Inyectando rutas BGP en un router sin capacidad
Fecha: 18 de octubre
del 2023
Escenario
Esta es la continuación de la saga BGP de los
labs anteriores y todo lo que podamos aprender en el camino.
Cuando hacemos pruebas de laboratorio utilizamos
X cantidad de rutas (por ejemplo 2048 en uno de los labs)
en un router de baja capacidad.
Aquí observamos el crash de un router cuando se
queda sin recursos para recibir las rutas BGP de todo internet
(unas 760000) y que tipo de error nos mostraría
en los logs.
1.- Configuración inicial:
Router-BGP#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router-BGP(config)#int gi0/1
Router-BGP(config-if)#ip add 10.0.0.1
255.255.255.252
Router-BGP(config-if)#no shut
Router-BGP(config-if)#exit
Router-BGP(config)#router bgp 28020
Router-BGP(config-router)#neighbor 10.0.0.2 remote-as 65534
Router-BGP(config-router)#neighbor 10.0.0.2 next-hop-self
Router-BGP(config-router)#end
Router-BGP#
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname BGP-Crash
BGP-Crash(config)#int fa0/0
BGP-Crash(config-if)#ip add 10.0.0.2
255.255.255.252
BGP-Crash(config-if)#no shut
BGP-Crash(config-if)#exit
BGP-Crash(config)#router bgp 65534
BGP-Crash(config-router)#neighbor 10.0.0.1 remote-as 28020
BGP-Crash(config-router)#end
BGP-Crash#
2.- Conectamos los routers
como vecinos:
BGP-Crash#
Oct 18 12:57:40: %LINEPROTO-5-UPDOWN: Line
protocol on Interface FastEthernet0/0, changed state to up
Oct 18 12:57:49:
%BGP-5-ADJCHANGE: neighbor 10.0.0.1 Up
BGP-Crash#
3.- Verificamos en el BGP:
BGP-Crash#sh ip bgp
BGP table version is 1, local router ID is
10.0.0.2
Status codes: s suppressed, d damped, h history,
* valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*
1.0.4.0/22 10.0.0.1 0
28020 7303 7303 6762 6453 7545 2764 38803 i
*
1.0.5.0/24 10.0.0.1 0 28020 7303 7303 6762 6453 7545 2764 38803
i
*
1.0.64.0/18 10.0.0.1 0 28020 7303 7303 6762 4637 7670 18144 i
*
1.2.166.0/24 10.0.0.1 0 28020 7303 7303 6762 38040 23969 9737 i
*
1.5.0.0/16 10.0.0.1 0 28020 7303 7303 6762 2914 17676 4725 i
*
1.6.6.0/24 10.0.0.1 0 28020 7303 7303 6762 174 9583 i
*
1.6.7.0/24 10.0.0.1 0 28020 7303 7303 6762 6453 4755 9583 i
*
1.6.11.0/24 10.0.0.1 0 28020 7303 7303 6762 1299 9583 i
*
1.6.42.0/24 10.0.0.1 0 28020 7303 7303 6762 6453 4755 9583 i
*
1.6.46.0/24 10.0.0.1 0 28020 7303 7303 6762 6453 4755 9583 i
*
1.6.50.0/24 10.0.0.1 0 28020 7303 7303 6762 1299 9583 i
*
1.6.59.0/24 10.0.0.1 0 28020 7303 7303 6762 1299 9583 i
*
1.6.92.0/22 10.0.0.1 0 28020 7303 7303 6762 6453 4755 9583 i
*
1.6.93.0/24 10.0.0.1 0 28020 7303 7303 6762 6453 4755 9583 i
*
1.6.136.0/24 10.0.0.1 0 28020 7303 7303 6762 6453 4755 23456 ?
*
1.6.139.0/24 10.0.0.1 0
28020 7303 7303 6762 6453 4755 9583 i
*
1.6.144.0/24 10.0.0.1 0 28020 7303 7303 6762 6453 4755 9583 ?
*
1.6.146.0/24 10.0.0.1 0 28020 7303 7303 6762 6453 4755 9583 i
*
1.6.161.0/24 10.0.0.1 0 28020 7303 7303 6762 1299 9583 i
*
1.6.168.0/22 10.0.0.1 0 28020 7303 7303 6762 1299 9583 i
---resumido---
BGP-Crash#
4.- Verificamos recursos:
BGP-Crash#sh proc cpu
CPU utilization for five seconds: 99%/0%; one minute: 87%; five minutes: 34%
PID
Runtime(ms) Invoked uSecs
5Sec 1Min 5Min
TTY Process
---resumido---
78 1868 7424 251 0.08%
1.14% 0.51% 0
IP Input
---resumido---
84 118440 8314 14245
77.73% 79.24% 31.44% 0
BGP Router
---resumido---
BGP-Crash#
BGP-Crash#sh proc | inc cpu CPU
CPU utilization for five seconds: 99%/0%; one minute: 96%; five minutes: 50%
5.- Verificamos rutas:
BGP-Crash#sh ip route summary
IP routing table name is
Default-IP-Routing-Table(0)
IP routing table maximum-paths is 16
Route Source
Networks Subnets Overhead
Memory (bytes)
connected
0 1 72 136
static 0 0 0 0
bgp 65534
192910 666751 61895592 116913896
External:
859661 Internal: 0 Local: 0
internal
8278
9569368
Total 201188 666752 61895664 126483400
Removing Queue Size 0
| |
BGP-Crash#
MB KB
6.- Esperamos lo inevitable:
Oct 18 12:57:40: %LINEPROTO-5-UPDOWN: Line
protocol on Interface FastEthernet0/0, changed state to up
Oct 18 12:57:49: %BGP-5-ADJCHANGE:
neighbor 10.0.0.1 Up
6 minutos después
|
Oct 18 13:03:51: %SYS-2-MALLOCFAIL:
Memory allocation of 65536 bytes failed from 0x400AB854, alignment 16
Pool: Processor
Free: 1668852 Cause: Memory
fragmentation
Alternate Pool: None Free: 0
Cause: No Alternate pool
-Process=
"IP RIB Update", ipl= 0, pid= 99 -Traceback= 0x411BDBFC 0x4009B69C
0x400A0450 0x400A1880 0x400AB85C 0x400AC8EC
0x4011B07C 0x4147D25C 0x4148A240 0x4148B9AC
0x414A5A4C 0x418D00D4 0x418A11C4 0x421FF160 0x421FF144
Oct 18 13:03:51: %FIB-3-NOMEM: Malloc
Failure, disabling CEF -Traceback= 0x411BDBFC 0x4147D29C 0x4148A240 0x4148B9AC
0x414A5A4C 0x418D00D4 0x418A11C4 0x421FF160
0x421FF144
BGP-Crash#
Oct 18 13:05:06: %BGP-5-ADJCHANGE:
neighbor 10.0.0.1 Down No memory
Oct 18 13:05:06: %BGP-3-NOTIFICATION:
sent to neighbor 10.0.0.1 3/1 (update malformed) 0 bytes FFFF FFFF FFFF FFFF
FFFF FFFF FFFF FFFF
00C3 0200 0000 1C40 0101 0040 020E 0206 6D74 0DDD
0DDD 0DDD 0D1C 7D23 4003 040A 0000 0113 45A8 C016 451C 6418 451C 7B18 45AA
BD17 4A55 0218 4A7A 7418 4A7A 7616 D18D 6418 422B
5C17 422B 6018 422B 6218 422B 6518 422B 6A18 422B 6C18 422B 6E15 422B 7013
451C 6013 45AA A013 4A55 0014 CFE8 5017 CFE8 5C18
CFE8 5D13 D18D 4017 D18D 5418 D18D 5714 D18D 6017 D18D 6218 D18D 6817 D18D
6A18 45A8 CE18 45AA BB18 CFE8 5317 CFE8 5417 CFE8
5818 CFE8 5A17 D18D 60
Oct 18 13:05:18: %BGP-5-ADJCHANGE:
neighbor 10.0.0.1 Up
Oct 18 13:07:05: %SYS-3-CPUHOG: Task is
running for (2004)msecs, more than (2000)msecs (5/4),process = IP RIB Update.
-Traceback= 0x4011BDD4 0x4011BD34 0x4011BD34
0x4011BD34 0x41486780 0x4148A19C 0x4148B9AC 0x414A5A4C 0x418D00D4
0x418A11C4 0x421FF160 0x421FF144
Oct 18 13:07:06: %SYS-3-CPUYLD: Task ran
for (2528)msecs, more than (2000)msecs (5/4),process = IP RIB Update
---resumido---
Oct 18 13:09:37: %BGP-5-ADJCHANGE:
neighbor 10.0.0.1 Down No memory
Oct 18 13:10:01:
%BGP-5-ADJCHANGE: neighbor 10.0.0.1 Up
---resumido---
BGP-Crash#
7.- Logs en el router que
envía los BGP Update:
Router-BGP#
*Oct 18 12:57:35: %LINK-3-UPDOWN: Interface
GigabitEthernet0/1, changed state to up
*Oct 18 12:57:35: %LINEPROTO-5-UPDOWN: Line
protocol on Interface GigabitEthernet0/1, changed state to up
*Oct 18 12:57:47:
%BGP-5-ADJCHANGE: neighbor 10.0.0.2 Up
*Oct 18 13:05:05:
%BGP-5-ADJCHANGE: neighbor 10.0.0.2 Down Peer closed the session
*Oct 18 13:05:05: %BGP_SESSION-5-ADJCHANGE:
neighbor 10.0.0.2 IPv4 Unicast topology base removed from session Peer closed the session
*Oct 18 13:05:20:
%BGP-5-ADJCHANGE: neighbor 10.0.0.2 Up
*Oct 18 13:07:09:
%BGP-5-ADJCHANGE: neighbor 10.0.0.2 Down Peer closed the session
*Oct 18 13:07:09 %BGP_SESSION-5-ADJCHANGE:
neighbor 10.0.0.2 IPv4 Unicast topology base removed from session Peer closed the session
*Oct 18 13:13:20: %BGP-5-ADJCHANGE:
neighbor 10.0.0.2 Up
Router-BGP#
8.- Router utilizado:
BGP-Crash#sh version
Cisco IOS Software, 2800 Software
(C2800NM-ADVIPSERVICESK9-M), Version 12.4(25a), RELEASE SOFTWARE (fc2)
Technical Support:
http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 22-May-09 22:00 by prod_rel_team
ROM: System Bootstrap, Version 12.4(13r)T,
RELEASE SOFTWARE (fc1)
BGP-Crash uptime is 34 minutes
System returned to ROM by reload at 16:35:55 UTC
Wed Oct 18 2023
System restarted at 12:28:18 UTC Wed Oct 18 2023
System image file is
"flash:c2800nm-advipservicesk9-mz.124-25a.bin"
---resumido--- 768 MB RAM, lo ideal es 4GB sólo
para IPv4
|
Cisco 2811 (revision 53.50) with 774144K/12288K bytes of memory.
Processor board ID FTX1236A9XX
2 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity
enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
BGP-Crash#
Fuente: cisco.com
9.- Resumen:
Si bien el router soporta estoicamente la
recepción de updates BGP, se pierden datos por falta de memoria,
CPU y otros recursos, y aunque no tiene un crash
que le genere un reboot, no podría ser un router que entre
en producción u operativo ya que en estas pruebas
ni siquiera tuvo demanda de tráfico de usuario.
(2023) Tales for
lonely people
Rosario, Argentina