As path prepand wrong set and braked some staff

Hello guys,

I have done some wrong configuration and now is not ok sompting is wrong on ripe…etc

I have 2 ISPs , 1 IPS AS: 870X and 2nd IPS AS: 666X
Ower as number AS: 3391X

I have this rule on the config

set policy prefix-list IPv4-870X-OUT rule 100 action ‘permit’
set policy prefix-list IPv4-870X-OUT rule 100 description ‘AS3391X’
set policy prefix-list IPv4-870X-OUT rule 100 prefix ‘77.81.XXX.0/24’
set policy prefix-list IPv4-666X-OUT rule 100 action ‘permit’
set policy prefix-list IPv4-666X-OUT rule 100 description ‘AS3391X’
set policy prefix-list IPv4-666X-OUT rule 100 prefix ‘77.81.XXX.0/24’
set policy route-map IPv4-NET-666X rule 100 action ‘permit’
set policy route-map IPv4-NET-666X rule 100 match ip address prefix-list ‘IPv4-666X-OUT’
set policy route-map IPv4-NET-870X rule 100 action ‘permit’
set policy route-map IPv4-NET-870X rule 100 match ip address prefix-list ‘IPv4-870X-OUT’

and i setup this

set policy route-map IPv4-NET-870X rule 100 set as-path-prepend 666X

I whanted the routes/traffic to be prefered/prioritize on the ISP AS: 666X

Cuz on ISP AS: 666X we have ddos solution from them, we had an ddos so i setup as-path-prepend

I left it like this for 5 days and after i deleted the rule yerstaday

delete policy route-map IPv4-NET-870X rule 100 set
commit, save…etc

Today the traffic on ripe was showing like ISP 870X is not there any more, even on ipinfo.io the secand isp is missing, on Twelve99 Looking Glass is missing parts, ISP, route …etc so i made like this today thinking is sompting wrong and i have to set back ower as to the ip range.

set policy route-map IPv4-NET-870X rule 100 set as-path-prepend 3391X
commit…save…etc
After 30 minutes i deleted the rule

Now on Twelve99 Looking Glass it shows 2 times ower AS, like:

BGP routing table entry for 77.81.XX.0/24
Last Modified: May 9 14:33:55.203 for 01:25:35
Paths: (7 available, best #1)

Path #1: Received by speaker 0
870X 3391X 3391X

I know before i made this “prepend” was

Path #1: Received by speaker 0
870X 3391X

On RIPE, on the ip range it should show ISP as number both but now it shows ower AS Number.

Is there a way to reverse all this and to e back to normal like was before i used path-prepend ?

If someone is ready to help even for $ it will be my pleasure to pay just to fix this.

Thank you

I rebooted the router and now is all ok, but i dont get it, as-path-prepend was not on the config, i even restarted the bgp sessions, until i rebooted the misconfiguration was showing.

Just rebooted and all back to normal on looking glass.

Dose anyone know why ? Is sompting wrong ? Or i have to do sompting else after i remove the prepend ?

Thank you

Is there a way to set as-path-prepend to an /32 ? I dont fiind any examples or infos in vyos documentation.

You can add policy route-map match prefix-list

set policy prefix-list PREF rule 10 action 'permit'
set policy prefix-list PREF rule 10 prefix '203.0.113.2/32'
set policy route-map PREP rule 10 action 'permit'
set policy route-map PREP rule 10 match ip address prefix-list 'PREF'
set policy route-map PREP rule 10 set as-path-prepend '65000 65000 65000'
set policy route-map PREP rule 20 action 'permit'

I’m not sure that you really need it. But if you need it, an example above
In this example your ASN 65000 - your local asn
Prepend will be only for 203.0.113.2/32

Yes this is what i need, to be able to change prepend for an /32

Can you please give me an example on hot to set for multiple ips ?

Like This: set policy prefix-list PREF rule 10 prefix ‘203.0.113.2/32 203.0.113.3/32’
Or ?

How about if i create a rule like i have for community-list blackhole ?

set policy as-path-list FILTER rule 10 action ‘permit’
set policy as-path-list FILTER rule 10 regex ‘65000 65000 65000’

set policy route-map FILTER rule 10 action ‘permit’
set policy route-map FILTER rule 10 set as-path-prepend ‘65000 65000 65000’

set policy route-map IPv4-NET-870X rule 110 action ‘permit’
set policy route-map IPv4-NET-870X rule 110 match as-path ‘FILTER’

and use this command after:

set protocols bgp 33911 address-family ipv4-unicast network 77.81.XXX.0/32 route-map ‘FILTER’

?

Cristan,

I understand that you want use a black hole technique, so you remember prefixes /32s that are more
specific than /24 are typically not accepted and not propagated by BGP (the ISPs aren’t allowed normaly )

this is an example:

set policy prefix-list PREF rule 10 action ‘permit’
set policy prefix-list PREF rule 10 le ‘32’
set policy prefix-list PREF rule 10 prefix ‘0.0.0.0/0’

set policy route-map PREP rule 10 action ‘permit’
set policy route-map PREP rule 10 match ip address prefix-list ‘PREF’
set policy route-map PREP rule 10 set as-path-prepend ‘65000 65000 65000’
set policy route-map PREP rule 20 action ‘permit’

Hello,

Thank you,

And how do i set for multiple ips ?
77.81.XXX.3/32
77.81.XXX.4/32

I know someone who made this to work but it just dosent whant to share the config.

Hi Cristinad ,

I show an example with these prefixes that you shared :

set policy prefix-list PREF rule 10 action ‘permit’
set policy prefix-list PREF rule 10 prefix ‘77.81.XX.3/32’
set policy prefix-list PREF rule 20 action ‘permit’
set policy prefix-list PREF rule 20 prefix ‘77.81.XX.4/32’

set policy route-map PREP rule 10 action ‘permit’
set policy route-map PREP rule 10 match ip address prefix-list ‘PREF’
set policy route-map PREP rule 10 set as-path-prepend ‘65000 65000 65000’
set policy route-map PREP rule 20 action ‘permit

Also there is another possibility that you allow the / 24 prefix in / 32, for example:

set policy prefix-list PREF rule 10 action ‘permit’
set policy prefix-list PREF rule 10 le ‘32’
set policy prefix-list PREF rule 10 prefix ‘77.81.XX.0/24

I will test this, its just strage cuz for each /32 i have to create a new rule

My provider the one i whant to set prepend he even provide me this Sesiune BGP cu RCS&RDS please use google translate.

They told me i can even use this if i whant.