[arin-ppml] 2-byte ASN policy

Michel Py michel at arneill-py.sacramento.ca.us
Sun Apr 3 23:18:31 EDT 2016

Hi Ron,

> Ron Grant wrote :
> Sorry, your humour is completely evading me tonight. Can you explain?

No worries, I understand it's hard to get sometimes.

Long story made short :
- I'm running an experimental BGP blacklist: http://arneill-py.sacramento.ca.us/cbbc/
- Basically, it's a route server; the next-hop I announce is, which struck me to be the most widely used blackhole route.
- The sources are multiple and diverse.
- Not unlike other BGP blacklists, I will (conditions) accept prefixes with the correct BGP community, which happens to be ASN:666.
- I have nothing to do with the meaning some will see in the 666 part; I was not the one who invented it.
- For reference : to my knowledge, the first public reference in using 666 as the BGP blacklist community dates back to September 2004 : https://tools.ietf.org/rfc/rfc3882.txt
- Not trying to pretend I am innocent, I was in the room in the IETF meeting when we voted that the 6bone deprecation date would be 6/6/6.
- This is not an April fool's joke.
- Back to BGP : it has been suggested earlier on that the CBBC should announce various communities, instead of the original 65532:666; that would allow subscribers to ignore potentially undesirable/incompatible/controversial sources. I agreed.
- Some of the potential sources and actual CBBC subscribers have a 4-byte ASN number, possibly because they could not obtain a 2-byte one.
- The propagation mechanism should allow for 4-byte-ASN:666 as well as 2-byte-ASN:666.

The comments below are Cisco-oriented, YMMV.

- Therefore, the need for a 4-byte ASN equivalent to the good old "ip bgp-community new-format" arose.
- That would be 2-byte-ASN:666
- Since there is no such thing as 4-byte-ASN:666, the logic suggested that the proper way to do it would be something along the lines of SoO:4-byte-ASN:666, does not accept multiple entries.
- Here we go : instead of trying to use SoO:ASN:Comm which is very stubborn animal and refuses multiple entries as well as the "additive" thing, instead I use RT:ASN:Comm which solves the problem you are having : give me the multiple-ASN version of BGP the 2-byte-ASN flavor communities we used for ages for 4-byte-ASNs.
- It configures AND propagates. See below.

> sincerely interested in what you're trying to say.

I am a Sith Lord known as Darth Numerous. Being the devil himself on top of it does not hurt me :P
Are you, uh, looking for a job as an apprentice to the Dark Side ?


route-map RM-EXABGP permit 10
 description IPv4 filter learned from iBGP peer
 set extcommunity rt 4200000000:1111 4200065532:666 4200065532:667
 set ip next-hop

cisco1841-michel#sh ip bgp
BGP routing table entry for, version 4
Paths: (1 available, best #1, table default)
  Advertised to update-groups:
  Local from (
      Origin IGP, localpref 100, weight 1, valid, internal, best
      Community: 65532:666 65532:667
      Extended Community: RT:4200000000:1111 RT:4200065532:666 RT:4200065532:667

More information about the ARIN-PPML mailing list