Long BGP AS paths

• Previous message (by thread): Long BGP AS paths
• Next message (by thread): Long BGP AS paths
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The quagga thread I read specifically indicates that some (most?) versions don't
accept the {n,m} regexp repeat format. Thus the regexps as long as the
path you want to filter... :/

..or upgrade.

/kc


On Sat, Sep 30, 2017 at 06:29:36PM -0400, William Herrin said:
  >To the chucklehead who started announcing a 2200+ byte AS path yesterday
  >around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga
  >that's present in all versions released in the last decade. Your
  >announcement causes routers based on Quagga to send a malformed update to
  >their neighbors, collapsing the entire BGP session. Every 30 seconds or so.
  >
  >For everyone else: please consider filtering BGP announcements with
  >stupidly long AS paths. There's no need nor excuse for them to be present
  >in the DFZ and you could have saved me a painful Saturday.
  >
  >Cisco:
  >
  >router bgp XXX
  > bgp maxas-limit 50
  >
  >
  >Juniper:
  >https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321
  >
  >
  >Quagga:
  >
  >ip as-path access-list maxas-limit50 deny ^([{},0-9]+ ){50}
  >ip as-path access-list maxas-limit50 permit .*
  >
  >
  >Regards,
  >Bill Herrin
  >
  >
  >-- 
  >William Herrin ................ herrin at dirtside.com  bill at herrin.us
  >Dirtside Systems ......... Web: <http://www.dirtside.com/>

-- 
Ken Chase - math at sizone.org Guelph Canada

• Previous message (by thread): Long BGP AS paths
• Next message (by thread): Long BGP AS paths
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]