nanog mailing list archives

Re: BGP route hijack by AS10990

From: Nick Hilliard <nick () foobar org>
Date: Sat, 1 Aug 2020 15:44:15 +0100

Mark Tinka wrote on 01/08/2020 12:20:

The difference between us and aviation is that fundamental flaws or
mistakes that impact safety are required to be fixed and checked if you
want to keep operating in the industry. We don't have that, so...

... so once again, route optimisers were at the heart of another seriousroute leaking incident.

BGP is designed to prevent loops from happening, and has tools likeno-export to help prevent inadvertent leaks.

When people build "BGP optimisers" which reinject a prefix into arouting mesh with the entire as-path stripped and then they refuse toapply the basic minimum of common sense by refusing point blank to tagprefixes with no-export, it's a matter of certainty that leaks are goingto happen, and that when they do, they'll cause damage.

It's about as responsible as shipping a shotgun with the safety disabledand then handing it to a newbie. After all, the safety makes it moredifficult to operate and if the newbie shoots themselves, it was theirfault. And if they shot someone else, they shouldn't have got in theway, right?


Nick

Current thread:

Re: Issue with Noction IRP default setting (Was: BGP route hijack by AS10990), (continued)
- - - Re: Issue with Noction IRP default setting (Was: BGP route hijack by AS10990) Mark Tinka (Aug 02)
    - Re: Issue with Noction IRP default setting (Was: BGP route hijack by AS10990) Ross Tajvar (Aug 02)
    - Re: Issue with Noction IRP default setting (Was: BGP route hijack by AS10990) Mark Tinka (Aug 02)
    - Re: Issue with Noction IRP default setting (Was: BGP route hijack by AS10990) Ross Tajvar (Aug 02)
    - Re: Issue with Noction IRP default setting (Was: BGP route hijack by AS10990) Mark Tinka (Aug 02)
    - Re: Issue with Noction IRP default setting (Was: BGP route hijack by AS10990) Mark Tinka (Aug 02)
    - Re: Issue with Noction IRP default setting (Was: BGP route hijack by AS10990) Tom Beecher (Aug 03)
    - Re: Issue with Noction IRP default setting (Was: BGP route hijack by AS10990) Job Snijders (Aug 03)
    - Re: Issue with Noction IRP default setting (Was: BGP route hijack by AS10990) Mike Hammett (Aug 01)
    - Re: Issue with Noction IRP default setting (Was: BGP route hijack by AS10990) Mark Tinka (Aug 02)
- Re: BGP route hijack by AS10990 Nick Hilliard (Aug 01)
  - Re: BGP route hijack by AS10990 Mark Tinka (Aug 01)
- Re: BGP route hijack by AS10990 Owen DeLong (Aug 01)
  - Re: BGP route hijack by AS10990 Mark Tinka (Aug 01)
    - Re: BGP route hijack by AS10990 Owen DeLong (Aug 01)
    - Re: BGP route hijack by AS10990 Mark Tinka (Aug 01)
  - Re: BGP route hijack by AS10990 Sabri Berisha (Aug 01)
    - Re: BGP route hijack by AS10990 Owen DeLong (Aug 01)
    - Re: BGP route hijack by AS10990 Mark Tinka (Aug 01)
    - Re: BGP route hijack by AS10990 Nick Hilliard (Aug 01)
    - Re: BGP route hijack by AS10990 Sabri Berisha (Aug 01)

(Thread continues...)