BGP Loop AS Error Message In Logs
3484
Created On 12/08/20 02:25 AM - Last Modified 07/27/23 01:50 AM
Symptom
- The routed.log (less mp-log routed.log) on firewall logs the following messages:
**** AUDIT 0x4105 - 47 (0001) **** I:0000318f F:00000002
qbpmchck.c 224 :at 09:09:30, 26 November 2020 (73169075 ms)
DC-BGP Policy Manager has rejected a received a route with a looped AS
path.
RIB Manager entity index: 0X00000001
Received route neighbor index: 2
Received route prefix: 192.168.13
Received route prefix length: 24
Received route next hop: 10.10.10.2
Environment
- Palo Alto Firewall
- Supported PAN-OS
- eBGP configured on firewall
Cause
- PAN-OS logs this message every time the firewall receives a network-layer reachability information (NLRI) with its own AS in the path attribute.
- From the packet capture depicted below, the firewall is receiving an NLRI advertisement for 192.168.13.0/24 with its own AS (100) included in the path:
Resolution
- AS_PATH is used as a loop prevention mechanism in BGP
- When a BGP router receives a prefix advertisement with its own AS listed in the AS_PATH, it means the prefix has passed through its AS and is received again.
- Due to this loop prevention mechanism, the firewall drops all advertisements with its own AS in the path and reports this in the logs.