Blocking private AS
Thomas Magill
tmagill at providecommerce.com
Thu Feb 18 19:27:30 UTC 2010
I am thinking about implementing a filter to block all traffic with
private AS numbers in the path. I see quite a few in my table though so
I am concerned I might block some legitimate traffic. In some cases,
these are just prefixes with the private appended to the end but a few
have the private as a transit. Is this a good idea or would I likely be
blocking too much legitimate traffic? The filter I am using currently
shows the following:
BGP table version is 5462394, local router ID is 209.112.253.4
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i58.68.109.0/24 x.x.x.x 0 100 0 6130 9498 10201
65534 i
*> y.y.y.y 0 6130 9498 10201
65534 i
* i68.115.224.0/24 x.x.x.x 0 100 0 6130 19151 20115
65011 i
*> y.y.y.y 0 6130 19151 20115
65011 i
* 85.112.22.0/24 y.y.y.y 0 6130 6939 23148
64532 64532 64532 64532 64532 64532 64532 64532 64532 i
*> 93.189.194.0/24 y.y.y.y 0 6130 3549 39386
39386 39386 25233 65000 47146 i
* i x.x.x.x 0 100 0 6130 3549 39386
39386 39386 25233 65000 47146 i
*> 96.60.243.0/24 y.y.y.y 0 6130 2828 4181
65528 i
* i x.x.x.x 0 100 0 6130 2828 4181
65528 i
* i96.61.232.0/24 x.x.x.x 0 100 0 6130 2828 4181
65527 i
*> y.y.y.y 0 6130 2828 4181
65527 i
* i96.61.233.0/24 x.x.x.x 0 100 0 6130 2828 4181
65527 i
*> y.y.y.y 0 6130 2828 4181
65527 i
* i96.61.234.0/24 x.x.x.x 0 100 0 6130 2828 4181
65527 i
*> y.y.y.y 0 6130 2828 4181
65527 i
*> 148.207.2.0/24 y.y.y.y 0 6130 2828 3257
16531 13579 65090 i
* i x.x.x.x 0 100 0 6130 2828 3257
16531 13579 65090 i
*> 148.207.40.0/24 y.y.y.y 0 6130 2828 3257
16531 13579 65090 i
* i x.x.x.x 0 100 0 6130 2828 3257
16531 13579 65090 i
*> 148.207.97.0/24 y.y.y.y 0 6130 2828 3257
16531 13579 65090 i
* i x.x.x.x 0 100 0 6130 2828 3257
16531 13579 65090 i
* 170.34.100.0/24 y.y.y.y 0 6130 19151 20115
65011 ?
* 170.34.104.0/24 y.y.y.y 0 6130 19151 20115
65011 ?
* 170.34.113.0/24 y.y.y.y 0 6130 19151 20115
65011 ?
* i174.35.1.0/24 x.x.x.x 0 100 0 6130 16467 64565
i
* i174.47.199.0/24 x.x.x.x 0 100 0 6130 2828 4323
15065 65123 i
*> y.y.y.y 0 6130 2828 4323
15065 65123 i
* i192.109.61.0 x.x.x.x 0 100 0 6130 19151 20115
65011 i
*> y.y.y.y 0 6130 19151 20115
65011 i
*> 196.216.249.0 y.y.y.y 0 6130 2828 3257
8513 8513 8513 36881 65000 36896 37062 i
* i x.x.x.x 0 100 0 6130 2828 3257
8513 8513 8513 36881 65000 36896 37062 i
Network Next Hop Metric LocPrf Weight Path
*> 209.172.69.128/30
y.y.y.y 0 6130 16467 64565
i
* i x.x.x.x 0 100 0 6130 16467 64565
i
*> 213.146.161.0 y.y.y.y 0 6130 2828 174
64679 48493 i
* i x.x.x.x 0 100 0 6130 2828 174
64679 48493 i
Thomas Magill
Network Engineer
Office: (858) 909-3777
Cell: (858) 869-9685
mailto:tmagill at providecommerce.com <mailto:tmagill at providecommerce.com>
provide-commerce
4840 Eastgate Mall
San Diego, CA 92121
ProFlowers <http://www.proflowers.com/> | redENVELOPE
<http://www.redenvelope.com/> | Cherry Moon Farms
<http://www.cherrymoonfarms.com/> | Shari's Berries
<http://www.berries.com/>
More information about the NANOG
mailing list