look for BGP routes containing local AS#
Hi everyone, Recently I studied the BGP AS path looping problem, and found that in most cases, the received BGP routes containing local AS# are suspicious. However, we checked our BGP routing table (AS23910,CERNET2) on juniper router(show route hidden terse aspath-regex .*23910.* ), and have not found such routes in Adj-RIB-In. We believe that the received BGP routes containing local AS# are related to BGP security problem. Hence, we want to look for some real cases in the wild. Could anybody give us some examples of such routes? Thanks! Best Regards! -- Song Li Room 4-204, FIT Building, Network Security, Department of Electronic Engineering, Tsinghua University, Beijing 100084, China Tel:( +86) 010-62446440 E-mail: refresh.lsong@gmail.com
Can you clarify what do you mean by 'local AS' ? regards Carlos On 1/27/15 11:48 AM, Song Li wrote:
Hi everyone,
Recently I studied the BGP AS path looping problem, and found that in most cases, the received BGP routes containing local AS# are suspicious. However, we checked our BGP routing table (AS23910,CERNET2) on juniper router(show route hidden terse aspath-regex .*23910.* ), and have not found such routes in Adj-RIB-In.
We believe that the received BGP routes containing local AS# are related to BGP security problem. Hence, we want to look for some real cases in the wild. Could anybody give us some examples of such routes?
Thanks!
Best Regards!
For example, My AS# is 23910 and the 'local AS' is 23910. If our BGP router received a route from the BGP neighbor AS1 with the AS-PATH: 1 .* 23910, then the route is what we are looking for. 在 2015/1/27 22:05, Carlos M. Martinez 写道:
Can you clarify what do you mean by 'local AS' ?
regards
Carlos
On 1/27/15 11:48 AM, Song Li wrote:
Hi everyone,
Recently I studied the BGP AS path looping problem, and found that in most cases, the received BGP routes containing local AS# are suspicious. However, we checked our BGP routing table (AS23910,CERNET2) on juniper router(show route hidden terse aspath-regex .*23910.* ), and have not found such routes in Adj-RIB-In.
We believe that the received BGP routes containing local AS# are related to BGP security problem. Hence, we want to look for some real cases in the wild. Could anybody give us some examples of such routes?
Thanks!
Best Regards!
-- Song Li Room 4-204, FIT Building, Network Security, Department of Electronic Engineering, Tsinghua University, Beijing 100084, China Tel:( +86) 010-62446440 E-mail: refresh.lsong@gmail.com
Is 'local as' the same as the origin-as ? That is, the first item in the AS-PATH list ? regards Carlos On 1/27/15 12:16 PM, Song Li wrote:
For example, My AS# is 23910 and the 'local AS' is 23910. If our BGP router received a route from the BGP neighbor AS1 with the AS-PATH: 1 .* 23910, then the route is what we are looking for.
在 2015/1/27 22:05, Carlos M. Martinez 写道:
Can you clarify what do you mean by 'local AS' ?
regards
Carlos
On 1/27/15 11:48 AM, Song Li wrote:
Hi everyone,
Recently I studied the BGP AS path looping problem, and found that in most cases, the received BGP routes containing local AS# are suspicious. However, we checked our BGP routing table (AS23910,CERNET2) on juniper router(show route hidden terse aspath-regex .*23910.* ), and have not found such routes in Adj-RIB-In.
We believe that the received BGP routes containing local AS# are related to BGP security problem. Hence, we want to look for some real cases in the wild. Could anybody give us some examples of such routes?
Thanks!
Best Regards!
not necessary, it can appear in any place in the received AS-PATH. regards Song 在 2015/1/27 22:20, Carlos M. Martinez 写道:
Is 'local as' the same as the origin-as ? That is, the first item in the AS-PATH list ?
regards
Carlos
On 1/27/15 12:16 PM, Song Li wrote:
For example, My AS# is 23910 and the 'local AS' is 23910. If our BGP router received a route from the BGP neighbor AS1 with the AS-PATH: 1 .* 23910, then the route is what we are looking for.
在 2015/1/27 22:05, Carlos M. Martinez 写道:
Can you clarify what do you mean by 'local AS' ?
regards
Carlos
On 1/27/15 11:48 AM, Song Li wrote:
Hi everyone,
Recently I studied the BGP AS path looping problem, and found that in most cases, the received BGP routes containing local AS# are suspicious. However, we checked our BGP routing table (AS23910,CERNET2) on juniper router(show route hidden terse aspath-regex .*23910.* ), and have not found such routes in Adj-RIB-In.
We believe that the received BGP routes containing local AS# are related to BGP security problem. Hence, we want to look for some real cases in the wild. Could anybody give us some examples of such routes?
Thanks!
Best Regards!
-- Song Li Room 4-204, FIT Building, Network Security, Department of Electronic Engineering, Tsinghua University, Beijing 100084, China Tel:( +86) 010-62446440 E-mail: refresh.lsong@gmail.com
participants (2)
-
Carlos M. Martinez
-
Song Li