On 31/Jul/20 16:29, Mike Hammett wrote: > They solve a need that isn't reasonably solved any other way that > doesn't have similar drawbacks. > > Some optimizers need to be redesigned to be safer by default. > > Some networks need to be safer by default as well.
Almost every product ever made does solve a need. You will find at least one customer who is happy with what they paid their money for. But BGP-4 is vulnerable enough as it is, and the Internet has moved on in leaps and bounds since 1994 (RFC 1654). Until we see BGP-5, we need to look after our community. And if that means holding the BGP optimizers to a higher standard, so be it. As they say, "You can't blame a monkey for botching a brain surgery". Plenty of industries strongly "guide" (I'll avoid "regulate") their actors to ensure standards and results (medicine, aviation, energy, construction, e.t.c.). If the acceptance bar to a BGP actor is an optional CCNA or JNCIA certification, we shall learn the hard way, as we did with this and similar incidents. Mark.
