On 11/06/2020 14:17, Job Snijders wrote:
***Error: Authorisation for [route] 194.76.156.0/22AS20676 failed using "mnt-by:" not authenticated by: PLUSNET-NOC Could we reduce the confusion, and/or spread some more clue, by being more specific with this error? e.g.
Authorisation for [blah] failed using "mnt-by:" - matching route object already exists - not authenticated by: PLUSNET-NOC Perhaps instead of an error message, the operation that Sasha tried to do should just be allowed?
Because of the following (stunningly regular) corner case: 1. PI space owner doesn't understand what the implications are of migrating prefixes between origins/networks, or dual-homing from two networks 2. New origin/network creates route without the knowledge of the existing origin/network provider (whom are often different providers) 3. Customer blames existing origin/network for breaking their traffic routing, whom had no idea anything was going on Having that route object check at the beginning of the flow chart ensures that all parties required to provide service, are aware of the changes to advertisements & can properly prepare their networks/customer networks, and prevent outages. If all our customers knew exactly what they were doing, they'd usually be running their own BGP AS and handling their own announcements, resilience, and/or migrations. Regards, -- Tom