HE.net BGP origin attribute rewriting
Keegan Holley
keegan.holley at sungard.com
Thu May 31 14:00:50 UTC 2012
I have seen providers instruct their upstreams to raise local-pref to
hijack traffic. More than a few ISP's rewrite origin though. Personally I
only consider it a slightly shady practice. I think the problem with BGP
(among other things) is that there is no "blunt hammer". Now that routers
have more than 1G of RAM and more than one core it may be time to add some
more knobs.
2012/5/31 Nick Hilliard <nick at foobar.org>
> On 31/05/2012 12:55, David Barak wrote:
> > I disagree. Origin is tremendously useful as a multi-AS weighting tool,
> > and isn't the blunt hammer that AS_PATH is. The place where I've gotten
> > the most benefit is large internal networks, where there may be multiple
> > MPLS clouds along with sites cascaded off of them - it provides a way of
> > sending "soft" preferences down the transitive chain. Also useful is
> > "set origin egp XX" - on a route injector, that can post-pend an ASN and
> > limit the spread of a route while still allowing the same transitive
> > properties.
>
> We're not talking about the same thing here: configuring a policy to use an
> interior-generated origin is completely different to depending on what your
> upstreams configure their announcements to look like.
>
> If you don't rewrite your transit providers' origin, then you are telling
> them that they can directly influence your exit discrimination policy on
> the basis of a purely advisory flag which has no real meaning. I.e. if one
> of them tweaks origin to be IGP and another leaves everything set at EGP or
> incomplete, then the tweaker will end up taking more of your traffic on no
> basis whatsoever, other than the fact that they bent the rules of what some
> might consider as pair play. This is broken and harmful. Rewriting the
> origin on ingress stops this particular line of network abuse.
>
> Nick
>
>
>
More information about the NANOG
mailing list