BGP route hijack by AS10990
Nick Hilliard
nick at foobar.org
Sat Aug 1 19:50:04 UTC 2020
Sabri Berisha wrote on 01/08/2020 20:03:
> but because Noction's decision to not enable NO_EXPORT by default
the primary problem is not this but that Noction reinjects prefixes into
the local ibgp mesh with the as-path stripped and then prioritises these
prefixes so that they're learned as the best path.
The as-path is the primary loop detection mechanism in eBGP. Removing
this is like hot-wiring your electrical distribution board because you
found out you could get more power if you bypass those stupid RCDs.
Once you strip off the as-path in the local view, it's like the AS7007
incident desperately begging to happen all over again.
As long as route optimiser vendors ship their products with such deeply
harmful defaults, we're going to continue to see these problems ad nauseam.
Nick
More information about the NANOG
mailing list