Hello BIRD Users, "enforce-first-as disable" is a BGP option that can be configured for a BGP neighbor on a Cisco router. It is usually configured when the neighbor is a route server as route servers do not add their AS to the AS path of the prefixes they advertise. If I configure BIRD to BGP peer with a route server, how can I configure this option please? I do not find it in BIRD user guide. Thanks in advance!Firas
On 07. 02. 19 15:47, firas73737@yahoo.com wrote:
Hello BIRD Users,
Hi! This is not necessary. BIRD does not check the first AS unless this is configured in filters. Ondrej
"enforce-first-as disable" is a BGP option that can be configured for a BGP neighbor on a Cisco router. It is usually configured when the neighbor is a route server as route servers do not add their AS to the AS path of the prefixes they advertise. If I configure BIRD to BGP peer with a route server, how can I configure this option please? I do not find it in BIRD user guide.
Thanks in advance! Firas
Hello, On 2/7/19 4:09 PM, Ondrej Filip wrote:> This is not necessary. BIRD does not check the first AS unless this is
configured in filters.
I think this behavior mightt be reconsidered for eBGP peers for upcoming versions, mainly due to security reasons. Even RFC 4271 isn't strict here for leftmost ASN validation ("may check", as stated in section 6.3., page 34), RFC 7353 expects more strict checks on AS_PATH attribute (section 4.6), with respect to RFC 7606, section 7.2. (withdrawn affected route). Also spirit of RFC 8212 was to move implicit BGP speaker behavior to more secure manner (of course, there must be knob disabling strict checking, when this is really needed - for IXP RS clients, for example). With regards, Daniel
participants (3)
-
Daniel Suchy -
firas73737@yahoo.com -
Ondrej Filip