On 1/27/15 5:45 AM, Song Li wrote: > Hi everyone, > > Recently I studied the BGP AS path looping problem, and found that in > most cases, the received BGP routes containing local AS# are suspicious. > However, we checked our BGP routing table (AS23910,CERNET2) on juniper > router(show route hidden terse aspath-regex .*23910.* ), and have not > found such routes in Adj-RIB-In.
Updates with your AS in the path are discarded as part of loop detection, e.g. they do not become candidate routes. https://tools.ietf.org/html/rfc4271 page 77 If the AS_PATH attribute of a BGP route contains an AS loop, the BGP route should be excluded from the Phase 2 decision function. AS loop detection is done by scanning the full AS path (as specified in the AS_PATH attribute), and checking that the autonomous system number of the local system does not appear in the AS path. Operations of a BGP speaker that is configured to accept routes with its own autonomous system number in the AS path are outside the scope of this document. in junos neighbor { ipAddress | ipv6Address | peerGroupName } allowas-in number where number is the number of instances of your AS in the path you're willing to accept will correct that. > We believe that the received BGP routes containing local AS# are related > to BGP security problem. You'll have to elaborate, since their existence is a basic principle in the operation of bgp and they are ubiquitous. Island instances of a distributed ASN communicate with each other by allowing such routes in so that they can be evaluated one the basis of prefix, specificity, AS path length and so forth. > Hence, we want to look for some real cases in > the wild. Could anybody give us some examples of such routes? > > Thanks! > > Best Regards! >
signature.asc
Description: OpenPGP digital signature