On Fri, Jan 13, 2017 at 02:28:23PM -0800, joel jaeggli wrote: > On 1/13/17 1:54 PM, Marco Marzetti wrote: > > <rant> > > Every time one suggests a change related to the IXPs world we spend > > days arguing if it affects the neutrality and how. Do we really > > need that? > > </rant> > > > > Anyway, i can't see why IXPs can blackhole traffic (if the > > destination requests it), but cannot do the same with prefixes. > > After all if a prefix is invalid the owner requested it to be > > verified by the other parties. > > In general the consequences for IX operator that either allows it > customers to attack each other over the exchange route-server or does > so itself seems severe. Loss of confidence in the disposition of one's > own routes seems like immediate grounds for depeering. If the routes > remain afterwards with the short as path; the operator is engaged in > prefix hijakcing. > > I personally find it dubious that I would choose to honor a third > parties efforts at origin validation if I did not myself validate them > but a signal from the exchange that it did validate the origin or that > there an invalid roa floating around is at a minimum very interesting.
I still don't understand how there can be a justification as to why it would be OK for route servers to redistribute poisonous routes and say "trust me its OK i added a community!", and we expect some different behaviour from 'the rest of the AS's'? In a case like this http://mailman.nanog.org/pipermail/nanog/2017-January/089823.html, assuming a ROA had existed for 206.125.164.0/22, what would've been the appropiate response from any AS involved (including route servers)? A) "its fine, i tagged it with a community and amplified the problem by propagating it to all my peers" B) "the buck stops with me, the invalid route will not be propagated by me" At the very least, i'd prefer the default mode should be a secure mode, not a 'scientifically interesting' mode. Kind regards, Job _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
