[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Re: OpenBGPD Flaps, 32bit ASn in the wild.
From:       Claudio Jeker <cjeker () diehard ! n-r-g ! com>
Date:       2008-12-10 22:32:05
Message-ID: 20081210223204.GB20490 () diehard ! n-r-g ! com
[Download RAW message or body]

On Wed, Dec 10, 2008 at 04:47:31PM -0500, Ted Unangst wrote:
> On Wed, Dec 10, 2008 at 4:38 PM, Claudio Jeker <cjeker@diehard.n-r-g.com> wrote:
> > I looked at the porblem and I'm currently unsure what the best way is to
> > handle such bad AS4_* attributes. The RFC in all its glory does not
> > mention how to handle errors. So at the moment I'm in favor of just
> > dropping/ignoring the bad optional attribute but I need to recheck with
> > the BGP RFC to see if this is valid. Another solution is to ignore the
> > full update but I have a bad feeling about that.
> 
> Can you ignore just the route with the bad attribute?  We don't want
> to propagate it more.
> 

The best thing we can do is to mark the update as ineligible so it will
not propaget further and will not be used but this is a quite radical
measure. On the other hand this is porbably the safest way to handle this
error.

Comments?
-- 
:wq Claudio

Index: rde.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.232
diff -u -p -r1.232 rde.c
--- rde.c	15 Jun 2008 10:03:46 -0000	1.232
+++ rde.c	10 Dec 2008 22:30:38 -0000
@@ -797,8 +797,10 @@ rde_update_dispatch(struct imsg *imsg)
 		/*
 		 * if either ATTR_NEW_AGGREGATOR or ATTR_NEW_ASPATH is present
 		 * try to fixup the attributes.
+		 * XXX do not fixup if F_ATTR_LOOP is set.
 		 */
-		if (asp->flags & F_ATTR_AS4BYTE_NEW)
+		if (asp->flags & F_ATTR_AS4BYTE_NEW &&
+		    !(asp->flags & F_ATTR_LOOP))
 			rde_as4byte_fixup(peer, asp);
 
 		/* enforce remote AS if requested */
@@ -1347,10 +1349,16 @@ bad_flags:
 		    ATTR_PARTIAL))
 			goto bad_flags;
 		if (aspath_verify(p, attr_len, 1) != 0) {
-			/* XXX draft does not specify how to handle errors */
-			rde_update_err(peer, ERR_UPDATE, ERR_UPD_ASPATH,
-			    NULL, 0);
-			return (-1);
+			/*
+			 * XXX RFC does not specify how to handle errors.
+			 * XXX Instead of dropping the session because of a
+			 * XXX bad path just mark the full update as not
+			 * XXX loop-free the update is no longer eligible and
+			 * XXX will not be considered for routing or
+			 * XXX redistribution. Something better is needed.
+			 */
+			a->flags |= F_ATTR_LOOP;
+			goto optattr;
 		}
 		a->flags |= F_ATTR_AS4BYTE_NEW;
 		goto optattr;

[prev in list] [next in list] [prev in thread] [next in thread]