[196066] in North American Network Operators' Group
Long BGP AS paths
daemon@ATHENA.MIT.EDU (William Herrin)
Sat Sep 30 19:07:51 2017
X-Original-To: nanog@nanog.org
X-Really-To: <nanog@nanog.org>
From: William Herrin <bill@herrin.us>
Date: Sat, 30 Sep 2017 18:29:36 -0400
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
To the chucklehead who started announcing a 2200+ byte AS path yesterday
around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga
that's present in all versions released in the last decade. Your
announcement causes routers based on Quagga to send a malformed update to
their neighbors, collapsing the entire BGP session. Every 30 seconds or so.
For everyone else: please consider filtering BGP announcements with
stupidly long AS paths. There's no need nor excuse for them to be present
in the DFZ and you could have saved me a painful Saturday.
Cisco:
router bgp XXX
bgp maxas-limit 50
Juniper:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321
Quagga:
ip as-path access-list maxas-limit50 deny ^([{},0-9]+ ){50}
ip as-path access-list maxas-limit50 permit .*
Regards,
Bill Herrin
--
William Herrin ................ herrin@dirtside.com bill@herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>
