On 2/Aug/20 01:44, Ryan Hamel wrote: > Matt, > > Why are you blaming the ease of use on the vendor, for the operators > lack of knowledge regarding BGP? That is like blaming a vehicle > manufacturer for a person pressing the gas pedal in a car and not > giving a toss about the rules of the road. The base foundation > regarding the rules of the road mostly apply the same for driving a > car, truck, bus, and semi/lorry truck. There is no excuse for > ignorance just because the user interface is different (web browser > vs. SSH client).
Actually, there is. One has to actually acquire knowledge about not only driving a car, but driving it in public. That knowledge is then validated by a gubbermint-sanctioned driver's license test. If you fail, you aren't allowed to drive. If you are caught driving without a driver's license, you pay the penalty. There is no requirement for a license in order to run power into a router and hook it up to the Internet. This is the problem I have with the current state of how we support BGP actors. > Adding a take on this, there are kids born after 9/11, with IP > allocations and ASNs experimenting in the DFZ right now. If they can > make it work, and not cause harm to other members in this community, > it clearly demonstrates a lack of knowledge, or honest human error > (which will never go away). We should not be celebrating this. > > Anything that can be used, can be misused. With that said, why > shouldn't ALL BGP software implementations encourage best practice? > They decided RPKI validation was a good thing. The larger question is we should find a way to make our industry genuinely qualification-based, and not "free for all that decides they want to try it out". I don't yet know how to do that, but we certainly need to start thinking more seriously about it. Kids born after 9/11 successfully experimenting on a global network is not where the bar ought to be. Mark.
