nanog mailing list archives
Re: AS Path Loops in practice ?
From: "Robert E. Seastrom" <rs () seastrom com>
Date: 08 Dec 2003 20:10:30 -0500
Joe Provo <nanog-post () rsuc gweep net> writes:
While this is an explataion of the behavior, it should not be an endorsement. Prepending someone else's AS is a bad practive. Not only does it munge 'pure' research data, but fowls some levels of peer evaluation [in the example, and as-701 connected entity seeing your path from 1239 would have to determine why they weren't getting your paths; or a casual glance would indicate you were'nt peer-worthy because you were behind a peer].
Agreed on all counts. Note that I didn't suggest that it was a good idea, just pointed out that this has certainly been done in the past (I seem to recall more than one organization doing this to keep certain routes out of AS690).
Worse, forging AS-paths obfuscates the operational chain of responsibility. Of course that is the goal of some of theses actrivities. Obviously-bogus AS paths are a strong indicator of suspicious activity.
I'm not sure I agree with that assessment. Strong indicator of a nasty hack, much much less strong indicator of anything unseemly afoot. Or perhaps this was a use of the term "suspicious" to which I'm heretofore unaccustomed.
Many providers publish specific BGP communities for customers to use to handle the redistribution at the provider's edge; some are coarse-grained and some provide real control. Many provide something but you have to ask for the information. If your provider doesn't give you this service/feature, demand it.
Yes, and vote with your feet when your contract is up if they don't deliver.
In RS's example, a trip to http://www.sprint.net/policy/bgp.html would tell you to just tag with community 65000:701 route-map to-as1239-nothanks-uu permit 10 set community 65000:701 Attempting action at a distance generally fails at the far-end of your service contract; any implementation that *does* work *should* only spew data the same distance.
Well, yes. Attempt this trick at home at your own peril, &c &c &c...
---Rob
PS: I am sure that we both are going to hell for having the
unmitigated gall to post stuff to NANOG that actually has something to
do with running a backbone.
Current thread:
- AS Path Loops in practice ? Jaideep Chandrashekar (Dec 08)
- Re: AS Path Loops in practice ? Robert E. Seastrom (Dec 08)
- Re: AS Path Loops in practice ? Joe Provo (Dec 08)
- Re: AS Path Loops in practice ? Robert E. Seastrom (Dec 08)
- Re: AS Path Loops in practice ? Joe Provo (Dec 08)
- Re: AS Path Loops in practice ? Ben Crocker (Dec 09)
- Re: AS Path Loops in practice ? Niels Bakker (Dec 09)
- Re: AS Path Loops in practice ? Leo Bicknell (Dec 09)
- Re: AS Path Loops in practice ? Niels Bakker (Dec 09)
- Re: AS Path Loops in practice ? Stephen J. Wilcox (Dec 11)
- Re: AS Path Loops in practice ? Leo Bicknell (Dec 11)
- Re: AS Path Loops in practice ? Jeff Aitken (Dec 11)
- Re: AS Path Loops in practice ? David Barak (Dec 11)
- Re: AS Path Loops in practice ? Stephen J. Wilcox (Dec 12)
- Re: AS Path Loops in practice ? David Barak (Dec 12)
- Re: AS Path Loops in practice ? Niels Bakker (Dec 09)
- Re: AS Path Loops in practice ? Robert E. Seastrom (Dec 08)