BGP: Add option to enforce first AS in AS_PATH

This is optional check described in RFC 4271. Although this can be also done by filters, it is widely implemented option in BGP implementations. Thanks to Eugene Bogomazov for the original patch.
author: Ondrej Zajicek (work) <santiago@crfreenet.org> 2019-11-10 02:06:07 +0100
committer: Ondrej Zajicek (work) <santiago@crfreenet.org> 2019-11-10 02:06:07 +0100
commit: 0b228fca04c8a9a81af6a4973877ceba9aede3f0 (patch)
tree: ae5a7e9a1c8d4c6adc86db1d543a2befbcfa3a63 /doc/bird.sgml
parent: becda5638a8ff8b056ec04b5e156e86b168cb9ef (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/bird.sgml b/doc/bird.sgml
index d2a4fc14..aeea613f 100644
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -2405,6 +2405,15 @@ using the following configuration parameters:
 	malformed and corresponding BGP updates are treated as withdraws.
 	Default: on.
 
+	<tag><label id="bgp-enforce-first-as">enforce first as [<m/switch/]</tag>
+	Routes received from an EBGP neighbor are generally expected to have the
+	first (leftmost) AS number in their AS path equal to the neighbor AS
+	number. This is not enforced by default as there are legitimate cases
+	where it is not true, e.g. connections to route servers. When this
+	option is enabled, routes with non-matching first AS number are rejected
+	and corresponding updates are treated as withdraws. The option is valid
+	on EBGP sessions only. Default: off.
+
 	<tag><label id="bgp-enable-route-refresh">enable route refresh <m/switch/</tag>
 	After the initial route exchange, BGP protocol uses incremental updates
 	to keep BGP speakers synchronized. Sometimes (e.g., if BGP speaker
author	Ondrej Zajicek (work) <santiago@crfreenet.org>	2019-11-10 02:06:07 +0100
committer	Ondrej Zajicek (work) <santiago@crfreenet.org>	2019-11-10 02:06:07 +0100
commit	0b228fca04c8a9a81af6a4973877ceba9aede3f0 (patch)
tree	ae5a7e9a1c8d4c6adc86db1d543a2befbcfa3a63 /doc/bird.sgml
parent	becda5638a8ff8b056ec04b5e156e86b168cb9ef (diff)