On Sun, Aug 2, 2020 at 9:36 AM Robert Raszuk <rob...@raszuk.net> wrote:
> Hi Ca, > > > Noction is sold to ISPs, aka transit AS, afaik > > Interesting. > > My impression always was by talking to Noction some time back that mainly > what they do is a flavor of performance routing. But this is not about > Noction IMHO. > > If I am a non transit ASN with N upstream ISPs I want to exit not in a hot > potato style ... if I care about my services I want to exit the best > performing way to reach back customers. That's btw what Cisco PFR does or > Google's Espresso or Facebook Edge Fabric etc ... > > And you have few vendors offering this as well as bunch of home grown > tools attempting to do the same. Go and mandate that all of them will do > NO-EXPORT if they insert any routes ... And we will see more and more of > those type of tools coming. > > Sure we have implementations with obligatory policy on eBGP - cool. And > yes we have match "ANY" too. > > So if your feedback is that to limit the iBGP routes to go out over eBGP > this is all sufficient and we do not need a bit more protection there then > case solved. > > Cheers, > R. > > My feedback is the local_pref is complete for this behavior of setting an outbound, including being non-transitive FB uses local-pref for this afaik https://research.fb.com/blog/2017/08/steering-oceans-of-content-to-the-world/ > > On Sun, Aug 2, 2020 at 4:42 PM Ca By <cb.li...@gmail.com> wrote: > >> >> >> On Sun, Aug 2, 2020 at 4:34 AM Robert Raszuk <rob...@raszuk.net> wrote: >> >>> All, >>> >>> Watching this thread with interest got an idea - let me run it by this >>> list before taking it any further (ie. to IETF). >>> >>> How about we learn from this and try to make BGP just a little bit safer >>> ? >>> >>> *Idea: * >>> >>> In all stub (non transit) ASNs we modify BGP spec and disable automatic >>> iBGP to eBGP advertisement ? >>> >> >> Why do you believe a stub AS was involved or that would have changed this >> situation? >> >> The whole point of Noction is for a bad isp to fake more specific routes >> to downstream customers. Noction is sold to ISPs, aka transit AS, afaik >> >> >> >>> *Implementation: * >>> >>> Vendors to allow to define as part of global bgp configuration if >>> given ASN is transit or not. The default is to be discussed - no bias. >>> >> >> Oh. A configuration knob. Noction had knobs, the world runs of 5 year old >> software with default configs. >> >> >>> *Benefit: * >>> >>> Without any issues anyone playing any tools in his network will be able >>> to just issue one cli >>> >> >> Thanks for no pretending we configure our networks with yang model apis >> >> and be protected from accidentally hurting others. Yet naturally he will >>> still be able to advertise his neworks just as today except by explicit >>> policy in any shape and form we would find proper (example: >>> "redistribute iBGP to eBGP policy-X"). >>> >> >> XR rolls this way today, thanks Cisco. But the “any” keyword exists, so >> yolo. >> >> >>> We could even discuss if this should be perhaps part of BGP OPEN or BGP >>> capabilities too such that two sides of eBGP session must agree with each >>> other before bringing eBGP up. >>> >>> Comments, questions, flames - all welcome :) >>> >>> Cheers, >>> Robert. >>> >>> PS. Such a definition sure can and likely will be misused (especially if >>> we would just settle on only a single side setting it - but that will not >>> cause any more harm as not having it at all. >>> >>> Moreover I can already see few other good options which BGP >>> implementation or BGP spec can be augmented with once we know we are stub >>> or for that matter once it knows it is transit .... >>> >>>