BGP - Troubleshooting AS Paths with confederations

I ran into an issue while doing BGP confederations today. In the topology below, I was seeing sub-AS 65013 in the AS PATH on R5 for routes to VLAN4. I found out the problem but I decided to post this so if you ever see this issue, you can tell what it looks like.

VLAN4--R4---[[R1---R3]---[R2]]---R5--VLAN5 and 58

R4 = AS 3
R1,R3 = sub-AS 65013, AS 2
R2 = sub-AS 65002, AS 2
R5 = AS 1

VLAN4 = 204.1.12.0
VLAN5 = 155.1.5.0
VLAN58 = 155.1.58.0

Study the outputs below. Notice that R5 still sees sub-AS 65013 in it's routes to R4. The AS PATH should be: 2 3. What is the error I made?

-------------------------------------------------------------------------------

In the below output, R4 sees R5's VLAN coming from AS 1 and AS 2. There is no way of telling these come from condeferations.

R4#show ip bgp
BGP table version is 20, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 155.1.5.0/24 155.1.146.1 0 2 1 i
*> 155.1.58.0/24 155.1.146.1 0 2 1 i
*> 204.12.1.0 0.0.0.0 0 32768 i
R4#

-------------------------------------------------------------------------------

R1 sees both of R5's VLANS as coming from AS 1 and sub-AS 65002. R1 is confederation peer with sub-AS 65002.

R1#show ip bgp
BGP table version is 8, local router ID is 155.1.146.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*>i155.1.5.0/24 155.1.23.2 0 100 0 (65002) 1 i
*>i155.1.58.0/24 155.1.23.2 0 100 0 (65002) 1 i
*> 204.12.1.0 155.1.146.4 0 0 3 i
R1#

-------------------------------------------------------------------------------

R3 sees the same thing as R1.

R3#show ip bgp
BGP table version is 8, local router ID is 155.1.37.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 155.1.5.0/24 155.1.23.2 0 100 0 (65002) 1 i
*> 155.1.58.0/24 155.1.23.2 0 100 0 (65002) 1 i
*>i204.12.1.0 155.1.13.1 0 100 0 3 i
R3#

-------------------------------------------------------------------------------

R2 sees R5's vlan as originating from AS 1. It also sees R4's VLAN as coming from AS 3 and AS 65013 - not sure why there isn't parenthesis around 65013 in this case...

R2#sho ip bgp
BGP table version is 4, local router ID is 155.1.23.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 155.1.5.0/24 155.1.0.5 0 0 1 i
*> 155.1.58.0/24 155.1.0.5 0 0 1 i
*> 204.12.1.0 155.1.13.1 0 100 0 65013 3 i
R2#

-------------------------------------------------------------------------------

Here are R5 sees R4's VLAN as coming throigh AS 3 65013 and then from AS 2. Why is 65013 appearing?

R5#show ip bgp
BGP table version is 22, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 155.1.5.0/24 0.0.0.0 0 32768 i
*> 155.1.58.0/24 0.0.0.0 0 32768 i
*> 204.12.1.0 155.1.0.2 0 2 65013 3 i
R5#

-------------------------------------------------------------------------------

It turns out the error was on R3:

router bgp 65013
no synchronization
bgp log-neighbor-changes
bgp confederation peers 65002
neighbor 155.1.13.1 remote-as 65013
neighbor 155.1.23.2 remote-as 65002

I dont have a bgp confederation identifier!

Let's fix it:

R3(config)#router bgp 65013
R3(config-router)#bgp confederation identifier 2

That's much better:

R5#show ip bg
BGP table version is 24, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 155.1.5.0/24 0.0.0.0 0 32768 i
*> 155.1.58.0/24 0.0.0.0 0 32768 i
*> 204.12.1.0 155.1.0.2 0 2 3 i