[j-nsp] bgp maxas-limit - JUNOS equivalent ???

Masood Ahmad Shah masood at nexlinx.net.pk
Fri Feb 20 12:46:14 EST 2009


I agreed with something Jared said. You never know whom you are going to
connect next to (Cisco :)). 

Save yourself n Save Others

Regards,
Masood


-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Jared Mauch
Sent: Friday, February 20, 2009 10:34 PM
To: Richard A Steenbergen
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] bgp maxas-limit - JUNOS equivalent ???


On Feb 20, 2009, at 12:13 PM, Richard A Steenbergen wrote:

> On Fri, Feb 20, 2009 at 02:21:24PM +0100, david.roy at orange- 
> ftgroup.com wrote:
>>
>> Hi,
>>
>> You can do it via a policy like this :
>>
>> Here MAX AS PATH equal to 20.
>
> Don't get too overzealous here. From my perspective I currently see  
> over
> 160 prefixes with as-path >= 20, so blocking them would break  
> legitimate
> announcements for no good reason. There was nothing out-of-spec or
> invalid about the > 255 as-path, it was purely an implementation bug  
> on
> vendor C's part.

	I really feel the need to echo this, if you have a cisco device that

reset the bgp session as a result of this (technically) valid AS-PATH  
you need to be careful to not suppress valid routes and isolate your  
network from part of the world.  Perhaps you don't care, but having  
seen people not update bogon prefix lists, I fear the same here if not  
well maintained.  You really should manage your IOS code as necessary  
and not add these config bits until you know when you're removing them.

	- Jared
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list