Bad Peer AS with 4B AS issue
Hello, I have an issue with connectivity towards provider's router (out of my control). I setup BGP session as usual: protocol bgp [redacted] { local [redacted] as [redacted]; neighbor [redacted] as [redacted]; ipv4 { table bgp; next hop self; import filter bgp_in; export filter bgp_out; }; } I think worth mentioning is that I have 4B AS whilst my peer has 2B AS. All I get is this error: BGP state: Idle Neighbor address: [redacted] Neighbor AS: [redacted] Error wait: 48.720/60 Last error: Received: Bad peer AS I checked pcap dumps and they seem reasonable. BIRD open is followed by peer OPEN with piggybacked NOTIFICATION message. Based on MAC address my peer is Juniper, but that is just my guess. I am running BIRD 2.0.2 (unfortunately straightforward upgrade is not exactly possible). Anyone bumped into similiar issue or can give me any pointers? Best regards, Łukasz Jarosz
On Wed, Jun 14, 2023 at 12:20:37PM +0200, Łukasz Jarosz wrote:
I think worth mentioning is that I have 4B AS whilst my peer has 2B AS. All I get is this error:
I checked pcap dumps and they seem reasonable. BIRD open is followed by peer OPEN with piggybacked NOTIFICATION message.
Based on MAC address my peer is Juniper, but that is just my guess.
It is possible that the peer is so old that it does not support 4B ASN extension? Or isn't the peer just misconfigured, expecting different ASN? In logs, aren't there some value in 'Bad peer AS' message after colon (like 'Bad peer AS: XYZ')? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
I highly doubt that, but their NOC is not exactly helpful on the matter. They say that peer is configured for my ASN, but as I said router is out of my control. Nothing else, just Bad peer AS. I hope screenshot was not cut, but in case tshark dump below: BIRD initiation: Border Gateway Protocol - OPEN Message Marker: ffffffffffffffffffffffffffffffff Length: 51 Type: OPEN Message (1) Version: 4 My AS: 23456 (AS_TRANS) Hold Time: 240 BGP Identifier: [redacted] Optional Parameters Length: 22 Optional Parameters Optional Parameter: Capability Parameter Type: Capability (2) Parameter Length: 20 Capability: Multiprotocol extensions capability Type: Multiprotocol extensions capability (1) Length: 4 AFI: IPv4 (1) Reserved: 00 SAFI: Unicast (1) Capability: Route refresh capability Type: Route refresh capability (2) Length: 0 Capability: Graceful Restart capability Type: Graceful Restart capability (64) Length: 2 [Expert Info (Chat/Request): Graceful Restart Capability supported in Helper mode only] [Graceful Restart Capability supported in Helper mode only] [Severity level: Chat] [Group: Request] Restart Timers: 0x0078 0... .... .... .... = Restart state: No .0.. .... .... .... = Graceful notification: No .... 0000 0111 1000 = Time: 120 Capability: Support for 4-octet AS number capability Type: Support for 4-octet AS number capability (65) Length: 4 AS Number: [redacted 6-digits] Capability: Enhanced route refresh capability Type: Enhanced route refresh capability (70) Length: 0 PEER response: Border Gateway Protocol - OPEN Message Marker: ffffffffffffffffffffffffffffffff Length: 63 Type: OPEN Message (1) Version: 4 My AS: [redacted 4 digits] Hold Time: 90 BGP Identifier: [redacted] Optional Parameters Length: 34 Optional Parameters Optional Parameter: Capability Parameter Type: Capability (2) Parameter Length: 6 Capability: Multiprotocol extensions capability Type: Multiprotocol extensions capability (1) Length: 4 AFI: IPv4 (1) Reserved: 00 SAFI: Unicast (1) Optional Parameter: Capability Parameter Type: Capability (2) Parameter Length: 2 Capability: Route refresh capability (Cisco) Type: Route refresh capability (Cisco) (128) Length: 0 Optional Parameter: Capability Parameter Type: Capability (2) Parameter Length: 2 Capability: Route refresh capability Type: Route refresh capability (2) Length: 0 Optional Parameter: Capability Parameter Type: Capability (2) Parameter Length: 4 Capability: Graceful Restart capability Type: Graceful Restart capability (64) Length: 2 [Expert Info (Chat/Request): Graceful Restart Capability supported in Helper mode only] [Graceful Restart Capability supported in Helper mode only] [Severity level: Chat] [Group: Request] Restart Timers: 0x4078, Graceful notification 0... .... .... .... = Restart state: No .1.. .... .... .... = Graceful notification: Yes .... 0000 0111 1000 = Time: 120 Optional Parameter: Capability Parameter Type: Capability (2) Parameter Length: 6 Capability: Support for 4-octet AS number capability Type: Support for 4-octet AS number capability (65) Length: 4 AS Number: [redacted 4 digits] Optional Parameter: Capability Parameter Type: Capability (2) Parameter Length: 2 Capability: Long-Lived Graceful Restart (LLGR) Capability Type: Long-Lived Graceful Restart (LLGR) Capability (71) Length: 0 Border Gateway Protocol - NOTIFICATION Message Marker: ffffffffffffffffffffffffffffffff Length: 21 Type: NOTIFICATION Message (3) Major error Code: OPEN Message Error (2) Minor error Code (Open Message): Bad Peer AS (2) Best regards, Łukasz Jarosz On cze 14 2023, at 2:40 pm, Ondrej Zajicek <santiago@crfreenet.org> wrote:
On Wed, Jun 14, 2023 at 12:20:37PM +0200, Łukasz Jarosz wrote:
I think worth mentioning is that I have 4B AS whilst my peer has 2B AS. All I get is this error:
I checked pcap dumps and they seem reasonable. BIRD open is followed by peer OPEN with piggybacked NOTIFICATION message.
Based on MAC address my peer is Juniper, but that is just my guess.
It is possible that the peer is so old that it does not support 4B ASN extension? Or isn't the peer just misconfigured, expecting different ASN? In logs, aren't there some value in 'Bad peer AS' message after colon (like 'Bad peer AS: XYZ')?
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
On Wed, Jun 14, 2023 at 05:29:41PM +0200, Łukasz Jarosz wrote:
I highly doubt that, but their NOC is not exactly helpful on the matter.
They say that peer is configured for my ASN, but as I said router is out of my control. Nothing else, just Bad peer AS. I hope screenshot was not cut, but in case tshark dump below: BIRD initiation:
From tha output 4B ASN are supported, so i cannot imagine anything other than misconfigured peer.
-- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (2)
-
Ondrej Zajicek -
Łukasz Jarosz