| ▲ | arjie 8 hours ago | |||||||||||||||||||||||||
Based on the number of times I've seen these posted about they seem quite frequent[0]. If I'm being honest, the entire BGP system seems to be very fragile with a massive blast radius. I get that it's super 'core' so it's hard to fix, and that it comes from a time when the Internet was more 'cooperative' (in the protocol sense of the word) but are there any attempts at a successor or is it impossible to do so fundamentally? Surely the notion of who owns an AS should be cryptographically held so that an update has to be signed. Updates should be infrequent so the cost is felt on the control plane, not on the data plane. I'm sure there's a BGPSec or whatever like all the other ${oldTech}Sec but I don't know if there is a realistic solution here or if it's IPv6 style tech. 0: I looked it up before posting and it's 3000 leakers with 12 million leaks per quarter https://blog.qrator.net/en/q3-2022-ddos-attacks-and-bgp-inci... | ||||||||||||||||||||||||||
| ▲ | direwolf20 8 hours ago | parent | next [-] | |||||||||||||||||||||||||
Globally, it is as you want it to be. Locally, BGP is peer-to-peer — literally! — and no particular peer is forced to check everything, and nobody's even trying to make a single global routing table so local agreements can override anything at a higher level. | ||||||||||||||||||||||||||
| ||||||||||||||||||||||||||
| ▲ | patmorgan23 5 hours ago | parent | prev [-] | |||||||||||||||||||||||||
There's several enhancements that have been strapped on to BGP over the years. The article talks about two at the end that will help reduce route leaks. A wholesale protocol replacement is unlikely, but definitely more doable than replacing something like IP. | ||||||||||||||||||||||||||