AS PATH limits

Nick Hilliard nick at foobar.org
Sat Dec 23 00:00:55 CST 2017


Ken Chase wrote:
> (And I'd fix it _right now_, but it's at my major customer's 
> discretion.

ok, so this is a customer management problem. If this is the only
customer on that router, then ok, if they want to continue putting
themselves at risk of service loss, I guess that would be their concern.

If there's anyone else connected to this router, then you would probably
want to consider moving them off it, because you seem to have said
that you may not have full control of your business assets. If this is
the case, it isn't a good situation to be in and will lead to issues
like this turning into serious longer term problems.

> read the first table on page 3 and then explain the philosophy of
> not caring about this as a general issue affecting the entire
> internet. That's not, to date, been the attitude I've seen in here or
> elsewhere amongst admins, and I dont see why we should start now.

Globally, there are 59000 ASNs announcing a total of 670k ipv4 prefixes
and 45k ipv6 routes. If any one of those prefixes is announced anywhere
in the world with an oddball as-path, then this puts vulnerable
versions of quagga at risk of service loss.

This isn't about sympathy or caring or not caring or anything else, but
the uncomfortable fact that with a pool this large, mistakes are going
to happen from time to time, whether we like it or not. It's as-path
length this time, but on previous occasions it's been attribute size, or
incorrect attribute combos or, well, a small catalog of other problems
that have caused bgp session failure globally over the years.

It's each of our responsibility to ensure that our systems are resistant
to problems like this, not other peoples' responsibility to ensure that
our networks don't get hit by third party misconfigs.

Nick


More information about the NANOG mailing list