Anyway I just wanted to clarify that during my use of route optimization all the devices did was inject a more specific route to a prefix that my network would then use to reach that prefix. Those more specific routes weren't ever advertised to external BGP peers and if they were they shouldn't have been accepted. These days it's a little scarier to me to come in and see a customer ticket indicating that traffic is going from Ohio to Amsterdam and then back to New Jersey before going to Seattle to get to South Korea (real example from a couple of weeks ago) than it would be if something automated just... picked another route. YMMV I guess. -----Original Message----- From: NANOG <nanog-bounces+drew.weaver=thenap.com@nanog.org> On Behalf Of Job Snijders via NANOG Sent: Saturday, December 7, 2024 5:20 AM To: Ryan Hamel <ryan@rkhtech.org> Cc: nanog@nanog.org Subject: Re: Route optimization using GPUs? On Fri, Dec 06, 2024 at 10:55:30PM +0000, Ryan Hamel wrote:
That means (at least for Noction) the operator has to go out of their way to disable safety, so those that claim it has bad defaults, may want to RTFM.
While I appreciate various business drivers and motivations exist to deploy software solutions to modify & optimize routing on the fly, I think I disagree with you on this one point. Operators *literally* have to go out of their way to configure Noction to be safe to use. It is not safe to use out of the box. Page 29: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.noction.com_wp-2Dcontent_uploads_2016_09_irp-2Dlite-2Ddocumentation.pdf&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=OPufM5oSy-PFpzfoijO_w76wskMALE1o4LtA3tMGmuw&m=-_Rlv_p1lHlsVx5Sa67XIaQJYNw4IADo1JitKZvA8ZI83kk4oZWCXuAmg6M54dd9&s=Ef5Ju3LsdLECff_nlI46a3cLejTooG_OyMBOu2GFcoU&e= """ improvements should be stopped from propagating across routing domains. A route map is used to address this. [snip] Refer your router capabilities in order to produce the correct route map. The route map MUST be integrated into existing route maps. It is not sufficient to simply append them. """ (red: Noction calls the synthetic unauthorized more-specific hijack route announcements "improvements")
From Noction's other documentation at https://urldefense.proofpoint.com/v2/url?u=https-3A__www.noction.com_blog_route-2Doptimizers&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=OPufM5oSy-PFpzfoijO_w76wskMALE1o4LtA3tMGmuw&m=-_Rlv_p1lHlsVx5Sa67XIaQJYNw4IADo1JitKZvA8ZI83kk4oZWCXuAmg6M54dd9&s=6O4R2ds5EJDg9U9ZcgqJ_tQ5rxAayySPswGNC_-TDPY&e=
""" In order to further reduce the likelihood of these problems occurring in the future, we will be adding a feature within Noction IRP to give an option to tag all the more specific prefixes that it generates with the BGP NO_EXPORT community. -->>> This will not be enabled by default <<<--- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ """ Noction made their software UNSAFE BY DEFAULT. In my opinion this is a very poor product design choice, and the very reason we keep coming back to this specific topic. Other routing optimizers product never make the news, guess what they all have in common? They set NO_EXPORT by default! :-) Efforts to define new extensions to the BGP protocol to make this type of product safer in use (creating a new AFI/SAFI or something else) via IETF is interesting, but it appears Noction is not even doing the bare minimum within the existing standards. Kind regards, Job