nanog mailing list archives
RE: anyone else seeing very long AS paths?
From: "Ivan Pepelnjak" <ip () ioshints info>
Date: Tue, 17 Feb 2009 20:58:48 +0100
We were dropping ALL prefixes and the eBGP session was still resetting.
Upstream or downstream?
1) "bgp maxas-limit 75" had no effect mitigating this problem on the IOS we were using. That is: it was previously verified to be working just fine to drop paths longer than 75, but once we started receiving paths > 255 then BGP started resetting.
I was able to receive BGP paths longer than 255 on IOS release 12.2SRC. The paths were generated by Quagga BGP daemon. 12.2SRC causes the downstream session to break when the installed AS-path length is close to 255 and you use downstream AS-path prepending. In your case, I'm assuming you were hit with an older bug (probably at the 128 AS-path length boundary). It would be very hard to generate just the right AS-path length to unintentionally break your upstream EBGP session (as I said before, it's a nice targeted attack if you know your downstream topology). If your IOS is vulnerable to the older bugs that break inbound processing of AS paths longer than 128, there's nothing you can do on your end. The internal BGP checks reject the inbound update before the inbound filters (or bgp maxas-limit) can touch it and reset the upstream BGP session. Hope this helps Ivan Disclaimer: as I don't have internal access to Cisco, all of the above is a result of lab tests.
Current thread:
- Re: anyone else seeing very long AS paths?, (continued)
- Re: anyone else seeing very long AS paths? Adrian Chadd (Feb 17)
- Re: anyone else seeing very long AS paths? Michael Ulitskiy (Feb 17)
- Re: anyone else seeing very long AS paths? German Martinez (Feb 17)
- Re: anyone else seeing very long AS paths? Mike Lewinski (Feb 17)
- Re: anyone else seeing very long AS paths? German Martinez (Feb 17)
- Re: anyone else seeing very long AS paths? Jack Bates (Feb 17)
- Re: anyone else seeing very long AS paths? Leland E. Vandervort (Feb 17)
- RE: anyone else seeing very long AS paths? Ivan Pepelnjak (Feb 17)
- Re: anyone else seeing very long AS paths? Jack Bates (Feb 17)
- Re: anyone else seeing very long AS paths? Mike Lewinski (Feb 17)
- RE: anyone else seeing very long AS paths? Ivan Pepelnjak (Feb 17)
- Re: anyone else seeing very long AS paths? Rodney Dunn (Feb 17)
- Re: anyone else seeing very long AS paths? German Martinez (Feb 17)
- Re: anyone else seeing very long AS paths? Rodney Dunn (Feb 17)
- Re: anyone else seeing very long AS paths? Rodney Dunn (Feb 19)
- Re: anyone else seeing very long AS paths? Rodney Dunn (Feb 20)
- Followup: anyone else seeing very long AS paths? Ivan Pepelnjak (Feb 20)
- RE: anyone else seeing very long AS paths? Ivan Pepelnjak (Feb 17)
- Re: anyone else seeing very long AS paths? Steven Saner (Feb 17)
- Re: anyone else seeing very long AS paths? Jack Bates (Feb 17)
- Re: anyone else seeing very long AS paths? German Martinez (Feb 17)