On Sun, Aug 2, 2020 at 4:34 AM Robert Raszuk <rob...@raszuk.net> wrote:
> All, > > Watching this thread with interest got an idea - let me run it by this > list before taking it any further (ie. to IETF). > > How about we learn from this and try to make BGP just a little bit safer ? > > *Idea: * > > In all stub (non transit) ASNs we modify BGP spec and disable automatic > iBGP to eBGP advertisement ? > Why do you believe a stub AS was involved or that would have changed this situation? The whole point of Noction is for a bad isp to fake more specific routes to downstream customers. Noction is sold to ISPs, aka transit AS, afaik > *Implementation: * > > Vendors to allow to define as part of global bgp configuration if > given ASN is transit or not. The default is to be discussed - no bias. > Oh. A configuration knob. Noction had knobs, the world runs of 5 year old software with default configs. > *Benefit: * > > Without any issues anyone playing any tools in his network will be able to > just issue one cli > Thanks for no pretending we configure our networks with yang model apis and be protected from accidentally hurting others. Yet naturally he will > still be able to advertise his neworks just as today except by explicit > policy in any shape and form we would find proper (example: > "redistribute iBGP to eBGP policy-X"). > XR rolls this way today, thanks Cisco. But the “any” keyword exists, so yolo. > We could even discuss if this should be perhaps part of BGP OPEN or BGP > capabilities too such that two sides of eBGP session must agree with each > other before bringing eBGP up. > > Comments, questions, flames - all welcome :) > > Cheers, > Robert. > > PS. Such a definition sure can and likely will be misused (especially if > we would just settle on only a single side setting it - but that will not > cause any more harm as not having it at all. > > Moreover I can already see few other good options which BGP implementation > or BGP spec can be augmented with once we know we are stub or for that > matter once it knows it is transit .... > >
