V-269891

Discussion

The effects of prefix deaggregation can degrade router performance due to the size of routing tables and also result in black-holing legitimate traffic. Initiated by an attacker or a misconfigured router, prefix deaggregation occurs when the announcement of a large prefix is fragmented into a collection of smaller prefix announcements.

Check Content

This requirement is not applicable for the DODIN Backbone. 

Review the router configuration to verify that there is a filter to reject inbound route advertisements that are greater than /24 or the least significant prefixes issued to the customer, whichever is larger.

The prefix filter must be referenced outbound on the appropriate BGP neighbor statements.

Step 1: Verify prefix lists have been configured for each customer containing prefixes that belong to that customer.

OS10# show running-configuration prefix-list
!
ip prefix-list LONG_PREFIX_FILTER permit 0.0.0.0/0 ge 8 le 24
ip prefix-list LONG_PREFIX_FILTER deny 0.0.0.0/0

Step 2: Verify the route map applied to the external neighbors references the configured prefix list shown above.

OS10# show running-configuration route-map
!
route-map LONG_PREFIX_FILTER_MAP permit 50
 match ip address prefix-list LONG_PREFIX_FILTER

Step 3: Verify the route map applied to the external neighbors references the appropriate route maps shown above.
 
!
router bgp 10
 !
 neighbor 50.1.1.1
  !
  address-family ipv4 unicast
   route-map LONG_PREFIX_FILTER_MAP in

If the router is not configured to limit the prefix size on any inbound route advertisement to /24 or the least significant prefixes issued to the customer, this is a finding.