RU evidently hijacked UA netblock

• Previous message (by thread): RU evidently hijacked UA netblock
• Next message (by thread): identity.cisco.com certificate has expired
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here is a doc for each hardware vendor for filtering long as paths. Not sure if this will help you or if the issue is before filtering takes place.

We have ours max length set to 75.

https://bgpfilterguide.nlnog.net/guides/long_paths/

Erik

Erik Sundberg
Sr. Network Engineer
Nitel
350 N Orleans Street
Suite 1300N
Chicago, Il 60654
Desk: 773-661-5532
Cell: 708-710-7419
NOC: 866-892-0915
Email: esundberg at nitelusa.com
web: www.nitelusa.com
________________________________
From: NANOG <nanog-bounces+esundberg=nitelusa.com at nanog.org> on behalf of Scott Weeks <surfer at mauigateway.com>
Sent: Friday, March 4, 2022 8:46:47 PM
To: nanog at nanog.org <nanog at nanog.org>
Subject: Re: RU evidently hijacked UA netblock



--- jay at west.net wrote:
On 3/4/22 18:03, Scott Weeks wrote:

> It looks like a 'too many' AS prepends, but it is only 250 prepends.

In most reasonable scenarios I'd say that this qualifies as too many.
---------------------------------------------


Yeah, technically, but it was not 256 or something where I'd expect an issue to happen.  Just curious as to why only that ASN caused the buffer overflow messages as I got them from no other AS ever and wondered if anyone else has seen them.  Other ASNs almost certainly have sent 250+ prepends to me before, but they did not cause the overflow.  Like I said, I have a ticket open because I am curious:

BGP-WARNING-tBgp4RouteInvalid-2007 <stuff> Route invalid reason - Cannot add/prepend AS-path.  Buffer overflow\nNRLI - <prefix>  where prefixes are several and different lengths.

Probably nothing, but I always look into stuff I see in the syslog server's router.log.

scott

________________________________

CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner.
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220305/34bc74b0/attachment.html>

• Previous message (by thread): RU evidently hijacked UA netblock
• Next message (by thread): identity.cisco.com certificate has expired
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]