On Sat, Jun 15, 2019 at 4:45 PM Owen DeLong <owen@delong.com> wrote:
On Jun 15, 2019, at 5:43 AM, Job Snijders <job@instituut.net> wrote:
On Sat, Jun 15, 2019 at 2:38 PM Owen DeLong <owen@delong.com> wrote:
owen> >> What I heard you say is: “I’m not going to offer a solution to your problem, but you shouldn’t use the one you have that currently works because some things my friends and I are doing react poorly to it and you may suffer some consequences as a result.”
job> > I have no idea how you would arrive at such a contrived convoluted job> > interpretation. I'm sorry I can't help further your understanding of job> > how modern day Internet routing works.
owen> I was pointing out that while you told the guy not to use a tool that’s been working for him, you didn’t actually answer his question, nor did you offer any useful alternative. Your summary of this thread is somewhat incomplete. I'll try myself: OP started with - "help, my ASN was used without my permission, what do I do?" - to which NANOG answered "let us know your ASN and we'll use our rolodex". Awesome, the community tried to help Philip Lavine. Then in a follow-up (general context) question from Joe Abley: "what actually can go wrong when the AS_PATH is modified for traffic engineering purposes?", to which three factually correct answers were provided: 1/ it may not help you achieve your traffic engineering goal (you can't know if as-path loop avoidance is enabled or not) 2/ it makes security incident attribution processes harder because poisoned AS_PATH contain fabricated information 3/ it can lead to hard outages because of interaction with EBGP routing security filters (such as peer-lock) Again a productive mail exchange, Joe Abley asked a good question and the resulting public discussion hopefully helped others learn something. Next up: Warren offered in a separate subthread "sometimes it seems AS_PATH poisoning is the only solution for traffic-engineering, what else can we do". To which I add: "we should keep in mind that this 'only solution' may result in hard outages", (I assume hard outages are considered worse than the state of things without traffic engineering). If BGP communities and telephone requests are not available, and AS_PATH poisoning seems to be the "only solution", well, then that is the only "solution" (but poisoning caveats still apply). There probably is no answer to Warren's question, at least I couldn't provide one because communities & phone were taken away. So, you turned something I intended as a simple addition to Warren's message (a point that hadden't yet been mentioned), into a vague statement about "Job and his friends". EBGP AS_PATH filters ("peerlock-style") have existed in many forms, since long before I even had a job in this sector. It is absolutely unclear to me what you are trying to achieve. Kind regards, Job