I just fat fingered a regex that was intented to show how many private ASNs we’re using on our network for various things. The results of the fat fingers showed that there are an astronomical number of private ASNs in the wild. I checked the CIDR report, and those ASNs are shown there in a specific Bogon ASN report, but I’m surprised that as far as I can recall, there haven’t been any efforts made by the good netizens around these parts to bring awareness to this issue.
Do we feel that it’s not that big of a deal? Have we not really been paying attention? Some other reason this seems to be a rather muted topic?
There are sloppy networks out there. If it was a big enough problem all you'd need is a few key networks drop those prefixes and we'd have a...slightly less sloppy Internet?
Router software (speaking of Cisco and Juniper in this case) has developed
reasonably well that one can now strip private ASN's from the AS_PATH
even though they now appear in between public ASN's.
This was not possible before, as private AS filtering was only possible if
they appeared contiguously in the AS_PATH.
Of course, this means running later code - but chances are that if you're
running code that supports 4-byte ASN's, you might have this feature.
Not sure about other vendors out there.
We, for example, remove private ASN's by default on all eBGP sessions. I
know several other providers that do the same - but it takes a village to
raise the Internet...
Sadly, you don't have to pass any sort of "clue" test to peer in the
default-free zone and there are plenty of organizations who simply don't
filter properly.
Worse yet, it's still illegal to use the bright platinum baseball bat of
clue on the perpetrators.
