[195141] in North American Network Operators' Group
Re: Long AS Path
daemon@ATHENA.MIT.EDU (Jakob Heitz (jheitz))
Tue Jun 27 09:26:26 2017
X-Original-To: nanog@nanog.org
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Tue, 27 Jun 2017 13:26:18 +0000
In-Reply-To: <mailman.1.1498564801.12432.nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
The reason that a private ASN in the public routing table is an error is th=
at the AS Path is used to prevent loops. You may have private AS 65000 in y=
our organization and I may have another private AS 65000 in my organization=
. If my ASN 65000 is in the AS path of a route sent to you, then your AS 65=
000 will drop it, thinking it were looping back.
BTW, this is different from a confederation member AS.
Thanks,
Jakob.
> Date: Mon, 26 Jun 2017 16:27:39 +0000
> From: Mel Beckman <mel@beckman.org>
> To: Michael Hare <michael.hare@wisc.edu>
> Cc: Hunter Fuller <hf0002+nanog@uah.edu>, James Bensley
> <jwbensley@gmail.com>, "nanog@nanog.org" <nanog@nanog.org>
> Subject: Re: Long AS Path
> Message-ID: <5CC4BA8E-8FBF-4AD4-835D-2C06265CE502@beckman.org>
> Content-Type: text/plain; charset=3D"us-ascii"
>=20
> Michael,
>=20
> Filtering private ASNs is actually part of the standard. It's intrinsic i=
n the term "private ASN". A private ASN in the public routing table is a cl=
ear error, so filtering them is reasonable. Long AS paths are not a clear e=
rror.'
>=20
> I'm surprised nobody here who complains about long paths is has followed =
my suggestion: call the ASN operator and ask them why they do it, and repor=
t the results here.=20
>=20
> Until somebody does that, I don't see long path filtering as morally defe=
nsible :)
>=20
> -mel beckman
>=20
>> On Jun 26, 2017, at 8:09 AM, Michael Hare <michael.hare@wisc.edu> wrote:
>>=20
>> Couldn't one make the same argument with respect to filtering private AS=
Ns from the global table? Unlike filtering of RFC1918 and the like a priva=
te ASN in the path isn't likely to leak RFC1918 like traffic, yet I believe=
several major ISPs have done just that. This topic was discussed ~1 year =
ago on NANOG.
>>=20
>> I do filter private ASNs but have not yet filtered long AS paths. Befor=
e I did it I had to contact a major CDN because I would have dropped their =
route, in the end costing me money (choosing transit vs peering).