> On Aug 1, 2020, at 12:59 PM, Sabri Berisha <sa...@cluecentral.net> wrote:
>
> ----- On Aug 1, 2020, at 12:50 PM, Nick Hilliard n...@foobar.org wrote:
>
> Hi,
>
>> Sabri Berisha wrote on 01/08/2020 20:03:
>>> but because Noction's decision to not enable NO_EXPORT by default
>>
>> the primary problem is not this but that Noction reinjects prefixes into
>> the local ibgp mesh with the as-path stripped and then prioritises these
>> prefixes so that they're learned as the best path.
>
> Yeah, but that's not problem as far as I'm concerned. Their network,
> their rules. I've done weirder stuff than that, in tightly controlled
> environments.
Your network, your rules is fine as far as your border. When you start
announcing crap to the rest of the world, then the rest of the world has a
right to object.
When your product makes it easy for your customers to accidentally announce
crap to the rest of the world, then it’s the moral equivalent of building a car
without a seatbelt. Sure, before the technology was widely known and its life
saving capabilities well understood, it was legitimate to dismiss it as an
unnecessary added cost. Today, there’s no excuse for such an action. The
hazards of BGP optimizers are pretty well known and it’s not unreasonable to
expect vendors to implement appropriate safeguards into their products and/or
recommend appropriate safeguards by their customers in their other routing
devices. Certainly no-export by default is an example of something that there’s
really no reason not to do in any BGP optimizer.
>> The as-path is the primary loop detection mechanism in eBGP. Removing
>> this is like hot-wiring your electrical distribution board because you
>> found out you could get more power if you bypass those stupid RCDs.
>
> Well, let's be honest. Sometimes we need to get rid of that pesky mechanism.
> For example, when using BGP-as-IGP, the "allowas-in" disregards the as-path,
> in a controlled manner (and yes, I know, different use case).
Also a much more constrained case… allowas-in (which I still argue is a poor
substitute
for getting different ASNs for your different non-backboned sites) only allows
you to loop your own AS and only at your own sites. It doesn’t support allowing
you to feed crap to the internet.
> My point is that there can be operational reasons to do so, and whatever
> they wish to do on their network is perfectly fine. As long as they don't
> bother the rest of the world with it.
But the whole reason we’re having this conversation is that they _DID_ bother
the rest of the world with it. Kind of takes the wind out of that particular
argument, wouldn’t you say?
Owen
