On Tue, Oct 11, 2022 at 7:41 AM William Herrin <bill@herrin.us> wrote:
On Mon, Oct 10, 2022 at 3:37 PM Matthew Petach <mpetach@netflight.com> wrote:
They became even more huffy, insisting that we were breaking the internet by not following the correct routing for the more-specific /24s which were no longer present in our tables. No amount of trying to explain to them that they should not advertise an aggregate route if no connectivity to the more specific constituents existed seemed to get the point across. In their eyes, advertising the /24s meant that everyone should follow the more specific route to the final destination directly.
Hi Matthew,
They were correct. If the /24 was reaching your network, traffic should not have been following the /20. In your version, they would have to disaggregate the /20 into 16 /24s just because you didn't want to honor most-specific path routing. That's not what anybody wants. Least of all you.
I disagree. To illustrate why, let's take your case a step further, shall we? Wouldn't that same argument mean that every ISP that isn't honoring my /26 announcement, but is instead following the covering /24, or /20, or whatever sized prefix is equally in the wrong? And what about Fred's /27 announcement? Gosh, and now Cindy wants to announce a dozen /30's--is it everyone else's error for not listening to those announcements? What makes /24 boundaries magically "OK" to filter on, such that if you announce something smaller than a /24 that gets filtered, and traffic goes to the covering aggregate, everyone says "well, that's just how the Internet works, and of course traffic would be expected to flow towards the covering announcement", but if I set the boundary at a different, but still arbitrarily-sized point, like /23, suddenly the announcing party is right, and I'm wrong? If the stance is "it doesn't matter if there's a covering prefix, that announcement doesn't mean you can reach all the prefixes contained within it, you *must* listen to all the smaller announcements in order to have reachability", then A) you're redefining how BGP works in a fundamental way, and B) we should all buy stock in router memory manufacturers, because they're going to be the next oil companies. BGP 101 says that if I announce a covering prefix, I'm making a statement into the BGP routing table that says "you can reach everything contained within this covering route via me", and that's how the forwarding tables treat it; any time there's nothing more specific in the table, even due to a brief transient change on the Internet, traffic for those prefixes will be forwarded to the router announcing the covering prefix announcement. If I announce 0/1 into the DFZ and drop any traffic destined for it on the floor, I'm not going to get much sympathy by saying "well, it's your fault, you should have been listening to all the more specifics and not trusting the covering route to actually have reachability to the prefixes contained within it." (though that does make me think that if you're a content-heavy shop looking to balance your traffic flows, it might be a interesting way to make the point in a very real way to everyone on the Internet...) To wrap up--I disagree with your assertion because it depends entirely on a 'magic' /24 boundary that makes it OK to filter more specifics smaller than it, but not OK to filter larger than that and depend instead on covering prefixes, without actually being based on anything concrete in BGP or published standards. "But that's how we've always done it" is not the same as "but that's how the protocol works." ^_^; Regards, Bill Herrin Thank you for the discussion! Matt