Re: Dodgy AS327933 ...?

[August Yang via NANOG <nanog () nanog org>]

BGP was indeed designed in an era when trust was implicit. Introducing 
ASPA to sign a cryptographic list of authorized providers steps in the 
right direction. By validating both AS_PATH and route origin, the 
chances of BGP hijack and misconfigurations can be substantially 
reduced.

https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-verification/

On 2023-08-11 13:51, Mark Tinka wrote:
> On 8/11/23 12:56, Nick Hilliard wrote:
>
> > bgp is a policy based distance vector protocol. If you can't adjust 
> > the primary inter-domain metric to handle your policy requirements, 
> > it's not much use.
>
> I am not talking about appending one's own AS in the AS_PATH. I am 
> talking about appending someone else's AS in the AS_PATH.
>
> To be fair, I have never had to do that, since I've always thought it 
> would be considered bad form. But I suspect that on the simple BGP 
> mechanics of it, no vendor would be able to prevent that in any 
> meaningful way.
>
> Then again, path hijacking likely wasn't a thought at the time the 
> Border Gateway Protocol was being conceived.
>
> Mark.

--
August