AS Path Loops in practice ?

Robert E. Seastrom rs at seastrom.com
Tue Dec 9 01:10:30 UTC 2003



Joe Provo <nanog-post at rsuc.gweep.net> writes:

> While this is an explataion of the behavior, it should not be
> an endorsement.  Prepending someone else's AS is a bad practive.
> Not only does it munge 'pure' research data, but fowls some 
> levels of peer evaluation [in the example, and as-701 connected 
> entity seeing your path from 1239 would have to determine why 
> they weren't getting your paths; or a casual glance would indicate 
> you were'nt peer-worthy because you were behind a peer].

Agreed on all counts.  Note that I didn't suggest that it was a good
idea, just pointed out that this has certainly been done in the past
(I seem to recall more than one organization doing this to keep
certain routes out of AS690).

> Worse, 
> forging AS-paths obfuscates the operational chain of responsibility.  
> Of course that is the goal of some of theses actrivities. 
> Obviously-bogus AS paths are a strong indicator of suspicious 
> activity.

I'm not sure I agree with that assessment.  Strong indicator of a
nasty hack, much much less strong indicator of anything unseemly
afoot.  Or perhaps this was a use of the term "suspicious" to which
I'm heretofore unaccustomed.

> Many providers publish specific BGP communities for customers to 
> use to handle the redistribution at the provider's edge; some are 
> coarse-grained and some provide real control. Many provide something 
> but you have to ask for the information. If your provider doesn't 
> give you this service/feature, demand it.

Yes, and vote with your feet when your contract is up if they don't
deliver.

> In RS's example, a trip to http://www.sprint.net/policy/bgp.html 
> would tell you to just tag with community 65000:701
>     route-map to-as1239-nothanks-uu permit 10
>      set community 65000:701
> 
> Attempting action at a distance generally fails at the far-end of 
> your service contract; any implementation that *does* work *should*
> only spew data the same distance.

Well, yes.  Attempt this trick at home at your own peril, &c &c &c...

                                        ---Rob

PS: I am sure that we both are going to hell for having the
unmitigated gall to post stuff to NANOG that actually has something to
do with running a backbone.




More information about the NANOG mailing list