Hi Mike,
Of the problems in the problem section, the interaction between
prepending and malicious prefix injection (effectively sections 3.2, 3.3
and 3.4) is the primary problem. I.e. when someone announces a prefix
with excess as-path prepends, someone else can announce a prefix with a
shorter as path, and consequently hijack the address space.
But the root problem here isn't excessive prepending: it's prefix
hijacking. If someone else on the internet can announce someone else's
prefix, then the hijack has already happened, and as long as the
hijacked prefix is accepted by any network, then damage is already
happening. The impact can be exacerbated by operator prepending, but
it's any prepending, not excessive prepending.
If the ID is going to make a statement about how as path prepending,
then can I suggest it identifies the root cause as being prefix
hijacking, but that the blast radius of an existing hijacking incident
will most likely be increased by as-path prepending? Sections 3.3 and
3.4 should be rolled into this section, as they are straightforward
variations on the same theme.
Implementation errors are out of scope for the IETF, so section 3.6
("Errant Announcement") and the router crash statement in the security
considerations section should be deleted. I'd also argue that section
3.1 falls into this category, as the premise here is that when
cumulatively broken things are done to a prefix, overall breakage will
happen. Is the example in 3.1 based on a real life scenario? If it were,
and I were handling network A's connectivity requirements, I'd be
looking at an alternative provider, or implementing different
interconnection arrangements.
Also, it's not clear that the second sentence in section 3.5 belongs in
the draft. If there's a problem with processing complexity here, then
that's an implementation problem and would be out of scope for an ID.
Nick
[email protected] wrote on 24/04/2025 00:24:
Internet-Draft draft-ietf-grow-as-path-prepending-15.txt is now available. It
is a work item of the Global Routing Operations (GROW) WG of the IETF.
Title: AS Path Prepending
Authors: Mike McBride
Doug Madory
Jeff Tantsura
Robert Raszuk
Hongwei Li
Jakob Heitz
Gyan Mishra
Name: draft-ietf-grow-as-path-prepending-15.txt
Pages: 13
Dates: 2025-04-23
Abstract:
Autonomous System (AS) path prepending is a tool to manipulate the
BGP AS_PATH attribute through prepending one or more Autonomous
System Numbers (ASNs). AS path prepending is used to deprioritize a
route in the presence of a route with a shorter AS_PATH. By
prepending a local ASN multiple times, ASes can make advertised AS
paths appear artificially longer. However, excessive AS path
prepending has caused routing issues in the Internet. This document
provides guidance for the use of AS path prepending, including
alternative solutions, in order to avoid negatively affecting the
Internet.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-grow-as-path-prepending/
There is also an HTMLized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-grow-as-path-prepending-15
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-grow-as-path-prepending-15
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
_______________________________________________
GROW mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
GROW mailing list -- [email protected]
To unsubscribe send an email to [email protected]
