[179066] in North American Network Operators' Group
Re: More specifics from AS18978
daemon@ATHENA.MIT.EDU (Mark Tinka)
Fri Mar 27 06:10:28 2015
X-Original-To: nanog@nanog.org
To: nanog@nanog.org
From: Mark Tinka <mark.tinka@seacom.mu>
Date: Fri, 27 Mar 2015 12:10:19 +0200
in-reply-to: <20150327100353.GM791@Vurt.local>
Errors-To: nanog-bounces@nanog.org
On 27/Mar/15 12:03, Job Snijders wrote:
> Sure, but even that might not always prevent the fake paths from leaking
> to your eBGP neighbors. For instance, not too long ago there was this
> bug:
>
> "Routes learned with the no-export community from an iBGP neighbor
> are being advertised to eBGP neighbors. This may occur on Cisco ASR
> 9000 Series Aggregation Services Routers." (don't remember BugID)
>
> In other words: it can happen to the best of us.
Your upstream could also re-write any BGP communities you attach to your
BGP updates; so unless co-ordinated, there is no real guarantee a
NO_EXPORT community will be maintained/honoured within your upstream's
network.
Mark.
