Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[M/MX/T] Example - Limiting the maximum BGP AS-path length

0

0

Article ID: KB29321 KB Last Updated: 30 Jul 2014Version: 1.0
Summary:

This article describes how to discard any prefix received from a BGP peer with more than certain number of autonomous systems in its AS-Path.

Symptoms:

BGP allows numerous attributes (including AS-path) to be attached to every advertised IP prefix. The total length of the AS-path attached to a single IP prefix can be very large.

Cause:

Solution:

Alpha is advertising two prefixes to Beta. Prefix 77.15.23.0 will be discarded if it contains more than six  autonomous systems in the AS-path.

lab@Alpha> show route advertising-protocol bgp 89.170.10.1

inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
Prefix 				Nexthop 			MED 	Lclpref 	AS path
* 77.15.23.0/24 		Self 							6485 4856 1845 1052 1052 65421 65421 3378 [12741] I
* 144.10.98.0/24 		Self 							6485 4856 1845 [12741] I


lab@Beta > show route protocol bgp
77.15.23.0/24       *[BGP/170] 00:00:39, localpref 100
		       AS path: 6485 4856 1845 1052 1052 65421 65421 3378 12741 I, validation-state: unverified
		     > to 89.170.10.2 via ge-0/3/2.0
144.10.98.0/24      *[BGP/170] 00:00:39, localpref 100
                       AS path: 6485 4856 1845 12741 I, validation-state: unverified
                     > to 89.170.10.2 via ge-0/3/2.0

The following policy will be applied in Beta to discard prefixes (in this case: 77.15.23.0/24) with more than six autonomous systems in the AS-path.

lab@Beta > show configuration policy-options | display set
set policy-options policy-statement block-very-long-paths term blocking-1 from as-path too-many-AS
set policy-options policy-statement block-very-long-paths term blocking-1 then reject
set policy-options as-path too-many-AS ".{6,}"

lab@Beta > show configuration protocols bgp | display set
set protocols bgp group external-bgp type external
set protocols bgp group external-bgp import block-very-long-paths
set protocols bgp group external-bgp peer-as 12741
set protocols bgp group external-bgp neighbor 89.170.10.2

Verification after applying the policy:

lab@Beta > show route protocol bgp
144.10.98.0/24       *[BGP/170] 00:08:33, localpref 100
                        AS path: 6485 4856 1845 12741 I, validation-state: unverified
                      > to 89.170.10.2 via ge-0/3/2.0

lab@Beta > show route protocol bgp hidden
77.15.23.0/24        [ BGP ] 00:08:38, localpref 100
                       AS path: 6485 4856 1845 1052 1052 65421 65421 3378 12741 I, validation-state: unverified
                     > to 89.170.10.2 via ge-0/3/2.0
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search