Version 2.0.0-pre1
Job Snijders
job at instituut.net
Mon May 1 11:55:16 CEST 2017
On Mon, May 01, 2017 at 11:45:58AM +0200, Ondrej Zajicek wrote:
> On Sun, Apr 30, 2017 at 10:42:19AM +0200, Job Snijders wrote:
> > On Sun, Apr 30, 2017 at 12:46:04AM +0200, Ondrej Filip wrote:
> > > Let me announce a new addition to 2.0.x branch.
> >
> > Congratulations!
> >
> > Does this 2.0.0-pre1 version follow draft-ietf-grow-bgp-reject ?
>
> No, like 1.6.x, it has default policy of import all, export none.
>
> While i see that it is a good idea to have export none as default, i
> do not see much advantage to have import none as default.
I'd argue this is insecure behaviour and I'm disappointed you do not see
an advantage.
The default of "import all" fully relies on the EBGP neighbor not
announcing crap to you. Relying on others to do the right thing means
you are operating from a position of weakness rather then strength.
And while today your peering partner may announce a pristine set of
routes, tomorrow that might be different. Your EBGP peer could update
their configuration, upgrade the software, or swap out their
implementation for something with poor defaults. This can lead to
surprises (outages) to both parties if they are not incentivized to
ensure that both sides of the EBGP session make a conscience decision
what to accept and what to reject.
You may want to align with feela@ since it appears you have different
opinions on the matter. Ondrej Filip told me that 2.0.x would be the
right place for a change like this and earlier on committed to support
this secure default behaviour.
Kind regards,
Job
More information about the Bird-users
mailing list