Inyectando rutas BGP en un router sin capacidad

Fecha: 18 de octubre del 2023

 

Escenario

 

Esta es la continuación de la saga BGP de los labs anteriores y todo lo que podamos aprender en el camino.

Cuando hacemos pruebas de laboratorio utilizamos X cantidad de rutas (por ejemplo 2048 en uno de los labs)

en un router de baja capacidad.

Aquí observamos el crash de un router cuando se queda sin recursos para recibir las rutas BGP de todo internet

(unas 760000) y que tipo de error nos mostraría en los logs.

 

 

1.- Configuración inicial:

 

Router-BGP#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Router-BGP(config)#int gi0/1

Router-BGP(config-if)#ip add 10.0.0.1 255.255.255.252

Router-BGP(config-if)#no shut

Router-BGP(config-if)#exit

Router-BGP(config)#router bgp 28020

Router-BGP(config-router)#neighbor 10.0.0.2 remote-as 65534

Router-BGP(config-router)#neighbor 10.0.0.2 next-hop-self

Router-BGP(config-router)#end

Router-BGP#

 

Router#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#hostname BGP-Crash

BGP-Crash(config)#int fa0/0

BGP-Crash(config-if)#ip add 10.0.0.2 255.255.255.252

BGP-Crash(config-if)#no shut

BGP-Crash(config-if)#exit

BGP-Crash(config)#router bgp 65534

BGP-Crash(config-router)#neighbor 10.0.0.1 remote-as 28020

BGP-Crash(config-router)#end

BGP-Crash#

 

2.- Conectamos los routers como vecinos:

 

BGP-Crash#

Oct 18 12:57:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Oct 18 12:57:49: %BGP-5-ADJCHANGE: neighbor 10.0.0.1 Up

BGP-Crash#

 

 

3.- Verificamos en el BGP:

 

BGP-Crash#sh ip bgp

BGP table version is 1, local router ID is 10.0.0.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop   Metric LocPrf Weight Path

*  1.0.4.0/22       10.0.0.1                               0      28020 7303 7303 6762 6453 7545 2764 38803 i

*  1.0.5.0/24       10.0.0.1                               0      28020 7303 7303 6762 6453 7545 2764 38803 i

*  1.0.64.0/18     10.0.0.1                               0      28020 7303 7303 6762 4637 7670 18144 i

*  1.2.166.0/24   10.0.0.1                               0      28020 7303 7303 6762 38040 23969 9737 i

*  1.5.0.0/16       10.0.0.1                               0      28020 7303 7303 6762 2914 17676 4725 i

*  1.6.6.0/24       10.0.0.1                               0      28020 7303 7303 6762 174 9583 i

*  1.6.7.0/24       10.0.0.1                               0      28020 7303 7303 6762 6453 4755 9583 i

*  1.6.11.0/24     10.0.0.1                               0      28020 7303 7303 6762 1299 9583 i

*  1.6.42.0/24     10.0.0.1                               0      28020 7303 7303 6762 6453 4755 9583 i

*  1.6.46.0/24     10.0.0.1                               0      28020 7303 7303 6762 6453 4755 9583 i

*  1.6.50.0/24     10.0.0.1                               0      28020 7303 7303 6762 1299 9583 i

*  1.6.59.0/24     10.0.0.1                               0      28020 7303 7303 6762 1299 9583 i

*  1.6.92.0/22     10.0.0.1                               0      28020 7303 7303 6762 6453 4755 9583 i

*  1.6.93.0/24     10.0.0.1                               0      28020 7303 7303 6762 6453 4755 9583 i

*  1.6.136.0/24   10.0.0.1                               0      28020 7303 7303 6762 6453 4755 23456 ?

*  1.6.139.0/24   10.0.0.1                               0      28020 7303 7303 6762 6453 4755 9583 i

*  1.6.144.0/24   10.0.0.1                               0      28020 7303 7303 6762 6453 4755 9583 ?

*  1.6.146.0/24   10.0.0.1                               0      28020 7303 7303 6762 6453 4755 9583 i

*  1.6.161.0/24   10.0.0.1                               0      28020 7303 7303 6762 1299 9583 i

*  1.6.168.0/22   10.0.0.1                               0      28020 7303 7303 6762 1299 9583 i

 ---resumido---        

BGP-Crash#

 

 

4.- Verificamos recursos:

 

BGP-Crash#sh proc cpu

CPU utilization for five seconds: 99%/0%; one minute: 87%; five minutes: 34%

 PID Runtime(ms)   Invoked      uSecs   5Sec    1Min     5Min   TTY   Process

   ---resumido---

  78        1868         7424           251      0.08%    1.14%  0.51%     0   IP Input        

  ---resumido---

  84      118440       8314       14245   77.73%   79.24% 31.44%    0   BGP Router      

  ---resumido---

BGP-Crash#

 

BGP-Crash#sh proc | inc cpu   CPU

CPU utilization for five seconds: 99%/0%; one minute: 96%; five minutes: 50%

 

 

5.- Verificamos rutas:

 

BGP-Crash#sh ip route summary

IP routing table name is Default-IP-Routing-Table(0)

IP routing table maximum-paths is 16

Route Source    Networks    Subnets     Overhead    Memory (bytes)

connected          0           1           72       136

static                  0           0           0         0

bgp 65534    192910      666751             61895592    116913896

  External: 859661 Internal: 0 Local: 0

internal          8278                                 9569368

Total              201188      666752           61895664    126483400

Removing Queue Size 0                                                  |     |

BGP-Crash#                                                                   MB   KB

 

 

6.- Esperamos lo inevitable:

 

Oct 18 12:57:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Oct 18 12:57:49: %BGP-5-ADJCHANGE: neighbor 10.0.0.1 Up

 

                    6 minutos después

                    |

Oct 18 13:03:51: %SYS-2-MALLOCFAIL: Memory allocation of 65536 bytes failed from 0x400AB854, alignment 16

Pool: Processor  Free: 1668852  Cause: Memory fragmentation

Alternate Pool: None  Free: 0  Cause: No Alternate pool

 -Process= "IP RIB Update", ipl= 0, pid= 99 -Traceback= 0x411BDBFC 0x4009B69C 0x400A0450 0x400A1880 0x400AB85C 0x400AC8EC

0x4011B07C 0x4147D25C 0x4148A240 0x4148B9AC 0x414A5A4C 0x418D00D4 0x418A11C4 0x421FF160 0x421FF144

Oct 18 13:03:51: %FIB-3-NOMEM: Malloc Failure, disabling CEF -Traceback= 0x411BDBFC 0x4147D29C 0x4148A240 0x4148B9AC

0x414A5A4C 0x418D00D4 0x418A11C4 0x421FF160 0x421FF144

BGP-Crash#

Oct 18 13:05:06: %BGP-5-ADJCHANGE: neighbor 10.0.0.1 Down No memory

Oct 18 13:05:06: %BGP-3-NOTIFICATION: sent to neighbor 10.0.0.1 3/1 (update malformed) 0 bytes FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF

00C3 0200 0000 1C40 0101 0040 020E 0206 6D74 0DDD 0DDD 0DDD 0D1C 7D23 4003 040A 0000 0113 45A8 C016 451C 6418 451C 7B18 45AA

BD17 4A55 0218 4A7A 7418 4A7A 7616 D18D 6418 422B 5C17 422B 6018 422B 6218 422B 6518 422B 6A18 422B 6C18 422B 6E15 422B 7013

451C 6013 45AA A013 4A55 0014 CFE8 5017 CFE8 5C18 CFE8 5D13 D18D 4017 D18D 5418 D18D 5714 D18D 6017 D18D 6218 D18D 6817 D18D

6A18 45A8 CE18 45AA BB18 CFE8 5317 CFE8 5417 CFE8 5818 CFE8 5A17 D18D 60

Oct 18 13:05:18: %BGP-5-ADJCHANGE: neighbor 10.0.0.1 Up

Oct 18 13:07:05: %SYS-3-CPUHOG: Task is running for (2004)msecs, more than (2000)msecs (5/4),process = IP RIB Update.

-Traceback= 0x4011BDD4 0x4011BD34 0x4011BD34 0x4011BD34 0x41486780 0x4148A19C 0x4148B9AC 0x414A5A4C 0x418D00D4

0x418A11C4 0x421FF160 0x421FF144

Oct 18 13:07:06: %SYS-3-CPUYLD: Task ran for (2528)msecs, more than (2000)msecs (5/4),process = IP RIB Update

---resumido---

Oct 18 13:09:37: %BGP-5-ADJCHANGE: neighbor 10.0.0.1 Down No memory

Oct 18 13:10:01: %BGP-5-ADJCHANGE: neighbor 10.0.0.1 Up

---resumido---

BGP-Crash#

 

 

7.- Logs en el router que envía los BGP Update:

 

Router-BGP#

*Oct 18 12:57:35: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up

*Oct 18 12:57:35: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

*Oct 18 12:57:47: %BGP-5-ADJCHANGE: neighbor 10.0.0.2 Up

*Oct 18 13:05:05: %BGP-5-ADJCHANGE: neighbor 10.0.0.2 Down Peer closed the session

*Oct 18 13:05:05: %BGP_SESSION-5-ADJCHANGE: neighbor 10.0.0.2 IPv4 Unicast topology base removed from session  Peer closed the session

*Oct 18 13:05:20: %BGP-5-ADJCHANGE: neighbor 10.0.0.2 Up

*Oct 18 13:07:09: %BGP-5-ADJCHANGE: neighbor 10.0.0.2 Down Peer closed the session

*Oct 18 13:07:09 %BGP_SESSION-5-ADJCHANGE: neighbor 10.0.0.2 IPv4 Unicast topology base removed from session  Peer closed the session

*Oct 18 13:13:20: %BGP-5-ADJCHANGE: neighbor 10.0.0.2 Up

Router-BGP#

 

 

8.- Router utilizado:

 

BGP-Crash#sh version

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(25a), RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.

Compiled Fri 22-May-09 22:00 by prod_rel_team

 

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

 

BGP-Crash uptime is 34 minutes

System returned to ROM by reload at 16:35:55 UTC Wed Oct 18 2023

System restarted at 12:28:18 UTC Wed Oct 18 2023

System image file is "flash:c2800nm-advipservicesk9-mz.124-25a.bin"

 

---resumido---                                  768 MB RAM, lo ideal es 4GB sólo para IPv4

                                                         |

Cisco 2811 (revision 53.50) with 774144K/12288K bytes of memory.

Processor board ID FTX1236A9XX              

2 FastEthernet interfaces                             

1 Virtual Private Network (VPN) Module

DRAM configuration is 64 bits wide with parity enabled.

239K bytes of non-volatile configuration memory.

62720K bytes of ATA CompactFlash (Read/Write)

 

Configuration register is 0x2102

 

BGP-Crash#

 

 

Fuente: cisco.com

 

 

9.- Resumen:

 

Si bien el router soporta estoicamente la recepción de updates BGP, se pierden datos por falta de memoria,

CPU y otros recursos, y aunque no tiene un crash que le genere un reboot, no podría ser un router que entre

en producción u operativo ya que en estas pruebas ni siquiera tuvo demanda de tráfico de usuario.

 

 

(2023) Tales for lonely people

Rosario, Argentina