bgpd crashes on long AS-path
I admin multipe openbgp servers for a handful of companies. On Monday (16th), I was notified that bgp had crashed on 4 out of the 8 machines. The bgpd crashed because it was being advertised a route with a long AS path ( 255). The incident was global, and more information can be found on the nanog thread :- http://www.merit.edu/mail.archives/nanog/msg15469.html It seems instances where peers advertise an invalid route like this are quite common. Unfortunately I can't see an option in openbgpd.conf to check the length of an AS and hence filter it out. Would it be possible to have functionality similar to Cisco IOS maxas limit, so I could filter the route? I can't rely on my upstreams to do the sanity check and it's fatal if the route hits openbgp. Thanks, Jules
Re: bgpd crashes on long AS-path
http://marc.info/?l=openbsd-cvsm=123490079821382w=2 looks like this might already be fixed. On Wed, Feb 18, 2009 at 12:06 PM, Jules Desforges ju...@jtel.co.uk wrote: I admin multipe openbgp servers for a handful of companies. On Monday (16th), I was notified that bgp had crashed on 4 out of the 8 machines. The bgpd crashed because it was being advertised a route with a long AS path ( 255). The incident was global, and more information can be found on the nanog thread :- http://www.merit.edu/mail.archives/nanog/msg15469.html It seems instances where peers advertise an invalid route like this are quite common. Unfortunately I can't see an option in openbgpd.conf to check the length of an AS and hence filter it out. Would it be possible to have functionality similar to Cisco IOS maxas limit, so I could filter the route? I can't rely on my upstreams to do the sanity check and it's fatal if the route hits openbgp. Thanks, Jules -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: bgpd crashes on long AS-path
Jules Desforges wrote: I admin multipe openbgp servers for a handful of companies. On Monday (16th), I was notified that bgp had crashed on 4 out of the 8 machines. The bgpd crashed because it was being advertised a route with a long AS path ( 255). The incident was global, and more information can be found on the nanog thread :- May be, you should run current and there is yet an other fresh commit on the subject just done a few minutes ago: clau...@cvs.openbsd.org 2009/02/18 13:30:36 http://marc.info/?l=openbsd-cvsm=123498913126874w=2 Best, Daniel
Re: bgpd crashes on long AS-path
On Wed, Feb 18, 2009 at 03:38:11PM -0500, Daniel Ouellet wrote: May be, you should run current and there is yet an other fresh commit on the subject just done a few minutes ago: clau...@cvs.openbsd.org 2009/02/18 13:30:36 http://marc.info/?l=openbsd-cvsm=123498913126874w=2 Daniel, I believe there were commits for 4.3 and 4.4 -stable, so those are also valid options.
Re: bgpd crashes on long AS-path
Emilio Perea wrote: On Wed, Feb 18, 2009 at 03:38:11PM -0500, Daniel Ouellet wrote: May be, you should run current and there is yet an other fresh commit on the subject just done a few minutes ago: clau...@cvs.openbsd.org 2009/02/18 13:30:36 http://marc.info/?l=openbsd-cvsm=123498913126874w=2 Daniel, I believe there were commits for 4.3 and 4.4 -stable, so those are also valid options. Not saying it can't run stable. Everyone goes with their needs or what they fell comfortable with. There is a few new features I like in current and it's always good to test it too. (; We are almost at the 4.5 now anyway, so what's there is pretty much close to what will be release as stable with possible a few more additions. But you are right!
Re: bgpd crashes on long AS-path
On 2009-02-18, Jules Desforges ju...@jtel.co.uk wrote: On Monday (16th), I was notified that bgp had crashed on 4 out of the 8 machines. The bgpd crashed because it was being advertised a route with a long AS path ( 255). errata and patches have been issued for 4.3/4.4. 010: RELIABILITY FIX: February 18, 2009 All architectures bgpd(8) did not correctly prepend its own AS to very long AS paths, causing the process to terminate because of the resulting corrupt path. A source code patch exists which remedies this problem. ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/010_bgpd.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/010_bgpd.patch