On 1/Aug/20 16:44, Nick Hilliard wrote:
... so once again, route optimisers were at the heart of another serious route leaking incident.
BGP is designed to prevent loops from happening, and has tools like no-export to help prevent inadvertent leaks.
When people build "BGP optimisers" which reinject a prefix into a routing mesh with the entire as-path stripped and then they refuse to apply the basic minimum of common sense by refusing point blank to tag prefixes with no-export, it's a matter of certainty that leaks are going to happen, and that when they do, they'll cause damage.
It's about as responsible as shipping a shotgun with the safety disabled and then handing it to a newbie. After all, the safety makes it more difficult to operate and if the newbie shoots themselves, it was their fault. And if they shot someone else, they shouldn't have got in the way, right?
All in all, agreed. While gun ownership and use is highly regulated (and penalized if violated) in almost all countries, it suffers the same problem as folk that have access to and drive cars without a valid license. In our case, we don't really have anything beyond person-to-person trust in doing their part to not only adhere to global BCOP's for BGP operation, but to also understand what they are doing with the equipment they have, as well as the BGP protocol itself. Without some plan in place to make sure BGP actors do so with sufficient knowledge and care, these problems are only going to worsen as the next crop of network engineers prefer a BGP optimizer with a point & click GUI to actually understanding BGP Multi-Homing principles and techniques. I'm not opposed to Cameron's suggestion on how to deal with BGP optimizers :-). The issue of correctly filtering at eBGP hand-off points has been beaten to death probably longer than I have been a member of this mailing list. So... Mark.