[122692] in North American Network Operators' Group
Re: Blocking private AS
daemon@ATHENA.MIT.EDU (Kevin Loch)
Fri Feb 19 15:53:09 2010
Date: Fri, 19 Feb 2010 15:52:32 -0500
From: Kevin Loch <kloch@kl.net>
To: nanog@nanog.org
In-Reply-To: <FA2E47FFA50291418803D2E7C1DF07F30A449870@SDEXCL01.Proflowers.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Thomas Magill wrote:
> I am thinking about implementing a filter to block all traffic with
> private AS numbers in the path. I see quite a few in my table though so
> I am concerned I might block some legitimate traffic. In some cases,
> these are just prefixes with the private appended to the end but a few
> have the private as a transit. Is this a good idea or would I likely be
> blocking too much legitimate traffic? The filter I am using currently
> shows the following:
I filter private asn's and have not had any reachability problems
related to that. I suspect most of the routes you see with a private
ASN in the path are covered by a less specific route without any
private ASN in the path. Someone used a private ASN with their
customer and forgot to filter it to their upstreams/peers.
- Kevin
