4 byte ASNs through OpenBGPd to old Cisco IOS

Mike_Hammett · September 23, 2015, 8:37pm

Our IX's route servers run OpenBGPd 5.5. We are having a problem with a new customer getting turned up. He's getting back invalid or corrupt AS Path errors. There's a network on the IX that has a four byte ASN. They're running IOS 12.4.(15)T and is asking me if we support RFC 4893 which appears to be the 32 bit ASN specification altogether. They specifically highlighted this section:

Two new attributes, AS4_PATH and AS4_AGGREGATOR, are introduced that can be used to propagate four-octet based AS path information across BGP speakers that do not support the four-octet AS numbers.

Do any of you have any useful input other than they need to upgrade their IOS to something newer than 4.5 years old?

Nick_Hilliard3 · September 23, 2015, 9:01pm

12.4.(15)T is known to be affected by a variety of security problems, for
which cisco TAC will provide free upgrades - assuming they are available
for that platform. This is regardless of the support situation for the device.

Perhaps if they fixed their security problems with an upgrade, the newer
software image might be more tolerant to strange asn32 attributes?

Nick

Simon_Lockhart1 · September 23, 2015, 9:04pm

I recently went through a very similar issue, and was convinced it was related
to 32 bit ASNs.

Are they seeing this error?
Sep 1 08:40:41.506 UTC: %BGP-3-NOTIFICATION: sent to neighbor xxx.xxx.xxx.xxx 3/11 (invalid or corrupt AS path) 11 bytes 40020802 033C3424 580097

If so, have they configured "no bgp enforce-first-as" in their BGP router
config?

Simon

R_Irving · September 23, 2015, 9:19pm

They did, and it now formed peering with the RSD.

Thanks!

12.4.(24)T is the first version from that IOS train that natively supports 4 byte ASN's.

We can upgrade at a more convenient time and date.

Mike_Hammett · September 23, 2015, 9:20pm

Fearing you might be on here, I tried to be fairly non-offensive in my post.

R_Irving · September 23, 2015, 9:47pm

FWIW, I have single digit NANOG shirts in my closet...
of course, I couldn't /*fit* into them/... anymore.

It has been almos_t_ 20 years.....

Time flies.... eh ?

Seems like just yesterday Bill, John, I and /*Moses*/ were all having lunch in Denver.

;-)

Fearing you might be on here, I tried to be fairly non-offensive in my post.

-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

------------------------------------------------------------------------
*From: *"Richard Irving" <rirving@antient.org>
*To: *"Simon Lockhart" <simon@slimey.org>, "Mike Hammett" <nanog@ics-il.net>
*Cc: *"NANOG" <nanog@nanog.org>
*Sent: *Wednesday, September 23, 2015 4:19:23 PM
*Subject: *Re: 4 byte ASNs through OpenBGPd to old Cisco IOS

Typo.