Hi Patrick,
We want to know what's the reason for the received routes containing
local ASN. Hence we need real cases of those routes in the Internet. And
any routes like that are welcome, whether they are on Juniper router or
other BGP software.
Thank you!
Regards!
Song
在 2015/1/29 1:50, Patrick Tracanelli 写道:
Sorry, what do you need exactly? A sample? For education purposes are you
looking for something specific?
You need it to be on Juniper router or other BGP software will do?
I have this scenario from Brazil-US, with specifics getting received both ways
but it’s not Juniper.
Thanks!
Regards!
Song
在 2015/1/28 16:23, joel jaeggli 写道:
On 1/27/15 5:45 AM, Song Li wrote:
Hi everyone,
Recently I studied the BGP AS path looping problem, and found that in
most cases, the received BGP routes containing local AS# are suspicious.
However, we checked our BGP routing table (AS23910,CERNET2) on juniper
router(show route hidden terse aspath-regex .*23910.* ), and have not
found such routes in Adj-RIB-In.
Updates with your AS in the path are discarded as part of loop
detection, e.g. they do not become candidate routes.
https://tools.ietf.org/html/rfc4271 page 77
If the AS_PATH attribute of a BGP route contains an AS loop, the BGP
route should be excluded from the Phase 2 decision function. AS loop
detection is done by scanning the full AS path (as specified in the
AS_PATH attribute), and checking that the autonomous system number of
the local system does not appear in the AS path. Operations of a BGP
speaker that is configured to accept routes with its own autonomous
system number in the AS path are outside the scope of this document.
in junos
neighbor { ipAddress | ipv6Address | peerGroupName } allowas-in number
where number is the number of instances of your AS in the path you're
willing to accept will correct that.
We believe that the received BGP routes containing local AS# are related
to BGP security problem.
You'll have to elaborate, since their existence is a basic principle in
the operation of bgp and they are ubiquitous.
Island instances of a distributed ASN communicate with each other by
allowing such routes in so that they can be evaluated one the basis of
prefix, specificity, AS path length and so forth.
Hence, we want to look for some real cases in
the wild. Could anybody give us some examples of such routes?
Thanks!
Best Regards!
--
Song Li
Room 4-204, FIT Building,
Network Security,
Department of Electronic Engineering,
Tsinghua University, Beijing 100084, China
Tel:( +86) 010-62446440
E-mail: refresh.ls...@gmail.com
--
Patrick Tracanelli
FreeBSD Brasil LTDA.
Tel.: (31) 3516-0800
316...@sip.freebsdbrasil.com.br
http://www.freebsdbrasil.com.br
"Long live Hanin Elias, Kim Deal!"
--
Song Li
Room 4-204, FIT Building,
Network Security,
Department of Electronic Engineering,
Tsinghua University, Beijing 100084, China
Tel:( +86) 010-62446440
E-mail: refresh.ls...@gmail.com
