Nick,

I appreciate the explanation and example, and agree with that as a very strong recommendation.

Reading Noction's IRP Lite documentation (https://www.noction.com/wp-content/uploads/2016/09/irp-lite-documentation.pdf) - page 214, with bgpd.as_pathset to "5 4 2 3" by default (table below), it makes a genuine effort to use the same AS-path when possible.

0 - Allow empty AS-PATH
2 - Use non-empty reconstructed AS-PATH (Announce AS-path reconstructed from traceroute)
3 - Reconstruct AS path with provider ASN and prefix origin ASN
4 - Use AS-Path from BMP
5 - Use AS-Path from BGP Alternative paths (RFC 7911)

That means (at least for Noction) the operator has to go out of their way to disable safety, so those that claim it has bad defaults, may want to RTFM. Now, I have never had a need to change that value, nor have I advised others to do the same. I agree having an empty AS path is asking for trouble when it gets leaked.

Ryan Hamel


From: Nick Hilliard <nick@foobar.org>
Sent: Friday, December 6, 2024 11:03 AM
To: Ryan Hamel <ryan@rkhtech.org>
Cc: Tom Beecher <beecher@beecher.cc>; nanog@nanog.org <nanog@nanog.org>
Subject: Re: Route optimization using GPUs?
 
Caution: This is an external email and may be malicious. Please take care when clicking links or opening attachments.


Ryan Hamel wrote on 06/12/2024 17:32:
> That said, I can argue that upstreams not filtering their customers
> properly removes a safety guard, upstreams not implementing RPKI removes
> a safety guard, not properly prepending communities on synthetic routes
> to drop them on export again removes a safety guard. I can go on...

There's a fundamental difference.

Not filtering customers properly fails to implement a safety guard that
should have been implemented. Not implementing RPKI fails to implement
an additional safety guard. Not properly prepending communities fails to
implement an additional safety guard.

Rewriting the AS path removes a core descriptive component of NLRIs
inherent in the BGP protocol which is critical to implementing other
safety guards.

Including - as an example of only of the harmful effects of this
practice - the ability for the upstream to automatically drop all routes
which you just reflected back to it, having just rewritten the AS path
to remove their ASN and rewrite the NHIP, because bgp loop-free routing
requires this by default in the protocol.

When you drop core safety components, accidents are more likely to happen.

> Where this statement falls short is, those are all regulated by building
> codes, laws, etc. No laws exist dictating how BGP, routing protocols in
> general, and topologies must be implemented, nor what safety guidelines
> must be adhered to.

The normal progression of many technologies ends in regulation. We
already have regulation which covers bgp inter-domain routing security
in the EU, and I'd be surprised if it wasn't going to happen in other
jurisdictions in due course.

In the US, warning shots have already been fired by the white house:

> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.whitehouse.gov%2Fwp-content%2Fuploads%2F2024%2F09%2FRoadmap-to-Enhancing-Internet-Routing-Security.pdf&data=05%7C02%7Cryan%40rkhtech.org%7C6b65ebefcaeb43bfe10f08dd1628a02c%7C81c24bb4f9ec4739ba4d25c42594d996%7C0%7C0%7C638691085977087805%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=9Pf2TyDNGJJgcK5Jdn9GREtkm4ktLHzODRnj0DRLICY%3D&reserved=0

This style of document should be taken as notification that interdomain
routing security is fresh on the table of regulatory bodies in the US.

Nick