Long BGP AS paths

marcel.duregards at yahoo.fr marcel.duregards at yahoo.fr
Sun Oct 1 16:16:09 CST 2017


What would be a recommended value for a maximum as-path filter ?

50 ?

On the DFZ I've only 11 prefixes longer than 30 as-path, so for safety I
would also assume 50 as a max is well enough. Any advice ?

Regards,
-
Marcel



On 01.10.2017 00:29, William Herrin wrote:
> To the chucklehead who started announcing a 2200+ byte AS path yesterday
> around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga
> that's present in all versions released in the last decade. Your
> announcement causes routers based on Quagga to send a malformed update to
> their neighbors, collapsing the entire BGP session. Every 30 seconds or so.
> 
> For everyone else: please consider filtering BGP announcements with
> stupidly long AS paths. There's no need nor excuse for them to be present
> in the DFZ and you could have saved me a painful Saturday.
> 
> Cisco:
> 
> router bgp XXX
>  bgp maxas-limit 50
> 
> 
> Juniper:
> https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321
> 
> 
> Quagga:
> 
> ip as-path access-list maxas-limit50 deny ^([{},0-9]+ ){50}
> ip as-path access-list maxas-limit50 permit .*
> 
> 
> Regards,
> Bill Herrin
> 
> 

.


More information about the NANOG mailing list