[164781] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: nLayer IP transit

daemon@ATHENA.MIT.EDU (Saku Ytti)
Thu Aug 1 03:55:35 2013

Date: Thu, 1 Aug 2013 10:55:04 +0300
From: Saku Ytti <saku@ytti.fi>
To: nanog@nanog.org
In-Reply-To: <20130801073538.GA11283@snar.spb.ru>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On (2013-08-01 11:35 +0400), Alexandre Snarskii wrote:

> You can match flow actions by extended communities and not accept
> actions you do not like. For example, to permit only "discard" action
> you can match 
> 
>     community flow_discard members traffic-rate:*:0;
> 
> Or am I missing something ? 

No you're not missing anything. This is what I implied with 'likely', I
feel validation check should guarantee eBGP safety as most operators won't
deploy additional security via manual config, because issue isn't mentioned
in RFC or vendor docs.

-- 
  ++ytti


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[164781] in North American Network Operators' Group

Re: nLayer IP transit

daemon@ATHENA.MIT.EDU (Saku Ytti)Thu Aug 1 03:55:35 2013

daemon@ATHENA.MIT.EDU (Saku Ytti)
Thu Aug 1 03:55:35 2013