BGP AS PATH Filter (Regular Expression)

Tags

AS PATH Filter, bgp, BGP Regular Expression, cisco

In the following scenario, CLIENT1 having AS420 is connected with AS100. CLIENT1 has the prefix of 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24. With having only prefix filter, AS100 will only allow these prefixes coming from AS420 and will configure it in AS420 BGP session. AS100 is connected with two upstream service provider AS1 & AS2. AS100 will only announce the prefixes received from AS420 (CLIENT1) to AS1 & AS2 and will do it by prefix filtering of AS1 & AS2 BGP session. 

CLIENT1 is also connected with AS3. CLIENT1 announce 192.0.2.0/24 via AS100 and 198.51.100.0/24, 203.0.113.0/24 via AS3. As AS1, AS2 & AS3 is connected in global internet, AS100 will get these two prefixes via AS1 or AS2 depending on the shortest path. Let say prefix 198.51.100.0/24 & 203.0.113.0/24 received via AS2. There is a chance that these prefix will be best route and will be in AS100 routing table. AS100 will announce this to it’s EBGP peer. As AS100 is only doing prefix filter, by default AS100 will announce these prefixes to AS1. Now for prefix 198.51.100.0/24 & 203.0.113.0/24 AS100 will become transit for AS1.

To overcome this situation, you need to apply AS Filter. What you need to do is having an as-path access-list having a regular expression which will only allow those prefix which has only peering AS Number in it’s AS PATH. Bellow is the regular expression:

^(420)(_420)*$

This will allow those prefixes originated from AS420 and only have AS420 in it’s AS PATH. Other prefixes (198.51.100.0/24 & 203.0.113.0/24) coming via AS3 and AS2 will be eliminated and will not be announced to AS100 upstream.

You can get the output of these regular expression with follwoing sysntex:

show ip bgp regexp ^(420)(_420)*$

Complete configuration:

ip as-path access-list 500 permit ^(420)(_420)*$
!
router bgp 100
!
address-family ipv4
neighbor xxx.xxx.xxx.xxx filter-list 500 out
neighbor yyy.yyy.yyy.yyy filter-list 500 out

BGP Looking Glass hosted in Bangladesh

Tags

bangladesh, BDHUB, bgp, Looking Glass

bdHUB Limited hosted looking glass in Bangladesh which is available in following url:

http://lg.bdhub.com/cgi-bin/bgplg

Full BGP routing table fro IPv4 & IPv6 is available in this looking glass.

Youtube Hijack Saga

Tags

bgp, PTA, Reading, Youtube hack

On February 24th, 2008, the Youtube routing has been hacked :-). Ya, that’s true. As Pakistan Government notify PTA (Pakistan Telecommunication Authority) to block Youtube access from Pakistan. And they announce Youtube IP Block. Defcon 16th conference describe the steps very nicely :

1. You Tube announces 5 prefixes : -A /19, /20, /22 and two /24s. The /22 is 208.65.152.0/22

2. Pakistan’s government decides to block You Tube.

3. Pakistan Telecom internally nails up a more specific route (208.65.153.0/24) out of You Tube’s /22 to nul0 (the routers discard interface)

4. Somehow redists from static —> bgp, then to PCCW

5. Upstream provider sends routes to everyone else..

6. Most of the net now goes to Pakistan for You Tube, gets nothing!

7. You Tube responds by announcing both the /24 and two more specific /25s, with partial success

8. PCCW turns off Pakistan Telecom peering two hours later

9. 3 to 5 minutes afterward, global bgp table is clean again.

Heheheh..that’s awesome. The details are in RIPE websites http://www.ripe.net/news/study-youtube-hijacking.html

So if your a transit ISP, please be careful. Please don’t be lazy to apply appropriate prefix list and as path filter.