[196118] in North American Network Operators' Group
Re: Long BGP AS paths
daemon@ATHENA.MIT.EDU (Tim Evens)
Tue Oct 3 05:27:53 2017
X-Original-To: nanog@nanog.org
Date: Mon, 02 Oct 2017 10:31:53 -0700
From: Tim Evens <tim@snas.io>
To: nanog@nanog.org
Mail-Reply-To: tim@snas.io
In-Reply-To: <fc47027efdf8aa026bd917ad7d45933c@evensweb.com>
Reply-To: tim@snas.io
Errors-To: nanog-bounces@nanog.org
Yikes, my bad. In the CSV file it didn't seem so large. I setup a
dashboard where you can browse the longest as paths for the selected
time period. check out
demo-rv.snas.io:3000/dashboard/db/top-as-paths?orgId=2 [3]. Change the
time range to see those longer paths. They are no longer current in the
last hour since cogent filtered them.
--Tim
On 01.10.2017 14:29, Tim Evens wrote:
> The outliers are >100. Based on several peering points, <= 60 should be
> fine. See attached CSV file that shows the top 120 distinct AS Paths
> seen for the past month. Looks like 55644 likes to prepend a lot which
> is pushing the length above 50.
>
> --Tim
>
> On 01.10.2017 09:16, marcel.duregards--- via NANOG wrote:
> What would be a recommended value for a maximum as-path filter ? 50 ? On the DFZ I've only 11 prefixes longer than 30 as-path, so for safety I would also assume 50 as a max is well enough. Any advice ? Regards, - Marcel On 01.10.2017 00:29, William Herrin wrote: To the chucklehead who started announcing a 2200+ byte AS path yesterday around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga that's present in all versions released in the last decade. Your announcement causes routers based on Quagga to send a malformed update to their neighbors, collapsing the entire BGP session. Every 30 seconds or so. For everyone else: please consider filtering BGP announcements with stupidly long AS paths. There's no need nor excuse for them to be present in the DFZ and you could have saved me a painful Saturday. Cisco: router bgp XXX bgp maxas-limit 50 Juniper: https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321 [1] [1] Quagga: ip as-path access-list maxas-limit50 deny
^([{},0-9]+ ){50} ip as-path access-list maxas-limit50 permit .* Regards, Bill Herrin .
Links:
------
[1] https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321
[2]
Links:
------
[1] https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321
[2]
https://kb.juniper.net/InfoCenter/index?page=content&amp;id=KB29321
[3] demo-rv.snas.io:3000/dashboard/db/top-as-paths?orgId=2
