Re: RU evidently hijacked UA netblock
--- jay@west.net wrote: On 3/4/22 18:03, Scott Weeks wrote:
It looks like a 'too many' AS prepends, but it is only 250 prepends.
In most reasonable scenarios I'd say that this qualifies as too many. --------------------------------------------- Yeah, technically, but it was not 256 or something where I'd expect an issue to happen. Just curious as to why only that ASN caused the buffer overflow messages as I got them from no other AS ever and wondered if anyone else has seen them. Other ASNs almost certainly have sent 250+ prepends to me before, but they did not cause the overflow. Like I said, I have a ticket open because I am curious: BGP-WARNING-tBgp4RouteInvalid-2007 <stuff> Route invalid reason - Cannot add/prepend AS-path. Buffer overflow\nNRLI - <prefix> where prefixes are several and different lengths. Probably nothing, but I always look into stuff I see in the syslog server's router.log. scott
Here is a doc for each hardware vendor for filtering long as paths. Not sure if this will help you or if the issue is before filtering takes place. We have ours max length set to 75. https://bgpfilterguide.nlnog.net/guides/long_paths/ Erik Erik Sundberg Sr. Network Engineer Nitel 350 N Orleans Street Suite 1300N Chicago, Il 60654 Desk: 773-661-5532 Cell: 708-710-7419 NOC: 866-892-0915 Email: esundberg@nitelusa.com web: www.nitelusa.com ________________________________ From: NANOG <nanog-bounces+esundberg=nitelusa.com@nanog.org> on behalf of Scott Weeks <surfer@mauigateway.com> Sent: Friday, March 4, 2022 8:46:47 PM To: nanog@nanog.org <nanog@nanog.org> Subject: Re: RU evidently hijacked UA netblock --- jay@west.net wrote: On 3/4/22 18:03, Scott Weeks wrote:
It looks like a 'too many' AS prepends, but it is only 250 prepends.
In most reasonable scenarios I'd say that this qualifies as too many. --------------------------------------------- Yeah, technically, but it was not 256 or something where I'd expect an issue to happen. Just curious as to why only that ASN caused the buffer overflow messages as I got them from no other AS ever and wondered if anyone else has seen them. Other ASNs almost certainly have sent 250+ prepends to me before, but they did not cause the overflow. Like I said, I have a ticket open because I am curious: BGP-WARNING-tBgp4RouteInvalid-2007 <stuff> Route invalid reason - Cannot add/prepend AS-path. Buffer overflow\nNRLI - <prefix> where prefixes are several and different lengths. Probably nothing, but I always look into stuff I see in the syslog server's router.log. scott ________________________________ CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
participants (2)
-
Erik Sundberg -
Scott Weeks