RFC 9234 (BGP roles) possible bug
Hi, We ran BGP roles at 1000+ BGP sessions. About 0.5 - 1% of them affected by some issue. Probably all of them - Juniper with the old junos. Here is description: 1) Our device (Bird) sent BGP Open to the peers, with Capability: BGP Role Type: BGP Role (9) Length: 1 Unknown: 01 2) Some "broken?" peers respond with: Border Gateway Protocol - OPEN Message Marker: ffffffffffffffffffffffffffffffff Length: 29 Type: OPEN Message (1) Version: 4 My AS: xxxxx Hold Time: 90 BGP Identifier: 10.5.5.2 Optional Parameters Length: 0 Border Gateway Protocol - NOTIFICATION Message Marker: ffffffffffffffffffffffffffffffff Length: 21 Type: NOTIFICATION Message (3) Major error Code: Cease (6) Minor error Code (Cease): Connection Rejected (5) 3) After that, Bird genarates another packet: Border Gateway Protocol - NOTIFICATION Message Marker: ffffffffffffffffffffffffffffffff Length: 21 Type: NOTIFICATION Message (3) Major error Code: OPEN Message Error (2) Minor error Code (Open Message): Unknown (11) About stage 2) - peer (old junos) shouldn't generate such response due to === If a BGP speaker receives from its peer a capability that it does not itself support or recognize, it MUST ignore that capability. In particular, the Unsupported Capability NOTIFICATION message MUST NOT be generated and the BGP session MUST NOT be terminated in response to reception of a capability that is not supported by the local speaker. === At the same time, question to the stage 3) - why Bird gererate such message? + In the logs printed Error: Role mismatch (provider) Wbr, Mikhail.
On Thu, May 11, 2023 at 03:06:48PM +0300, Mikhail Grishin wrote:
Hi,
We ran BGP roles at 1000+ BGP sessions. About 0.5 - 1% of them affected by some issue. Probably all of them - Juniper with the old junos.
At the same time, question to the stage 3) - why Bird gererate such message? + In the logs printed Error: Role mismatch (provider)
Hi Yes, it is a bug in BIRD. When BGP capability option is parsed, the capability structure is initialized with the proper default value, but when there is no BGP capability option altogether (like in these case), the capability structure is just zeroed. Unfortunately, RFC 9234 is the only supported capability that has non-zero default value (0xff), zero is 'provider'. Will fix that. I am surprised that in 2023 there are still BGP routers not supporting / sending capabilities :-) . -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hi, Thanks. I'll also remind you the idea to show in Bird CLI not Last error: BGP Error: Role mismatch but Last error: BGP Error: Role mismatch (provider) In some of previous conversations you accepted it. Ondrej Zajicek пишет 11.05.2023 18:27:
In the logs printed Error: Role mismatch (provider) Hi
Yes, it is a bug in BIRD. When BGP capability option is parsed, the capability structure is initialized with the proper default value, but when there is no BGP capability option altogether (like in these case), the capability structure is just zeroed. Unfortunately, RFC 9234 is the only supported capability that has non-zero default value (0xff), zero is 'provider'. Will fix that.
I am surprised that in 2023 there are still BGP routers not supporting / sending capabilities :-) .
This conversation piqued my curiosity... P.S.: It's almost a fork on the topic, but maybe it could be a productive conversation. I apologize in advance if I mess up. Just for context: I'm not a programmer! I have some references of the concepts, but almost no practice in it. How does Bird load these possible attribute variations? In the specific case, where is it defined that 0 -> Provider, 1-> RS, 2 -> RS-Client, 3 -> Customer, 4 -> Peer, and etc...? Is this hardcoded in the source code? Is there any lib apart from where this is described that is loaded at binary initialization? The same question applies to other questions like BGP Message types, address families... Em sex., 12 de mai. de 2023 às 06:04, Mikhail Grishin <magr@ripn.net> escreveu:
Hi,
Thanks.
I'll also remind you the idea to show in Bird CLI not Last error: BGP Error: Role mismatch but Last error: BGP Error: Role mismatch (provider)
In some of previous conversations you accepted it.
Ondrej Zajicek пишет 11.05.2023 18:27:
In the logs printed Error: Role mismatch (provider) Hi
Yes, it is a bug in BIRD. When BGP capability option is parsed, the capability structure is initialized with the proper default value, but when there is no BGP capability option altogether (like in these case), the capability structure is just zeroed. Unfortunately, RFC 9234 is the only supported capability that has non-zero default value (0xff), zero is 'provider'. Will fix that.
I am surprised that in 2023 there are still BGP routers not supporting / sending capabilities :-) .
-- Douglas Fernando Fischer Engº de Controle e Automação
Hello! Yes, it's hardcoded, typically as a macro / constant definition. I don't see any good reason to have it outside BIRD. Maria On 12 May 2023 14:23:37 CEST, Douglas Fischer <fischerdouglas@gmail.com> wrote:
This conversation piqued my curiosity...
P.S.: It's almost a fork on the topic, but maybe it could be a productive conversation. I apologize in advance if I mess up.
Just for context: I'm not a programmer! I have some references of the concepts, but almost no practice in it.
How does Bird load these possible attribute variations? In the specific case, where is it defined that 0 -> Provider, 1-> RS, 2 -> RS-Client, 3 -> Customer, 4 -> Peer, and etc...? Is this hardcoded in the source code? Is there any lib apart from where this is described that is loaded at binary initialization?
The same question applies to other questions like BGP Message types, address families...
Em sex., 12 de mai. de 2023 às 06:04, Mikhail Grishin <magr@ripn.net> escreveu:
Hi,
Thanks.
I'll also remind you the idea to show in Bird CLI not Last error: BGP Error: Role mismatch but Last error: BGP Error: Role mismatch (provider)
In some of previous conversations you accepted it.
Ondrej Zajicek пишет 11.05.2023 18:27:
In the logs printed Error: Role mismatch (provider) Hi
Yes, it is a bug in BIRD. When BGP capability option is parsed, the capability structure is initialized with the proper default value, but when there is no BGP capability option altogether (like in these case), the capability structure is just zeroed. Unfortunately, RFC 9234 is the only supported capability that has non-zero default value (0xff), zero is 'provider'. Will fix that.
I am surprised that in 2023 there are still BGP routers not supporting / sending capabilities :-) .
-- Douglas Fernando Fischer Engº de Controle e Automação
On Thu, May 11, 2023 at 05:27:01PM +0200, Ondrej Zajicek wrote:
Hi
Yes, it is a bug in BIRD. When BGP capability option is parsed, the capability structure is initialized with the proper default value, but when there is no BGP capability option altogether (like in these case), the capability structure is just zeroed. Unfortunately, RFC 9234 is the only supported capability that has non-zero default value (0xff), zero is 'provider'. Will fix that.
Here is a patch: https://gitlab.nic.cz/labs/bird/-/commit/f8ba82804faba5cc1520d4545330502e29b... -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (4)
-
Douglas Fischer -
Maria Matejka -
Mikhail Grishin -
Ondrej Zajicek