AS_SET can be used to reduce the AS-PATH length or to hide the actual path
but still prevent as-path loops.
AS_SET can be used to prevent distribution of a route to the ASNs in the set
without overgrowing the as-path length.
This makes the Pilosov-Kapela BGP hijack easier to do.
I support deprecation, but realize that it will never be removed :(
Regards,
Jakob.
-Original Message-
From: GROW On Behalf Of Jeffrey Haas
Sent: Thursday, October 3, 2019 1:25 PM
To: Rob Foehl
Cc: IDR ; GROW WG ; Warren Kumari
; sidr...@ietf.org
Subject: Re: [GROW] [Sidrops] Deprecation of AS_SET and AS_CONFED_SET --
feedback requested
On Wed, Oct 02, 2019 at 07:45:15PM -0400, Rob Foehl wrote:
> >It'd be interesting to find out what code these folk are running. Hopefully
> >not one of my bugs. :-)
>
> I've never had an interaction with AS_SET that could be described as
> anything other than broken -- like, ever, from any vendor. I'd
> prefer to see them disappear entirely, but if that doesn't happen,
As Jared noted, this was more of a common thing back-in-the-day.
For properly operating proxy aggregation, you'd generally hope that all
contributing networks were properly behind the aggregating party. However,
as the Internet has gotten more meshy, those topological considerations
don't apply anywhere near as much.
As this torches and pitch-forks campaign against as-set continues, operators
will have to figure out whether they're really happy with the two impacts:
- No proxy aggregation, ever?
- Lie about the AS_PATH when you do it.
Today you can at least infer that proxy aggregation is happening.
The second point has entertaining impact vs. RPKI, so that's the likely
forcing function.
> at least having a "no-as-sets-under-any-circumstances" policy knob
> would be helpful...
It's a fine policy knob, and I'm more supportive of that in general.
-- Jeff
___
GROW mailing list
GROW@ietf.org
https://www.ietf.org/mailman/listinfo/grow
___
GROW mailing list
GROW@ietf.org
https://www.ietf.org/mailman/listinfo/grow
