On 1/Aug/20 21:03, Sabri Berisha wrote:
The same can be said here. Noction and/or its operators appear to not understand how BGP works, and/or what safety measures must be deployed to ensure that the larger internet will not be hurt by misconfiguration.
I think the latter would be more appropriate. Their implementation of BGP is likely correct, but they aren't putting any emphasis on what the deployment of their use-case can do to global BGP security and performance. This where I'd say they can add more focus.
I also agree with Job, that Noction has some responsibility here. And as I understand more and more about it, I must now agree with Mark T that this was an avoidable incident (although not because of Telia, but because Noction's decision to not enable NO_EXPORT by default).
I see it differently. The chain is only as strong as its weakest actor. It is not unreasonable to expect that global actors of significant scale have enough clue to make sure any mistakes committed downstream are not propagated by them to the rest of the Internet. So while I do not absolve Noction (and their customer) of any responsibility here, I'd apportion the blame as: - Telia 51% - Noction 30% - Noction's customer 19% When the weaker chains of the link fail, we should be able to count on the strongest chain in that link to be the last line of defence... Telia, in this case. Simply for no other reason than they "know best", and have such global scope which comes with significant responsibility. But that isn't to say that neither Noction nor their customer cannot do better either. After all, BGP security and performance only works well when we all do our part, and not just some of us. Mark.