Blocking private AS

Kevin Loch kloch at kl.net
Fri Feb 19 14:52:32 CST 2010


Thomas Magill wrote:
> I am thinking about implementing a filter to block all traffic with
> private AS numbers in the path.  I see quite a few in my table though so
> I am concerned I might block some legitimate traffic.  In some cases,
> these are just prefixes with the private appended to the end but a few
> have the private as a transit.  Is this a good idea or would I likely be
> blocking too much legitimate traffic?  The filter I am using currently
> shows the following:

I filter private asn's and have not had any reachability problems
related to that.   I suspect most of the routes you see with a private
ASN in the path are covered by a less specific route without any
private ASN in the path.  Someone used a private ASN with their
customer and forgot to filter it to their upstreams/peers.

- Kevin




More information about the NANOG mailing list