[196076] in North American Network Operators' Group
Re: Long BGP AS paths
daemon@ATHENA.MIT.EDU (Mark Price)
Sun Oct 1 13:48:05 2017
X-Original-To: nanog@nanog.org
In-Reply-To: <CAP-guGVE2J2ik7brqs=apDoKZA3mmJZLdfF5zk+BRbkLa+=png@mail.gmail.com>
From: Mark Price <mprice@tqhosting.com>
Date: Sun, 1 Oct 2017 00:32:21 -0400
To: William Herrin <bill@herrin.us>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Hi Bill,
Could you list which prefix(es) you saw were being announced with these
long AS paths?
Mark
On Sat, Sep 30, 2017 at 6:29 PM, William Herrin <bill@herrin.us> wrote:
> To the chucklehead who started announcing a 2200+ byte AS path yesterday
> around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga
> that's present in all versions released in the last decade. Your
> announcement causes routers based on Quagga to send a malformed update to
> their neighbors, collapsing the entire BGP session. Every 30 seconds or so.
>
> For everyone else: please consider filtering BGP announcements with
> stupidly long AS paths. There's no need nor excuse for them to be present
> in the DFZ and you could have saved me a painful Saturday.
>
> Cisco:
>
> router bgp XXX
> bgp maxas-limit 50
>
>
> Juniper:
> https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321
>
>
> Quagga:
>
> ip as-path access-list maxas-limit50 deny ^([{},0-9]+ ){50}
> ip as-path access-list maxas-limit50 permit .*
>
>
> Regards,
> Bill Herrin
>
>
> --
> William Herrin ................ herrin@dirtside.com bill@herrin.us
> Dirtside Systems ......... Web: <http://www.dirtside.com/>
>
