My advice to our consulting clients regarding a list of about 8–10 specific ASNs (which are the same everywhere in the world) is always the same:
1- If you can set up a bilateral session with them via an MLPA at no cost, do it...
1.1- And send the routes to them with the `no-export` community.
1.2- Lower the local preference for everything coming from that peer.
2- For Route Servers:
2.1- When advertising your routes, tag them with the "selective-do-not-announce-to" community for those ASNs.
2.2- Reject anything the Route Server tags with the "learned-from-asn" community corresponding to those ASNs.

I know it’s massive overkill!
I know it’s even a bit rude...
But unfortunately, after losing so much sleep, this is how I finally stopped worrying about that type of network operator—the kind that thinks it’s great to declare themselves everyone's upstream provider.

If everyone (or at least a good number of people) does this... their business model collapses.

Em qui., 25 de jun. de 2026 às 10:55, Maria Matejka <maria.matejka@nic.cz> escreveu:

On Thu, Jun 25, 2026 at 09:41:35AM -0300, Douglas Fischer wrote:

Em qui., 25 de jun. de 2026 às 09:01, Maria Matejka via Bird-users < bird-users@network.cz> escreveu:

Note: The connectivity was hotfixed by temporarily adding HE as CZ.NIC provider in ASPA, and later returned to normal (checked right now).

It makes me very sad to hear that the solution to this involved informing in ASPA HE as a provider

Well, that was a connectivity hotfix, not a permanent solution.

My greatest hope regarding ASPA is (or was) that any of the ASNs exhibiting this behavior—taking peering routes and advertising them to downstream customers as if they were part of their own customer cone—would be publicly vilified.

The real question is, how to stop big leakers from forcing everybody to approve them as their provider. And while we can point our fingers here and there, the operational reality is to keep the connectivity running.

I expect that quite a lot of these problems will disappear when IXPs deploy ASPA upstream validation and simply drop all leaks.

Until then, with the downstream validation, we play chicken.


Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.



--
Douglas Fernando Fischer
Engº de Controle e Automação