On Fri, Dec 6, 2024 at 8:34 AM Nick Hilliard <nick@foobar.org> wrote:
BGP ensures loop-free interdomain path computation by inspecting the AS path of each NLRI. If a routing optimiser rewrites all the AS paths for all the NLRIs it receives, then it's just pooped all over the primary component of BGP that's designed to ensure that interdomain BGP actually works in the way that it's supposed to do in the first place, which also acts as an intrinsic safety guard against dfz hijacking.
As an industry, we should be well beyond the point of having to tell people that this is a poor idea,
Hi Nick, Have you ever filtered routes from the BGP table and replaced them with a default route? Perhaps the TCAM was too full and you weren't ready to upgrade yet? There's nothing inherently wrong with filtering BGP routes and replacing them in local routes of your own selection. Nor is there anything wrong with using a complicated and detailed local selection process. The error lies in allowing those local routes to accidentally escape your AS. Since people being people, they make mistakes, I thought a little standards work in the area might head off some of those escapes. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/