Hi Yang, Thank you for the suggestion. I made it a bit stronger, and yet maintained the bullet style succinctness by summarizing your comment with:
"Do not prepend ASNs that you do not own. Using non-local ASNs can lead to route rejection, misconfigurations, or unintended AS path validation failures." mike -----Original Message----- From: Yang Yu <[email protected]> Sent: Monday, August 4, 2025 4:52 PM To: [email protected] Subject: [GROW] Re: I-D Action: draft-ietf-grow-as-path-prepending-16.txt Hi all, In 5. Best Practices >Don't prepend ASNs that you don't own Should the language here be stronger and expand a bit why doing so is a bad idea. Some BGP daemons don't prevent or even warn the user when a non-local ASN is used in prepending, which opens the door for misconfigurations / malicious activities * if the peer has properly configured enforce-first-as on the session, prepending with non-local ASN would cause the route to be rejected * configuration errors from mixing up how many times to prepend and ASN to prepend with * injecting third party ASN to creatively / mistakenly poison a route, e.g. prepending with 65536 in aspath causes AS65536 to reject the route due to aspath loop prevention * complications with aspath validation Cheer, Yang _______________________________________________ GROW mailing list -- [email protected] To unsubscribe send an email to [email protected] _______________________________________________ GROW mailing list -- [email protected] To unsubscribe send an email to [email protected]
