Re: Link-state EGP

[Jeffrey Haas via NANOG <nanog () lists nanog org>]

On 8/24/25 02:23, Saku Ytti wrote:
> On Sun, 24 Aug 2025 at 05:52, Jeffrey Haas <jhaas () pfrc org> wrote:
>
> > The easy way to picture some of the impacts of that is consider what
> > it'd take to distribute "at the boundary of AS X->Y, don't distribute
> > prefix P".
> If we imagine that we would have day1 had concern of people abusing
> BGP and that we need to distribute >1M prefixes. We likely would have
> considered we need out-of-band for validation reasons alone. So we
> would have evolved a very different looking system.
It's worth remembering that such validation systems were considered very 
early.  The origins of the IRR and route servers were there partially to 
deal with scaling situations along with validating routes.  It's only 
with this iteration with the RPKI that we've gotten a flavor of such a 
database that's had some teeth to it.
> And what limitations that system would have and how to work with them
> would now look like requirements to us, when they were just the best
> solution we could come up, with the tools we had in front of us.

... and similarly what the security landscape would resemble. bgpsec 
still resembles most of the important bits of S-BGP for such reasons.  
And rather similarly, the fact that systems actually getting deployed 
have properties more like SO-bgp than S-BGP.

To your point, where we're at is exactly the same type of story I 
generally tell about BGP: We got here one step at a time, because this 
has always been a story about successful incremental deployments.  Did 
my elders think about doing everything in the flavor of link-state at 
the beginning?  They certainly were aware of it - and somewhat 
frightened of it.  CPU scale at the time made even lower scale SPFs 
challenging.

These days we have much larger CPUs, although the CPUs available in 
routers still remain pathetic compared to desktop computers. Would link 
state make more sense these days?  I think those of you on this list 
running planetary scale IGPs have some opinions about how even internal 
networks are able to keep up.  So... probably not for the scale of the 
Internet.

> I suspect all these disjoint advertisement problems that are
> legitimate would be addressed by registering more ASN and moving the
> ASNs between sites as needed.

RFC 1925, §2.(6).  The amount of state stays largely the same.

A simplifying discussion I have when covering this problem is you can 
treat an AS effectively as one very large router.  The underlying 
problem is you can't pretend for how ASes work that a route entering one 
interface of this very large router is guaranteed to exit everywhere 
else.  This is how we'd expect a link-state implementation to generally 
work.

Similarly, you can't expect that we're going to originate routes from 
that AS uniformly from that single very large router.

These things already push us out of classical link state solutions.  The 
very large router is a black box and the Internet is the sum of how all 
of those black boxes are operating based on the preferences of each 
party running their AS.

Which is a pity in some respects.  As you note, if it was closer to link 
state, forwarding and convergence start to look very different.

-- Jeff


_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/RMVLCDYMXB3V4JDVMCTNE3YGBCLBYPSI/