BGP was indeed designed in an era when trust was implicit. Introducing
ASPA to sign a cryptographic list of authorized providers steps in the
right direction. By validating both AS_PATH and route origin, the
chances of BGP hijack and misconfigurations can be substantially
reduced.
https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-verification/
On 2023-08-11 13:51, Mark Tinka wrote:
On 8/11/23 12:56, Nick Hilliard wrote:
bgp is a policy based distance vector protocol. If you can't adjust
the primary inter-domain metric to handle your policy requirements,
it's not much use.
I am not talking about appending one's own AS in the AS_PATH. I am
talking about appending someone else's AS in the AS_PATH.
To be fair, I have never had to do that, since I've always thought it
would be considered bad form. But I suspect that on the simple BGP
mechanics of it, no vendor would be able to prevent that in any
meaningful way.
Then again, path hijacking likely wasn't a thought at the time the
Border Gateway Protocol was being conceived.
Mark.
--
August
