On 04/11/2015 08:42, James Bensley wrote:
On 31 Oct 2015 13:17, "Neil J. McRae" <[email protected]
<mailto:[email protected]>> wrote:
>
> +1 - you can filter ASes but someone can still send a crazy as path
with valid ASes and cause you chaos.
>
> Neil.
>
> Sent from my iPad
Are you suggesting that people shouldn't filter as-paths? Presumably you
wouldn't be that stupid so I'll assume not, so yes whilst people can
still send funky AS paths the same is true for any BGP attribute, all I
need is to receive a value out of range for the code I'm running and/or
receive a malford NLRI to trigger a router OS bug and, pop!
I don't think I've ever needed to filter based on an AS path[*] in the
wild - as others have said, it is the prefix that is the central item in
the BGP update, the path is just another attribute that it carries
around with it with changes added by networks it passes through en
route. Pardon the pun.
Your reasoning seems to be something like this: "I use AS 65530
internally, therefore I never want to see 65530 in the AS path". Whilst
I can see where you're coming from, it doesn't [or more accurately, it
shouldn't] hurt you if I (say) announce some routes to you with 65530 in
the path; it just gives you a false view of things if you do a show ip
bgp reg _65530_ - but otherwise shouldn't break anything.
However, it *does* hurt you if I send you one of your own prefixes, or a
more specific of one of your own prefixes. This is the golden rule of
"In general, don't accept any part of your own space from a peer or
transit provider" to avoid you having interesting internal routing problems.
A broken BGP update - whether AS PATH or another attribute - that can
make a router go pop could always happen. You seem to, for whatever
reason, have a bit of a bias against unhygenic AS paths being the evil
of the Internet :)
Paul.
[*] - Way back when I was young and wet behind the ears, I used to use
the AS path ^$ to mean "my address space". Once I progressed to
community based filtering, life was better.
