Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1887
Views
0
Helpful
3
Replies

Cisco ASA BGP with BIRD peering

kerstin-534
Level 1
Level 1

‎09-17-2014 02:44 AM - edited ‎03-10-2019 12:28 PM

Hi,

have somebody experince with ASA 9.2 or 9.3 BGP implementation.  Cannot get it working with BIRD as peer.

Get an malformed AS_PATH

bird> show pro bgp2
name     proto    table    state  since       info
bgp2     BGP      master   start  11:26:26    Idle          BGP Error: Malformed AS_PATH

 

protocol bgp bgp2 {
        description "ISP";
        local as 35000;
        neighbor 192.168.0.12 as 15000;
        error wait time 9,16;
        debug all;
        keepalive time 20;
        hold time 60;
        password "cisco";
        export where source=RTS_STATIC;
        export where source=RTS_DEVICE;
}

 

 

ASA:

router bgp 15000
 bgp log-neighbor-changes
 address-family ipv4 unicast
  neighbor 192.168.0.8 remote-as 35000
  neighbor 192.168.0.8 password *****
  neighbor 192.168.0.8 version 4
  neighbor 192.168.0.8 activate
  neighbor 192.168.0.8 filter-list 1 out
  redistribute connected route-map isp-out
  no auto-summary
  no synchronization
 exit-address-family

 

Peering with BIRD works with IOS

 

Feedback appreciated.

 

br Fritz

 

 

Labels:
0 Helpful
3 Replies 3

Akash Agrawal
Cisco Employee
Cisco Employee

‎09-18-2014 01:20 PM

from RFC 4271

 The AS_PATH attribute is checked for syntactic correctness.  If the
   path is syntactically incorrect, then the Error Subcode MUST be set
   to Malformed AS_PATH.

   If the UPDATE message is received from an external peer, the local
   system MAY check whether the leftmost (with respect to the position
   of octets in the protocol message) AS in the AS_PATH attribute is
   equal to the autonomous system number of the peer that sent the
   message.  If the check determines this is not the case, the Error
   Subcode MUST be set to Malformed AS_PATH.

 

Please check if you can take wireshark capture or any debug which can tell why as-path is getting corrupted and to what value.

 

One similar case from google search

http://marc.info/?l=bird-users&m=124515982116091&w=2

 

Regards,

Akash

0 Helpful

kerstin-534
Level 1
Level 1
In response to Akash Agrawal

‎09-19-2014 12:25 AM

IOS uses 4 octet capability in the announcement and 4 octets (AS4) in the Update message.

This works

 

Internet Protocol Version 4, Src: 192.168.0.50 (192.168.0.50), Dst: 192.168.0.8 (192.168.0.8)
Transmission Control Protocol, Src Port: 33030 (33030), Dst Port: 179 (179), Seq: 3514092093, Ack: 3010016013, Len: 57
Border Gateway Protocol - OPEN Message
    Marker: ffffffffffffffffffffffffffffffff
    Length: 57
    Type: OPEN Message (1)
    Version: 4
    My AS: 20000
    Hold Time: 180
    BGP Identifier: 192.168.0.50 (192.168.0.50)
    Optional Parameters Length: 28
    Optional Parameters
        Optional Parameter: Capability
            Parameter Type: Capability (2)
            Parameter Length: 6
            Capability: Multiprotocol extensions capability
                Type: Multiprotocol extensions capability (1)
                Length: 4
                AFI: IPv4 (1)
                Reserved: 00
                SAFI: Unicast (1)
        Optional Parameter: Capability
            Parameter Type: Capability (2)
            Parameter Length: 2
            Capability: Route refresh capability
                Type: Route refresh capability (128)
                Length: 0
        Optional Parameter: Capability
            Parameter Type: Capability (2)
            Parameter Length: 2
            Capability: Route refresh capability
                Type: Route refresh capability (2)
                Length: 0
        Optional Parameter: Capability
            Parameter Type: Capability (2)
            Parameter Length: 2
            Capability: Enhanced route refresh capability
                Type: Enhanced route refresh capability (70)
                Length: 0
        Optional Parameter: Capability
            Parameter Type: Capability (2)
            Parameter Length: 6
            Capability: Support for 4-octet AS number capability
                Type: Support for 4-octet AS number capability (65)
                Length: 4
                AS Number: 20000

 

 

Internet Protocol Version 4, Src: 192.168.0.50 (192.168.0.50), Dst: 192.168.0.8 (192.168.0.8)
Transmission Control Protocol, Src Port: 33030 (33030), Dst Port: 179 (179), Seq: 3514092188, Ack: 3010016081, Len: 77
Border Gateway Protocol - UPDATE Message
    Marker: ffffffffffffffffffffffffffffffff
    Length: 54
    Type: UPDATE Message (2)
    Withdrawn Routes Length: 0
    Total Path Attribute Length: 27
    Path attributes
        Path Attribut - ORIGIN: INCOMPLETE
            Flags: 0x40: Well-known, Transitive, Complete
                0... .... = Optional: Well-known
                .1.. .... = Transitive: Transitive
                ..0. .... = Partial: Complete
                ...0 .... = Length: Regular length
            Type Code: ORIGIN (1)
            Length: 1
            Origin: INCOMPLETE (2)
        Path Attribut - AS_PATH: 20000 
            Flags: 0x40: Well-known, Transitive, Complete
                0... .... = Optional: Well-known
                .1.. .... = Transitive: Transitive
                ..0. .... = Partial: Complete
                ...0 .... = Length: Regular length
            Type Code: AS_PATH (2)
            Length: 6
            AS Path segment: 20000
                Segment type: AS_SEQUENCE (2)
                Segment length (number of ASN): 1
                AS4: 20000
        Path Attribut - NEXT_HOP: 192.168.0.50 
            Flags: 0x40: Well-known, Transitive, Complete
                0... .... = Optional: Well-known
                .1.. .... = Transitive: Transitive
                ..0. .... = Partial: Complete
                ...0 .... = Length: Regular length
            Type Code: NEXT_HOP (3)
            Length: 4
            Next hop: 192.168.0.50 (192.168.0.50)
        Path Attribut - MULTI_EXIT_DISC: 0
            Flags: 0x80: Optional, Non-transitive, Complete
                1... .... = Optional: Optional
                .0.. .... = Transitive: Non-transitive
                ..0. .... = Partial: Complete
                ...0 .... = Length: Regular length
            Type Code: MULTI_EXIT_DISC (4)
            Length: 4
            Multiple exit discriminator: 0
    Network Layer Reachability Information (NLRI)
        20.20.0.0/22
            NLRI prefix length: 22
            NLRI prefix: 20.20.0.0 (20.20.0.0)
Border Gateway Protocol - UPDATE Message
    Marker: ffffffffffffffffffffffffffffffff
    Length: 23
    Type: UPDATE Message (2)
    Withdrawn Routes Length: 0
    Total Path Attribute Length: 0

 

 

0 Helpful

kerstin-534
Level 1
Level 1
In response to Akash Agrawal

‎09-19-2014 12:32 AM

ASA anounce 4 Octet capability for AS numbers and 4 byte AS in OPEN message.

ASA uses AS2 attribute in Updates

this works not

Cisco Adaptive Security Appliance Software Version 9.2(2)4

 

 

Internet Protocol Version 4, Src: 192.168.0.12 (192.168.0.12), Dst: 192.168.0.8 (192.168.0.8)
Transmission Control Protocol, Src Port: 179 (179), Dst Port: 46026 (46026), Seq: 364474835, Ack: 3117933697, Len: 53
Border Gateway Protocol - OPEN Message
    Marker: ffffffffffffffffffffffffffffffff
    Length: 53
    Type: OPEN Message (1)
    Version: 4
    My AS: 15000
    Hold Time: 180
    BGP Identifier: 192.168.2.12 (192.168.2.12)
    Optional Parameters Length: 24
    Optional Parameters
        Optional Parameter: Capability
            Parameter Type: Capability (2)
            Parameter Length: 6
            Capability: Multiprotocol extensions capability
                Type: Multiprotocol extensions capability (1)
                Length: 4
                AFI: IPv4 (1)
                Reserved: 00
                SAFI: Unicast (1)
        Optional Parameter: Capability
            Parameter Type: Capability (2)
            Parameter Length: 2
            Capability: Route refresh capability
                Type: Route refresh capability (128)
                Length: 0
        Optional Parameter: Capability
            Parameter Type: Capability (2)
            Parameter Length: 2
            Capability: Route refresh capability
                Type: Route refresh capability (2)
                Length: 0
        Optional Parameter: Capability
            Parameter Type: Capability (2)
            Parameter Length: 6
            Capability: Support for 4-octet AS number capability
                Type: Support for 4-octet AS number capability (65)
                Length: 4
                AS Number: 15000

 

 

 

Internet Protocol Version 4, Src: 192.168.0.12 (192.168.0.12), Dst: 192.168.0.8 (192.168.0.8)
Transmission Control Protocol, Src Port: 179 (179), Dst Port: 46026 (46026), Seq: 364474926, Ack: 3117933739, Len: 75
Border Gateway Protocol - UPDATE Message
    Marker: ffffffffffffffffffffffffffffffff
    Length: 52
    Type: UPDATE Message (2)
    Withdrawn Routes Length: 0
    Total Path Attribute Length: 25
    Path attributes
        Path Attribut - ORIGIN: INCOMPLETE
            Flags: 0x40: Well-known, Transitive, Complete
                0... .... = Optional: Well-known
                .1.. .... = Transitive: Transitive
                ..0. .... = Partial: Complete
                ...0 .... = Length: Regular length
            Type Code: ORIGIN (1)
            Length: 1
            Origin: INCOMPLETE (2)
        Path Attribut - AS_PATH: 15000 
            Flags: 0x40: Well-known, Transitive, Complete
                0... .... = Optional: Well-known
                .1.. .... = Transitive: Transitive
                ..0. .... = Partial: Complete
                ...0 .... = Length: Regular length
            Type Code: AS_PATH (2)
            Length: 4
            AS Path segment: 15000
                Segment type: AS_SEQUENCE (2)
                Segment length (number of ASN): 1
                AS2: 15000
        Path Attribut - NEXT_HOP: 192.168.0.12 
            Flags: 0x40: Well-known, Transitive, Complete
                0... .... = Optional: Well-known
                .1.. .... = Transitive: Transitive
                ..0. .... = Partial: Complete
                ...0 .... = Length: Regular length
            Type Code: NEXT_HOP (3)
            Length: 4
            Next hop: 192.168.0.12 (192.168.0.12)
        Path Attribut - MULTI_EXIT_DISC: 0
            Flags: 0x80: Optional, Non-transitive, Complete
                1... .... = Optional: Optional
                .0.. .... = Transitive: Non-transitive
                ..0. .... = Partial: Complete
                ...0 .... = Length: Regular length
            Type Code: MULTI_EXIT_DISC (4)
            Length: 4
            Multiple exit discriminator: 0
    Network Layer Reachability Information (NLRI)
        192.168.1.0/24
            NLRI prefix length: 24
            NLRI prefix: 192.168.1.0 (192.168.1.0)
Border Gateway Protocol - UPDATE Message
    Marker: ffffffffffffffffffffffffffffffff
    Length: 23
    Type: UPDATE Message (2)
    Withdrawn Routes Length: 0
    Total Path Attribute Length: 0

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card