Hi, On Sun, Aug 22, 2010 at 05:23:56PM -0600, randal k wrote: > > http://www.ciscosystems.com/en/US/docs/ios/12_0s/feature/guide/s_befasp.html > > no bgp enforce-first-as under your BGP config (or turning it on) > > I seem to remember a bug related to that. Not at the office or near a > > router to check exactly which it was but had a similar problem albeit with > > another provider. > > No dice. Still died, same error, right at 70k routes. Thanks for the input > though, I thought that first-as-hop *HAD* to match the remote AS; good to > know that it doesn't!
On a normal customer-transit provider session, if it doesn't matches, it's "something funny going on" - bug or malicious activity. This is mainly used for peering point route-servers, where the route-server will hand around AS paths from "peer X" to "peer Y" without introducing the route server AS - so there, it will fail with "enforce-first-as" (this is done to avoid making the AS path via the RS longer/different than via direct peering) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpm2G9h996aN.pgp
Description: PGP signature
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/