The quagga thread I read specifically indicates that some (most?) versions don't accept the {n,m} regexp repeat format. Thus the regexps as long as the path you want to filter... :/ ..or upgrade. /kc On Sat, Sep 30, 2017 at 06:29:36PM -0400, William Herrin said:
To the chucklehead who started announcing a 2200+ byte AS path yesterday around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga that's present in all versions released in the last decade. Your announcement causes routers based on Quagga to send a malformed update to their neighbors, collapsing the entire BGP session. Every 30 seconds or so.
For everyone else: please consider filtering BGP announcements with stupidly long AS paths. There's no need nor excuse for them to be present in the DFZ and you could have saved me a painful Saturday.
Cisco:
router bgp XXX bgp maxas-limit 50
Juniper: https://kb.juniper.net/InfoCenter/index?page=content&id=KB29321
Quagga:
ip as-path access-list maxas-limit50 deny ^([{},0-9]+ ){50} ip as-path access-list maxas-limit50 permit .*
Regards, Bill Herrin
-- William Herrin ................ herrin@dirtside.com bill@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>
-- Ken Chase - math@sizone.org Guelph Canada