CONCEPT Cited by 1 source

Only-to-Customer (OTC) attribute (RFC 9234)

OTC is a BGP path attribute defined in RFC 9234 that, together with a new BGP Role capability negotiated at session setup, couples BGP advertisement semantics to the declared business relationship on each session.

BGP roles

RFC 9234 introduces five explicit roles exchanged during BGP capability negotiation:

• Provider — "I am the provider to my neighbor"
• Customer — "I am the customer of my neighbor"
• Peer — "We are settlement-free peers"
• Route-Server — "I am a route server"
• Route-Server-Client — "I am a client of a route server"

If the two ends' roles are inconsistent (e.g. both declare Provider), the session fails to come up — a good thing.

The OTC attribute

OTC is a transitive optional path attribute. The rule is simple:

• When a router sends a route to anyone that is not its Customer (i.e. a Provider, Peer, Route-Server, or Route-Server-Client), it sets OTC on the route if not already set.
• When a router receives a route with OTC set from anyone that is not a Customer, it rejects the route (or treats it as unacceptable).

The joint effect: a route marked OTC-set on the way up through the AS graph cannot be re-sent up again — structurally preventing the most common Type-1 hairpin route leak shape.

Complementary to ASPA

ASPA lives in the RPKI — it's an out-of-band cryptographically-signed object validators consult. OTC lives in the BGP protocol itself and is enforced on each session. Both are needed:

• ASPA catches leaks at vantage points that see the leaked path later in its propagation, even when the leaker's direct neighbor doesn't support OTC.
• OTC catches leaks at session ingress, even for ASes that don't yet publish ASPA objects.

Deployment friction

OTC requires vendor support in router BGP stacks. Cloudflare: "If you haven't already asked your routing vendors for an implementation of RFC 9234 to be on their roadmap: please do." Juniper has early support (APNIC blog, 2025-09-05).

Seen in

• sources/2026-01-08-cloudflare-a-closer-look-at-a-bgp-anomaly-in-venezuela — OTC + ASPA named as the two-part technical answer to the class of leaks the post dissects.

Related

• concepts/bgp
• concepts/path-validation
• concepts/route-leak
• concepts/customer-provider-relationship
• concepts/peer-peer-relationship
• systems/aspa