ASN or Community ?

Someone found a way to cause ExaBGP to mis-behave back in September (2012-09-05) .. The bug was “funny” enough to justify a blog entry, so let’s look at the route which caused it.

If you are in an hurry, the answer to the mystery was that a route contained an ASN which could not fit in a Python integer. The patch to fix the issue was a one liner to change the base class of an ASN from an integer to a long …

Integer size depends on your architecture, on my Macbook Pro it is 64 bits (63 bits signed integer), so the bug did not exist on my development platform ! On the machine affected, however the size of an integer was 32 bit, so the biggest integer possible was 2147483647

>>> sys.maxint

>>> pow(2,63)-1

>>> pow(2,31)-1

Still, no internet registry has yet allocated any ASN with a value near 2147483647, so how can that ASN be found “in the wild” ?

The exact route as parsed by ExaBGP was :

route ipv4 unicast 
  origin igp 
  as-path [ 196621 8758 3356 20485 21127 28884 41771 2737504257 2737504258 41771 ]
  community [ 3356:2 3356:22 3356:100 3356:123 3356:503 3356:2067 20485:11754 8758:13030 ]

So the route was leaving the autonomous system of 41771 and going back to it, this would indicate a routing loop and can not really happen unless the route was “tweaked”. However looking back at the RFC, this is however still a valid route.

But how can 2737504257 and 2737504258 be in the AS-PATH ! ? ! Clearly a filter is missing, or something went very wrong somewhere !

Looking at the ASN, you can notice something suspicious :

2737504257 is (41771<<16) + 1 known as 41771:1
2737504258 is (41771<<16) + 2 known as 41771:2

I can only conclude the originator must have been using something even more bizarre than ExaBGP and inserted a community in the AS-PATH attribute by error !

So, let’s have a look at who is that network :

aut-num:        AS41771
as-name:        MKC-OMSK-AS
descr:          MultiCable Networks LLC

Ha, ha, we are surely right, some crazy russians :D some crazy polite russians to be exact as they replied to a mail I sent and have fixed the issue.

Thank you to Marek for noticing that the ASN looked like a community

Thomas Mangin
Technology Enthusiast