Nick Hilliard <n...@foobar.org> writes: > Bjørn Mork wrote on 01/09/2023 08:17: >> Sounds familiar. >> https://supportportal.juniper.net/s/article/BGP-Malformed-AS-4-Byte-Transitive-Attributes-Drop-BGP-Sessions?language=en_US >> You'd think a lot of thought has gone into error handling for >> optional >> transitive attributes since then, but... > > A good deal of thought has gone into the problem, and this is where > rfc7606 came from. Treat-as-withdraw for the NLRI in question is the > default option with this approach, and should be deployed universally.
Yes. But there's obviously not been enough thought applied to realize that optional transitive attributes must be considered evil by default. They can only be used after extremely careful parsing. This is the BGP version of select * from mytable where field = $unvalidated_user_input; I was hoping we'd moved past that point in the software development history. Bjørn
