On 8/24/25 02:23, Saku Ytti wrote:
On Sun, 24 Aug 2025 at 05:52, Jeffrey Haas <[email protected]> wrote:
The easy way to picture some of the impacts of that is consider what
it'd take to distribute "at the boundary of AS X->Y, don't distribute
prefix P".
If we imagine that we would have day1 had concern of people abusing
BGP and that we need to distribute >1M prefixes. We likely would have
considered we need out-of-band for validation reasons alone. So we
would have evolved a very different looking system.
It's worth remembering that such validation systems were considered very
early. The origins of the IRR and route servers were there partially to
deal with scaling situations along with validating routes. It's only
with this iteration with the RPKI that we've gotten a flavor of such a
database that's had some teeth to it.
And what limitations that system would have and how to work with them
would now look like requirements to us, when they were just the best
solution we could come up, with the tools we had in front of us.
... and similarly what the security landscape would resemble. bgpsec
still resembles most of the important bits of S-BGP for such reasons.
And rather similarly, the fact that systems actually getting deployed
have properties more like SO-bgp than S-BGP.
To your point, where we're at is exactly the same type of story I
generally tell about BGP: We got here one step at a time, because this
has always been a story about successful incremental deployments. Did
my elders think about doing everything in the flavor of link-state at
the beginning? They certainly were aware of it - and somewhat
frightened of it. CPU scale at the time made even lower scale SPFs
challenging.
These days we have much larger CPUs, although the CPUs available in
routers still remain pathetic compared to desktop computers. Would link
state make more sense these days? I think those of you on this list
running planetary scale IGPs have some opinions about how even internal
networks are able to keep up. So... probably not for the scale of the
Internet.
I suspect all these disjoint advertisement problems that are
legitimate would be addressed by registering more ASN and moving the
ASNs between sites as needed.
RFC 1925, §2.(6). The amount of state stays largely the same.
A simplifying discussion I have when covering this problem is you can
treat an AS effectively as one very large router. The underlying
problem is you can't pretend for how ASes work that a route entering one
interface of this very large router is guaranteed to exit everywhere
else. This is how we'd expect a link-state implementation to generally
work.
Similarly, you can't expect that we're going to originate routes from
that AS uniformly from that single very large router.
These things already push us out of classical link state solutions. The
very large router is a black box and the Internet is the sum of how all
of those black boxes are operating based on the preferences of each
party running their AS.
Which is a pity in some respects. As you note, if it was closer to link
state, forwarding and convergence start to look very different.
-- Jeff
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/[email protected]/message/RMVLCDYMXB3V4JDVMCTNE3YGBCLBYPSI/
