Re: someone is using my AS number

[Jon Lewis <jlewis () lewis org>]

On Sat, 15 Jun 2019, Job Snijders wrote:

> The moment they mangle the AS_PATH on their announcement and insert 2914
> in their announcement towards NSP, the following can happen:
>
> When ISP A would want to poison the path, ISP A may expect the following
> paths to be visible from the ATT and NTT routes:
>
>    AS_PATH                       | footnotes
>    7018_NSP_ISPA_2914_ISPA       | 1
>    2914_7018_NSP_ISPA_2914_ISPA  | 1
>    7018_2914_NSP_ISPA_2914_ISPA  | 2
>    2914_NSP_ISPA_2914_ISPA       | 2
>    NSP_ISPA_2914_ISPA            | 3
>    7018_2914_ISPA                | 4
>    2914_ISPA                     | 4
>
> footnotes:
>    1) rejected on AT&T routers due to peerlock (2914 is seen in the AS_PATH)
>    2) rejected by NTT routers due to as-path loop detection, thus never
>       propagated to AT&T. Neither NTT or AT&T will ever use this path.
>    3) potentially rejected by NSP due to presence of an upstream ASN in
>       AS_PATH, thus neither NTT or AT&T will ever this path.
>    4) accepted by both AT&T and NTT. note that this effectively is
>       ISP A single homing

I'll conceed that all of the above could happen, and has probably gotten 
more likely over time as networks get more "careful" about what paths 
they'll accept from who (too many BGP oops's over the years?).  My last 
use of as-path poisoning for TE was a couple of jobs ago and quite 
possibly ~10 years ago.  I was trying to keep an ISP (Level3) from sending 
our "TE more specifics" to a customer (TW Telecom), and at least back at 
that time, Level3 would accept routes from one customer (us) with another 
customer's (TW Telecom / 4323) ASN in the as-path.

Also, since in my case, the as-path poisoning was limited to more 
specifics that we advertised to one upstream utilizing their supported 
propagation limiting strings, poor propagation was the goal...and any 
network that didn't get those routes (i.e. the vast majority of the 
Internet) would presumably receive the natural as-path aggregate route(s). 
So, again, if there were propagation problems with the poisoned paths 
after they were accepted by the one upstream they were advertised to, A) 
that was the goal, B) you still have an aggregate route path.  If ISP1 
stopped accepting them, the TE would just stop working entirely, and 
everyone would use the aggregates.

Presumably, anyone using as-path poisoning would have non-poisoned 
covering aggregates, that "everyone" would use in the cases of rejection 
or failures causing no non-poisoned route to be available.


----------------------------------------------------------------------
 Jon Lewis, MCP :)           |  I route
                             |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________