nanog mailing list archives
Re: Long BGP AS paths
From: Ken Chase <math () sizone org>
Date: Sat, 30 Sep 2017 18:34:42 -0400
The quagga thread I read specifically indicates that some (most?) versions don't accept the {n,m} regexp repeat format. Thus the regexps as long as the path you want to filter... :/ ..or upgrade. /kc On Sat, Sep 30, 2017 at 06:29:36PM -0400, William Herrin said: >To the chucklehead who started announcing a 2200+ byte AS path yesterday >around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga >that's present in all versions released in the last decade. Your >announcement causes routers based on Quagga to send a malformed update to >their neighbors, collapsing the entire BGP session. Every 30 seconds or so. > >For everyone else: please consider filtering BGP announcements with >stupidly long AS paths. There's no need nor excuse for them to be present >in the DFZ and you could have saved me a painful Saturday. > >Cisco: > >router bgp XXX > bgp maxas-limit 50 > > >Juniper: >https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321 > > >Quagga: > >ip as-path access-list maxas-limit50 deny ^([{},0-9]+ ){50} >ip as-path access-list maxas-limit50 permit .* > > >Regards, >Bill Herrin > > >-- >William Herrin ................ herrin () dirtside com bill () herrin us >Dirtside Systems ......... Web: <http://www.dirtside.com/> -- Ken Chase - math () sizone org Guelph Canada
Current thread:
- Long BGP AS paths William Herrin (Sep 30)
- Re: Long BGP AS paths Ken Chase (Sep 30)
- Re: Long BGP AS paths William Herrin (Sep 30)
- Re: Long BGP AS paths Job Snijders (Sep 30)
- Re: Long BGP AS paths Ken Chase (Sep 30)