nanog mailing list archives

Re: How long AS-PATH policies have you used

From: Saku Ytti via NANOG <nanog () lists nanog org>
Date: Thu, 26 Feb 2026 18:33:15 +0200

On Thu, 26 Feb 2026 at 17:41, Job Snijders <job () bsd nl> wrote:

I think you may be holding some of this upside down: by locking a select
few ASNs in such that they can only appear behind specific BGP sessions,
your autonomous system helps protect the global Internet routing system.
Save the cheerleader, save the world. ;-)

Yes. But let's say I am tier1. It is likely entirely kosher for me to lock every
other tier1 from non tier1 ports. Maybe this is anticompetitive to tier2, but
maybe it is kosher.
However, if I offer peerlock to say AMZN, META or GOOG, now it is definitely
anticompetitive. I am choosing winners and losers, which is not my position
as tier1 to do. Worse, I am providing superior services to market leaders.

Now what would fair peerlock look like? Where anyone can tell me, offer me
this service.
It probably wouldn't be a negative match 'these cannot appear on this port',
because then I'm adding every ASN opting-in to every port. So simple customer
with one ASN gets an increasingly long negative 'not these ASNs' list.
So I probably want a positive match, 'only these'.

So how could this work? How could both Upcloud and Amazon at equal footing
communicate to me that 'remove my ASN from AS_PATH on all ports except X'.

I have a solution to that. But I have no interest in driving it, nor
is it even relevant
to the question, this is a complete sidetrack.
Since the question is, can we stop honoring AS-SET, if the answer is
'yes', great.

But objectively the solution you offer, has extremely small coverage
compared to AS-SET
as the world is today. I am not saying don't do those, I am saying,
can I do just those,
without doing AS-SET and not be held accountable?
While many AS-SET are trash, most are good. That is, most ports have
short list of
allowable ASN and any mistake those ports do, won't be accepted. This
would be gone,
if that is fine, that is very great news.

It is a little bit different for it being fine to Fastly, and it being
fine to network which connects customers.

--
++ytti
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/RJ7OPZYBPQKPDTMQGU6WL4GX2PC2QJUT/

Current thread:

How long AS-PATH policies have you used Saku Ytti via NANOG (Feb 23)
- Re: How long AS-PATH policies have you used Tom Beecher via NANOG (Feb 24)
  - Re: How long AS-PATH policies have you used Saku Ytti via NANOG (Feb 24)
- Re: How long AS-PATH policies have you used James Bensley via NANOG (Feb 25)
  - Re: How long AS-PATH policies have you used Saku Ytti via NANOG (Feb 25)
    - Re: How long AS-PATH policies have you used Job Snijders via NANOG (Feb 26)
    - Re: How long AS-PATH policies have you used Saku Ytti via NANOG (Feb 26)
    - Re: How long AS-PATH policies have you used Saku Ytti via NANOG (Feb 26)
    - Re: How long AS-PATH policies have you used Saku Ytti via NANOG (Feb 26)
    - Re: How long AS-PATH policies have you used Job Snijders via NANOG (Feb 26)
    - Re: How long AS-PATH policies have you used Saku Ytti via NANOG (Feb 26)
    - Securing EBGP while getting rid of big IRR-based prefix-list-filters (Was: How long AS-PATH policies have you used) Job Snijders via NANOG (Feb 26)