[167033] in North American Network Operators' Group
Re: Blocking private AS
daemon@ATHENA.MIT.EDU (ML)
Wed Nov 27 13:00:20 2013
Date: Wed, 27 Nov 2013 12:59:45 -0500
From: ML <ml@kenweb.org>
To: nanog@nanog.org
In-Reply-To: <FA2E47FFA50291418803D2E7C1DF07F30A449870@SDEXCL01.Proflowers.com>
Reply-To: ml@kenweb.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2/18/2010 2:27 PM, Thomas Magill wrote:
> I am thinking about implementing a filter to block all traffic with
> private AS numbers in the path. I see quite a few in my table though so
> I am concerned I might block some legitimate traffic. In some cases,
> these are just prefixes with the private appended to the end but a few
> have the private as a transit. Is this a good idea or would I likely be
> blocking too much legitimate traffic? The filter I am using currently
> shows the following:
>
>
I am also curious about blocking legitimate traffic. I just implemented
a filter to remove routes with a private-AS anywhere in the path. Over
200 routes were filtered.
I spot checked a few prefixes:
A few had a covering prefix
A few prefixes were originated by a non-private AS and a private AS and
would have otherwise been accepted if Cogent (In my case) had that route
as a best path
And a few prefixes just won't be reachable by my customers.
If anyone wants to see what I filtered out:http://pastebin.com/AFyYrfZk
<http://pastebin.com/AFyYrfZk>
