BGP AS-Path manipulation

Unanswered Question
Mar 15th, 2009
User Badges:
  • Red, 2250 points or more

Hello,


one of our BGP neighbours is sending incorrect AS-path inside BGP updates. The content is a mixture of private AS nubmers and public ones (including even some owned by other ISPs!).


Does anybody know a way how to "clean up" the received AS-Path?


I know the "neighbor ... remove-private-AS" command but it fails on a private/public mixture.

So it seems I'll have to make some BGP-IGP mutual redistribution :-(

Unless some BGP guru would bring some idea...


Thanks,

Milan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Harold Ritter Sun, 03/15/2009 - 18:39
User Badges:
  • Cisco Employee,

Milan,


Can this neighbor just clean these incorrect AS paths? AS path manipulation, beyond private AS removal, is generally prohibited as it could lead to routing loops.


Regards

milan.kulik Mon, 03/16/2009 - 01:46
User Badges:
  • Red, 2250 points or more

Hi Harold,


we asked them to fix several times, but seems like an incompetent provider.


I know such a AS path manipulation would be quite dangerous in the Internet.

But this is a corporate network not advertised to the Internet.

The problem is we are peering with several MPLS providers and one of them sends these incorrect as-paths.


Thanks,

Milan

Harold Ritter Mon, 03/16/2009 - 18:18
User Badges:
  • Cisco Employee,

Milan,


As suggested, you can filter it out or try to remove the as path by doing mutual redistribution but this is only a work around. Another option could be to shop around for a replacement for this SP.


Regards

Giuseppe Larosa Mon, 03/16/2009 - 00:27
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Milan,

check with them if they are playing with the new 4byte AS number feature.


Using AS numbers of other ISPs is clearly wrong I think this is an unwanted leakage from a lab to the production network.


Deny these paths and send a mail to them so that no one can blame you for propagating incorrect information in the Internet


Hope to help

Giuseppe


milan.kulik Mon, 03/16/2009 - 01:53
User Badges:
  • Red, 2250 points or more

Hi Giuseppe,


no this is not a leakage from a lab.

This is an incompetent MPLS provider using AS numbers like 1, 100, etc. in his backbone.

Luckilly, this is a corporate network not connected to the Internet.


I had been thinking about implementing 4byte AS number feature in our network to mask these AS numbers somehow but din't find any useful way.


Thanks,

Milan


atyalebipin Mon, 03/16/2009 - 01:07
User Badges:

Hi,

You will have to use ip as-path with regular-expression to match both private & public AS to filter it.


Thanks

milan.kulik Mon, 03/16/2009 - 01:55
User Badges:
  • Red, 2250 points or more

Hi,


I can simply filter out the prefixes with incorrect AS path, as I need to route to the subnets advertised (somehow).


Thanks,

Milan

milan.kulik Wed, 03/18/2009 - 05:41
User Badges:
  • Red, 2250 points or more

Sorry, a typo.

Should be:

I can't ...


BR,

Milan

milan.kulik Wed, 03/18/2009 - 05:43
User Badges:
  • Red, 2250 points or more

Hi Mohamed,


I can't deny the prefixes.

I need to use them.

I'd need to remove the incorrect AS numbers from the AS-path (replace with correct ones possibly) and send to other BGP neighbours.

But I'm afraid this is impossible without BGP-IGP redistribution.


Thanks,

Milan

Giuseppe Larosa Wed, 03/18/2009 - 07:28
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Milan,

what about summarizing the routes locally on your router with summary-only option ?

if they have different AS paths they shoulg get a new shorter AS path attribute originated in your legitimate AS


otherwise you can use static routes with object tracking (if supported) and red static in BGP


Hope to help

Giuseppe




Actions

This Discussion