RE: BGP Wrong AS

From: Han Ghee Chia (han_ghee@yahoo.com.sg)
Date: Tue Jun 28 2005 - 23:46:02 GMT-3

No. The remote router will report that your AS is wrong but it will NOT tell you what it was expecting.
 
That's from what I see from the debug messages and what I understand about the OPEN and NOTIFICATION messages of BGP.
 
Kindly correct me if you think I'm wrong.
 
Thanks
Han Ghee

Lee Donald <Lee.Donald@t-systems.co.uk> wrote:
Not sure I understand that Han.

Debug ip bgp will give me the messages from the remote router reporting my
AS is wrong and telling me what it was expecting.

Yes ?

Regards

Lee.

-----Original Message-----
From: Han Ghee Chia [mailto:han_ghee@yahoo.com.sg]
Sent: 28 June 2005 01:54
To: ccielab@groupstudy.com
Subject: RE: BGP Wrong AS

Hi Lee,

"debug ip bgp" will provide one with the AS that is being expected by the
LOCAL router, versus what it actually see in the OPEN message from its peer.

"debug ip bgp" will show the REMOTE router's AS number if the LOCAL router
got its peer remote-as number wrong.

If the REMOTE router is configured with a wrong remote-as number for its
peer, it will NOT be shown in the LOCAL router's "debug ip bgp" messages.

I think, the above is different from what you wrote that "the debug ip bgp
will provide you with the AS that is being expected by your peer". Hope I
didn't got your meaning wrong.

Regards
Han Ghee

Lee Donald wrote:
Yes, the debug ip bgp will provide you with the AS that is being expected by
your peer. There is no conversion to do.

I don't know which would be reported first, the password or the wrong AS but
they are both reported in the debug. Once you got one, you'd have to get the
other.

Regards

Lee.

-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: 27 June 2005 12:24
To: 'Lee Donald'; 'Han Ghee Chia'; ccielab@groupstudy.com
Subject: RE: BGP Wrong AS

Hey guys,

Since we're talking about this anyway, let's take it to the extreme.

Suppose, in the lab, you had to ebgp peer your router to the backbone router
but you're not told what AS the backbone router is in.

Could debug ip bgp be used to figure out the AS of the backbone?

If so, what would we look for in the debug output and would we have to
translate from hex?

Also, suppose we could use the debug output to determine the AS of the
remote peer, if the peering were protected by a password, would we still be
able to determine what the remote AS was?

Tim

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Lee
Donald
Sent: Monday, June 27, 2005 6:07 AM
To: Han Ghee Chia; ccielab@groupstudy.com
Subject: RE: BGP Wrong AS

That's weird.
I'm going to try it a couple of ways round.

Thanks.

Lee.

-----Original Message-----
From: Han Ghee Chia [mailto:han_ghee@yahoo.com.sg]
Sent: 27 June 2005 10:52
To: ccielab@groupstudy.com
Subject: RE: BGP Wrong AS

Hi Lee,

May I know if you are referring to a debug output as follows: -

" BGP: 2.2.2.2 bad OPEN, remote AS is 3, expected 2"

I just did a simple test, and I got the above output using "debug ip bgp",
however there is a difference between what both routers see: -

For e.g.

R1 is in AS 1, thinks that R2 is in AS 2
R2 is in AS 3, thinks that R1 is in AS 1 (which is correct)

R1 with see this message,
" BGP: 2.2.2.2 bad OPEN, remote AS is 3, expected 2"

But R2, will only see these 2 messages,
BGP: 1.1.1.1 rcv message type 3, length (excl. header) 4
%BGP-3-NOTIFICATION: received from neighbor 1.1.1.1 2/2 (peer in wrong AS) 2
bytes 0003

From my understanding on the BGP connection process, a NOTIFICATION message
will be sent whenever there is an error. In this case, R2 receives the
NOTIFICATION message from R1 about it being in the wrong AS. And the
message length is 4 bytes - 1 byte for error, 1 byte for error subcode, 2
byte for the AS number that is wrong.

Therefore, I think the only way to find out the correct AS number from your
end, is to ask the remote administrator.

Anyone has a better way ? Please kindly enlighten us. :-)

Regards
Han Ghee

Lee Donald wrote:
Hi Kieren,

That's seems to be on by default. I'm logging to the console so I should see
it but not.

Any other ideas ?

-----Original Message-----
From: k carter [mailto:kieren.carter@postremo.co.uk]
Sent: 27 June 2005 10:43
To: 'Lee Donald'
Subject: RE: BGP Wrong AS

Hi Lee,

Have you tried enabling "bgp log-neighbor-changes" under the BGP routing
process (don't forget to consider where the logging information is being
sent too)?

Cheers

Kieren

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Lee Donald
Sent: Monday, June 27, 2005 10:19 AM
To: James Yeo; Lee Donald; ccielab@groupstudy.com
Subject: RE: BGP Wrong AS

James,

I'm afraid you are wrong. I've seen it done a few times on courses and
even
used it before, but just can't remember it.

It says something like " AS sent 100, expected AS 254" or something like
that.

Regards

Lee.

-----Original Message-----
From: James Yeo [mailto:James.Yeo@arivia.co.za]
Sent: 27 June 2005 10:11
To: Lee Donald
Subject: RE: BGP Wrong AS

Lee,

They "IBM" would need to tell you there AS. Must be registered and if
you are forming proper Neighborships then you would need this from there
IT department.

When establishing neighbors you cannot debug and pick up the AS unless
you sniff the port for TCP traffic. I may be wrong though as this is a
security feature.

Hope that helps

James

-----Original Message-----
From: Lee Donald [mailto:Lee.Donald@t-systems.co.uk]
Sent: Monday, June 27, 2005 11:12 AM
To: James Yeo; Lee Donald; ccielab@groupstudy.com
Subject: RE: BGP Wrong AS

James,

How would that tell me what AS is expected?

Regards

Lee.

-----Original Message-----
From: James Yeo [mailto:James.Yeo@arivia.co.za]
Sent: 27 June 2005 10:05
To: Lee Donald
Subject: RE: BGP Wrong AS

Check your neighbor statement or Local-AS statement.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Lee Donald
Sent: Monday, June 27, 2005 10:48 AM
To: ccielab@groupstudy.com
Subject: BGP Wrong AS

I have a BGP Neighbour which is reporting that Ibm in the wrong AS but
I
canbt seem to find the debug that tells me exactly what AS it thinks
Ibm
in.
Can anybody tell me?

Thanks.

Regards

Lee Donald.

Technical Design Architect

CCIE w /CCNP/ CCDP/MCSE/MCNE.

T-Systems Ltd

Turnberry House, Caldecotte Lake Drive,

Milton Keynes. MK7 8LE

Direct Line: + 44 (0) 1908 279648

Switchboard: + 44 (0) 1908 279500

Mobile: + 44 (0) 7903 407601

E-mail: Lee.Donald@t-systems.co.uk

Internet: www.t-systems.co.uk

About T-Systems
T-Systems is one of Europe's leading providers of information and
communications technology (ICT). Within the Deutsche Telekom Group,
T-Systems is responsible for supporting the business customer segment,
ranging from medium-sized companies to multinational corporations and
public
sector groups. The company has 51,000 employees in more than 20
countries
worldwide and posted revenues of nearly b,13 billion in 2004. T-Systems
cuts
costs for its customers by combining its systems and process expertise
and
cutting-edge IT and telecommunications technologies to deliver business
value and flexibility.

NOTE: This message is intended exclusively for the individual(s) to whom
it
is addressed and may contain information that is privileged or
confidential.
If you are not the addressee, you must not forward, use, store or
disclose
the contents of this email. You should advise the sender that you have
received this email in error and immediately delete it and destroy any
hard
copies of it. While the sender has taken every reasonable precaution to
ensure that this e-mail is virus free, they cannot accept liability for
any
damage sustained as a result of any virus and would advise that you
carry
out your own virus checks before opening any attachment/s. Furthermore,
any
views expressed in this message are those of the sender and are made in
confidence and without prejudice.

_____

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:45 GMT-3