nanog mailing list archives
Re: How long AS-PATH policies have you used
From: Job Snijders via NANOG <nanog () lists nanog org>
Date: Thu, 26 Feb 2026 15:41:35 +0000
On Thu, Feb 26, 2026 at 11:53:09AM +0200, Saku Ytti wrote:
Only thing you are offering for this, is ASPA in future or peerlock today.
Both efforts represent multiple years of work, you are welcome :)
But peerlock is anticompetitive, why bigtech gets preferential treatment and someone else who doesn't pass the bar, doesn't get peerlock treatment from us? Why should we reward monopolies with better products that we don't offer everyone? I think peerlock may be literally illegal under some jurisdiction antitrust law, unless everyone can contact us and demand to be in peer lock. And this mechanism doesn't exist. Yes we are doing it, and yes we wouldn't stop doing it. But we are in addition offering prefix-list filtering today, to offer some cover to those, who are not worthy of peerlock. And can I stop doing that? So are you saying, I shouldn't do b+c, despite the fact that I am retaining AS-SET compliance as I am today. I am not _removing_ any posture, I am adding posture.
I think you may be holding some of this upside down: by locking a select few ASNs in such that they can only appear behind specific BGP sessions, your autonomous system helps protect the global Internet routing system. Save the cheerleader, save the world. ;-) For example, by locking in a large peer you not only help your own customers, but also their customers, and as a result also everyone's customers' customers. Global IP networks are a shared substrate. Another angle: by locking in a large content provider, when leaks are occuring elsewhere, it'll will help improve the chances of congestion-free access to not just that content but also other content for everyone using the network! Because peerlocking is a sharp tool, I'd strongly recommend to-be-locked-in networks to interconnect in multiple separate geographies in order to prevent network partitions following failure of individual links or routers. Obviously it is exceedingly hard to operationalize without direct relationship or direct interconnection, so that's why not every AS is a suitable candidate for being locked in; quite some ASes prefer flexibility over security. In this sense ASPA is far more attractive than peerlock because ASPA offers AS holders timely distribution of new routing intentions in standardized & automated fashion. ASPA certainly is a more accessible facility than peerlock. I myself consider attempts to reduce the blast radius and impact of routing incidents to be part of responsible corporate citizenship and most likely easily defendable. Kind regards, Job _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog () lists nanog org/message/LRHVGV2FSE6RFC5BS5YVPSNTLK72LDCT/
Current thread:
- How long AS-PATH policies have you used Saku Ytti via NANOG (Feb 23)
- Re: How long AS-PATH policies have you used Tom Beecher via NANOG (Feb 24)
- Re: How long AS-PATH policies have you used Saku Ytti via NANOG (Feb 24)
- Re: How long AS-PATH policies have you used James Bensley via NANOG (Feb 25)
- Re: How long AS-PATH policies have you used Saku Ytti via NANOG (Feb 25)
- Re: How long AS-PATH policies have you used Job Snijders via NANOG (Feb 26)
- Re: How long AS-PATH policies have you used Saku Ytti via NANOG (Feb 26)
- Re: How long AS-PATH policies have you used Saku Ytti via NANOG (Feb 26)
- Re: How long AS-PATH policies have you used Saku Ytti via NANOG (Feb 26)
- Re: How long AS-PATH policies have you used Job Snijders via NANOG (Feb 26)
- Re: How long AS-PATH policies have you used Saku Ytti via NANOG (Feb 26)
- Re: How long AS-PATH policies have you used Saku Ytti via NANOG (Feb 25)
- Re: How long AS-PATH policies have you used Tom Beecher via NANOG (Feb 24)
- Securing EBGP while getting rid of big IRR-based prefix-list-filters (Was: How long AS-PATH policies have you used) Job Snijders via NANOG (Feb 26)