On Sun, Oct 16, 2022 at 1:01 AM Matthew Petach <mpetach@netflight.com> wrote:
Their assumption that *everyone* would hear the more specifics, and thus the traffic would flow to the right island location was the "failure to understand BGP" that I was commenting on, and noting that while it is entirely correct to decide if you want to filter prefixes of an arbitrary length from entering your network, you may discover in the process that other networks that do not understand BGP and routing in general may complain that you have Broken The Internet(tm) by doing so.
Matthew, We studied aggregation to death back in the IRTF Routing Research Group. The bottom line is that you can aggregate at the source and you can aggregate at the BGP leaf nodes (transits, no downstreams or peers) but RIB aggregation anywhere else in the interdomain protocol breaks the network. You may wish that you could filter those more-specific prefixes but you are quite mistaken: that is NOT how BGP works. In point of fact, we couldn't come up with any theoretical interdomain routing protocol in which it was possible to filter conventionally legitimate prefixes and have the system operate reasonably. As near as we could determine, no such thing exists. When I design a covering route, I include a VPN to the site with the more-specific to catch the occasional misrouted packet. But then I also parse the TCP SYN packets and reduce the MSS because there are knuckleheads which think they can filter ICMP and have TCP merrily work without functional path MTU discovery. Those folks are wrong too, TCP doesn't work the way they think, but I'd rather keep the customer than win the argument. Regards, Bill Herrin
Assuming that your announcement of more specifics will always pull traffic away from a less-specific announcement is overly-optimistic. While it may *often* work, you should still be prepared to deal with traffic arriving at your least-specific announcement as well.
This turned out to be something that not every network on the Internet fully grasps, and my original message was warning that filtering on /24s would potentially bring complaints from networks like those.
It took a roundabout path, but I'm glad we eventually both ended up at the same place. :)
Thanks!
Matt
-- For hire. https://bill.herrin.us/resume/