91.207.218.0/23 prefix in DFZ - AS3.21 / AS196629 - announced with AS_CONFED_SEQUENCE in AS4_PATH - propagated by 35320
Andy Davidson
andy at nosignal.org
Thu Dec 11 09:26:27 UTC 2008
On 11 Dec 2008, at 08:34, Florian Weimer wrote:
>> OpenBGPd is therefore dropping the sessions when this update is
>> received. Unideal if this attribute is learned on multiple
>> upstreams...
>> The impact today is fairly limited as there are relatively few bgp
>> speakers honouring the 4-byte ASN protocol extension rules, but as
>> code that support these features creeps around the internet, the
>> next time this happens the impact could be much greater, so we need
>> to understand which implementation of which BGP software caused
>> this illegal origination.
> Uhm, shouldn't you just ignore invalid AS4_PATH attributes, instead
> of dropping the session? It's a transient, optional attribute, so
> you can't rely on your peers to filter it.
Well I have never written written a BGP stack, so I have no code to
change as per your suggestion ;-) but as I said on the original post,
I'd like to see it as a configurable option, so that I can do the
right thing when something breaks.
196629 withdrew the prefix some hours ago and their NOC are
investigating. I have asked if they will share some info about the
problem when they have chance so that we can understand how to stop
this happening in future. They don't use confederations internally so
the reason for the break is actually non-obvious.
Best wishes
Andy
More information about the NANOG
mailing list