Hi Joe, On Thu, Jun 13, 2019 at 9:59 Joe Abley <jab...@hopcount.ca> wrote:
> Hey Joe, > > On 12 Jun 2019, at 12:37, Joe Provo <nanog-p...@rsuc.gweep.net> wrote: > > > On Wed, Jun 12, 2019 at 04:10:00PM +0000, David Guo via NANOG wrote: > >> Send abuse complaint to the upstreams > > > > ...and then name & shame publicly. AS-path forgery "for TE" was > > never a good idea. Sharing the affected prefix[es]/path[s] would > > be good. > > I realise lots of people dislike AS_PATH stuffing with other peoples' AS > numbers and treat it as a form of hijacking. > > However, there's an argument that AS_PATH is really just a loop-avoidance > mechanism, not some kind of AS-granular traceroute for prefix propagation. > In that sense, stuffing 9327 into a prefix as a mechanism to stop that > prefix being accepted by AS 9327 seems almost reasonable. (I assume this is > the kind of TE you are talking about.) > > What is the principal harm of doing this? Honest question. I'm not > advocating for anything, just curious. Excellent question. 1/ We can’t really expect on the loop detection to work that way at the “jacked” side. So if this is innocent traffic engineering, it is unreliable at best. 2/ Attribution. The moment you stuff AS 2914 anywhere in the path, we may get blamed for anything that happens through the IP addresses for that route. In a way the ASNs in the AS_PATH attribute an an inter-organizational escalation flowchart. Kind regards, Job