but I can't find how. Any idea ? Thanks for your help. Regards, Cédric -- OCEANET --- [AGENCE DU MANS] 7, rue des Frênes ZAC de la Pointe 72190 SARGE LES LE MANS [t] +33 (0)2.43.50.26.50 [f] +33 (0)2.43.72.21.14 [AGENCE D'ANGERS] 5, rue Fleming Angers Technopole 49066 ANGERS [t] +33 (0)2.41.19.28.65 [f] +33 (0)2.52.19.22.00 http://www.oceanet.com http://www.oceanet-telecom.com
Re: BGPD, filtering announced routes
Thanks Gregory for your response, I will try that config. Regards, Cédric Le 27/08/2013 13:20, Gregory Edigarov a écrit : On 08/27/2013 01:11 PM, OCEANET - Cédric BASSAGET wrote: Hi, We used to have two cisco routers for BGP, ans we changed for openbsd servers with bgpd. I'm looking for a feature that was simple on cisco : re-announce a learner subnet to a neighbor. In cisco, I had : router bgp MY_AS bgp router-id 46.226.x.x neighbor 46.18.x.x remote-as NEIGH1_AS neighbor 46.18.x.x description neigh1 address-family ipv4 neighbor 46.18.x.x activate neighbor 46.18.x.x route-map neigh1_voip_in in neighbor 46.18.x.x route-map neigh1_voip_out out route-map neigh1_voip_in permit 10 match ip address prefix-list neigh1_subnets_voip route-map neigh1_voip_in deny 100 match ip address prefix-list REFUSE_ALL route-map neigh1_voip_out permit 10 match ip address prefix-list voice_subnets set as-path prepend MY_AS route-map neigh1_voip_out deny 100 match ip address prefix-list REFUSE_ALL ip prefix-list voice_subnets seq 9 permit 91.213.x.x/24 le 32 == the subnet I want to redistribute to neigh1 ip prefix-list neigh1_subnets_voip seq 10 permit 46.18.x.x/26 le 32 == the subnet that neigh1 announces to me ip prefix-list REFUSE_ALL seq 10 permit 0.0.0.0/0 le 32 I'm trying to do the same thing with bgpd, but I can't find how. Any idea ? like this: REFUSE_ALL= {} deny prefix $REFUSE_ALL allow from 46.18.x.x prefix 46.18.x.x/24 prefixlen = 32 allow to 46.18.x.x prefix 91.213.x.x/24 prefixlen = 32 set prepend-self 1 -- OCEANET --- [AGENCE DU MANS] 7, rue des Frênes ZAC de la Pointe 72190 SARGE LES LE MANS [t] +33 (0)2.43.50.26.50 [f] +33 (0)2.43.72.21.14 [AGENCE D'ANGERS] 5, rue Fleming Angers Technopole 49066 ANGERS [t] +33 (0)2.41.19.28.65 [f] +33 (0)2.52.19.22.00 http://www.oceanet.com http://www.oceanet-telecom.com
Re: openBGPd - 2/4byte AS prepend
Always working on my problem, if anybody can help me please. Here's a tcpdump of BGP exchanges between the neighbor (192.168.53.118) and me (192.168.53.113) : _Open from my neighbor, no 4 Byte AS capability :_ 17:26:04.529327 IP (tos 0xc0, ttl 1, id 16154, offset 0, flags [DF], proto TCP (6), length 79) 192.168.53.113.44169 192.168.53.118.bgp: Flags [P.], cksum 0x6e87 (correct), seq 687533061:687533100, ack 2368601536, win 16384, length 39: BGP, length: 39 Open Message (1), length: 39 Version 4, my AS 65426, Holdtime 20s, ID 46.226.128.1 Optional parameters, length: 10 Option Capabilities Advertisement (2), length: 8 Multiprotocol Extensions (1), length: 4 AFI IPv4 (1), SAFI Unicast (1) 0x: 0001 0001 _Open from me, 4 Byte AS capability :_ 17:26:04.530298 IP (tos 0xc0, ttl 1, id 61896, offset 0, flags [DF], proto TCP (6), length 93) 192.168.53.118.bgp 192.168.53.113.44169: Flags [P.], cksum 0x7ecf (correct), seq 1:54, ack 39, win 16345, length 53: BGP, length: 53 Open Message (1), length: 53 Version 4, my AS 35330, Holdtime 180s, ID 192.168.53.118 Optional parameters, length: 24 Option Capabilities Advertisement (2), length: 6 Multiprotocol Extensions (1), length: 4 AFI IPv4 (1), SAFI Unicast (1) 0x: 0001 0001 Option Capabilities Advertisement (2), length: 2 Route Refresh (Cisco) (128), length: 0 Option Capabilities Advertisement (2), length: 2 Route Refresh (2), length: 0 Option Capabilities Advertisement (2), length: 6 * 32-Bit AS Number (65), length: 4** ** 4 Byte AS 35330* 0x: 8a02 _Keepalives..._ 17:26:04.530350 IP (tos 0xc0, ttl 1, id 61897, offset 0, flags [DF], proto TCP (6), length 59) 192.168.53.118.bgp 192.168.53.113.44169: Flags [P.], cksum 0x320e (correct), seq 54:73, ack 39, win 16345, length 19: BGP, length: 19 Keepalive Message (4), length: 19 17:26:04.530479 IP (tos 0xc0, ttl 1, id 28050, offset 0, flags [DF], proto TCP (6), length 59) 192.168.53.113.44169 192.168.53.118.bgp: Flags [P.], cksum 0x31e7 (correct), seq 39:58, ack 73, win 16365, length 19: BGP, length: 19 Keepalive Message (4), length: 19 _Update :_ 17:26:04.530926 IP (tos 0xc0, ttl 1, id 37630, offset 0, flags [DF], proto TCP (6), length 94) 192.168.53.113.44169 192.168.53.118.bgp: Flags [P.], cksum 0x4a46 (correct), seq 58:112, ack 73, win 16384, length 54: BGP, length: 54 Update Message (2), length: 54 Origin (1), length: 1, Flags [T]: IGP 0x: 00 * AS Path (2), length: 4, Flags [T]: 23456 * 0x: 0201 5ba0 Next Hop (3), length: 4, Flags [T]: 192.168.53.113 0x: c0a8 3571 * AS4 Path (17), length: 6, Flags [OT]: 4 byte AS* 0x: 0201 0003 039c Updated routes: net/21 _Error notification :_ 17:26:04.531860 IP (tos 0xc0, ttl 1, id 61899, offset 0, flags [DF], proto TCP (6), length 68) 192.168.53.118.bgp 192.168.53.113.44169: Flags [P.], cksum 0xc800 (correct), seq 73:101, ack 112, win 16272, length 28: BGP, length: 28 *Notification Message (3), length: 28, UPDATE Message Error (3), subcode Malformed AS_PATH (11)* Regards, Cédric Le 30/07/2013 13:54, OCEANET - Cédric BASSAGET a écrit : So is my problem a configuration issue, a problem in openbgpd or just something that is undoable ? Regards, Cédric Le 30/07/2013 09:01, OCEANET - Cédric BASSAGET a écrit : Hello Claudio, I'm using AS 65426. This is the UPDATE message my bgpd sends to my neighbor : Update Message (2), length: 54 Origin (1), length: 1, Flags [T]: IGP 0x: 00 AS Path (2), length: 4, Flags [T]: 23456 0x: 0201 5ba0 Next Hop (3), length: 4, Flags [T]: 192.168.53.113 0x: c0a8 3571 AS4 Path (17), length: 6, Flags [OT]: 4 bytes AS 0x: 0201 0003 039c Updated routes: 46.226.x.x/21 Regards, Cédric Le 29/07/2013 23:37, Claudio Jeker a écrit : On Mon, Jul 29, 2013 at 09:33:55AM +0200, OCEANET - Cédric BASSAGET wrote: Hello, I'm trying to replace two cisco routers by two openBGPd routers. A have 3 neighbors, two with 4-bytes AS, and one which only supports 2-bytes AS for now. I have a 4-bytes AS too. So in my bgpd.conf, I have : ... AS my 4bytes a 2bytes AS network z.z.z.z/21 ... neighbor neighbor's ip address#a neighbor which supports 4 bytes AS { remote-as neighbor's AS set prepend-self 1 } ... neighbor neighbor's ip address#a neighbor which supports 2 bytes AS only { remote-as neighbor's AS set prepend-self 2 } ... My problem is that my second neighbor return this message : neighbor : received notification: error in UPDATE message, AS-Path unacceptable I think bgpd is trying to prepend
Re: openBGPd - 2/4byte AS prepend
Hello Claudio, I'm using AS 65426. This is the UPDATE message my bgpd sends to my neighbor : Update Message (2), length: 54 Origin (1), length: 1, Flags [T]: IGP 0x: 00 AS Path (2), length: 4, Flags [T]: 23456 0x: 0201 5ba0 Next Hop (3), length: 4, Flags [T]: 192.168.53.113 0x: c0a8 3571 AS4 Path (17), length: 6, Flags [OT]: 4 bytes AS 0x: 0201 0003 039c Updated routes: 46.226.x.x/21 Regards, Cédric Le 29/07/2013 23:37, Claudio Jeker a écrit : On Mon, Jul 29, 2013 at 09:33:55AM +0200, OCEANET - Cédric BASSAGET wrote: Hello, I'm trying to replace two cisco routers by two openBGPd routers. A have 3 neighbors, two with 4-bytes AS, and one which only supports 2-bytes AS for now. I have a 4-bytes AS too. So in my bgpd.conf, I have : ... AS my 4bytes a 2bytes AS network z.z.z.z/21 ... neighbor neighbor's ip address#a neighbor which supports 4 bytes AS { remote-as neighbor's AS set prepend-self 1 } ... neighbor neighbor's ip address#a neighbor which supports 2 bytes AS only { remote-as neighbor's AS set prepend-self 2 } ... My problem is that my second neighbor return this message : neighbor : received notification: error in UPDATE message, AS-Path unacceptable I think bgpd is trying to prepend the neighbor which does not support 4bytes AS with... a 4 bytes AS, due to the set prepend-self 2. Now, time for the questions : - Is it openBGPd's normal behavior ? - Is there a way to force prepending with the 2 bytes AS ? I saw announce as-4byte (yes|no) in manpage, is this option designed for that ? OpenBGPD will prepend with AS_TRANS (23456) if the system has a 4-byte AS. This comes from the fact that internally all AS_PATHes are 4-byte and we deflate the AS_PATH for those session that can only handle the 2-byte ones. Doing that causes all 4-byte AS nummbers to be replaced with AS_TRANS. What 2-byte AS are you using for the old connection? By default AS_TRANS would be used and then enforce neighbor-as would not trigger. -- OCEANET --- [AGENCE DU MANS] 7, rue des Frênes ZAC de la Pointe 72190 SARGE LES LE MANS [t] +33 (0)2.43.50.26.50 [f] +33 (0)2.43.72.21.14 [AGENCE D'ANGERS] 5, rue Fleming Angers Technopole 49066 ANGERS [t] +33 (0)2.41.19.28.65 [f] +33 (0)2.52.19.22.00 http://www.oceanet.com http://www.oceanet-telecom.com
Re: openBGPd - 2/4byte AS prepend
So is my problem a configuration issue, a problem in openbgpd or just something that is undoable ? Regards, Cédric Le 30/07/2013 09:01, OCEANET - Cédric BASSAGET a écrit : Hello Claudio, I'm using AS 65426. This is the UPDATE message my bgpd sends to my neighbor : Update Message (2), length: 54 Origin (1), length: 1, Flags [T]: IGP 0x: 00 AS Path (2), length: 4, Flags [T]: 23456 0x: 0201 5ba0 Next Hop (3), length: 4, Flags [T]: 192.168.53.113 0x: c0a8 3571 AS4 Path (17), length: 6, Flags [OT]: 4 bytes AS 0x: 0201 0003 039c Updated routes: 46.226.x.x/21 Regards, Cédric Le 29/07/2013 23:37, Claudio Jeker a écrit : On Mon, Jul 29, 2013 at 09:33:55AM +0200, OCEANET - Cédric BASSAGET wrote: Hello, I'm trying to replace two cisco routers by two openBGPd routers. A have 3 neighbors, two with 4-bytes AS, and one which only supports 2-bytes AS for now. I have a 4-bytes AS too. So in my bgpd.conf, I have : ... AS my 4bytes a 2bytes AS network z.z.z.z/21 ... neighbor neighbor's ip address#a neighbor which supports 4 bytes AS { remote-as neighbor's AS set prepend-self 1 } ... neighbor neighbor's ip address#a neighbor which supports 2 bytes AS only { remote-as neighbor's AS set prepend-self 2 } ... My problem is that my second neighbor return this message : neighbor : received notification: error in UPDATE message, AS-Path unacceptable I think bgpd is trying to prepend the neighbor which does not support 4bytes AS with... a 4 bytes AS, due to the set prepend-self 2. Now, time for the questions : - Is it openBGPd's normal behavior ? - Is there a way to force prepending with the 2 bytes AS ? I saw announce as-4byte (yes|no) in manpage, is this option designed for that ? OpenBGPD will prepend with AS_TRANS (23456) if the system has a 4-byte AS. This comes from the fact that internally all AS_PATHes are 4-byte and we deflate the AS_PATH for those session that can only handle the 2-byte ones. Doing that causes all 4-byte AS nummbers to be replaced with AS_TRANS. What 2-byte AS are you using for the old connection? By default AS_TRANS would be used and then enforce neighbor-as would not trigger. -- OCEANET --- [AGENCE DU MANS] 7, rue des Frênes ZAC de la Pointe 72190 SARGE LES LE MANS [t] +33 (0)2.43.50.26.50 [f] +33 (0)2.43.72.21.14 [AGENCE D'ANGERS] 5, rue Fleming Angers Technopole 49066 ANGERS [t] +33 (0)2.41.19.28.65 [f] +33 (0)2.52.19.22.00 http://www.oceanet.com http://www.oceanet-telecom.com -- OCEANET --- [AGENCE DU MANS] 7, rue des Frênes ZAC de la Pointe 72190 SARGE LES LE MANS [t] +33 (0)2.43.50.26.50 [f] +33 (0)2.43.72.21.14 [AGENCE D'ANGERS] 5, rue Fleming Angers Technopole 49066 ANGERS [t] +33 (0)2.41.19.28.65 [f] +33 (0)2.52.19.22.00 http://www.oceanet.com http://www.oceanet-telecom.com
openBGPd - 2/4byte AS prepend
Hello, I'm trying to replace two cisco routers by two openBGPd routers. A have 3 neighbors, two with 4-bytes AS, and one which only supports 2-bytes AS for now. I have a 4-bytes AS too. So in my bgpd.conf, I have : ... AS my 4bytes a 2bytes AS network z.z.z.z/21 ... neighbor neighbor's ip address#a neighbor which supports 4 bytes AS { remote-as neighbor's AS set prepend-self 1 } ... neighbor neighbor's ip address#a neighbor which supports 2 bytes AS only { remote-as neighbor's AS set prepend-self 2 } ... My problem is that my second neighbor return this message : neighbor : received notification: error in UPDATE message, AS-Path unacceptable I think bgpd is trying to prepend the neighbor which does not support 4bytes AS with... a 4 bytes AS, due to the set prepend-self 2. Now, time for the questions : - Is it openBGPd's normal behavior ? - Is there a way to force prepending with the 2 bytes AS ? I saw announce as-4byte (yes|no) in manpage, is this option designed for that ? Thanks for your replies. Regards, Cédric -- OCEANET --- [AGENCE DU MANS] 7, rue des Frênes ZAC de la Pointe 72190 SARGE LES LE MANS [t] +33 (0)2.43.50.26.50 [f] +33 (0)2.43.72.21.14 [AGENCE D'ANGERS] 5, rue Fleming Angers Technopole 49066 ANGERS [t] +33 (0)2.41.19.28.65 [f] +33 (0)2.52.19.22.00 http://www.oceanet.com http://www.oceanet-telecom.com
Re: openBGPd - 2/4byte AS prepend
Still working on my problem. When doing a tcpdumpc apture of bgp UPDATE messages sent to neighbor 2 (2-bytes AS), I still have /Update Message (2), length: 54// // Origin (1), length: 1, Flags [T]: IGP// //0x: 00// // AS Path (2), length: 4, Flags [T]: *23456 *// //0x: 0201 5ba0// // Next Hop (3), length: 4, Flags [T]: 192.168.x.x// //0x: c0a8 3571// // AS4 Path (17), length: 6, Flags [OT]: my 4bytes AS// //0x: 0201 0003 039c// // Updated routes:// //46.226.x.x/21// / Why is AS 23456 still here ? Shouldn't it be replaced with my 2bytes AS ? Regards, Cédric Le 29/07/2013 09:33, OCEANET - Cédric BASSAGET a écrit : Hello, I'm trying to replace two cisco routers by two openBGPd routers. A have 3 neighbors, two with 4-bytes AS, and one which only supports 2-bytes AS for now. I have a 4-bytes AS too. So in my bgpd.conf, I have : ... AS my 4bytes a 2bytes AS network z.z.z.z/21 ... neighbor neighbor's ip address#a neighbor which supports 4 bytes AS { remote-as neighbor's AS set prepend-self 1 } ... neighbor neighbor's ip address#a neighbor which supports 2 bytes AS only { remote-as neighbor's AS set prepend-self 2 } ... My problem is that my second neighbor return this message : neighbor : received notification: error in UPDATE message, AS-Path unacceptable I think bgpd is trying to prepend the neighbor which does not support 4bytes AS with... a 4 bytes AS, due to the set prepend-self 2. Now, time for the questions : - Is it openBGPd's normal behavior ? - Is there a way to force prepending with the 2 bytes AS ? I saw announce as-4byte (yes|no) in manpage, is this option designed for that ? Thanks for your replies. Regards, Cédric -- OCEANET --- [AGENCE DU MANS] 7, rue des Frênes ZAC de la Pointe 72190 SARGE LES LE MANS [t] +33 (0)2.43.50.26.50 [f] +33 (0)2.43.72.21.14 [AGENCE D'ANGERS] 5, rue Fleming Angers Technopole 49066 ANGERS [t] +33 (0)2.41.19.28.65 [f] +33 (0)2.52.19.22.00 http://www.oceanet.com http://www.oceanet-telecom.com -- OCEANET --- [AGENCE DU MANS] 7, rue des Frênes ZAC de la Pointe 72190 SARGE LES LE MANS [t] +33 (0)2.43.50.26.50 [f] +33 (0)2.43.72.21.14 [AGENCE D'ANGERS] 5, rue Fleming Angers Technopole 49066 ANGERS [t] +33 (0)2.41.19.28.65 [f] +33 (0)2.52.19.22.00 http://www.oceanet.com http://www.oceanet-telecom.com