Hello, On 2/7/19 4:09 PM, Ondrej Filip wrote:> This is not necessary. BIRD does not check the first AS unless this is > configured in filters.
I think this behavior mightt be reconsidered for eBGP peers for upcoming versions, mainly due to security reasons. Even RFC 4271 isn't strict here for leftmost ASN validation ("may check", as stated in section 6.3., page 34), RFC 7353 expects more strict checks on AS_PATH attribute (section 4.6), with respect to RFC 7606, section 7.2. (withdrawn affected route). Also spirit of RFC 8212 was to move implicit BGP speaker behavior to more secure manner (of course, there must be knob disabling strict checking, when this is really needed - for IXP RS clients, for example). With regards, Daniel