[routing-wg] May a tier1 transit change bgp origin attribute?
Harald Michl harald.michl at univie.ac.at
Sat Dec 14 10:49:15 CET 2013
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Job, On 13.12.13 21:08, Job Snijders wrote: > On Fri, Dec 13, 2013 at 08:31:39PM +0100, Harald Michl wrote: > >> We (ACOnet, the Austrian NREN, AS1853) do have several upstreams. >> More or less per random we detected that one of them delivers >> prefixes with a different route origin parameter (IGP instead of >> incomplete) than others. This obviously has a big influence in >> the BGP best-path selection. After asking why this is the case we >> learned from them: >> >> On 28.11.13 10:32, support at xxx.com wrote:> >>> Hi Harald, >>> >>> The XXX standard route map sets origin IGP as standard across >>> all customer learned routes... >> >> Now we are currently debating with them whether this is ok or >> not. > > For me the igp attribute falls in same category as MED. If your > routing policy is not to accept MEDs (thus rewriting them), you > should for consistency purposes, also reset route origin attribute. > Of course we could rewrite all origin attributes to be the same. But that's like removing it from the best-path calculation. (this is not a problem, just a conclusion) > > It is likely your upstream is resetting the origin to draw more > traffic towards themselves. To level the playing field in your > case, it might be beneficial to reset origin on outbound > advertisement across all your upstreams. Yes attracting more traffic could be a reason. But I think there is no reason why someone _has to_ rewrite the origin parameter. So I'd expect this data set by origin not to be changed during the bgp propagation. I also wonder which attributes will be signed in a more secure BGP environment in the long run. If the origin attribute is going to be one of these parameters then signature-checks will/would fail... - -Harald > > Kind regards, > > Job > -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKsKZsACgkQszNfQwh3cvRyKwCeL2viSzvpvd1Jy3Nf8q2Gu4wY XZwAoPNxBf4enTMtI1be9NnHIYPUPkqf =2/dl -----END PGP SIGNATURE-----