[111944] in North American Network Operators' Group
Re: anyone else seeing very long AS paths?
daemon@ATHENA.MIT.EDU (Jack Bates)
Tue Feb 17 14:19:08 2009
Date: Tue, 17 Feb 2009 13:19:00 -0600
From: Jack Bates <jbates@brightok.net>
To: German Martinez <gmartine@ajax.opentransit.net>
In-Reply-To: <20090217192059.GA10934@ajax.opentransit.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
German Martinez wrote:
> On Tue Feb 17, 2009, Mike Lewinski wrote:
>
>> bgp max-as will NOT protect you from this exploit (but if you are not
>> vulnerable it should prevent you from propogating it).
>
> Are you trying to say that the receiving bgp speaker will drop the session
> no matter what but it won't forward the update?
There are reports that some versions of IOS will drop a peer upon
receiving the long AS, even with a bgp max-as command. I can only
presume that there are some IOS versions that determine the update is
invalid prior to the max-as command determining we are not keeping the
route. The whole "is the update valid?" vs "do I want this in my routing
table?"
Jack
