> On 28/01/2015, at 07:32, Song Li <refresh.ls...@gmail.com> wrote: > > Hi Joel, > > It is right that the BGP route containing the local ASN will be droped. > However, such routes can still be displayed on router. For example, you can > run "show route hidden terse aspath-regex .*<local ASN>.*" on Juniper to > check them. We are looking for those routes. If you can run the command on > your Juniper and find such routes, could you please provider them for us? >
Sorry, what do you need exactly? A sample? For education purposes are you looking for something specific? You need it to be on Juniper router or other BGP software will do? I have this scenario from Brazil-US, with specifics getting received both ways but it’s not Juniper. > Thanks! > > Regards! > > Song > > 在 2015/1/28 16:23, joel jaeggli 写道: >> On 1/27/15 5:45 AM, Song Li wrote: >>> Hi everyone, >>> >>> Recently I studied the BGP AS path looping problem, and found that in >>> most cases, the received BGP routes containing local AS# are suspicious. >>> However, we checked our BGP routing table (AS23910,CERNET2) on juniper >>> router(show route hidden terse aspath-regex .*23910.* ), and have not >>> found such routes in Adj-RIB-In. >> >> Updates with your AS in the path are discarded as part of loop >> detection, e.g. they do not become candidate routes. >> >> https://tools.ietf.org/html/rfc4271 page 77 >> >> If the AS_PATH attribute of a BGP route contains an AS loop, the BGP >> route should be excluded from the Phase 2 decision function. AS loop >> detection is done by scanning the full AS path (as specified in the >> AS_PATH attribute), and checking that the autonomous system number of >> the local system does not appear in the AS path. Operations of a BGP >> speaker that is configured to accept routes with its own autonomous >> system number in the AS path are outside the scope of this document. >> >> in junos >> >> neighbor { ipAddress | ipv6Address | peerGroupName } allowas-in number >> >> where number is the number of instances of your AS in the path you're >> willing to accept will correct that. >> >>> We believe that the received BGP routes containing local AS# are related >>> to BGP security problem. >> >> You'll have to elaborate, since their existence is a basic principle in >> the operation of bgp and they are ubiquitous. >> >> Island instances of a distributed ASN communicate with each other by >> allowing such routes in so that they can be evaluated one the basis of >> prefix, specificity, AS path length and so forth. >> >>> Hence, we want to look for some real cases in >>> the wild. Could anybody give us some examples of such routes? >>> >>> Thanks! >>> >>> Best Regards! >>> >> >> > > > -- > Song Li > Room 4-204, FIT Building, > Network Security, > Department of Electronic Engineering, > Tsinghua University, Beijing 100084, China > Tel:( +86) 010-62446440 > E-mail: refresh.ls...@gmail.com -- Patrick Tracanelli FreeBSD Brasil LTDA. Tel.: (31) 3516-0800 316...@sip.freebsdbrasil.com.br http://www.freebsdbrasil.com.br "Long live Hanin Elias, Kim Deal!"
