On 24 August 2025 08:34:51 CEST, Saku Ytti via NANOG <[email protected]>
wrote:
>On Sat, 23 Aug 2025 at 23:32, Jakob Heitz via NANOG
><[email protected]> wrote:
>
>> Losses:
>> Privacy. Telling your competitors what all your links and private peerings
>> are may not be what you want.
>> You might not advertise all your prefixes to some of your neighbors, but you
>> still need the link for other prefixes.
>
>This disjoint advertisement is a legitimate argument, but as explained
>elsewhere we could address it by registering more ASNs and moving the
>ASNs, not prefixes. Privacy appears to be the same argument for
>disjoint advertisements.
>
>> If you are only advertising the link, then any neighbor could send you
>> traffic that you don't want to provide transit for. So you drop it. How does
>> your neighbor know? You send him the routes for traffic you are willing to
>> transit traffic for.
>
>Your links that you advertise are the ASme-ASyou you provide traffic
>for. You don't advertise links you don't carry traffic for. So I would
>advertise ASme-ASme, ASme-AScustomer + ASprovider-ASme to my upstream,
>but I would not advertise ASme-ASupstream to my upstream.
But link-state protocols are global shared state, gossip protocols and don't
support split horizon. You have a customer with two upstreams but you hide
something from your upstream; they'll find out about it anyway via your
customer and their other upstream.
I don't know what you mean by "links you carry traffic for". All links are
presumably intended to carry traffic. So you advertise all links.
Lying in a link-state routing protocol is a good way to create routing loops.
They fundamentally rely on every node having an identical set of information
and running an identical algorithm.
>My upstream similarly would advertise to their peers and upstream
>ASupstream-ASme.
>
>This would allow anyone to validate those paths, because they expect
>ASme to have ASprovider-ASme adjancency, and they expect ASprovider to
>corroborate that with having ASprovider-ASme adjacency. Both
>link-states are signed and singatures verifiable by some out-of-band
>mechanism.
>
>
>
>I do think that in an alternate reality, where we would have
>anticipated that BGP abuse and +1M prefixes we would have landed
>somewhere entirely different than where we are today. And in that
>reality whatever limitations that feature has, we would have learned
>to live with them and started to think they are requirements, because
>they are requirements there, because we can only. build solutions on
>top of those that work with that stack.
>I have full confidence we could have made this link-state based
>reality work, and the Internet would work just the same for Internet
>users. I have no confidence that it would be worthwhile.
>It would be different and whatever it enables would seem like
>requirements to us now, while they were just solutions we ended up
>with the limitations we had.
>
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/[email protected]/message/4LHM5C2DP4NMUR7TKHAZAH22NCM4CXM3/
