2012/5/31 Richard A Steenbergen <r...@e-gerbil.net> > On Thu, May 31, 2012 at 12:21:12PM -0400, Keegan Holley wrote: > > The internet by definition is a network of network so no one entity > > can keep traffic segregated to their network. Modifying someone else > > routing advertisements without their consent is just as bad as > > filtering them in my opinion. Doing so to move traffic into your AS > > in order to gain an advantage in peering arrangements and make more > > money off of the end user is just dastardly. > > There was one particularly (in)famous network *coughpeer1cough* which > was well known for selectively rewriting the origin codes towards their > peers a few years back. For example, if traffic was going to New York, > they would advertise the prefix with IGP in New York, and Incomplete > everywhere else, forcing other networks to haul the traffic to New York. > This is a violation of most peering agreements, which require consistent > advertisements unless otherwise agreed, but it was just sneaky enough > that it flew under the radar of most folks for quite a while. When it > was finally noticed and they refused to stop doing it when asked, a few > folks just depeered them, but a bunch of others just "solved the > problem" by rewriting the origin codes. This is why you still see a lot > of rewriting happening today by default, to avoid a repeat of the same > issue. > > Personally I was of the opinion that the correct solution to this > particular problem was just to terminate the peering relationship, but > honestly Origin code is a pretty useless attribute in the modern > Internet, and it exists today only because it's impossible to take it > out of the protocol. I don't see anyone complaining when we rewrite > someone else's MEDs, sometimes as a trick to move traffic onto your > network (*), or even that big of a complaint when we remove another > networks' communities, so I don't see why anyone cares about this one. > > It's hard to catch when someone is modifying your advertisements. Also, I don't expect MED to be compared globally since different networks will handle it differently so chances are I'm just using it to contol traffic to and from a directly connected ISP. If you rewrite it to do the same thing with your upstreams I probably won't care as long as latency and hop count remain reasonable. That being said I've seen an upstream mess with local-pref in their AS and then again upstream from them and began pulling traffic literally into a different country. That IMHO is egregious.
> Maybe a "better" fix would be a local knob to ignore Origin code in the > best path decision without having to modify it. Start asking your > vendors for it now, maybe it'll show up around 2017... :) > I still think it would cool if BGP had an AS topology database of some sort, but that's too expensive. Most BGP policies are not very deterministic in my experience. > > (*) I've seen a lot of inexperienced BGP speaking customers be very > upset that they can't "send any traffic using natural bgp" (yes, there > appears to be some kind of delusion running around that modifying BGP > attributes to influence path selection is bad... What's next, "organic > routes, not from concentrate"? :P), which in the end turned out to be us > sending the customer MEDs based on our IGP cost, other networks sending > them MEDs of 0, and them not knowing enough to do something useful with > the data or else rewrite it to 0. > > Well less than ten years ago I remember hearing that BGP was only for ISP's or very large enterprises and most people should try to run an IGP only. I still hear from companies who are nervous about running BGP with a private MPLS provider. Old habits die hard I guess..