Issue with Noction IRP default setting (Was: BGP route hijack by AS10990)

• Previous message (by thread): Issue with Noction IRP default setting (Was: BGP route hijack by AS10990)
• Next message (by thread): Issue with Noction IRP default setting (Was: BGP route hijack by AS10990)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/Aug/20 01:44, Ryan Hamel wrote:
> Matt,
>
> Why are you blaming the ease of use on the vendor, for the operators
> lack of knowledge regarding BGP? That is like blaming a vehicle
> manufacturer for a person pressing the gas pedal in a car and not
> giving a toss about the rules of the road. The base foundation
> regarding the rules of the road mostly apply the same for driving a
> car, truck, bus, and semi/lorry truck. There is no excuse for
> ignorance just because the user interface is different (web browser
> vs. SSH client).

Actually, there is.

One has to actually acquire knowledge about not only driving a car, but
driving it in public. That knowledge is then validated by a
gubbermint-sanctioned driver's license test. If you fail, you aren't
allowed to drive. If you are caught driving without a driver's license,
you pay the penalty.

There is no requirement for a license in order to run power into a
router and hook it up to the Internet. This is the problem I have with
the current state of how we support BGP actors.

> Adding a take on this, there are kids born after 9/11, with IP
> allocations and ASNs experimenting in the DFZ right now. If they can
> make it work, and not cause harm to other members in this community,
> it clearly demonstrates a lack of knowledge, or honest human error
> (which will never go away).

We should not be celebrating this.


>
> Anything that can be used, can be misused. With that said, why
> shouldn't ALL BGP software implementations encourage best practice?
> They decided RPKI validation was a good thing.

The larger question is we should find a way to make our industry
genuinely qualification-based, and not "free for all that decides they
want to try it out".

I don't yet know how to do that, but we certainly need to start thinking
more seriously about it. Kids born after 9/11 successfully experimenting
on a global network is not where the bar ought to be.

Mark.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200802/d97c5fd6/attachment.html>

• Previous message (by thread): Issue with Noction IRP default setting (Was: BGP route hijack by AS10990)
• Next message (by thread): Issue with Noction IRP default setting (Was: BGP route hijack by AS10990)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]