Expand all | Collapse all

Multiprotocol BGP labeled IPv6 parsing problem

  • 1.  Multiprotocol BGP labeled IPv6 parsing problem

    Posted 22 days ago
    I try to parse BMP messages and have a problem with MP_REACH_NRLI path attributes (RFC 4760). When attribute is labeled IPv6 (AFI=2 and SAFI=4), sometimes NLRI section looks invalid. More specifically, IPv6 prefix has invalid length.
    For example, I've received the path attribute like following (hex): 900e001e0002041000000000000000000000ffff0afc0003003c0000212804317480
    According to RFC 4271 and RFC 4760 it is parsed like this:
    90 - attribute flags: optional attribute and has two octets length
    0e - attribute type: MP_REACH_NLRI
    001e - attribute length (30 bytes)
    0002 - AFI = 2
    04 - SAFI = 4
    10 - Next hop length (16 bytes, so IPv6)
    00000000000000000000ffff0afc0003 - next hop address
    00 - reserved
    3c0000212804317480 - NLRI part, parse according to RFC 8277 - Using BGP to Bind MPLS Labels to Address Prefixes
    3c - length (60 bits, round up - 8 bytes)
    000021 - Label, Rsrv, S-bit
    2804317480 - IPv6 prefix.

    So the invalid part is the IPv6 prefix, due to 0x28 decoded as 40 bits mask or 5 significant address bytes. But the address part contains only 4 bytes.
    Maybe when length is less than mask, zero bits have to be appended, and my example may be parsed as 0431:7480::/40 

    Could anybody help me with parsing multiprotocol BGP attributes.


  • 2.  RE: Multiprotocol BGP labeled IPv6 parsing problem

    Posted 21 days ago
    Hi Kirill, just labbed this up...  i see the following...

    90 - attributes lag seems to be 1 octet, not 2.... did you mean 2 hex characters ?
    0e - attribute type: MP_REACH_NLRI
    0039 - attribute length (57 bytes)
    0002 - AFI = 2
    04 - SAFI = 4
    my next hop address shows as 32 bytes...
    - the ipv6 ucast next hop 
    - the ipv6 link local fe80
    my NLRI is showing as 20 bytes
    - MP Reach NLRI prefix length - 152
    - MP Reach NLRI label stack - 3 (bottom)
    - MP Reach NLRI ipv6 prefix - and it shows my ipv6 ucast next hop

    i'm seeing this between (2) vMX routers running Junos 17.4R1.16 in EVE-NG 

    i'm sniffing using Wireshark Version 3.2.6 (v3.2.6-0-g4f9257fb8ccc)

    Aaron Gould
    Senior Network Engineer

  • 3.  RE: Multiprotocol BGP labeled IPv6 parsing problem

    Posted 21 days ago
    Hi Aaron, thank you for investigation.

    Attribute flag is 1 octet, this is misunderstanding about 2 octets. I mean attribute length part, in your and my example it is 2 bytes.
    90 - is 10010000: 
    The fourth high-order bit (bit 3) of the Attribute Flags octet is the Extended Length bit. It defines whether the Attribute Length is one octet (if set to 0) or two octets (if set to 1).
    So you've correctly written, that length is 0039.

    Maybe I've incorrectly parsed NLRI prefix (2804317480). The high octet isn't the mask! The mask have to be NLRI length minus 24 (20 bits label + 3 bits Rsrv + 1 S-bit) . In my example it is 60-24=36. So the prefix is 2804:3174:8000::/36

    Thank you for the idea!

    Kirill Egorov