[caiu] Fwd: Long BGP AS paths
Edinilson - ATINET
edinilson em atinet.com.br
Seg Out 2 10:40:10 BRT 2017
Será que algumas operadoras já filtram isso?
Pois não tivemos esse problema por aqui com o Quagga.
Edinilson
------------------------------------------
ATINET
Tel Voz: (0xx11) 4412-0876
http://www.atinet.com.br
----- Original Message -----
From: "Rubens Kuhl" <rubensk em gmail.com>
To: "Lista das indisponibilidades da Internet brasileira"
<caiu em eng.registro.br>
Sent: Saturday, September 30, 2017 7:34 PM
Subject: [caiu] Fwd: Long BGP AS paths
Alguém notou esse efeito a partir de agora há pouco ?
Rubens
---------- Forwarded message ----------
From: William Herrin <bill em herrin.us>
Date: Sat, Sep 30, 2017 at 7:29 PM
Subject: Long BGP AS paths
To: "nanog em nanog.org" <nanog em nanog.org>
To the chucklehead who started announcing a 2200+ byte AS path yesterday
around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga
that's present in all versions released in the last decade. Your
announcement causes routers based on Quagga to send a malformed update to
their neighbors, collapsing the entire BGP session. Every 30 seconds or so.
For everyone else: please consider filtering BGP announcements with
stupidly long AS paths. There's no need nor excuse for them to be present
in the DFZ and you could have saved me a painful Saturday.
Cisco:
router bgp XXX
bgp maxas-limit 50
Juniper:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321
Quagga:
ip as-path access-list maxas-limit50 deny ^([{},0-9]+ ){50}
ip as-path access-list maxas-limit50 permit .*
Regards,
Bill Herrin
--
William Herrin ................ herrin em dirtside.com bill em herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>
_______________________________________________
caiu mailing list
caiu em eng.registro.br
https://eng.registro.br/mailman/listinfo/caiu
--> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
https://eng.registro.br/mailman/options/caiu
Mais detalhes sobre a lista de discussão caiu