Re: [External] Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On Wed, Sep 30, 2020 at 4:43 AM Mark Tinka wrote: > So if your peer or provider sent you a link to a web site where they > published all of their support BGP communities, you'd find that onerous > to deploy across them? I'd find it to require more effort than just applying the same route-maps we

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Sounds like you need a template based configuration management system and better automation more than you need to inflict an ad-hoc standardization of additional communities on the world. Owen > On Sep 9, 2020, at 12:21 AM, Robert Raszuk via NANOG wrote: > > Mark, > > Nope .. it is the othe

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

quot;Tom Beecher" mailto:beec...@beecher.cc>> > To: "Mike Hammett" mailto:na...@ics-il.net>> > Cc: "NANOG" mailto:nanog@nanog.org>>, "Douglas Fischer" > mailto:fischerdoug...@gmail.com>> > Sent: Tuesday, September 8, 2020 3:02:37 PM >

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

> Using 2-byte communities in today's age of explosive "assignment" of > 4-byte ASN's is similar to the price-hike of IPv4 space. In the long > term. Standard BGP communities and IPv4 will not be worth the required > effort/investment (unless you want to "cripple" yourself from the > get-go). And I

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

ike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > From: "Tom Beecher via NANOG" > To: "Douglas Fischer" > Cc: "NANOG" > Sent: Tuesday, September 8, 2020 1:30:19 P

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

> On Sep 8, 2020, at 9:22 AM, Mark Tinka via NANOG wrote: > > > > On 8/Sep/20 17:55, Douglas Fischer via NANOG wrote: > >> Most of us have already used some BGP community policy to no-export some >> routes to some where. >> >> On the majority of IXPs, and most of the Transit Providers, the

Re: [External] Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 11/Sep/20 20:58, Hunter Fuller wrote: Hey Mark, I am here. At 10364 we have 7 network people, 3 of whom have an understanding of BGP deeper than surface level. We have 3 peers and 2 transit providers total. When we go to implement external-facing BGP policy, the #1 concern is "What are mo

Re: [External] Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On Wed, Sep 9, 2020 at 11:05 AM Mark Tinka via NANOG wrote: >> Circling back to earlier where I said there are almost 70k ASNs in use on >> the public Internet. Most of those operators don't have complex >> configurations. I'd be surprised if less than half of them had anything more >> than the

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

e… > > > > adam > > > > *From:* Jeff Tantsura > *Sent:* Wednesday, September 9, 2020 6:01 PM > *To:* adamv0...@netconsultings.com > *Cc:* nanog@nanog.org > *Subject:* Re: BGP Community - AS0 is de-facto "no-export-to" marker - > Any ASN reserved to &q

RE: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

: Jeff Tantsura Sent: Wednesday, September 9, 2020 6:01 PM To: adamv0...@netconsultings.com Cc: nanog@nanog.org Subject: Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?' BCP38 is an RFC, 2827. It is a grand advise if yo

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

beit concentrated around security) > > adam > > From: Jeff Tantsura > Sent: Wednesday, September 9, 2020 9:52 AM > To: adamv0...@netconsultings.com > Cc: nanog@nanog.org > Subject: Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN > r

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > From: "Mark Tinka" > To: "Mike Hammett" > Cc: nanog@nanog.org > Sent: Wednesday, September 9, 2020 7:59:55 AM > Subject: Re: BGP Community - AS0 is de-facto "no-

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 9/Sep/20 17:42, Robert Raszuk wrote: > > It's not about numbers ... it's about ability to uniformly express > policy with chain of arguments.  > > See even with large communities you can define a policy with an > unstructured parameter and single action then you need to put it on > all of you

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 9/Sep/20 17:52, Mike Hammett wrote: > No, but most network operators also aren't NANOG members, attend NANOG > shows, subscribe to NANOG lists. > > They're small outfits where there's between 1 - 5 total networking people. Yeah, I'll steer clear of that one :-)... > > Circling back to earl

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

t-ix.com - Original Message - From: "Mark Tinka" To: "Mike Hammett" Cc: nanog@nanog.org Sent: Wednesday, September 9, 2020 8:13:32 AM Subject: Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

It's not about numbers ... it's about ability to uniformly express policy with chain of arguments. See even with large communities you can define a policy with an unstructured parameter and single action then you need to put it on all of your boxes to act upon. Is it possible to perhaps express i

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 9/Sep/20 15:25, Robert Raszuk wrote: > That's not quite true.  > > See the entire idea behind defining a common mechanism for signalling > policy in communities in a flexible way for both intra and > inter-domain use is to help you to use the same encoding acros policy > engines of many vendo

RE: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

> Chriztoffer Hansen via NANOG > Sent: Wednesday, September 9, 2020 1:29 PM > > On Wed, 9 Sep 2020 at 06:25, Mark Tinka via NANOG > wrote: > > It's not unlike trusting your customers to send you FlowSpec > > instructions. No issues technically, but do you want to do it? > > Why not? As a servic

RE: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

, September 9, 2020 9:52 AM To: adamv0...@netconsultings.com Cc: nanog@nanog.org Subject: Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?' I don’t think, anyone has proposed to use ‘’reserved ASNs” as a BCP, example of “ab”

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

> > Well, the proposed de facto standard is only useful for what we need to > signal outside of the AS. That's not quite true. See the entire idea behind defining a common mechanism for signalling policy in communities in a flexible way for both intra and inter-domain use is to help you to use t

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 9/Sep/20 15:09, Mike Hammett wrote: > If history has taught us anything, everything we do will be ignored by > those that most need it.  :-) Touche :-)... Mark.

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 9/Sep/20 15:06, Mike Hammett wrote: > More operators don't use communities internally than the number of > operators that do. Do you have some empirical data on that? I don't know if it's more, or less. But as Charlton Heston said in "True Lies": "So far this is not blowing my skirt up, g

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

e Hammett" Cc: nanog@nanog.org Sent: Wednesday, September 9, 2020 7:59:55 AM Subject: Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?' Well, the proposed de facto standard is only useful for what we need to signal

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 9/Sep/20 14:29, Chriztoffer Hansen wrote: > Why not? As a service offering, it makes total sense. Yes, makes total sense. So why aren't jumping all over it? > > Thou, generally I agree with you. Trust, but verify any received > announcement conforms to a base-set of expectations. Discard

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Hammett" Cc: nanog@nanog.org Sent: Wednesday, September 9, 2020 7:59:55 AM Subject: Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?' Well, the proposed de facto standard is only useful for what we need to signal outside

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

ttp://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > > *From: *"Mark Tinka" > *To: *"Mike Hammett" > *Cc: *nanog@nanog.org > *Sent: *Wednesday, September 9, 2020 6:4

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

igent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Mark Tinka" To: "Mike Hammett" Cc: nanog@nanog.org Sent: Wednesday, September 9, 2020 6:47:13 AM Subject: Re: BGP Community - AS0 is de-facto "

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On Wed, 9 Sep 2020 at 06:25, Mark Tinka via NANOG wrote: > It's not unlike trusting your customers to send you FlowSpec > instructions. No issues technically, but do you want to do it? Why not? As a service offering, it makes total sense. Thou, generally I agree with you. Trust, but verify any r

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 9/Sep/20 13:41, Mike Hammett wrote: > How is that any different than any other network with minimal > connectivity (say a non-ISP such as a school, medium business, local > government, etc.)? Because the existing flexibility of dis-aggregated BGP community design can be done without any need

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Mark Tinka via NANOG" To: nanog@nanog.org Sent: Tuesday, September 8, 2020 11:28:48 PM Subject: Re: BGP Community - AS0 is de-facto "no-exp

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

mber 8, 2020 11:26:43 PM Subject: Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?' On 8/Sep/20 20:35, Mike Hammett via NANOG wrote: How I see the OP's intent is to create a BCP of what defined communities have

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Robert, This is not whether you should do it, but, should you have decided to, how to do it in the best possible way, without making mistakes someone else has made and learnt from. Regards, Jeff > On Sep 9, 2020, at 11:40, Robert Raszuk wrote: > >  > And use of BGP without IGP left and righ

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Jeff Tantsura via NANOG wrote on 09/09/2020 09:03: De-facto standards are as good as people implementing them, however in order to enforce non ambiguous implementations, it has to be de-jure (e.g. a standard track RFC). While I’m sympathetic to the idea, I’m quite skeptical about its viability.

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

And use of BGP without IGP left and right when even today bunch of DCs can do just fine with current IGPs scaling wise is IMO not a good thing. Thx R. On Wed, Sep 9, 2020, 10:55 Jeff Tantsura via NANOG wrote: > I don’t think, anyone has proposed to use ‘’reserved ASNs” as a BCP, > example of “a

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

I don’t think, anyone has proposed to use ‘’reserved ASNs” as a BCP, example of “ab”use of ASN0 is a de-facto artifact (unfortunate one). My goal would be to provide a viable source of information to someone who is setting up a new ISP and has a very little clue as where to start. Do’s and don’t

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 9/Sep/20 10:03, Jeff Tantsura via NANOG wrote: > De-facto standards are as good as people implementing them, however in > order to enforce non ambiguous implementations, it has to be de-jure > (e.g. a standard track RFC). > While I’m sympathetic to the idea, I’m quite skeptical about its > v

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

De-facto standards are as good as people implementing them, however in order to enforce non ambiguous implementations, it has to be de-jure (e.g. a standard track RFC). While I’m sympathetic to the idea, I’m quite skeptical about its viability. A well written BCP would be much more valuable, and

RE: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

I don’t agree with the use of reserved ASNs, let alone making it BCP, cause it defeats the whole purpose of the community structure. Community is basically sending a message to an AS. If I want your specific AS to interpret the message I set it in format YOUR_ASN:, your AS in the first part of

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 9/Sep/20 09:21, Robert Raszuk wrote: > Nope .. it is the other way around. > > It is all easy if you look from your network centric view. > > But if I am connected to 10 ISPs in each POP I have to build 10 > different egress policies, each embedding custom policy, teach NOC to > understand i

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 9/Sep/20 09:15, Robert Raszuk wrote: > On last point yes. The entire idea behind flow spec is to work > inter-as to mitigate DDoS as close to a source as possible. Indeed, that is the original intention. Any reason why we don't see it happening in this way, today? > And as far as wide the

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Mark, Nope .. it is the other way around. It is all easy if you look from your network centric view. But if I am connected to 10 ISPs in each POP I have to build 10 different egress policies, each embedding custom policy, teach NOC to understand it etc... I think if there is a defined way to ex

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Mark, On last point yes. The entire idea behind flow spec is to work inter-as to mitigate DDoS as close to a source as possible. And if you validate against advertising reachability what's the problem ? And as far as wide they just let you structure your community in a common way. It is both to

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 8/Sep/20 23:22, Douglas Fischer via NANOG wrote: > Exactly Mike! > > The Idea would be to define some base levels, to make the creations of > route-filtering simpler to everyone in the world. > And what comes beyond that, is in charge of each autonomous system. > > It would make the scripting

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 8/Sep/20 22:02, Tom Beecher via NANOG wrote: > I also get that intent from the OP. However I disagree that there > should be a 'de facto' standard created for such things. All flavors > of BGP community specifications are designed to be flexible so that > different networks can design a syst

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 8/Sep/20 20:35, Mike Hammett via NANOG wrote: > How I see the OP's intent is to create a BCP of what defined > communities have what effect instead of everyone just making up > whatever they draw out of a hat, simplifying this process for everyone. Which only matters if you are extending a c

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 8/Sep/20 20:15, Robert Raszuk wrote: > This does not require any more trust for say directly connected peers > more then today when you publish communities on the web page. I'd tend to disagree. Trusting your direct peer to not send you default or to have a 24/7 NOC to handle connectivity

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

riginal Message - From: "Mike Hammett via NANOG" To: "Tom Beecher" Cc: "NANOG" Sent: Tuesday, September 8, 2020 5:56:22 PM Subject: Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

NANOG" , "Douglas Fischer" Sent: Tuesday, September 8, 2020 3:36:22 PM Subject: Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?' Every network is a snowflake already. Everyone has different needs and

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Douglas On 08.09.2020 17:55, Douglas Fischer via NANOG wrote: > Most of us have already used some BGP community policy to no-export some > routes to some where. > > On the majority of IXPs, and most of the Transit Providers, the very > common community tell to route-servers and routers "Please do

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

t; Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > -- > *From: *"Tom Beecher via NANOG" > *To: *"Douglas Fischer" > *Cc: *"NANOG" > *Sent:

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

t; fischerdoug...@gmail.com> > *Sent: *Tuesday, September 8, 2020 3:02:37 PM > *Subject: *Re: BGP Community - AS0 is de-facto "no-export-to" marker - > Any ASN reserved to "export-only-to"?' > > I also get that intent from the OP. However I disagree that there

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

- From: "Tom Beecher" To: "Mike Hammett" Cc: "NANOG" , "Douglas Fischer" Sent: Tuesday, September 8, 2020 3:02:37 PM Subject: Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

ttp://www.midwest-ix.com > > -- > *From: *"Tom Beecher via NANOG" > *To: *"Douglas Fischer" > *Cc: *"NANOG" > *Sent: *Tuesday, September 8, 2020 1:30:19 PM > *Subject: *Re: BGP Community - AS0 is de-facto "no-expo

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Douglas, On Tue, 8 Sep 2020 at 17:55, Douglas Fischer via NANOG wrote: > > Most of us have already used some BGP community policy to no-export some > routes to somewhere. > > On the majority of IXPs, and most of the Transit Providers, the very common > community tell to route-servers and router

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

http://www.midwest-ix.com - Original Message - From: "Tom Beecher via NANOG" To: "Douglas Fischer" Cc: "NANOG" Sent: Tuesday, September 8, 2020 1:30:19 PM Subject: Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

BGP Large Communities ( https://tools.ietf.org/html/rfc8195 ) already provides for anyone to define the exact handling you wish. On Tue, Sep 8, 2020 at 11:57 AM Douglas Fischer via NANOG wrote: > Most of us have already used some BGP community policy to no-export some > routes to some where. >

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Mark, This does not require any more trust for say directly connected peers more then today when you publish communities on the web page. It is not about opening up your network. It is about expressing your policy in a common way in the exact say amount as you would open up your network today. N

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 8/Sep/20 18:41, Robert Raszuk wrote: > I don't think this is the ask here.  > > Today NO_EXPORT takes no parameters. I think it would be of benefit to > all to be able to signal NO_EXPORT TO ASN_X in a common (std) way > across all of my peers connected to ASN_X. Moreover policy on all > ven

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Mark, > The standard already exists... "NO_EXPORT". I don't think this is the ask here. Today NO_EXPORT takes no parameters. I think it would be of benefit to all to be able to signal NO_EXPORT TO ASN_X in a common (std) way across all of my peers connected to ASN_X. Moreover policy on all vendo

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

On 8/Sep/20 17:55, Douglas Fischer via NANOG wrote: > Most of us have already used some BGP community policy to no-export > some routes to some where. > > On the majority of IXPs, and most of the Transit Providers, the very > common community tell to route-servers and routers "Please do > no-exp

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Hi Douglas, Just FYI I have tried to capture most common use cases of communities and register them as part of a wide-community effort in IANA. https://tools.ietf.org/html/draft-ietf-idr-registered-wide-bgp-communities-02 That draft is pending standardization of wide-communities itself. You are