
Large BGP Communities beacon in the wild - simonjgreen
http://mailman.nanog.org/pipermail/nanog/2016-October/088537.html
======
ZenoArrow
Sorry, I may be missing something important from the linked discussion, but
what is this BGP for? Is it an alternative to IP addresses?

~~~
chousuke
Let's see if I can explain it concisely...

When you send traffic to an IP address, your router must know where to send it
to. In consumer routers, you usually just have a default route for the whole
internet towards your ISP's gateway, but the ISP must also maintain a routing
table to know where the packet must go next, and BGP is the protocol most
commonly used to advertise where each network resides.

Every ISP _could_ in theory maintain the internet routing tables by just
having a set of static routes, but considering that the IPv4 internet routing
table consists of over half a million entries at the moment (and it's
growing), this is practically impossible. Instead, each ISP (or "Autonomous
System") peers with others to advertise their routes to the network blocks
assigned to them, _and_ often the routes they receive from other peers.

When you have multiple peers like this, the advertised routes contain as
metadata the IANA assigned global AS numbers of each participant in the
network up to the endpoint (the "AS path"), thus allowing routers to calculate
the shortest route in case two peers advertise routes to the same network
block. This also gives the internet its self-healing property, since if one
router goes down, you usually have an alternate path available.

The BGP "communities" mentioned in the article are a way for peers to signal
additional information about their routes. For example, an ISP can publicly
claim that they will not forward traffic to routes advertised with a certain
community, allowing a network operator to tell their transit ISP to drop DoS
traffic to a subset of their addresses before it reaches their network,
helping protect customers not under attack.

~~~
d33
Note that the protocol has imperfect security, which is worrying:

[https://security.stackexchange.com/questions/56069/what-
secu...](https://security.stackexchange.com/questions/56069/what-security-
mechanisms-are-used-in-bgp-and-why-do-they-fail)

------
ethbro
Curious question for people with their finger on the networking pulse: are
there planned changes for BGP related to IPv6/IoT or will the current scheme
scale well?

I'm assuming "many more" networked devices being added to the global network
will eventually result in more traffic and more ASs being connected.

~~~
akeruu
Short answer is "no".

Long answer is, actually these changes already happened quite a while ago.

Most of the time, we tend to forget IPv6 is in fact more or less 20 years old
now.

Support for IPv6 in OSPF (OSPFv3) was introduced in 2008 and support for IPv6
in BGP was added in 2007 (MP-BGP).

AS numbers encoding was also changed in 2007 (32bits ASN) to support all those
new connected system.

------
zimbatm
It's not clear to me, what does the Large BGP Communities extension try to
solve?

~~~
solotronics
BGP is a path vector protocol so traditionally it only receives information
from its direct peers. Community strings are for sending targeted info to a
distant (or close) autonomous system, enabling you to effect mutually agreed
upon changes in that AS. With a larger number if bytes available in a
community strings it enables us to use community strings to convey a more
complex set of instructions.

~~~
zimbatm
Thanks!

