On 8/24/25 02:23, Saku Ytti wrote:
On Sun, 24 Aug 2025 at 05:52, Jeffrey Haas <jhaas@pfrc.org> wrote:
The easy way to picture some of the impacts of that is consider what it'd take to distribute "at the boundary of AS X->Y, don't distribute prefix P". If we imagine that we would have day1 had concern of people abusing BGP and that we need to distribute >1M prefixes. We likely would have considered we need out-of-band for validation reasons alone. So we would have evolved a very different looking system. It's worth remembering that such validation systems were considered very early. The origins of the IRR and route servers were there partially to deal with scaling situations along with validating routes. It's only with this iteration with the RPKI that we've gotten a flavor of such a database that's had some teeth to it. And what limitations that system would have and how to work with them would now look like requirements to us, when they were just the best solution we could come up, with the tools we had in front of us.
... and similarly what the security landscape would resemble. bgpsec still resembles most of the important bits of S-BGP for such reasons. And rather similarly, the fact that systems actually getting deployed have properties more like SO-bgp than S-BGP. To your point, where we're at is exactly the same type of story I generally tell about BGP: We got here one step at a time, because this has always been a story about successful incremental deployments. Did my elders think about doing everything in the flavor of link-state at the beginning? They certainly were aware of it - and somewhat frightened of it. CPU scale at the time made even lower scale SPFs challenging. These days we have much larger CPUs, although the CPUs available in routers still remain pathetic compared to desktop computers. Would link state make more sense these days? I think those of you on this list running planetary scale IGPs have some opinions about how even internal networks are able to keep up. So... probably not for the scale of the Internet.
I suspect all these disjoint advertisement problems that are legitimate would be addressed by registering more ASN and moving the ASNs between sites as needed.
RFC 1925, §2.(6). The amount of state stays largely the same. A simplifying discussion I have when covering this problem is you can treat an AS effectively as one very large router. The underlying problem is you can't pretend for how ASes work that a route entering one interface of this very large router is guaranteed to exit everywhere else. This is how we'd expect a link-state implementation to generally work. Similarly, you can't expect that we're going to originate routes from that AS uniformly from that single very large router. These things already push us out of classical link state solutions. The very large router is a black box and the Internet is the sum of how all of those black boxes are operating based on the preferences of each party running their AS. Which is a pity in some respects. As you note, if it was closer to link state, forwarding and convergence start to look very different. -- Jeff