draft-ietf-grow-as-path-prepending-05.txt   draft-ietf-grow-as-path-prepending-06.txt 
Network Working Group M. McBride Network Working Group M. McBride
Internet-Draft Futurewei Internet-Draft Futurewei
Updates: 7454, 8195 (if approved) D. Madory Updates: 7454, 8195 (if approved) D. Madory
Intended status: Best Current Practice Kentik Intended status: Best Current Practice Kentik
Expires: 8 July 2022 J. Tantsura Expires: 21 August 2022 J. Tantsura
Microsoft Microsoft
R. Raszuk R. Raszuk
NTT Network Innovations NTT Network Innovations
H. Li H. Li
HPE HPE
J. Heitz J. Heitz
Cisco Cisco
G. Mishra G. Mishra
Verizon Inc. Verizon Inc.
4 January 2022 17 February 2022
AS Path Prepending AS Path Prepending
draft-ietf-grow-as-path-prepending-05 draft-ietf-grow-as-path-prepending-06
Abstract Abstract
AS Path Prepending provides a tool to manipulate the BGP AS_Path AS Path Prepending provides a tool to manipulate the BGP AS_Path
attribute through prepending multiple entries of an AS. AS Path attribute through prepending multiple entries of an AS. AS Path
Prepending is used to deprioritize a route or alternate path. By Prepending is used to deprioritize a route or alternate path. By
prepending the local ASN multiple times, ASs can make advertised AS prepending the local ASN multiple times, ASs can make advertised AS
paths appear artificially longer. Excessive AS Path Prepending has paths appear artificially longer. Excessive AS Path Prepending has
caused routing issues in the internet. This document provides caused routing issues in the Internet. This document provides
guidance with the use of AS Path Prepending, including alternative guidance with the use of AS Path Prepending, including alternative
solutions, in order to avoid negatively affecting the internet. solutions, in order to avoid negatively affecting the Internet.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 8 July 2022. This Internet-Draft will expire on 21 August 2022.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 25 skipping to change at page 2, line 25
extracted from this document must include Revised BSD License text as extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License. provided without warranty as described in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Cascading and ripple affect of prepending across the 3.1. Cascading and ripple effects of prepending across the
internet . . . . . . . . . . . . . . . . . . . . . . . . 4 Internet . . . . . . . . . . . . . . . . . . . . . . . . 4
3.2. Excessive Prepending . . . . . . . . . . . . . . . . . . 5 3.2. Excessive Prepending . . . . . . . . . . . . . . . . . . 5
3.3. Prepending during a routing leak . . . . . . . . . . . . 6 3.3. Prepending during a routing leak . . . . . . . . . . . . 6
3.4. Prepending to All . . . . . . . . . . . . . . . . . . . . 7 3.4. Prepending to All . . . . . . . . . . . . . . . . . . . . 7
3.5. Memory . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.5. Memory . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.6. Errant announcement . . . . . . . . . . . . . . . . . . . 8 3.6. Errant announcement . . . . . . . . . . . . . . . . . . . 8
4. Alternatives to AS Path Prepend . . . . . . . . . . . . . . . 8 4. Alternatives to AS Path Prepend . . . . . . . . . . . . . . . 8
5. Best Practices . . . . . . . . . . . . . . . . . . . . . . . 9 5. Best Practices . . . . . . . . . . . . . . . . . . . . . . . 9
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11
8. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 11 8. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 11
skipping to change at page 3, line 7 skipping to change at page 3, line 7
attribute which enumerates ASs a route update has traversed. If the attribute which enumerates ASs a route update has traversed. If the
UPDATE message is propagated over an external link, then the local AS UPDATE message is propagated over an external link, then the local AS
number is prepended to the AS_PATH attribute, and the NEXT_HOP number is prepended to the AS_PATH attribute, and the NEXT_HOP
attribute is updated with an IP address of the router that should be attribute is updated with an IP address of the router that should be
used as a next hop to the network. If the UPDATE message is used as a next hop to the network. If the UPDATE message is
propagated over an internal link, then the AS_PATH attribute and the propagated over an internal link, then the AS_PATH attribute and the
NEXT_HOP attribute are passed unmodified. NEXT_HOP attribute are passed unmodified.
A common practice among operators is to prepend multiple entries of A common practice among operators is to prepend multiple entries of
an AS (known as AS Path Prepending) in order to deprioritize a route an AS (known as AS Path Prepending) in order to deprioritize a route
or a path. This has worked well in practice but the practice is or a path. So far, this has not caused many problems. However, the
increasing, with both IPv4 and IPv6, and there are inherit risks to practice is increasing, with both IPv4 and IPv6, and there are now
the global internet especially with excessive AS Path Prepending. inherent risks to the global Internet, especially with excessive AS
Prepending is frequently employed in an excessive manner such that it Path Prepending. Prepending is frequently employed in an excessive
renders routes vulnerable to disruption or misdirection. AS Path manner such that it renders routes vulnerable to disruption or
Prepending is discussed in Use of BGP Large Communities [RFC8195] and misdirection. AS Path Prepending is discussed in Use of BGP Large
this document provides additional, and specific, guidance to Communities [RFC8195]. This document provides additional and
operators on how to be a good internet citizen with the proper use of specific guidance to operators on how to be good Internet citizens
AS Path Prepending. with less risky use of AS Path Prepending.
1.1. Requirements Language 1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
2. Use Cases 2. Use Cases
There are various reasons that AS Path Prepending is in use today There are various reasons that AS Path Prepending is in use today
skipping to change at page 3, line 47 skipping to change at page 3, line 47
capacity than another where the lower capacity link still takes capacity than another where the lower capacity link still takes
traffic. traffic.
* Conditionally prefer one ASBR over another at the same site or * Conditionally prefer one ASBR over another at the same site or
between sites for lowest latency path based on geographic between sites for lowest latency path based on geographic
location. location.
* An ISP doesn't accept traffic engineering using BGP communities. * An ISP doesn't accept traffic engineering using BGP communities.
Prepending is the only option. Prepending is the only option.
The following illustration, from Geoff Hustons Path Prepending in BGP The following illustration, from Geoff Huston's Path Prepending in
(https://labs.apnic.net/?p=1264), shows how AS Prepending is BGP (https://labs.apnic.net/?p=1264), shows how AS Prepending is
typically used: typically used:
+---+ +---+ +---+ +---+
+---| D |----| F | +---| D |----| F |
| +---+ +---+ | +---+ +---+
+---+ +---+ | +---+ +---+ |
| A |---| B | | | A |---| B | |
+---+ +---+ 2x<- | +---+ +---+ 2x<- |
| +---+ +---+ | +---+ +---+
+---| C |----| E | +---| C |----| E |
skipping to change at page 4, line 33 skipping to change at page 4, line 33
will be passed via D and F to reach E, rather than via C. In this will be passed via D and F to reach E, rather than via C. In this
way prepending implements action at a distance where the routing way prepending implements action at a distance where the routing
decisions made by non-adjacent ASs can be influenced by selective AS decisions made by non-adjacent ASs can be influenced by selective AS
Path prepending. Path prepending.
3. Problems 3. Problems
Since it is so commonly used, what is the problem with the excessive Since it is so commonly used, what is the problem with the excessive
use of AS Path Prepending? Here are a few examples: use of AS Path Prepending? Here are a few examples:
3.1. Cascading and ripple affect of prepending across the internet 3.1. Cascading and ripple effects of prepending across the Internet
Care must be taken in prepending, as prepending can result in a Care should be taken in prepending, as prepending can cause ripple
ripple affect with multiple AS's performing the same set of prepend effects with multiple AS's performing the same set of prepends in the
in the same direction can result in route leaks where the valid same direction, resulting in route leaks where the valid preferred
preferred path becomes now de-preferred. path becomes now de-preferred.
<-5x <-5x <-5x <-5x <-5x <-5x
+---+ +---+ +---+ +---+ +---+ +---+ +---+ +---+
+---| D |----| F |----| H |----| J | +---| D |----| F |----| H |----| J |
| +---+ +---+ +---+ +---+ | +---+ +---+ +---+ +---+
+---+ +---+ | | +---+ +---+ | |
| A |---| B | | | | A |---| B | | |
+---+ +---+ 13x<-| | +---+ +---+ 13x<-| |
| +---+ +---+ +---+ +---+ | +---+ +---+ +---+ +---+
+---| C |----| E |----| G |----| I | +---| C |----| E |----| G |----| I |
+---+ +---+ +---+ +---+ +---+ +---+ +---+ +---+
In the diagram above A, B, C, D, E, F G, H, I, J are all part of a In the diagram above A, B, C, D, E, F G, H, I, and J are all part of
different AS. B will normally prefer the path via D to send traffic different ASes. B will normally prefer the path via D to send
to J, as this represents the preferred path to B, due to E prepending traffic to J, as this represents the preferred path to B, due to E
13 instances of its own AS number when advertising routes to C. ISP prepending 13 instances of its own AS number when advertising routes
J decides to prepend 5 instances of its own AS when advertising H, to C. ISP J decides to prepend 5 instances of its own AS when
and ISP H decides to do the same and prepends 5 instances of its own advertising to H, and ISP H decides to do the same and prepends 5
AS when advertising to F. ISP F decides to as well prepend 5 instances of its own AS when advertising to F. ISP F decides as well
instances of its own AS when advertising to D. B now sees 19 AS hops to prepend 5 instances of its own AS when advertising to D. B now
for prefixes coming from D to get to J which should be the preferred sees 19 AS hops for prefixes coming from D to get to J which should
path compare to 18 AS hops coming from C which is now preferred. We be the preferred path compared to 18 AS hops coming from C which is
now have a route leak to I as B now sends all of its traffic through now preferred. We now have a route leak to I as B now sends all of
I to reach J. This is the typical scenario where route leaks occur its traffic through I to reach J. This is the typical scenario where
where providers decide to de-prefer a path, however as the same de- route leaks occur where providers decide to de-prefer a path.
prefer of a path gets cascaded in the same direction, as a result, However as the same de-preference of a path gets cascaded in the same
the path that should never be preferred as its as-path is very high direction, as a result, the path that should never be preferred as
in this case 18 AS hops ends up being the preferred path resulting in its as-path is very high in this case 18 AS hops ends up being the
a route leak. BGP large communties along with conditional preferred path resulting in a route leak. Usage of BGP large
prepending, along with care being taken when prepending is performed communities along with conditional prepending, along with care being
between providers can help mitigate the adverse impacts of taken when prepending is performed between providers, can help
prepending. mitigate the adverse impacts of prepending.
3.2. Excessive Prepending 3.2. Excessive Prepending
The risk of excessive use of AS Path Prepending can be illustrated The risk of excessive use of AS Path Prepending can be illustrated
with real-world examples that have been anonymized using with real-world examples that have been anonymized using
documentation prefixes [RFC5737] and ASs [RFC5398] . Consider the documentation prefixes [RFC5737] and ASs [RFC5398] . Consider the
prefix 198.51.100.0/24 which is normally announced with an inordinate prefix 198.51.100.0/24 which is normally announced with an inordinate
amount of prepending. A recent analysis revealed that amount of prepending. A recent analysis revealed that
198.51.100.0/24 is announced to the world along the following AS 198.51.100.0/24 is announced to the world along the following AS
path: path:
64496 64511 64511 64511 64511 64511 64511 64511 64511 64511 64511 64496 64511 64511 64511 64511 64511 64511 64511 64511 64511 64511
64511 64511 64511 64511 64511 64511 64511 64511 64511 64511 64511 64511 64511 64511 64511 64511 64511 64511 64511 64511 64511 64511
64511 64511 64511 64511
In this example, the origin AS64511 appears 23 consecutive times In this example, the origin AS64511 appears 23 consecutive times
before being passed on to a single upstream (AS64496), which passes before being passed on to a single upstream (AS64496), which passes
it on to the global internet, prepended-to-all. An attacker, wanting it on to the global Internet, prepended-to-all. An attacker, wanting
to intercept or manipulate traffic to this prefix, could enlist a to intercept or manipulate traffic to this prefix, could enlist a
datacenter to allow announcements of the same prefix with a datacenter to allow announcements of the same prefix with a
fabricated AS path such as 999999 64496 64511. Here the fictional fabricated AS path such as 999999 64496 64511. Here the fictional
AS999999 represents the shady datacenter. This malicious route would AS999999 represents the shady datacenter. This malicious route would
be preferred due to the shortened AS path length and might go be preferred due to the shortened AS path length and might go
unnoticed by the true origin, even if route-monitoring had been unnoticed by the true origin, even if route-monitoring had been
implemented. Standard BGP route monitoring checks a route's origin implemented. Standard BGP route monitoring checks a route's origin
and upstream and both would be intact in this scenario. The length and upstream and both would be intact in this scenario. The length
of the prepending gives the attacker room to craft an AS path that of the prepending gives the attacker room to craft an AS path that
would appear plausible to the casual observer, comply with origin would appear plausible to the casual observer, comply with origin
skipping to change at page 6, line 30 skipping to change at page 6, line 30
3.3. Prepending during a routing leak 3.3. Prepending during a routing leak
In April 2010, a service provider experienced a routing leak. While In April 2010, a service provider experienced a routing leak. While
analyzing the leak something peculiar was noticed. When we ranked analyzing the leak something peculiar was noticed. When we ranked
the approximately 50,000 prefixes involved in the leak based on how the approximately 50,000 prefixes involved in the leak based on how
many ASs accepted the leaked routes, most of the impact was many ASs accepted the leaked routes, most of the impact was
constrained to Country A routes. However, two of the top five most- constrained to Country A routes. However, two of the top five most-
propagated leaked routes (listed in the table below) were Country B propagated leaked routes (listed in the table below) were Country B
routes. routes.
During the routing leak, nearly all of the ASs of the internet During the routing leak, nearly all of the ASs of the Internet
preferred the Country A leaked routes for 192.0.2.0/21 and preferred the Country A leaked routes for 192.0.2.0/21 and
198.51.100.0/22 because, at the time, these two Country B prefixes 198.51.100.0/22 because, at the time, these two Country B prefixes
were being announced to the entire internet along the following were being announced to the entire Internet along the following
excessively prepended AS path: 64496 64500 64511 64511 64511 64511 excessively prepended AS path: 64496 64500 64511 64511 64511 64511
64511 64511. Virtually any illegitimate route would be preferred 64511 64511. Virtually any illegitimate route would be preferred
over the legitimate route. In this case, the victim is all but over the legitimate route. In this case, the victim is all but
ensuring their victimhood. ensuring their victimhood.
There was only a single upstream seen in the prepending example from There was only a single upstream seen in the prepending example from
above, so the prepending was achieving nothing except incurring risk. above, so the prepending was achieving nothing except incurring risk.
You would think such mistakes would be relatively rare, especially You would think such mistakes would be relatively rare, especially
now, 10 years later. As it turns out, there is quite a lot of now, 10 years later. As it turns out, there is quite a lot of
prepending-to-all going on right now and during leaks, it doesn't go prepending-to-all going on right now and during leaks, it doesn't go
well for those who make this mistake. While one can debate the well for those who make this mistake. While one can debate the
merits of prepending to a subset of multiple transit providers, it is merits of prepending to a subset of multiple transit providers, it is
difficult to see the utility in prepending to every provider. In difficult to see the utility in prepending to every provider. In
this configuration, the prepending is no longer shaping route this configuration, the prepending is no longer shaping route
propagation. It is simply incentivizing ASs to choose another origin propagation. It is simply incentivizing ASs to choose another origin
if one were to suddenly appear whether by mistake or otherwise. if one were to suddenly appear whether by mistake or otherwise.
3.4. Prepending to All 3.4. Prepending to All
Based on analysis done in 2019, Excessive AS Path Prepending Based on analysis done in 2019, Excessive AS Path Prepending
(https://blogs.oracle.com/internetintelligence/excessive-as-path- (https://blog.apnic.net/2019/07/15/excessive-bgp-as-path-prepending-
prepending-is-a-self-inflicted-vulnerability), out of approximately is-a-self-inflicted-vulnerability/), out of approximately 750,000
750,000 routes in the IPv4 global routing table, nearly 60,000 BGP routes in the IPv4 global routing table, nearly 60,000 BGP routes are
routes are prepended to 95% or more of hundreds of BGP sources. prepended to 95% or more of hundreds of BGP sources. About 8% of the
About 8% of the global routing table, or 1 out of every 12 BGP global routing table, or 1 out of every 12 BGP routes, is configured
routes, is configured with prepends to virtually the entire internet. with prepends to virtually the entire Internet. The 60,000 routes
The 60,000 routes include entities of every stripe: governments, include entities of every stripe: governments, financial
financial institutions, even important parts of internet institutions, even important parts of Internet infrastructure.
infrastructure.
Much of the worst propagation of leaked routes during big leak events Much of the worst propagation of leaked routes during big leak events
have been due to routes being prepended-to-all. AS64505 leak of have been due to routes being prepended-to-all. The AS64505 leak of
April 2014 (>320,000 prefixes) was prepended-to-all. And the AS64506 April 2014 (>320,000 prefixes) was prepended-to-all. And the AS64506
leak of June 2015 (>260,000 prefixes) was also prepended-to-all. leak of June 2015 (>260,000 prefixes) was also prepended-to-all.
Prepended-to-all prefixes are those seen as prepended by all (or Prepended-to-all prefixes are those seen as prepended by all (or
nearly all) of the ASs of the internet. In this configuration, nearly all) of the ASs of the Internet. In this configuration,
prepending is no longer shaping route propagation but is simply prepending is no longer shaping route propagation but is simply
incentivizing ASs to choose another origin if one were to suddenly incentivizing ASs to choose another origin if one were to suddenly
appear whether by mistake or otherwise. The percentage of the IPv4 appear whether by mistake or otherwise. The percentage of the IPv4
table that is prepended-to-all is growing at 0.5% per year. The IPv6 table that is prepended-to-all is growing at 0.5% per year. The IPv6
table is growing slower at 0.2% per year. The reasons for using table is growing slower at 0.2% per year. The reasons for using
prepend-to-all appears to be due to 1) the AS forgetting to remove prepend-to-all appears to be due to 1) the AS forgetting to remove
the prepending for one of its transit providers when it is no longer the prepending for one of its transit providers when it is no longer
needed and 2) the AS attempting to de-prioritize traffic from transit needed and 2) the AS attempting to de-prioritize traffic from transit
providers over settlement-free peers and 3) there are simply a lot of providers over settlement-free peers and 3) there are simply a lot of
errors in BGP routing. Consider the prepended AS path below: errors in BGP routing. Consider the prepended AS path below:
skipping to change at page 8, line 7 skipping to change at page 8, line 7
3.5. Memory 3.5. Memory
Long AS Paths cause an increase in memory usage by BGP speakers. A Long AS Paths cause an increase in memory usage by BGP speakers. A
concern about an AS Path longer than 255 is the extra complexity concern about an AS Path longer than 255 is the extra complexity
required to process it, because it needs to be encoded in more than required to process it, because it needs to be encoded in more than
one AS_SEQUENCE in the AS_PATH BGP path attribute. one AS_SEQUENCE in the AS_PATH BGP path attribute.
3.6. Errant announcement 3.6. Errant announcement
There was an Internet-wide outage caused by a single errant routing It is possible for an Internet-wide outage to occur because of a
announcement. In this incident, AS64496 announced its one prefix single errant routing announcement. For example, AS64496 could
with an extremely long AS path. Someone entered their ASN instead of announce its one prefix with an extremely long AS path. Someone
the prepend count 64496 modulo 256 = 252 prepends and when a path could enter their ASN instead of the prepend count. 64496 modulo 256
lengths exceeded 255, routers crashed = 240 prepends, and when a path lengths exceeded 255, routers could
crash.
4. Alternatives to AS Path Prepend 4. Alternatives to AS Path Prepend
Various options, to provide path preference without needing to use AS Various options, to provide path preference without needing to use AS
Path Prepend, include: Path Prepend, include:
* Use predefined communities that are mapped to a particular * Use predefined communities that are mapped to a particular
behavior when propagated. behavior when propagated.
* Announce more specific routes on the preferred path. * Announce more specific routes on the preferred path.
skipping to change at page 8, line 37 skipping to change at page 8, line 38
origin, over the preferred path while the other ASBRs (which would origin, over the preferred path while the other ASBRs (which would
otherwise need to prepend N times) advertises with an INCOMPLETE otherwise need to prepend N times) advertises with an INCOMPLETE
origin code. origin code.
* The Multi Exit Discriminator (MED) is an optional non-transitive * The Multi Exit Discriminator (MED) is an optional non-transitive
attribute that can be used to influence path preference instead of attribute that can be used to influence path preference instead of
using as-path. MED is non transitive so it cannot influence an AS using as-path. MED is non transitive so it cannot influence an AS
more then 1 AS hop away. more then 1 AS hop away.
* Local-preference optional non-transitive attribute, above as-path * Local-preference optional non-transitive attribute, above as-path
in bgp path selection, can be used to influence route preference in BGP path selection, can be used to influence route preference
within the local operators AS administrative domain. Local- within the local operators AS administrative domain. Local-
preference can shield the operator domain from traffic shifts off preference can shield the operator domain from traffic shifts off
the preferred path to a de-preferred path caused by excess the preferred path to a de-preferred path caused by excess
prepending done by service providers across the internet. If all prepending done by service providers across the Internet. If all
service providers across the internet set local-preference inbound service providers across the Internet set local-preference inbound
conditionally with Large Community set on preferred paths, conditionally with Large Community set on preferred paths,
essentially the impacts of route leaks as well as other routing essentially the impacts of route leaks as well as other routing
issues resulting from excess prepending can be mitigated. issues resulting from excess prepending can be mitigated.
<-5x <-5x <-5x <-5x <-5x <-5x
LP 110 +---+ +---+ +---+ +---+ LP 110 +---+ +---+ +---+ +---+
+---| D |----| F |----| H |----| J | +---| D |----| F |----| H |----| J |
| +---+ +---+ +---+ +---+ | +---+ +---+ +---+ +---+
+---+ +---+ | | +---+ +---+ | |
| A |---| B | | | | A |---| B | | |
skipping to change at page 9, line 41 skipping to change at page 9, line 41
influenced by the excessive prepend cascading ripple affect by F, H, influenced by the excessive prepend cascading ripple affect by F, H,
J. Note that A still sees the cascading ripple affect of excess J. Note that A still sees the cascading ripple affect of excess
prepending, however A, or any service provider AS downstream of B, prepending, however A, or any service provider AS downstream of B,
ingressing B, will be shunted to D via local-preference and the route ingressing B, will be shunted to D via local-preference and the route
leak is now mitigated for all downstream AS to the left of B that leak is now mitigated for all downstream AS to the left of B that
prefer the path through B. prefer the path through B.
5. Best Practices 5. Best Practices
Many of the best practices, or lack thereof, can be illustrated from Many of the best practices, or lack thereof, can be illustrated from
the preceeding examples. Here's a summary of the best current the preceding examples. Here's a summary of the best current
practices when using AS Path Prepending: practices when using AS Path Prepending:
* Network operators should ensure prepending is absolutely necessary * Network operators should ensure prepending is absolutely necessary
as many networks have excessive prepending. It is best to as many networks have excessive prepending. It is best to
innumerate what the routing policies are intended to achieve innumerate what the routing policies are intended to achieve
before concluding that prepending is a solution before concluding that prepending is a solution
* The neighbor you are prepending may have an unconditional * The neighbor you are prepending may have an unconditional
preference for customer routes and prepending doesn't work. It's preference for customer routes and prepending doesn't work. It's
helpful to check with neighbors to see if they will honor the helpful to check with neighbors to see if they will honor the
skipping to change at page 11, line 15 skipping to change at page 11, line 15
* The Internet is typically around 5 ASs deep with the largest * The Internet is typically around 5 ASs deep with the largest
AS_PATH being 16-20 ASNs. Some have added 100 or more AS Path AS_PATH being 16-20 ASNs. Some have added 100 or more AS Path
Prepends and operators should therefore consider limiting the Prepends and operators should therefore consider limiting the
maximum AS-path length being accepted through aggressive filter maximum AS-path length being accepted through aggressive filter
policies. policies.
6. IANA Considerations 6. IANA Considerations
7. Security Considerations 7. Security Considerations
Long prepending may make a network more vulernable to route hijacking Long prepending may make a network more vulnernable to route
which will exist whenever there is a well connected peer that is hijacking which will exist whenever there is a well connected peer
willing to forge their AS_PATH or allows announcements with a that is willing to forge their AS_PATH or allows announcements with a
fabricated AS path. fabricated AS path.
8. Acknowledgement 8. Acknowledgement
The authors would like to thank Greg Skinner, Randy Bush, Dave The authors would like to thank Greg Skinner, Randy Bush, Dave
Farmer, Nick Hilliard, Martijn Schmidt, Michael Still, Geoff Huston Farmer, Nick Hilliard, Martijn Schmidt, Michael Still, Geoff Huston
and Jeffrey Haas for contributing to this document. and Jeffrey Haas for contributing to this document.
9. Normative References 9. Normative References
 End of changes. 23 change blocks. 
70 lines changed or deleted 70 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/