[28917] in North American Network Operators' Group
Re: That pesky AS path corruption bug...
daemon@ATHENA.MIT.EDU (John Fraizer)
Wed May 24 00:25:12 2000
Date: Wed, 24 May 2000 00:23:05 -0400 (EDT)
From: John Fraizer <nanog@EnterZone.Net>
To: Vijay Gill <wrath@cs.umbc.edu>
Cc: nanog@merit.edu
In-Reply-To: <Pine.SOL.3.95.1000523132209.5819E-100000@mailserver-ng.cs.umbc.edu>
Message-ID: <Pine.LNX.3.96.1000524001813.17089A-100000@Overkill.EnterZone.Net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 23 May 2000, Vijay Gill wrote:
>
> > Since the corrupted AS-path does not include the AS that the route is
> > coming from (at least in the corruption that I saw) it seems to me that a
> > simple solution for all is to filter on AS i.e. only allow routes that
> > have the AS of your EBGP neighbor prepended to them. I realize this does
> > not cover all cases of wacky AS corruption problems but it may fix some of
>
> This is a hack. We do not need more cruft added on, rather, what we need
> is correct behavior. The correct behavior being - if you see a corrupt/ a
> malformed update from a peer, send a notify and drop the session. Seems
> fairly simple to me.
>
> The above suggestion of your fails in case of route servers.
>
> Insist on correct behavior, not on cruftery.
>
> /vijay
Come on people. It's VERY easy to do one of the following:
(1) NOT implement AS-path filtering on route-server connections
(2) Apply filtering on RS sessions with an as-path access-list that
includes those AS's that you will see via that RS.
Am I the only RA that notifies the peering contacts of all other RS peers
when someone new joins? I certainly hope not.
John Fraizer
EnterZone, Inc
