The outliers are >100. Based on several peering points, <= 60 should be fine. See attached CSV file that shows the top 120 distinct AS Paths seen for the past month. Looks like 55644 likes to prepend a lot which is pushing the length above 50.
--Tim On 01.10.2017 09:16, marcel.duregards--- via NANOG wrote: > What would be a recommended value for a maximum as-path filter ? > > 50 ? > > On the DFZ I've only 11 prefixes longer than 30 as-path, so for safety I > would also assume 50 as a max is well enough. Any advice ? > > Regards, > - > Marcel > > On 01.10.2017 00:29, William Herrin wrote: > >> To the chucklehead who started announcing a 2200+ byte AS path yesterday >> around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga >> that's present in all versions released in the last decade. Your >> announcement causes routers based on Quagga to send a malformed update to >> their neighbors, collapsing the entire BGP session. Every 30 seconds or so. >> For everyone else: please consider filtering BGP announcements with stupidly >> long AS paths. There's no need nor excuse for them to be present in the DFZ >> and you could have saved me a painful Saturday. Cisco: router bgp XXX bgp >> maxas-limit 50 Juniper: >> https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321 [1] Quagga: >> ip as-path access-list maxas-limit50 deny ^([{},0-9]+ ){50} ip as-path >> access-list maxas-limit50 permit .* Regards, Bill Herrin > > . Links: ------ [1] https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321
