i have yet to see any service provider use BGP confederation in production.

The idea seems kinda neat, but Route reflectors scale so well nowadays, that a confederation setup seems kind of wasteful and overly complex. Especially with behaviour like this appearing.

Also, im curious how other routing operating systems would behave when encountering massive AS-paths.

According to the article, IOS seems to crash irregulary. I wonder if these kind of things are being fuzzed by the network operating system vendors aswell, especially conisdering there is no upper limit on AS-PATH length defined in the RFC.

> i have yet to see any service provider use BGP confederation in production.

BBN ran them back in the 90s because (IIRC) they pre-dated route reflectors and were impossible to cleanly migrate off of. Other than that, yeah, nobody uses these things. RRs or (rarely) full mesh FTW.

This post the equivalent of "creating a bleeding foot by using only a knife and your foot".

I spent a lot of time debugging an internal fork of an open source BGP implementation (really old quagga.) The confederation code always struck me as being nothing but weird exceptions to how BGP normally worked. I was happy to never hear a network engineer suggest confederations with a straight face.

> i have yet to see any service provider use BGP confederation in production.

There are at least 26 publicly visible routes on IPv6 that have visible confederation in them.

Maybe the best/worst example is 2402:8100::/32 ( https://bgp.tools/prefix/2402:8100::/32 ) :

    # birdc s ro 2402:8100::/32 all
    BIRD 2.15.1 ready.
    Table master6:
    2402:8100::/32       unicast [transit6_orange 13:42:56.368] * (100) [i]
        via xxx on xx
        Type: BGP univ
        BGP.origin: IGP
        BGP.as_path: 5511 3356 55644 {36040 38266 45271 55410}

With 4 confederation ASNs in it!

A bit late, but this is an AS-SET. When a prefix is sent to a non-confederation peer, the sequence of sub AS is replaced by the (public) confederation AS. Therefore, you should not see AS confederation sequences in the wild.

> i have yet to see any service provider use BGP confederation in production.

I was part of one, back in the early 2000s. Reason was the parent ISP had set up offshoot ISPs in different countries, but they all had their own networks/ASes/transit/network policy. When they belatedly decided to unify the network, hiding the different daughter companies' networks behind a confederation AS was the easiest way. In other words, the network reflected the dysfunction of the organization.

Having said that, it worked very well.

Nice font on the blog. Offputting initially but seems to get way more text per line, helpful on mobile.

BGP confederations are still used in some large SP networks today, mostly because it's hard to transition away from it. However, it hasn't been a recommended solution for scaling BGP for 15+ years now. I had someone approach me recently wanting to deploy them after reading a BGP book written 20 years ago. No.

Yes, the blog post should follow up with why you would set up this example network with route reflectors (RR) instead.

Are there any good resources for learning about BGP/BGP security? I’d love to build a lab for it to get some hands on experience but don’t really know where to start

Cisco CCNA study material is very comprehensive. You can play around with it in GNS3, packet tracer, or on dn42.