Job Snijders wrote:
I believe this update addresses the concerns raised in this phase of the
document.
yes, thanks, it addresses these concerns, and the document is a lot
better as a result.
The second major area of concern I have about this proposal is the
transitive nature of the bgp community. The issue is that the draft
specifies a mechanism to cause traffic to be dropped on the floor, that
the signaling mechanism is globally transitive in scope, and the
specific intent is that prefixes tagged in this way are exported to
other ASNs. In other words, the draft specifies behaviour that is risky
by default.
Prefix hijacking rates suggest that adding a new compromise vector is
something that should be considered carefully in the context of
standardisation.
The obvious way to work around this would be to specify a non-transitive
community, but that would defeat the purpose of the draft. Other
options might include a requirement that BLACKHOLE should automatically
be marked as NO-EXPORT when received by a third party ASN. This doesn't
deal with backwards compatibility, though, and given the lifetime of bgp
implementations, there would be a large time window opened where this
may be a problem.
Nick