The quagga thread I read specifically indicates that some (most?) versions don't
accept the {n,m} regexp repeat format. Thus the regexps as long as the
path you want to filter... :/..or upgrade. /kc On Sat, Sep 30, 2017 at 06:29:36PM -0400, William Herrin said: >To the chucklehead who started announcing a 2200+ byte AS path yesterday >around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga >that's present in all versions released in the last decade. Your >announcement causes routers based on Quagga to send a malformed update to >their neighbors, collapsing the entire BGP session. Every 30 seconds or so. > >For everyone else: please consider filtering BGP announcements with >stupidly long AS paths. There's no need nor excuse for them to be present >in the DFZ and you could have saved me a painful Saturday. > >Cisco: > >router bgp XXX > bgp maxas-limit 50 > > >Juniper: >https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321 > > >Quagga: > >ip as-path access-list maxas-limit50 deny ^([{},0-9]+ ){50} >ip as-path access-list maxas-limit50 permit .* > > >Regards, >Bill Herrin > > >-- >William Herrin ................ her...@dirtside.com b...@herrin.us >Dirtside Systems ......... Web: <http://www.dirtside.com/> -- Ken Chase - m...@sizone.org Guelph Canada
