It used to be the case that looped routes didn't even show up as hidden routes, because Junos discarded them even from Adj-RIB-In, although this may have changed at some Junos version.
Also, Junos won't even advertise such looped routes to a neighbor with the same AS by default, so in many cases you won't see it at all if you are peering with a Juniper unless it is specifically configured to send these looped routes with advertise-peer-as, or change the AS number with as-override. On Wed, Jan 28, 2015 at 05:32:34PM +0800, Song Li wrote: > Hi Joel, > > It is right that the BGP route containing the local ASN will be > droped. However, such routes can still be displayed on router. For > example, you can run "show route hidden terse aspath-regex .*<local > ASN>.*" on Juniper to check them. We are looking for those routes. > If you can run the command on your Juniper and find such routes, > could you please provider them for us? > > Thanks! > > Regards! > > Song > > 在 2015/1/28 16:23, joel jaeggli 写道: > >On 1/27/15 5:45 AM, Song Li wrote: > >>Hi everyone, > >> > >>Recently I studied the BGP AS path looping problem, and found that in > >>most cases, the received BGP routes containing local AS# are suspicious. > >>However, we checked our BGP routing table (AS23910,CERNET2) on juniper > >>router(show route hidden terse aspath-regex .*23910.* ), and have not > >>found such routes in Adj-RIB-In. > > > >Updates with your AS in the path are discarded as part of loop > >detection, e.g. they do not become candidate routes. > > > >https://tools.ietf.org/html/rfc4271 page 77 > > > > If the AS_PATH attribute of a BGP route contains an AS loop, the BGP > > route should be excluded from the Phase 2 decision function. AS loop > > detection is done by scanning the full AS path (as specified in the > > AS_PATH attribute), and checking that the autonomous system number of > > the local system does not appear in the AS path. Operations of a BGP > > speaker that is configured to accept routes with its own autonomous > > system number in the AS path are outside the scope of this document. > > > >in junos > > > >neighbor { ipAddress | ipv6Address | peerGroupName } allowas-in number > > > >where number is the number of instances of your AS in the path you're > >willing to accept will correct that. > > > >>We believe that the received BGP routes containing local AS# are related > >>to BGP security problem. > > > >You'll have to elaborate, since their existence is a basic principle in > >the operation of bgp and they are ubiquitous. > > > >Island instances of a distributed ASN communicate with each other by > >allowing such routes in so that they can be evaluated one the basis of > >prefix, specificity, AS path length and so forth. > > > >>Hence, we want to look for some real cases in > >>the wild. Could anybody give us some examples of such routes?
