Anyone else seeing "(invalid or corrupt AS path) 3 bytes E01100" ?
dylan.ebner at crlmed.com
Tue Aug 18 14:23:47 CDT 2009
This helps vey much.
From: Ivan Pepelnjak [mailto:ip at ioshints.info]
Sent: Tuesday, August 18, 2009 1:58 PM
To: Dylan Ebner; 'randal k'; 'Adam Hebert'
Cc: nanog at nanog.org
Subject: RE: Anyone else seeing "(invalid or corrupt AS path) 3 bytes E01100" ?
> Thanks for posting this how-to on excessive as prepends. I have a
> couple of questions that some of the less BGP savvy out their may find
> 1. In my enviornment, we are not doing full routes. We have partial
> routes from AS209 and then fail to AS7263. Is their any advantage for
> someone like me to do this, as we are not providing any IP transit so
> we are not passing the route table to anyone else?
You could do it to protect your BGP table, but as you're not a transit AS, it does not make much sense.
> 2. When I run the "sh ip bgp quote-regexp "_([0-9]+)_\1_\1_\1_\1_ \1_"
> | begin Network" I am seeing many many ASes that would be filtered by
> this access-list.
Obviously a lot of people are prepend-happy.
> What happens to those networks, are they unreachable from my AS, or do
> I just route those networks to my upstream provider and let them deal
> with it?
If I understood correctly, you're using a default route toward AS7263, which means that anything that is not in your BGP table (and consequently your IP routing table) will be sent out of your AS via the default route. If you're getting the paths you're filtering from AS209 that means that more traffic will go to AS7263.
> 3. This last question is a little OT, but relates to your access list
> In the event of some kind if DOS attack coming from one of a few AS
> numbers (in this case we will use 14793), what is the feesability of
> using ip as-path access-list 100 deny _([0-9]+)_\1_\1_\1_\1_ ip
> as-path access-list 100 deny 14793 ip as-path access-list 100 permit
> Would this have any affect at all, or would my pipe from my upstream
> still be congested with garbage traffic ?
No. You cannot influence the inbound traffic apart from not advertising some of your prefixes to some of your neighbors or giving them hints with BGP communities or AS-path prepending. Whatever you do with BGP on your routers influences only the paths the outbound traffic is taking. What you'd actually need is remote-triggered black hole. Search the Nanog archives for RTBH, you'll find a number of links in a message from Frank Bulk sent a few days ago.
Hope this helps
More information about the NANOG