[116792] in North American Network Operators' Group
RE: Anyone else seeing "(invalid or corrupt AS path) 3 bytes E01100" ?
daemon@ATHENA.MIT.EDU (Dylan Ebner)
Tue Aug 18 13:54:44 2009
From: Dylan Ebner <dylan.ebner@crlmed.com>
To: Ivan Pepelnjak <ip@ioshints.info>, 'randal k' <nanog@data102.com>, 'Adam
Hebert' <a2thah@gmail.com>
Date: Tue, 18 Aug 2009 17:54:10 +0000
In-Reply-To: <000901ca1fd6$ba47a3c0$0a00000a@nil.si>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Ivan-
Thanks for posting this how-to on excessive as prepends. I have a couple=
of questions that some of the less BGP savvy out their may find helpfull
1. In my enviornment, we are not doing full routes. We have partial routes =
from AS209 and then fail to AS7263. Is their any advantage for someone like=
me to do this, as we are not providing any IP transit so we are not passin=
g the route table to anyone else?
2. When I run the "sh ip bgp quote-regexp "_([0-9]+)_\1_\1_\1_\1_ \1_" | be=
gin Network" I am seeing many many ASes that would be filtered by this acce=
ss-list. What happens to those networks, are they unreachable from my AS, o=
r do I just route those networks to my upstream provider and let them deal =
with it?
3. This last question is a little OT, but relates to your access list
In the event of some kind if DOS attack coming from one of a few AS numb=
ers (in this case we will use 14793), what is the feesability of using=20
ip as-path access-list 100 deny _([0-9]+)_\1_\1_\1_\1_
ip as-path access-list 100 deny 14793
ip as-path access-list 100 permit .*
Would this have any affect at all, or would my pipe from my upstream still=
be congested with garbage traffic ?
Thanks
Dylan Ebner
-----Original Message-----
From: Ivan Pepelnjak [mailto:ip@ioshints.info]=20
Sent: Tuesday, August 18, 2009 2:37 AM
To: 'randal k'; 'Adam Hebert'
Cc: nanog@nanog.org
Subject: RE: Anyone else seeing "(invalid or corrupt AS path) 3 bytes E0110=
0" ?
> Anybody have a handy route-map that will deny anything with a as-path=20
> longer than say 15-20? ;-)
http://wiki.nil.com/Filter_excessively_prepended_BGP_paths
Ivan
=20
http://www.ioshints.info/about
http://blog.ioshints.info/
