[c-nsp] How to filter private AS from inbound BGP updates?

Hank Nussbacher hank at efes.iucc.ac.il
Tue Dec 6 00:38:11 EST 2005


On Mon, 5 Dec 2005, Joe Provo wrote:

> > What kind of funky upstream do you have sending you private AS-es?
>
> Sadly, many folks leak. There was an interesting as-set based leak
> over the weekend.  For current wall of shame, see
> 	http://www.cymru.com/BGP/asnbogusrep.html

As I have battled bogon ASNs for the past 6 weeks, I think one has to
take that Team Cymru page with a bit of salt.  The as-set leak, as well as
almost all leaks still reported there are localized to peers that peer
specifically with Team Cymru.  If one looks at the as-set leak of AS64512,
and then one turns to route-views:
route-views.oregon-ix.net>sho ip bgp reg 64512
BGP table version is 1799359, local router ID is 198.32.162.100
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
              S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 217.134.164.0/22 66.185.128.48          955             0 1668 5428
64512 i
*> 217.134.168.0/21 66.185.128.48          955             0 1668 5428
64512 i
*> 217.134.176.0/21 66.185.128.48          955             0 1668 5428
64512 i
*> 217.134.184.0/22 66.185.128.48          955             0 1668 5428
64512 i

Notice that the leak path of AS 11664 doesn't exist in the global route
table.  I have looked at other global peering points and have not found
those bogon ASNs as reported by Team Cymru.

A better reference for what is actually being leaked is:
http://bgp.potaroo.net/cidr/#Bogons
At the bottom one can find 3 bogon ASNs being leaked - all of which have
been notified.

If one clicks on the Team Cymru graphs at:
http://www.cymru.com/BGP/bogusasngraphs.html one can see when I started to
contact each and every bogon ASN leaker (sharp drop between week 43 & 44).
Old ones disappear after being notified (sometimes within a day -
sometimes within a number of weeks) and new ones come along.

Regards,
Hank



More information about the cisco-nsp mailing list