Wednesday, March 21, 2018

MOAS BGP ASN conflicts

IPv4/IPv6  prefixes  can originated  via 1 or 2 or more BGP-ASN. These are called MOAS ( multi-origin AS )

Digital Ocean is a big culprit of this. They have prefixes that can originate from  multi-ASes and even different  GEO ip-regions.

So when writing BGP route-policies , please  conduct BGP originate lookups  and determine what AS# can  originate the prefix. Hurricane Electric does this level of analysis on each BGP prefixes that's records on it's website.

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
        /  \

Ken Felix

No comments:

Post a Comment