Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9921
Views
0
Helpful
10
Replies

Max AS Path to accept from peers

Go to solution
shaps
Level 3
Level 3

‎11-20-2015 06:12 AM - edited ‎03-05-2019 02:47 AM

can anyone advise on what cut off on AS-PATH length would be when accepting routes from peers,  looking through some of the received routes the AS+PATH is pretty high and I would like to limit this down, is this strictly necessary ? If so what would the limit be?  I was thinking 5 or 6 would be acceptable.

Thanks  

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to shaps

‎11-20-2015 07:57 AM

Thanks for the additional information. In reading again the original post I find that there is one question that can be easily answered. You ask "is this strictly necessary" and the answer is clearly that no this is not strictly necessary. The default is to accept all prefixes advertised by your BGP peer and it is not strictly necessary to suppress any advertisement.

So it is not strictly necessary but perhaps you may choose to optionally suppress some advertisements. If you want to prevent growth in the size of the route table then length of the AS path might be a way to choose the routes to ignore.

I am not understanding something in your most recent post. You say that the guide suggests a limit of 50 paths. I am a bit puzzled by this. It would seem to be talking about the number of prefixes in the BGP table and not about the length of the prefix. And if you are an ISP with multiple peering with other providers then a limit of 50 in the size of the BGP table seems pretty extreme for an ISP with multiple peerings.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎11-20-2015 06:24 AM

I am not sure that I understand your logic. And there are things that we do not know about your environment that would affect our answers. What are these peers? Are they ISPs? Are they business partners? Are they remote sites? What are they?

We also do not know if you have a default route in addition to the advertised routes that you are learning.

The purpose of running BGP is to learn what is accessible from each peer. If the peer is advertising a route and you choose to not use the advertised route does that make the destination unreachable or is there some alternate path that would work for it?

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
paul driver
VIP
VIP
In response to Richard Burts

‎11-20-2015 06:59 AM

Hello

is this strictly necessary ? If so what would the limit be?  I was thinking 5 or 6 would be acceptable.

Why wouldnt you want these routes? As its been stated they are for reachability.

I wouldn’t be concerned with the size of the AS path more so with what routes I am advertising and receiving and if i am dual peered to different ISP's then also not to become a transit path for them
(easy done by the way)

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Masoud Pourshabanian
VIP Alumni
VIP Alumni
In response to paul driver

‎11-20-2015 07:36 AM

Hello,

I do not agree with Paul on this matter. Cisco suggests to limit the number of AS in as-path attribues. Howeve limiting to 5 or 6 is unrealistic.

http://www.cisco.com/web/about/security/intelligence/protecting_bgp.html

http://www.ciscopress.com/articles/article.asp?p=1312796&seqNum=3

Preventing Long AS Paths

Another technique that an attacker might use against BGP is to create updates that contain unusually long AS paths. These falsified updates could put a burden on the router receiving such an update. It is not typical to have an AS path that is longer than a specific size. To prevent these paths, you can use the following BGP configuration command to limit the number of AS path hops

AS Path Length Limiting

Overview

In addition to filtering routes based on specific AS paths (AS number), it is also possible to filter routes by limiting the number of AS path segments that each route can include. This limiting is performed primarily to prevent the router from expending too much memory when it stores routes with long AS paths. The bgp maxas-limit feature allows administrators to set a limit on the number of AS path segments that are associated with any route

Masoud

0 Helpful

Go to solution
shaps
Level 3
Level 3
In response to Masoud Pourshabanian

‎11-20-2015 07:36 AM

thanks for the feedback

we are an ISP and have multiple peering’s, some of which send a large amount of routes that will never be installed in the routing table due to the AS-PATH size and was worried that this would place unnecessary burden on the memory of the router.   The router in question is a Juniper MX5 so is not your everyday service provider core router.

The guide states a limit of 50 paths and the reasoning for this for security purposes, I am simply trying to limit the amount bgp routes received.

 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to shaps

‎11-20-2015 07:57 AM

Thanks for the additional information. In reading again the original post I find that there is one question that can be easily answered. You ask "is this strictly necessary" and the answer is clearly that no this is not strictly necessary. The default is to accept all prefixes advertised by your BGP peer and it is not strictly necessary to suppress any advertisement.

So it is not strictly necessary but perhaps you may choose to optionally suppress some advertisements. If you want to prevent growth in the size of the route table then length of the AS path might be a way to choose the routes to ignore.

I am not understanding something in your most recent post. You say that the guide suggests a limit of 50 paths. I am a bit puzzled by this. It would seem to be talking about the number of prefixes in the BGP table and not about the length of the prefix. And if you are an ISP with multiple peering with other providers then a limit of 50 in the size of the BGP table seems pretty extreme for an ISP with multiple peerings.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
shaps
Level 3
Level 3
In response to Richard Burts

‎11-20-2015 08:08 AM

I may not have been clear but i was refering to the link from 

http://www.ciscopress.com/articles/article.asp?p=1312796&seqNum=3

This showed an example where the paths were limited to 50 AS paths.  

I will give the limiting of the AS paths more thought but feel it may be right to do for certain peerings.  

Thanks for your help

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to shaps

‎11-20-2015 07:29 PM

Thank you for the clarification. I see now that what confused me was a matter of semantics. I have looked at the article in the link that you posted and realize that it was talking about the number of AS in the path, which is quite different from the number of paths as mentioned in your post.

I still believe that my advice is valid that if you are looking for a mechanism to control the number of entries in the BGP table that filtering on the length of the AS path may be a valid approach.

Thank you for using the rating system to mark this question as answered. This will help other readers in the forum to identify discussions that have helpful content.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
shaps
Level 3
Level 3
In response to Richard Burts

‎11-26-2015 03:00 AM

Thanks for your help, I have decided not to limit the amount of AS paths received per route mainly due to the fact that the MX5 can handle 24million routes in both the FIB and RIB, a fact which was incredibly hard to find.  A good learning exercise for me though, especially with regex.  

Rob

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to shaps

‎11-27-2015 10:59 AM

Rob

Your decision to not limit the number of AS paths is reasonable and I agree with it. I am glad that this has been a good learning experience for you.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Masoud Pourshabanian
VIP Alumni
VIP Alumni

‎11-20-2015 06:34 AM

Hello,

Router bgp 5000

BGP  maxas-limit  [1-2000]

******************************

On nexus

Router bgp 5000

maxas-limit  [1-2000]

********************************

Please take look at the links below. You might limit it due to security issue.

http://blogs.cisco.com/security/securing_bgp

http://wiki.nil.com/Limit_the_maximum_BGP_AS-path_length

Hope it helps,

Masoud

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card