Anyone else seeing "(invalid or corrupt AS path) 3 bytes E01100" ?
Jared Mauch
jared at puck.nether.net
Mon Aug 17 22:40:39 UTC 2009
On Aug 17, 2009, at 5:37 PM, randal k wrote:
> Yep, we started seeing this right around 12:20pm MST. We saw it from a
> customer's rapidly-flapping BGP peer. We told them to configure bgp
> maxas-limit, but apparently CRS1s don't have that command.
>
> Anybody have a handy route-map that will deny anything with a as-path
> longer than say 15-20? ;-)
Is there some significant barrier to people getting recent code on the
devices that is not impacted by this and the other fun bgp 'attacks'
that can happen? We usually see customers drop bgp sessions all over,
making me wonder ... if you're not able to upgrade, what is the
issue? Just that most people don't see these as an attack against
their infrastructure? That people are unwilling to upgrade code
unless it has a long-term impact to their operations? An outage once
every few months is OK?
- Jared
More information about the NANOG
mailing list