BGP route hijack by AS10990

Owen DeLong owen at delong.com
Sat Aug 1 21:43:04 UTC 2020



> On Aug 1, 2020, at 12:59 PM, Sabri Berisha <sabri at cluecentral.net> wrote:
> 
> ----- On Aug 1, 2020, at 12:50 PM, Nick Hilliard nick at foobar.org wrote:
> 
> Hi,
> 
>> Sabri Berisha wrote on 01/08/2020 20:03:
>>> but because Noction's decision to not enable NO_EXPORT by default
>> 
>> the primary problem is not this but that Noction reinjects prefixes into
>> the local ibgp mesh with the as-path stripped and then prioritises these
>> prefixes so that they're learned as the best path.
> 
> Yeah, but that's not problem as far as I'm concerned. Their network, 
> their rules. I've done weirder stuff than that, in tightly controlled
> environments.

Your network, your rules is fine as far as your border. When you start announcing crap to the rest of the world, then the rest of the world has a right to object.

When your product makes it easy for your customers to accidentally announce crap to the rest of the world, then it’s the moral equivalent of building a car without a seatbelt. Sure, before the technology was widely known and its life saving capabilities well understood, it was legitimate to dismiss it as an unnecessary added cost. Today, there’s no excuse for such an action. The hazards of BGP optimizers are pretty well known and it’s not unreasonable to expect vendors to implement appropriate safeguards into their products and/or recommend appropriate safeguards by their customers in their other routing devices. Certainly no-export by default is an example of something that there’s really no reason not to do in any BGP optimizer.

>> The as-path is the primary loop detection mechanism in eBGP.  Removing
>> this is like hot-wiring your electrical distribution board because you
>> found out you could get more power if you bypass those stupid RCDs.
> 
> Well, let's be honest. Sometimes we need to get rid of that pesky mechanism.
> For example, when using BGP-as-IGP, the "allowas-in" disregards the as-path,
> in a controlled manner (and yes, I know, different use case).

Also a much more constrained case… allowas-in (which I still argue is a poor substitute
for getting different ASNs for your different non-backboned sites) only allows you to loop your own AS and only at your own sites. It doesn’t support allowing you to feed crap to the internet.

> My point is that there can be operational reasons to do so, and whatever
> they wish to do on their network is perfectly fine. As long as they don't
> bother the rest of the world with it. 

But the whole reason we’re having this conversation is that they _DID_ bother the rest of the world with it. Kind of takes the wind out of that particular argument, wouldn’t you say?

Owen




More information about the NANOG mailing list