On Tue, Jul 16, 2019 at 01:24:11PM -0500, Mike Hammett wrote:
All of the same tragedy can happen without BGP optimizers, and does.
I disagree. You are skipping over crucial distinction we should make between common 'route leaks' (incorrect propagation of valid routing information), and the poison that is 'bgp optimiser hijacks' (propagating of invalid/nonexistent routing information). In the first case, a simple leak of existing real routing information, you'll often see that the outcomes of the leak have a longer AS_PATH, and that the leaking ASN has an actual path towards the destination. In the best case the leaked routes are ignored because they don't become the best path, in the worst case anyone using those leaked paths suffers from congestion. In the second case, leaked routes that came from a so-called 'bgp optimiser', during the leak there is no forwarding path to the actual destination. The packets circulate in a loop and never arrive at the intended destination. This is hard downtime for the affected prefixes. We also often see that the AS_PATH is entirely fabricated by "BGP optimisers", further increasing the risk of the hijacked route announcements being used.
BGP optimizers only harm the global Internet when route filters don't do their job. (Un)Fortunately, many other things also harm the global Internet when route filters don't do their job. Things other than BGP optimizers harm the global Internet more frequently via the same vector (lack of proper route filters).
A given set of bugs are unlikely to affect both Optimizer edge egress filters and upstream ingress filters. If so, the Internet as a whole has much graver things to worry about.
I believe it is a fallacy to state that "because other things can harm the Internet" it would be somehow become OK to use a BGP optimiser. It is not, it is extremely dangerous for those networks whose prefixes are being 'optimised' (née hijacked). Every day we see negative effects as a result from "bgp optimizers". We also have observed that some of the 'bgp optimizers' have consciously chosen to not apply even the most basic of harm reduction methods, see https://twitter.com/JobSnijders/status/1143205986787831819 We can't stop people from deploying this type of software, the Internet simply doesn't provide that kind of regulatory environment, but one should be fully aware of the terrible risks involved when doing so. Networks should be cognizant of peers they suspect are using such software to steer traffic. Kind regards, Job