Re: HE.net BGP origin attribute rewriting

[Nick Hilliard <nick () foobar org>]

On 31/05/2012 12:55, David Barak wrote:
> I disagree.  Origin is tremendously useful as a multi-AS weighting tool,
> and isn't the blunt hammer that AS_PATH is.  The place where I've gotten
> the most benefit is large internal networks, where there may be multiple
> MPLS clouds along with sites cascaded off of them - it provides a way of
> sending "soft" preferences down the transitive chain.  Also useful is
> "set origin egp XX" - on a route injector, that can post-pend an ASN and
> limit the spread of a route while still allowing the same transitive
> properties.

We're not talking about the same thing here: configuring a policy to use an
interior-generated origin is completely different to depending on what your
upstreams configure their announcements to look like.

If you don't rewrite your transit providers' origin, then you are telling
them that they can directly influence your exit discrimination policy on
the basis of a purely advisory flag which has no real meaning.  I.e. if one
of them tweaks origin to be IGP and another leaves everything set at EGP or
incomplete, then the tweaker will end up taking more of your traffic on no
basis whatsoever, other than the fact that they bent the rules of what some
might consider as pair play.  This is broken and harmful.  Rewriting the
origin on ingress stops this particular line of network abuse.

Nick