RU evidently hijacked UA netblock

Erik Sundberg ESundberg at
Sat Mar 5 05:38:32 UTC 2022

Here is a doc for each hardware vendor for filtering long as paths. Not sure if this will help you or if the issue is before filtering takes place.

We have ours max length set to 75.


Erik Sundberg
Sr. Network Engineer
350 N Orleans Street
Suite 1300N
Chicago, Il 60654
Desk: 773-661-5532
Cell: 708-710-7419
NOC: 866-892-0915
Email: esundberg at
From: NANOG < at> on behalf of Scott Weeks <surfer at>
Sent: Friday, March 4, 2022 8:46:47 PM
To: nanog at <nanog at>
Subject: Re: RU evidently hijacked UA netblock

--- jay at wrote:
On 3/4/22 18:03, Scott Weeks wrote:

> It looks like a 'too many' AS prepends, but it is only 250 prepends.

In most reasonable scenarios I'd say that this qualifies as too many.

Yeah, technically, but it was not 256 or something where I'd expect an issue to happen.  Just curious as to why only that ASN caused the buffer overflow messages as I got them from no other AS ever and wondered if anyone else has seen them.  Other ASNs almost certainly have sent 250+ prepends to me before, but they did not cause the overflow.  Like I said, I have a ticket open because I am curious:

BGP-WARNING-tBgp4RouteInvalid-2007 <stuff> Route invalid reason - Cannot add/prepend AS-path.  Buffer overflow\nNRLI - <prefix>  where prefixes are several and different lengths.

Probably nothing, but I always look into stuff I see in the syslog server's router.log.



CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner.
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the NANOG mailing list