On Fri, Aug 31, 2012 at 05:43:10PM +0200, Rémi Laurent wrote: > Hi, > > I don't know if this is a real bug, but at least it may be brought to > attention > that "announce self" without proper filtering may lead to some unexpected > behaviour. > > When configured with "enforce neighbor-as no" (as for connection to an IXP > route server), OpenBGPD seems to accept UPDATE with empty AS_PATH and, > without > proper filtering, announce them back prepended with AS "self" to every > neighbor even if "announce self" as been set on the neighbor definition. >
This is somewhat expected. announce self is nothing more then an implicit filter to only allow emtpy-as path out. It needs to be questioned if there should be not a implicit input filter that filters out empty AS pathes from ebgp hosts. It would also be possible to extend the announce self filter a bit to make sure the prefix originated via an ibgp session or was self generated. In the end you need to concede that a route server leaking empty AS paths to the wild is the bigger issue than OpenBGPD redistributing the info onwards. -- :wq Claudio
