In a message written on Tue, Jan 13, 2009 at 08:55:40AM -0500, John Payne wrote:
I guess the problem is that AS PATH is overloaded and people forget that the primary purpose is loop-avoidance. Everything else is secondary and much like reading Received headers in SMTP mail, you really should take everything after your direct neighbor's AS with a grain of salt.
Actually, I'd suggest your not looking at the primary purpose close enough. Loop detection kicks in only when there is a loop. You see your own ASN coming back to you. In the case we're discussing THERE IS NO LOOP. Someone is mis-using this feature to control the propagation of routes. Were the victim to do a show ip bgp neighbor foo receive-routes and see their own path they would be reasonable to assume that there is a loop, and someone is reflecting their own route back to them. This is a human configuring a device to lie about the loop status in the network. That is also the problem with this method, it is exactly the opposite of what the attribute was meant to convey, and thus someone on the other end who doesn't know what you're doing is virtually guaranteed to make the wrong assumption. You're going to spin up network engineers looking for routing loops, route leaks, and other issues if you use this method. I'd also suggest, as Jared pointed out, there are potential libel / trade-dress / slander implications here. Sending out an AS-Path of "ASfoo ASbar" is the technological equivalent of the English statement "foo and bar are interconnected with BGP". Just because you hide a false statement in an AS-Path doesn't make it any less of a false statement. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/