[caiu] Long BGP AS paths
Leonardo Suzan
leonardosuzan em minutostelecom.com.br
Dom Out 1 21:57:04 BRT 2017
Pessoal, estou notando esse evento desde a ultima sexta-feira 19h. Passei o fim de semana tentando encontrar o problema… Agora tudo faz sentido!!
Leonardo
> On 30 Sep 2017, at 19:34, Rubens Kuhl <rubensk em gmail.com> wrote:
>
> Alguém notou esse efeito a partir de agora há pouco ?
>
>
> Rubens
>
> ---------- Forwarded message ----------
> From: William Herrin <bill em herrin.us>
> Date: Sat, Sep 30, 2017 at 7:29 PM
> Subject: Long BGP AS paths
> To: "nanog em nanog.org" <nanog em nanog.org>
>
>
> To the chucklehead who started announcing a 2200+ byte AS path yesterday
> around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga
> that's present in all versions released in the last decade. Your
> announcement causes routers based on Quagga to send a malformed update to
> their neighbors, collapsing the entire BGP session. Every 30 seconds or so.
>
> For everyone else: please consider filtering BGP announcements with
> stupidly long AS paths. There's no need nor excuse for them to be present
> in the DFZ and you could have saved me a painful Saturday.
>
> Cisco:
>
> router bgp XXX
> bgp maxas-limit 50
>
>
> Juniper:
> https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321
>
>
> Quagga:
>
> ip as-path access-list maxas-limit50 deny ^([{},0-9]+ ){50}
> ip as-path access-list maxas-limit50 permit .*
>
>
> Regards,
> Bill Herrin
>
>
> --
> William Herrin ................ herrin em dirtside.com bill em herrin.us
> Dirtside Systems ......... Web: <http://www.dirtside.com/>
> _______________________________________________
> caiu mailing list
> caiu em eng.registro.br
> https://eng.registro.br/mailman/listinfo/caiu
>
>
> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>
> https://eng.registro.br/mailman/options/caiu
Mais detalhes sobre a lista de discussão caiu