nanog mailing list archives
Re: look for BGP routes containing local AS#
From: Patrick Tracanelli <eksffa () freebsdbrasil com br>
Date: Wed, 28 Jan 2015 15:50:10 -0200
On 28/01/2015, at 07:32, Song Li <refresh.lsong () gmail com> wrote: Hi Joel, It is right that the BGP route containing the local ASN will be droped. However, such routes can still be displayed on router. For example, you can run "show route hidden terse aspath-regex .*<local ASN>.*" on Juniper to check them. We are looking for those routes. If you can run the command on your Juniper and find such routes, could you please provider them for us?
Sorry, what do you need exactly? A sample? For education purposes are you looking for something specific? You need it to be on Juniper router or other BGP software will do? I have this scenario from Brazil-US, with specifics getting received both ways but it’s not Juniper.
Thanks! Regards! Song 在 2015/1/28 16:23, joel jaeggli 写道:On 1/27/15 5:45 AM, Song Li wrote:Hi everyone, Recently I studied the BGP AS path looping problem, and found that in most cases, the received BGP routes containing local AS# are suspicious. However, we checked our BGP routing table (AS23910,CERNET2) on juniper router(show route hidden terse aspath-regex .*23910.* ), and have not found such routes in Adj-RIB-In.Updates with your AS in the path are discarded as part of loop detection, e.g. they do not become candidate routes. https://tools.ietf.org/html/rfc4271 page 77 If the AS_PATH attribute of a BGP route contains an AS loop, the BGP route should be excluded from the Phase 2 decision function. AS loop detection is done by scanning the full AS path (as specified in the AS_PATH attribute), and checking that the autonomous system number of the local system does not appear in the AS path. Operations of a BGP speaker that is configured to accept routes with its own autonomous system number in the AS path are outside the scope of this document. in junos neighbor { ipAddress | ipv6Address | peerGroupName } allowas-in number where number is the number of instances of your AS in the path you're willing to accept will correct that.We believe that the received BGP routes containing local AS# are related to BGP security problem.You'll have to elaborate, since their existence is a basic principle in the operation of bgp and they are ubiquitous. Island instances of a distributed ASN communicate with each other by allowing such routes in so that they can be evaluated one the basis of prefix, specificity, AS path length and so forth.Hence, we want to look for some real cases in the wild. Could anybody give us some examples of such routes? Thanks! Best Regards!-- Song Li Room 4-204, FIT Building, Network Security, Department of Electronic Engineering, Tsinghua University, Beijing 100084, China Tel:( +86) 010-62446440 E-mail: refresh.lsong () gmail com
-- Patrick Tracanelli FreeBSD Brasil LTDA. Tel.: (31) 3516-0800 316601 () sip freebsdbrasil com br http://www.freebsdbrasil.com.br "Long live Hanin Elias, Kim Deal!"
Current thread:
- look for BGP routes containing local AS# Song Li (Jan 27)
- Re: look for BGP routes containing local AS# joel jaeggli (Jan 28)
- Re: look for BGP routes containing local AS# Song Li (Jan 28)
- Re: look for BGP routes containing local AS# Pedro Cavaca (Jan 28)
- Re: look for BGP routes containing local AS# Chuck Anderson (Jan 28)
- Re: look for BGP routes containing local AS# Song Li (Jan 28)
- Re: look for BGP routes containing local AS# Patrick Tracanelli (Jan 28)
- Re: look for BGP routes containing local AS# Song Li (Jan 28)
- Re: look for BGP routes containing local AS# Patrick Tracanelli (Jan 29)
- Re: look for BGP routes containing local AS# Song Li (Jan 28)
- Re: look for BGP routes containing local AS# joel jaeggli (Jan 28)
- Re: look for BGP routes containing local AS# joel jaeggli (Jan 28)