Hi Jeff, Anno domini 2022 Jeffrey Haas scripsit:
> > On Jul 5, 2022, at 6:40 AM, Maximilian Wilhelm <[email protected]> wrote: > > after some discussion at RIPE84 we took the time to formalize a draft > > to define a well-known BGP community to indicate a given prefix is > > carrying Anycast traffic. The intent is to allow ISPs to do well > > informed TE, especially in cases where they want to diverge from the > > hot potato principle. > > Thanks for the draft. > > Minimally, I think the draft is "mostly harmless!" (with no offense to the > idea). An advisory community that may help operators shape policy for the > documented scenarios might be helpful. > > I think my major questions for the draft overlap whether an operator has any > particular reason to trust the marking to be used to influence their policy. > For example, if a /24 marked with the anycast community would bypass your TE > and stick to shortest IGP distance, what's the likelihood that someone would > intentionally mis-mark routes for this behavior? If we get to the point > where this needs a prefix-list to decide what routes you'd trust, especially > given the advice about no-export, does the community actually help the > operator? Thanks for raising that point, I guess that warrants another paragraph in the Security Considerations section. I'd say it is in real of the network operator to decide whether or not to act on this information and whether or not it can be trusted. As you mention we already have other community out there which you need to trust to act on them, being it NO_EXPORT / NO_ADVERTISE, BLACKHOLE (usally filtered against a prefix-list), or any advisory community from IXPs and ISPs. Operators could decide to only trust the ANYCAST community when recieved on a direct peering, being it via a PNI or an IXP and drop it via transit sessions. I'd say that should be up to the ones defining routing policy. Does that make sense? Cheers, Max _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
