BGP Loop AS Error Message In Logs

BGP Loop AS Error Message In Logs

3484
Created On 12/08/20 02:25 AM - Last Modified 07/27/23 01:50 AM


Symptom


  • The routed.log (less mp-log routed.log) on firewall logs the following messages:
**** AUDIT 0x4105 - 47 (0001) **** I:0000318f F:00000002
qbpmchck.c 224 :at 09:09:30, 26 November 2020 (73169075 ms)
DC-BGP Policy Manager has rejected a received a route with a looped AS
path.
RIB Manager entity index: 0X00000001
Received route neighbor index: 2
Received route prefix: 192.168.13
Received route prefix length: 24
Received route next hop: 10.10.10.2

 

Environment


  • Palo Alto Firewall
  • Supported PAN-OS
  • eBGP configured on firewall

Cause


  • PAN-OS logs this message every time the firewall receives a network-layer reachability information (NLRI) with its own AS in the path attribute.
  • From the packet capture depicted below, the firewall is receiving an NLRI advertisement for 192.168.13.0/24 with its own AS (100) included in the path:
User-added image
 
 

Resolution


  1. AS_PATH is used as a loop prevention mechanism in BGP
  2. When  a BGP router receives a prefix advertisement with its own AS listed in the AS_PATH, it means the prefix has passed through its AS and is received again.
  3. Due to this loop prevention mechanism, the firewall drops all advertisements with its own AS in the path and reports this in the logs.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBsUCAW&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language