Re: someone is using my AS number

[Jon Lewis <jlewis () lewis org>]

On Sat, 15 Jun 2019, Filip Hruska wrote:

> In other words, if I have an upstream that uses 6939 for transit, I'm free to permanently prepend 6939 to
> stop propagation to that network? Isn't using a community that says "do not export to 6939" a better and much
> cleaner solution?

Sure, unless/until that doesn't work.  In the case I recall where I used 
as-path poisoning, we were multihomed to two NSPs.  For TE purposes, we'd 
been advertising a couple of more specifics to NSP1 with community strings 
to limit propagation.  One day, NSP2 went from being a peer of NSP1 to a 
customer of NSP1.  Generally, if a network even has customer usable 
propagation limiting community support, it's only applicable to their 
peers, not customers.  So, when the peering relationship between NSP1 & 
NSP2 changed, our TE became less effective because NSP2 started receiving 
the more specifics from NSP1.  The fix was to add NSP2's AS to the more 
specifics sent to NSP1...and to eventually get another transit provider.

> You will have to explain that to SpamHaus and other organizations who are in the business (literally) of
> blacklisting all upstreams of "rogue" networks.

I think they have enough clue to notice "screwy as-paths".

----------------------------------------------------------------------
 Jon Lewis, MCP :)           |  I route
                             |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________