On Mon, May 01, 2017 at 11:45:58AM +0200, Ondrej Zajicek wrote: > On Sun, Apr 30, 2017 at 10:42:19AM +0200, Job Snijders wrote: > > On Sun, Apr 30, 2017 at 12:46:04AM +0200, Ondrej Filip wrote: > > > Let me announce a new addition to 2.0.x branch. > > > > Congratulations! > > > > Does this 2.0.0-pre1 version follow draft-ietf-grow-bgp-reject ? > > No, like 1.6.x, it has default policy of import all, export none. > > While i see that it is a good idea to have export none as default, i > do not see much advantage to have import none as default.
I'd argue this is insecure behaviour and I'm disappointed you do not see an advantage. The default of "import all" fully relies on the EBGP neighbor not announcing crap to you. Relying on others to do the right thing means you are operating from a position of weakness rather then strength. And while today your peering partner may announce a pristine set of routes, tomorrow that might be different. Your EBGP peer could update their configuration, upgrade the software, or swap out their implementation for something with poor defaults. This can lead to surprises (outages) to both parties if they are not incentivized to ensure that both sides of the EBGP session make a conscience decision what to accept and what to reject. You may want to align with feela@ since it appears you have different opinions on the matter. Ondrej Filip told me that 2.0.x would be the right place for a change like this and earlier on committed to support this secure default behaviour. Kind regards, Job
