RE: look for BGP routes containing local AS#
This can happen. Say you are AS1. You have an end customer on AS2 and peer with core sites AS3 and AS4. From the link to AS4 you may see your customer prefixes with the path 3,4,1,2. -- Jamie Stallwood Security Specialist Imerja Limited M: 07795 840385 Sent from mobile secured by Good (www.good.com) -----Original Message----- From: Song Li [refresh.lsong@gmail.com] Sent: Tuesday, January 27, 2015 02:24 PM GMT Standard Time To: carlos@lacnic.net; ripe-list@ripe.net Subject: Re: look for BGP routes containing local AS# not necessary, it can appear in any place in the received AS-PATH. regards Song 在 2015/1/27 22:20, Carlos M. Martinez 写道:
Is 'local as' the same as the origin-as ? That is, the first item in the AS-PATH list ?
regards
Carlos
On 1/27/15 12:16 PM, Song Li wrote:
For example, My AS# is 23910 and the 'local AS' is 23910. If our BGP router received a route from the BGP neighbor AS1 with the AS-PATH: 1 .* 23910, then the route is what we are looking for.
在 2015/1/27 22:05, Carlos M. Martinez 写道:
Can you clarify what do you mean by 'local AS' ?
regards
Carlos
On 1/27/15 11:48 AM, Song Li wrote:
Hi everyone,
Recently I studied the BGP AS path looping problem, and found that in most cases, the received BGP routes containing local AS# are suspicious. However, we checked our BGP routing table (AS23910,CERNET2) on juniper router(show route hidden terse aspath-regex .*23910.* ), and have not found such routes in Adj-RIB-In.
We believe that the received BGP routes containing local AS# are related to BGP security problem. Hence, we want to look for some real cases in the wild. Could anybody give us some examples of such routes?
Thanks!
Best Regards!
-- Song Li Room 4-204, FIT Building, Network Security, Department of Electronic Engineering, Tsinghua University, Beijing 100084, China Tel:( +86) 010-62446440 E-mail: refresh.lsong@gmail.com
participants (1)
-
Jamie Stallwood