look for BGP routes containing local AS#

• Previous message (by thread): look for BGP routes containing local AS#
• Next message (by thread): look for BGP routes containing local AS#
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If your ISP utilizes Juniper platforms, you might have to ask them to allow
the advertisement of these routes, see
http://www.firstdigest.com/2012/09/cisco-vs-juniper-different-ebgp-behavior/

On 28 January 2015 at 09:32, Song Li <refresh.lsong at gmail.com> wrote:

> Hi Joel,
>
> It is right that the BGP route containing the local ASN will be droped.
> However, such routes can still be displayed on router. For example, you can
> run "show route hidden terse aspath-regex .*<local ASN>.*" on Juniper to
> check them. We are looking for those routes. If you can run the command on
> your Juniper and find such routes, could you please provider them for us?
>
> Thanks!
>
> Regards!
>
> Song
>
> 在 2015/1/28 16:23, joel jaeggli 写道:
>
>  On 1/27/15 5:45 AM, Song Li wrote:
>>
>>> Hi everyone,
>>>
>>> Recently I studied the BGP AS path looping problem, and found that in
>>> most cases, the received BGP routes containing local AS# are suspicious.
>>> However, we checked our BGP routing table (AS23910,CERNET2) on juniper
>>> router(show route hidden terse aspath-regex .*23910.* ), and have not
>>> found such routes in Adj-RIB-In.
>>>
>>
>> Updates with your AS in the path are discarded as part of loop
>> detection, e.g. they do not become candidate routes.
>>
>> https://tools.ietf.org/html/rfc4271 page 77
>>
>>     If the AS_PATH attribute of a BGP route contains an AS loop, the BGP
>>     route should be excluded from the Phase 2 decision function.  AS loop
>>     detection is done by scanning the full AS path (as specified in the
>>     AS_PATH attribute), and checking that the autonomous system number of
>>     the local system does not appear in the AS path.  Operations of a BGP
>>     speaker that is configured to accept routes with its own autonomous
>>     system number in the AS path are outside the scope of this document.
>>
>> in junos
>>
>> neighbor { ipAddress | ipv6Address | peerGroupName } allowas-in number
>>
>> where number is the number of instances of your AS in the path you're
>> willing to accept will correct that.
>>
>>  We believe that the received BGP routes containing local AS# are related
>>> to BGP security problem.
>>>
>>
>> You'll have to elaborate, since their existence is a basic principle in
>> the operation of bgp and they are ubiquitous.
>>
>> Island instances of a distributed ASN communicate with each other by
>> allowing such routes in so that they can be evaluated one the basis of
>> prefix, specificity, AS path length and so forth.
>>
>>  Hence, we want to look for some real cases in
>>> the wild. Could anybody give us some examples of such routes?
>>>
>>> Thanks!
>>>
>>> Best Regards!
>>>
>>>
>>
>>
>
> --
> Song Li
> Room 4-204, FIT Building,
> Network Security,
> Department of Electronic Engineering,
> Tsinghua University, Beijing 100084, China
> Tel:( +86) 010-62446440
> E-mail: refresh.lsong at gmail.com
>

• Previous message (by thread): look for BGP routes containing local AS#
• Next message (by thread): look for BGP routes containing local AS#
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]