[c-nsp] How to filter private AS from inbound BGP updates?
Hank Nussbacher
hank at efes.iucc.ac.il
Tue Dec 6 00:38:11 EST 2005
On Mon, 5 Dec 2005, Joe Provo wrote:
> > What kind of funky upstream do you have sending you private AS-es?
>
> Sadly, many folks leak. There was an interesting as-set based leak
> over the weekend. For current wall of shame, see
> http://www.cymru.com/BGP/asnbogusrep.html
As I have battled bogon ASNs for the past 6 weeks, I think one has to
take that Team Cymru page with a bit of salt. The as-set leak, as well as
almost all leaks still reported there are localized to peers that peer
specifically with Team Cymru. If one looks at the as-set leak of AS64512,
and then one turns to route-views:
route-views.oregon-ix.net>sho ip bgp reg 64512
BGP table version is 1799359, local router ID is 198.32.162.100
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 217.134.164.0/22 66.185.128.48 955 0 1668 5428
64512 i
*> 217.134.168.0/21 66.185.128.48 955 0 1668 5428
64512 i
*> 217.134.176.0/21 66.185.128.48 955 0 1668 5428
64512 i
*> 217.134.184.0/22 66.185.128.48 955 0 1668 5428
64512 i
Notice that the leak path of AS 11664 doesn't exist in the global route
table. I have looked at other global peering points and have not found
those bogon ASNs as reported by Team Cymru.
A better reference for what is actually being leaked is:
http://bgp.potaroo.net/cidr/#Bogons
At the bottom one can find 3 bogon ASNs being leaked - all of which have
been notified.
If one clicks on the Team Cymru graphs at:
http://www.cymru.com/BGP/bogusasngraphs.html one can see when I started to
contact each and every bogon ASN leaker (sharp drop between week 43 & 44).
Old ones disappear after being notified (sometimes within a day -
sometimes within a number of weeks) and new ones come along.
Regards,
Hank
More information about the cisco-nsp
mailing list