Pinned
Forged #BGP AS paths should not be accepted. Let's start by rejecting the obvious ones: the leftmost AS in the AS_PATH not equals the peer AS that sent it. RFC7606 has updated the recommendation from "MAY" to "SHOULD" reject datatracker.ietf.org/doc/html/rfc76…
Let’s talk malformed AS_PATHs. Unless you’re enforcing the “First AS” of received routes, you’re vulnerable to hijacks that not even ASPA validation can prevent.
Read more here, and enforce the First AS in BGP.
blog.cloudflare.com/enforce-first-…


















