nanog mailing list archives
Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times
From: Matthew Petach <mpetach () netflight com>
Date: Fri, 25 Mar 2022 17:17:02 -0700
On Fri, Mar 25, 2022 at 2:59 PM Adam Thompson <athompson () merlin mb ca> wrote:
Tom, how exactly does someone “ride the 0/0” train in the DFZ?
It's not so much "ride the 0/0 train" as much as it is "treat excessive prepends as network-unreachable" Think of prepends beyond say 10 prepends as a way to signal "infinite" distance--essentially, "unreachable" for that prefix along that path. Anyone that is prepending to do traffic engineering is doing *differential* prepending; that is, a longer number of prepends along one path, with a shorter set of prepends along a different path. So, dropping the inbound announcement with 255 prepends merely means your router will look for the advertisement with a shorter number of prepends on it. If you're only announcing one path for your prefix, and it is prepended 255 times, you're fundamentally not understanding how BGP works, and the only way to get a clue-by-four might be to discover you've made your prefix invisible to a significant portion of the internet.
I’m connected to both commercial internet and NREN, and unfortunately-long paths are not uncommon in this scenario, in order to do traffic steering. If there’s another solution that affects global *inbound* traffic distributions, I’d love to hear about it (and so would a lot of my peers in edu). If there were a usable way to “dump” the excessively-long path only as long as a better path was already known by at least one edge router, that might be workable, but you’d have to keep track of it somewhere to reinstall it if the primary route went away… at which point you may as well have not dropped it in the first place.
You dump the excessively-long path based on the assumption that the only reason for a long set of prepends out one path is to shift traffic away from that path to one that you're advertising out with a *shorter* set of prepends. The router doesn't need to 'look' for or 'keep track' of the different path; the human makes the decision that any sane BGP speaker would only prepend 255 times on a path if there was a shorter as-path advertisement they wanted people to use instead. So, drop the excessively long prepended path, and make use of the 'should be in the table somewhere' advertisement of the prefix with fewer prepends. Easy-peasy.
-Adam
Current thread:
- Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times, (continued)
- Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times Joe Provo (Mar 25)
- Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times Baldur Norddahl (Mar 25)
- Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times Jon Lewis (Mar 27)
- Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times Baldur Norddahl (Mar 27)
- Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times Joe Provo (Mar 25)
- Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times Joe Maimon (Mar 31)
- Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times Matthew Petach (Mar 31)
- Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times Joe Maimon (Mar 31)
- RE: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times Adam Thompson (Mar 25)
- Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times Brian Knight via NANOG (Mar 25)
- Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times Matthew Petach (Mar 25)
- Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times Amir Herzberg (Mar 25)
- Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times Matthew Petach (Mar 25)