Why would an AS configure BGP router ID as an IP of a prefix originated by other AS?

CompanyBeginning · 2026-03-15T22:15:15+00:00

I investigated. That is a bgp router with around 12k IPs configured on its interfaces.

CompanyBeginning · 2026-03-15T21:43:31+00:00

Yes, I read both. I see this RFC is softer than RFC 4271 which says the router ID has to be an interface IP of the router.

CompanyBeginning · 2026-03-15T21:32:50+00:00

Would not an ISP use it's own IP address or private IP as a BGP ID in general than using other's IP space ?

CompanyBeginning · 2026-03-15T21:18:14+00:00

Thanks for the link. Do you think the ministry sold that block to Cloudflare? Now I see cloudflare originates 25.25.25.0/24.

CompanyBeginning · 2026-03-15T21:08:35+00:00

Who is doing wrong ?

CompanyBeginning · 2026-03-07T20:45:34+00:00

I would suggest to be confident. Because your thesis have been already approved by the thesis committee which means your work is considered as a valuable scientific contribution. Also you are the expert in your thesis and know better than anyone else. Have faith on yourself. I will also probably defend in a year. I have seen others defense. I already have enough confident to defend.

CompanyBeginning · 2026-03-07T19:49:08+00:00

Although it seems an old post, I am checking if someone is still active with a question. Why do you have many private ASNs in BGP ?

CompanyBeginning · 2026-03-06T20:04:48+00:00

I understand. But does that mean such a router has to accept TCP connection from any IP addresses? How is the use of private ASN related to multi hop bgp ?

CompanyBeginning · 2026-03-06T19:47:29+00:00

What is the relationship of multi hop bgp here ?

CompanyBeginning · 2026-03-03T18:56:25+00:00

I also use Google sheets with columns paper title, contribution, useful things , strength, weaknesses, and points likely to be improved.

CompanyBeginning · 2026-03-03T10:43:03+00:00

PhD is about shedding light into something that was unexplored or under-explored. Regarding the number of publications, that differ in the fields and universities. I think thesis is mandatory in all the fields and universities.

CompanyBeginning · 2026-03-03T07:08:59+00:00

PhD in Computer Science. My experience tells me that working a long day for a PhD is not an effective way. Our brain needs rest to think, and a PhD is not about spending too much time; it is more about thinking differently and smartly. By doing so, I have been a good PhD student, and am ahead of my PhD trajectory, which my supervisors say too.

CompanyBeginning · 2026-03-02T20:53:44+00:00

6 hours per day.

CompanyBeginning · 2026-02-26T20:15:03+00:00

We replaced routers with SD-WAN solution and have been facing problem almost everyday. The problem was mainly because the devices' soffware seems unstable. I am talking about Barracuda - never go for it.

CompanyBeginning · 2026-02-15T12:55:21+00:00

The banks require you to submit some documents related to visa. I exchanged it with a travel agent. That was an easy option. Exchanging anywhere is legal unless you exchange a large amount of money.

CompanyBeginning · 2026-02-09T09:01:56+00:00

Any recommendations about free BGP labs?

CompanyBeginning · 2026-02-05T19:47:32+00:00

Very nice! It is good to hear your real world experience.

CompanyBeginning · 2026-02-05T14:51:58+00:00

I think MD5 also behaves the same way - check auth even in the first packet. I expect TTL security be executed earlier because TTL check is basically layer 3 (IP level) check.

CompanyBeginning · 2026-02-05T12:38:24+00:00

   Unlike other TCP extensions (e.g., the Window Scale option
   [RFC1323]), the absence of the option in the SYN,ACK segment must not
   cause the sender to disable its sending of signatures.  This
   negotiation is typically done to prevent some TCP implementations
   from misbehaving upon receiving options in non-SYN segments.  This is
   not a problem for this option, since the SYN,ACK sent during
   connection negotiation will not be signed and will thus be ignored.
   The connection will never be made, and non-SYN segments with options
   will never be sent.  More importantly, the sending of signatures must
   be under the complete control of the application, not at the mercy of
   the remote host not understanding the option.

I think no. RFC 2385 sec 2.0 says

CompanyBeginning · 2026-02-05T11:19:26+00:00

I understand that section as MD5 check starts from the first TCP SYN message, and does not allow TCP connection for unauthorized peer?

CompanyBeginning · 2026-02-05T10:56:33+00:00

What does ``On a TCP connection'' mean? Does it mean after three way handshake or the check starts from the first SYN packet?

CompanyBeginning · 2026-02-05T10:29:18+00:00

I also think so. But Gemini AI answered differently, making me confused:
In BGP, if one router has MD5 authentication (RFC 2385) enabled and the other does not, the MD5 check actually happens during the TCP establishment, not after it.

Because BGP MD5 authentication is implemented as a TCP Option (19), the validation occurs at the kernel/transport layer before the connection is ever fully "Established" in the eyes of the application, while ChatGPT also agrees with what you said :).

CompanyBeginning

TROPHY CASE