Long BGP AS paths
Ken Chase
math at sizone.org
Sat Sep 30 22:34:42 UTC 2017
The quagga thread I read specifically indicates that some (most?) versions don't
accept the {n,m} regexp repeat format. Thus the regexps as long as the
path you want to filter... :/
..or upgrade.
/kc
On Sat, Sep 30, 2017 at 06:29:36PM -0400, William Herrin said:
>To the chucklehead who started announcing a 2200+ byte AS path yesterday
>around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga
>that's present in all versions released in the last decade. Your
>announcement causes routers based on Quagga to send a malformed update to
>their neighbors, collapsing the entire BGP session. Every 30 seconds or so.
>
>For everyone else: please consider filtering BGP announcements with
>stupidly long AS paths. There's no need nor excuse for them to be present
>in the DFZ and you could have saved me a painful Saturday.
>
>Cisco:
>
>router bgp XXX
> bgp maxas-limit 50
>
>
>Juniper:
>https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321
>
>
>Quagga:
>
>ip as-path access-list maxas-limit50 deny ^([{},0-9]+ ){50}
>ip as-path access-list maxas-limit50 permit .*
>
>
>Regards,
>Bill Herrin
>
>
>--
>William Herrin ................ herrin at dirtside.com bill at herrin.us
>Dirtside Systems ......... Web: <http://www.dirtside.com/>
--
Ken Chase - math at sizone.org Guelph Canada
More information about the NANOG
mailing list