CONCEPT Cited by 1 source

AS-path prepending¶

AS-path prepending is a BGP traffic-engineering technique in which an AS pads its own ASN into the outbound AS path more than once before advertising a route, to make that path less attractive to receivers — who prefer shorter AS paths during best-path selection (all else being equal).

Mechanism¶

BGP's best-path tiebreaker ladder includes "shorter AS path wins" as a lower tier. If AS X advertises the same prefix to two neighbors, on one session as X, Y and on the other as X, X, X, X, X, Y, receivers will usually prefer the shorter one. Prepending therefore shifts traffic toward the shorter- path session without fully withdrawing the longer one.

Loop prevention is why it works¶

BGP routers reject any inbound path whose AS path already contains their own ASN (loop prevention). That means no matter how many times AS X prepends, packets won't actually round- trip through X multiple times — the prepending is purely a selection-affecting signal. The Cloudflare post states this explicitly: "by means of BGP loop prevention the path would never actually travel in and out of AS8048 multiple times in a row."

Cloudflare's "prepends considered harmful" framing¶

Cloudflare has argued publicly that prepending is overused — it's a blunt instrument relative to BGP communities or local- preference signaling and it wastes AS-path budget.

Why it's diagnostic in route-leak forensics¶

Heavy prepending on leaked routes is evidence against a malicious interpretation:

An attacker wants more traffic to follow the leak (to MITM it). They would advertise short paths, more-specific prefixes, and no prepending.
An accidental leaker wants less traffic to follow it (the path runs through the leaker's own smaller backbone, costing them capacity). Heavy prepending is exactly what they would configure — or leave as default on the leg they didn't intend as primary.

In the Venezuela post, AS8048 prepended itself nine times on the leaked advertisements toward AS52320 (52320, 8048 (x9), 23520, 1299, 269832, 21980) — the canonical anti-malicious signal.

Seen in¶

sources/2026-01-08-cloudflare-a-closer-look-at-a-bgp-anomaly-in-venezuela — the 9-prepend observation is one of Cloudflare's five forensic arguments against MITM intent in the 01-02 leak.