-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BGP4MP_ET parsing errors #9
Comments
The issue is that these update messages were sent by an AddPath-enabled peer. Looks like FRR behaviour (which is hard-coded to enable add-path RX, but doesn't support writing update files in the appropriate format). I'm looking into what can be done about this. |
@spakka Thanks for looking into this. |
Hi, RouteViews uses FRR as their BGP daemon. Unfortunately, the FRR BGP daemon supports BGP ADD-PATH (RFC 7911) but does not support add-path encodings in MRT (RFC 8050). Additionally, FRR does not provide a way to disable BGP add-path RX. So any peer that decides to negotiate add-path TX with us will start sending add-path encoded routes. I've submitted a PR to the project to address this (FRRouting/frr#8066), which has been accepted and merged. However, this patch won't be available in an FRR release until 7.7 which should be available this summer. I'll start an Issue on the FRR github project for disabling add-path RX. |
|
Do the RIPE RIS daemons support AddPath? Anecdotally, I haven't seen any mrt files that have paths with path identifiers. |
I am sure the issue is still there for existing MRT files. I am investigating this issue for my Rust-based parser and hopefully can come up with a workaround soon (potentially hacky too, since it's not conforming to standards). You can track my progress here if you're interested: bgpkit/bgpkit-parser#31
I have not seen any of such MRT files either. It would be great to have some example MRT files so that we could test parsers against some real-world data. @spakka I am wondering if you guys have figured out some solutions on this yet? Thanks in advance! |
I guess you mean valid files since we obviously have the malformed RouteViews files as an example. Given an MRT record is there a way to make a good educated guess as to whether it contains an malformed AddPath record, then try to parse it as such? The invalid NLRI is a dead giveaway, but could it be valid but incorrect? |
So far what I'd seen is:
Given the inconsistencies seen here between the live data available, it does look like it may be worthwhile to implement more intelligent parsing in BGPdump, rather than just assuming the type code is correct. It might be possible to guess this by doing maths using the total packet length and determine whether the NLRI length computes correctly in the add-path and in the non-add-path case, to determine the correct type.
Yes it can be valid but incorrect :) The problem is that the add-path ID is placed before the existing NLRI; at that place, the parser would normally expect to find the prefix-length - which then defines how many bytes it should consume for the rest of the packet. In IPv4, one can differentiate because the possible lengths of the NLRI are between 2 and 5 octets without add-path, and between 6 and 9 octets with add-path. But one can construct an IPv6 prefix that could be encoded either way, because there is an overlap in the possible lengths of the NLRI - between 1 and 17 octets without add-path, and between 5 and 21 octets with add-path. e.g. in the following IPv6 case:
This could be either: One needs to know the original encoding intention of the BGP speaker (signalled using the MRT type codes) to understand which one is correct |
Thanks for the detailed reply! Your discussion on IPv4 and IPv6 is very enlightening! On the topic of detecting add-path, I am now convinced that detecting IPv4 can be implemented for sure, and IPv6 remains tricky to handle just as you documented. I am curious whether BGP Open messages expresses the add-path capability or not. I read from CAIDA/libparsebgp#22 that at least in BMP the add-path capability is advertised in the Open message. If the same is also true for regular updates MRT, then I think it is theoretically possible to go back in time far enough to find the peer's corresponding Open message and make assumptions about the follow-up messages accordingly. |
You can try go back to look for the OPEN message as it contains the capabilities. However, note that add-path is negotiated in both directions. For your peer to send you add-path, they must advertise capability add-path-tx and you must advertise capability add-path-rx. It depends if the BGP implementation that produced the MRT file is either recording both the sent and the received OPEN message, or otherwise if the capabilities are known somehow else. For example, with the corrupted files that started this discussion, we know that FRR was advertising add-path-rx (because it is hard-coded to do so). Therefore if the peer advertised capability add-path-tx, then you know the peers messages are add-path-encoded. This may be true just now, but @dteach-rv also submitted an Issue to allow add-path-rx to be disabled in FRR - so this assumption may not always be true. RFC6396 (MRT format) allows for representing of the outgoing messages from the route collectors, using type Also note that the add-path negotiation is per-session and also per-AFI/SAFI so one could make a multiproto session over IPv6 where the IPv4 updates are add-path and the IPv6 are not - and it may change the next time the session goes up or down. So you would need to build a session uptime database to know what capabilities were in use at any time. (RIPE RIS's internal implementation used to do exactly this, for tracking AS2/AS4 capabilities on a per-session basis - but I don't know if it still works like that!) |
Hi there, I'm pretty confident that the OPEN messages are not captured/dumped by the bgp_dump hook. The add-path-rx disable knob was introduced in FRR 8.1 IIRC. Either way, it's not a version of FRR that we are running quite yet. But it's on the backlog. As a rule, we only accept AFI/SAFI sessions that match the underlying transit. So no v6 AFI/SAFI over a v4 session, etc. We've discussed a fixup script that would just remove the add-path encoded updates from the MRT updates files, but no progress has been made there. For now, we have an audit script that runs against the collectors to detect if add-path-tx has been negotiated by the peer. At that point, manual intervention is taken to shut down the session and alert the peer. It's a moving target, but with 900+ BGP peers, it's the best we can do until we upgrade FRR on the collectors :). |
This might be difficult to implement too. The NLRI block only has the length for all prefixes in the block, and for each block, one will have to read to know how many bytes it contains. As a result, the parser actually can't know how many bytes per-prefix entry inside an NLRI block has. I have a workaround (see this PR) that could resolve this issue (mostly).
The parsing results with this patch is included here (the MRT file in question is also included): In summary, with this patch, I don't see any
|
Hi bgpdump maintainers,
I ran into some weird issues while parsing a RouteViews MRT file.
The file in question is
http://routeviews.org/route-views3/bgpdata/2021.04/UPDATES/updates.20210416.1515.bz2
.I'm using the latest bgpdump (commit bd89016) with the following switches:
-v
,-m
,-p
. It looks as if the file contains prefixes that don't make any sense. Here are a few examples:...and many more
Note the corrupt NLRI -
250.0.0.0/208
,0.0.0.0/238
,160.0.0.0/160
,80.0.0.0/127
Is this a bgpdump bug? A corrupt file? Something else?
And just to make sure we're talking about the same file, here's its hash:
The text was updated successfully, but these errors were encountered: