# DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times

Baldur Norddahl baldur.norddahl at gmail.com
Sun Mar 27 20:02:32 UTC 2022

```On Sun, 27 Mar 2022 at 18:31, Jon Lewis <jlewis at lewis.org> wrote:

> Is prepending used for any purpose other than TE?  The point I think Joe
> was trying to make was prepending once or even a few times has uses.
> Prepending more than a few times is unlikely to accomplish anything a few
> prepends didn't get done.
>

I suppose so-called "backup routes" could also be called traffic
engineering yet it is different from the use case I described.

I understand the "diameter of the internet" to mean the maximum number of
unique AS numbers in an AS PATH observed in any route in my DFZ routing
table. Say I have two IP transit uplinks and I want one to be strictly
backup meaning I want to receive no traffic unless the other is down. I
might then prepend at least "the diameter of the internet" and that would
be enough. Any more prepends will do nothing. This could probably be proven
mathematically for the worst case, although in reality you would not even
need that many prepends to get the effect.

However using prepends for traffic engineering in the sense prioritizing my
peers relatively to each other is completely different. Especially true
when some are peers on internet exchanges (not IP transit). Here the
diameter of the internet is completely irrelevant. What matters is the
number of classes I can make up for my peers. I admit those two numbers
might not be all that different, but I feel it is still worth pointing out
the error in the logic.

The logic is wrong even for the backup case. Say I have an extreme of N x
IP transits and I want all of them to be backups in a strict order. Such
that all traffic comes in on transit A. If transit A is down, then
everything should use B. If A and B are down then 100% to C etc. In that
case I would need to prepend "the diameter of the internet" on B and "the
diameter of the internet" times two on C etc. Why times two and not + 1?
Because when A is down we have B with a number of prepends. C needs to have
"the diameter of the internet" more than B to be sure no traffic goes that
way when B is active.

Prepending 50, 100, 200+ times is kind of a universal "We have no clue
> what we're doing and you should reject our routes."
>

That is likely yes.

Regards,

Baldur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220327/d1317f31/attachment.html>
```