[196062] in North American Network Operators' Group
Re: Long BGP AS paths
daemon@ATHENA.MIT.EDU (Ken Chase)
Sat Sep 30 18:57:50 2017
X-Original-To: nanog@nanog.org
Date: Sat, 30 Sep 2017 18:34:42 -0400
From: Ken Chase <math@sizone.org>
To: William Herrin <bill@herrin.us>
In-Reply-To: <CAP-guGVE2J2ik7brqs=apDoKZA3mmJZLdfF5zk+BRbkLa+=png@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
The quagga thread I read specifically indicates that some (most?) versions don't
accept the {n,m} regexp repeat format. Thus the regexps as long as the
path you want to filter... :/
..or upgrade.
/kc
On Sat, Sep 30, 2017 at 06:29:36PM -0400, William Herrin said:
>To the chucklehead who started announcing a 2200+ byte AS path yesterday
>around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga
>that's present in all versions released in the last decade. Your
>announcement causes routers based on Quagga to send a malformed update to
>their neighbors, collapsing the entire BGP session. Every 30 seconds or so.
>
>For everyone else: please consider filtering BGP announcements with
>stupidly long AS paths. There's no need nor excuse for them to be present
>in the DFZ and you could have saved me a painful Saturday.
>
>Cisco:
>
>router bgp XXX
> bgp maxas-limit 50
>
>
>Juniper:
>https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321
>
>
>Quagga:
>
>ip as-path access-list maxas-limit50 deny ^([{},0-9]+ ){50}
>ip as-path access-list maxas-limit50 permit .*
>
>
>Regards,
>Bill Herrin
>
>
>--
>William Herrin ................ herrin@dirtside.com bill@herrin.us
>Dirtside Systems ......... Web: <http://www.dirtside.com/>
--
Ken Chase - math@sizone.org Guelph Canada
