[153191] in North American Network Operators' Group
Re: HE.net BGP origin attribute rewriting
daemon@ATHENA.MIT.EDU (Daniel Suchy)
Fri Jun 1 04:20:28 2012
Date: Fri, 01 Jun 2012 10:19:16 +0200
From: Daniel Suchy <danny@danysek.cz>
To: nanog@nanog.org
In-Reply-To: <20120531170646.GA2477@pob.ytti.fi>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 05/31/2012 07:06 PM, Saku Ytti wrote:
> On (2012-05-31 08:46 -0700), David Barak wrote:
>
>> On what precisely do you base the idea that a mandatory transitive attribute of a BGP prefix is a "purely advisory flag which has no real meaning"? I encourage you to reconsider that opinion - it's actually a useful attribute, much the way that MED is a useful attribute. Many providers re-write MED, and apparently some re-write ORIGIN. Neither of those is "network abuse" - it's more accurately described as "network routing policy." As has been stated here before: your network, your rules.
>
> When provider rewrites MED, they do it, because they don't want peer to
> cause them to cold-potato, to which they may have compelling reason.
> Then some clever people realise they forgot to rewrite origin, working
> around the implicit agreement you had with them.
>
You CAN rewrite MED, as stated in RFC 4271, section 5.1.4 - but you
SHOULD NOT change origin attribute, as stated in section 5.1.1. So, in
terms of rewriting, MED is not comparable to origin.
I think RFC 4271 (http://tools.ietf.org/html/rfc4271) is very clear
here. Back to the standard, why condone it's violation? Yes, statement
about origin is here since January 2006 - older RFC 1771 didn't contain
similar rule. But 6 years after publishing I think everyone had enough
time to implement this correctly.
I still think, that professionals shoult follow RFC and not insert their
own creativity to places, where's not expected - just because they
decide that as a "cool" idea. For local routing policy - there're still
lot of knobs, which can be used internally (typically MED, LOCPREF) to
enforce expected policy and there's technically no reason to change origin.
--
Daniel
