Re: Link-state EGP

[Saku Ytti via NANOG <nanog () lists nanog org>]

On Sat, 23 Aug 2025 at 18:54, nanog--- via NANOG <nanog () lists nanog org> wrote:

> on second thought, the real reason is that link-state protocols are distributed algorithms which require all nodes to 
> execute the same algorithm on the same data, so there's no room to apply policy that wasn't baked into the design of 
> the protocol.

It doesn't really matter for sending direction which egress they
choose, as long as it doesn't loop. So even in this SPT future, I can
choose longer upstream over shorter by local policy, just like today.

The big difference is, that the receiver cannot cherry pick which
prefixes to receive in which eBGP, you have to be able to receive all
prefixes on all eBGP with a given ASN. And these consistent
announcements are not today always used, and would need to be replaced
by registering multiple ASN.


> On 23 August 2025 16:49:27 CEST, Saku Ytti via NANOG <nanog () lists nanog org> wrote:
> > The SPF discussion reminded me of a question I've been thinking about.
> >
> > Why do we use distance vector EGP? Why do we advertise prefixes?
> >
> > BGP made sense when we didn't have to worry about degenerates, when
> > the Internet was largely academic. Prefix is configured once to the
> > site where it exists, and no one else does anything, very optimal.
> >
> > But is that sensible today? When we have to also configure the prefix
> > out-of-band locally on every site, potentially 3 times, RPKI (RTR
> > maybe), prefix-list (for BGP) and access-list (for antispoof). So if
> > we discover ASN/Prefix association anyhow out-of-band, why do we need
> > to see +million prefixes in-band?
> >
> > What if EGP would flood link-states? What would we win? What would we lose?
> >
> > Potential wins:
> >  - flooded link-states could be signed, so we could verify both
> > AS1->AS2, AS2<-AS1 link-state exists with valid signatures. You
> > couldn't hijack ASN, the entire path could be validated.
> >  - initial convergence would be 50-100 times faster
> >  - lot less signalling/flapping
> >  - loop free alternatives for rapid convergence
> >
> > We could see some problems, for TE reasons I might advertise different
> > prefixes from different sites with the same AS. I'm not sure if that
> > is a legitimate concern, those are niche cases and for those cases we
> > could just register more ASNs and move the ASNs instead of prefixes.
> > But I'm sure there are more obvious weaknesses that don't immediately
> > spring to mind.
> >
> > --
> >  ++ytti
> > _______________________________________________
> > NANOG mailing list
> > https://lists.nanog.org/archives/list/nanog () lists nanog org/message/L2FW4MX25TFEX6IUUR5IOFQNGEVUX54T/
> _______________________________________________
> NANOG mailing list
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/D6VUEYYE43F5NLAI2Y67QD5O5XU7NPGA/



-- 
  ++ytti
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/3MVMHOJWEFZ4KGGTG6RKGLBPROOEEQYD/