Anyone else seeing "(invalid or corrupt AS path) 3 bytes E01100" ?

Ivan Pepelnjak ip at
Tue Aug 18 13:58:00 CDT 2009

> Ivan-
>    Thanks for posting this how-to on excessive as prepends. I 
> have a couple of questions that some of the less BGP savvy 
> out their may find helpfull
> 1. In my enviornment, we are not doing full routes. We have 
> partial routes from AS209 and then fail to AS7263. Is their 
> any advantage for someone like me to do this, as we are not 
> providing any IP transit so we are not passing the route 
> table to anyone else?

You could do it to protect your BGP table, but as you're not a transit AS,
it does not make much sense.

> 2. When I run the "sh ip bgp quote-regexp 
> "_([0-9]+)_\1_\1_\1_\1_ \1_" | begin Network" I am seeing 
> many many ASes that would be filtered by this access-list. 

Obviously a lot of people are prepend-happy.

> What happens to those networks, are they unreachable from my 
> AS, or do I just route those networks to my upstream provider 
> and let them deal with it?

If I understood correctly, you're using a default route toward AS7263, which
means that anything that is not in your BGP table (and consequently your IP
routing table) will be sent out of your AS via the default route. If you're
getting the paths you're filtering from AS209 that means that more traffic
will go to AS7263.

> 3. This last question is a little OT, but relates to your access list
>    In the event of some kind if DOS attack coming from one of 
> a few AS numbers (in this case we will use 14793), what is 
> the feesability of using 
>  ip as-path access-list 100 deny _([0-9]+)_\1_\1_\1_\1_
>  ip as-path access-list 100 deny 14793
>  ip as-path access-list 100 permit .*
>  Would this have any affect at all, or would my pipe from my 
> upstream still be congested with garbage traffic ?

No. You cannot influence the inbound traffic apart from not advertising some
of your prefixes to some of your neighbors or giving them hints with BGP
communities or AS-path prepending. Whatever you do with BGP on your routers
influences only the paths the outbound traffic is taking. What you'd
actually need is remote-triggered black hole. Search the Nanog archives for
RTBH, you'll find a number of links in a message from Frank Bulk sent a few
days ago.

Hope this helps

More information about the NANOG mailing list