Tom, The automotive industry has normalized "synthetic". It's motor oil that is artificially created, vs pulled out of the ground and refined. It's a perfect analogy for routes that were created by third-party software, vs organically created/redistributed from the proper AS. Ryan Hamel ________________________________ From: Tom Beecher <beecher@beecher.cc> Sent: Friday, December 6, 2024 10:10 AM To: Ryan Hamel <ryan@rkhtech.org> Cc: Nick Hilliard <nick@foobar.org>; nanog@nanog.org <nanog@nanog.org> Subject: Re: Route optimization using GPUs? Caution: This is an external email and may be malicious. Please take care when clicking links or opening attachments. not properly prepending communities on synthetic routes Let's not normalize 'synthetic route' as a term. It's not a thing that exists. On Fri, Dec 6, 2024 at 12:32 PM Ryan Hamel <ryan@rkhtech.org<mailto:ryan@rkhtech.org>> wrote: Nick, I understand there are rules and unspoken guidelines/rules for the DFZ, but when it comes to each individual AS, that org/operator can run their AS internally however they please, and maybe they have considered the risks you have mentioned. That said, I can argue that upstreams not filtering their customers properly removes a safety guard, upstreams not implementing RPKI removes a safety guard, not properly prepending communities on synthetic routes to drop them on export again removes a safety guard. I can go on... * As an industry, we should be well beyond the point of having to tell people that this is a poor idea, in the same way that we don't need to tell people that bypassing electrical fuse boxes is a poor idea, or removing railings on stair-cases, or not wearing motorbike helmets, or anything else designed to mitigate the unfortunate consequences of entirely predictable accidents. Where this statement falls short is, those are all regulated by building codes, laws, etc. No laws exist dictating how BGP, routing protocols in general, and topologies must be implemented, nor what safety guidelines must be adhered to. Ryan Hamel ________________________________ From: Nick Hilliard <nick@foobar.org<mailto:nick@foobar.org>> Sent: Friday, December 6, 2024 8:34 AM To: Ryan Hamel <ryan@rkhtech.org<mailto:ryan@rkhtech.org>> Cc: Tom Beecher <beecher@beecher.cc<mailto:beecher@beecher.cc>>; nanog@nanog.org<mailto:nanog@nanog.org> <nanog@nanog.org<mailto:nanog@nanog.org>> Subject: Re: Route optimization using GPUs? Caution: This is an external email and may be malicious. Please take care when clicking links or opening attachments. Ryan Hamel wrote on 05/12/2024 23:45:
What does "these devices don't follow standard BGP behaviors" have to do with adding a NO_EXPORT or specific community on the import policy when a route is accepted, and being belt & suspenders with matching those communities to drop those routes on export to carriers/IX/PNI sessions?
Ryan, BGP ensures loop-free interdomain path computation by inspecting the AS path of each NLRI. If a routing optimiser rewrites all the AS paths for all the NLRIs it receives, then it's just pooped all over the primary component of BGP that's designed to ensure that interdomain BGP actually works in the way that it's supposed to do in the first place, which also acts as an intrinsic safety guard against dfz hijacking. Removing an intrinsic safety guard like this is an inherently risky thing to do. When you elevate the inherent risk of a system, you necessarily elevate either the likelihood of failure or the consequences of a failure, or both. As an industry, we should be well beyond the point of having to tell people that this is a poor idea, in the same way that we don't need to tell people that bypassing electrical fuse boxes is a poor idea, or removing railings on stair-cases, or not wearing motorbike helmets, or anything else designed to mitigate the unfortunate consequences of entirely predictable accidents. Nick