03-15-2009 01:50 PM - edited 03-04-2019 03:56 AM
Hello,
one of our BGP neighbours is sending incorrect AS-path inside BGP updates. The content is a mixture of private AS nubmers and public ones (including even some owned by other ISPs!).
Does anybody know a way how to "clean up" the received AS-Path?
I know the "neighbor ... remove-private-AS" command but it fails on a private/public mixture.
So it seems I'll have to make some BGP-IGP mutual redistribution :-(
Unless some BGP guru would bring some idea...
Thanks,
Milan
03-15-2009 06:39 PM
Milan,
Can this neighbor just clean these incorrect AS paths? AS path manipulation, beyond private AS removal, is generally prohibited as it could lead to routing loops.
Regards
03-16-2009 01:46 AM
Hi Harold,
we asked them to fix several times, but seems like an incompetent provider.
I know such a AS path manipulation would be quite dangerous in the Internet.
But this is a corporate network not advertised to the Internet.
The problem is we are peering with several MPLS providers and one of them sends these incorrect as-paths.
Thanks,
Milan
03-16-2009 06:18 PM
Milan,
As suggested, you can filter it out or try to remove the as path by doing mutual redistribution but this is only a work around. Another option could be to shop around for a replacement for this SP.
Regards
03-16-2009 12:27 AM
Hello Milan,
check with them if they are playing with the new 4byte AS number feature.
Using AS numbers of other ISPs is clearly wrong I think this is an unwanted leakage from a lab to the production network.
Deny these paths and send a mail to them so that no one can blame you for propagating incorrect information in the Internet
Hope to help
Giuseppe
03-16-2009 01:53 AM
Hi Giuseppe,
no this is not a leakage from a lab.
This is an incompetent MPLS provider using AS numbers like 1, 100, etc. in his backbone.
Luckilly, this is a corporate network not connected to the Internet.
I had been thinking about implementing 4byte AS number feature in our network to mask these AS numbers somehow but din't find any useful way.
Thanks,
Milan
03-16-2009 01:07 AM
Hi,
You will have to use ip as-path with regular-expression to match both private & public AS to filter it.
Thanks
03-16-2009 01:55 AM
Hi,
I can simply filter out the prefixes with incorrect AS path, as I need to route to the subnets advertised (somehow).
Thanks,
Milan
03-18-2009 05:41 AM
Sorry, a typo.
Should be:
I can't ...
BR,
Milan
03-16-2009 02:42 AM
Hi Milan,
You will need "AS-Path Regular Expression" to deny the private AS.
Deny thoses Private-AS numbers using BGP regular expression,
Please have a look at the bellow document:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a92.shtml
HTH
Mohamed
03-18-2009 05:43 AM
Hi Mohamed,
I can't deny the prefixes.
I need to use them.
I'd need to remove the incorrect AS numbers from the AS-path (replace with correct ones possibly) and send to other BGP neighbours.
But I'm afraid this is impossible without BGP-IGP redistribution.
Thanks,
Milan
03-18-2009 07:28 AM
Hello Milan,
what about summarizing the routes locally on your router with summary-only option ?
if they have different AS paths they shoulg get a new shorter AS path attribute originated in your legitimate AS
otherwise you can use static routes with object tracking (if supported) and red static in BGP
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide