nanog mailing list archives

Re: Long BGP AS paths

From: Mark Price <mprice () tqhosting com>
Date: Sun, 1 Oct 2017 00:32:21 -0400

Hi Bill,

Could you list which prefix(es) you saw were being announced with these
long AS paths?


Mark



On Sat, Sep 30, 2017 at 6:29 PM, William Herrin <bill () herrin us> wrote:

To the chucklehead who started announcing a 2200+ byte AS path yesterday
around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga
that's present in all versions released in the last decade. Your
announcement causes routers based on Quagga to send a malformed update to
their neighbors, collapsing the entire BGP session. Every 30 seconds or so.

For everyone else: please consider filtering BGP announcements with
stupidly long AS paths. There's no need nor excuse for them to be present
in the DFZ and you could have saved me a painful Saturday.

Cisco:

router bgp XXX
 bgp maxas-limit 50


Juniper:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321


Quagga:

ip as-path access-list maxas-limit50 deny ^([{},0-9]+ ){50}
ip as-path access-list maxas-limit50 permit .*


Regards,
Bill Herrin


--
William Herrin ................ herrin () dirtside com  bill () herrin us
Dirtside Systems ......... Web: <http://www.dirtside.com/>

Current thread:

Re: Long BGP AS paths marcel.duregards--- via NANOG (Oct 01)
- Re: Long BGP AS paths Tim Evens (Oct 01)
  - Re: Long BGP AS paths Tim Evens (Oct 01)
  - Re: Long BGP AS paths Tim Evens (Oct 02)
- <Possible follow-ups>
- Re: Long BGP AS paths Mark Price (Oct 01)
  - Re: Long BGP AS paths sthaug (Oct 01)
    - Re: Long BGP AS paths Jon Lewis (Oct 01)
- Re: Long BGP AS paths William Herrin (Oct 01)
- Re: Long BGP AS paths Randy Bush (Oct 01)
- Re: Long BGP AS paths Scott Weeks (Oct 01)