Long BGP AS paths
marcel.duregards at yahoo.fr
marcel.duregards at yahoo.fr
Sun Oct 1 16:16:09 UTC 2017
What would be a recommended value for a maximum as-path filter ?
50 ?
On the DFZ I've only 11 prefixes longer than 30 as-path, so for safety I
would also assume 50 as a max is well enough. Any advice ?
Regards,
-
Marcel
On 01.10.2017 00:29, William Herrin wrote:
> To the chucklehead who started announcing a 2200+ byte AS path yesterday
> around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga
> that's present in all versions released in the last decade. Your
> announcement causes routers based on Quagga to send a malformed update to
> their neighbors, collapsing the entire BGP session. Every 30 seconds or so.
>
> For everyone else: please consider filtering BGP announcements with
> stupidly long AS paths. There's no need nor excuse for them to be present
> in the DFZ and you could have saved me a painful Saturday.
>
> Cisco:
>
> router bgp XXX
> bgp maxas-limit 50
>
>
> Juniper:
> https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321
>
>
> Quagga:
>
> ip as-path access-list maxas-limit50 deny ^([{},0-9]+ ){50}
> ip as-path access-list maxas-limit50 permit .*
>
>
> Regards,
> Bill Herrin
>
>
.
More information about the NANOG
mailing list