Standard for BGP community lists
Danny McPherson
danny at tcb.net
Tue Jul 20 15:34:40 UTC 2010
On Jul 20, 2010, at 1:26 AM, Saku Ytti wrote:
> On (2010-07-19 23:45 -0500), Brad Fleming wrote:
>
> Hey,
>
>> 9999:9999 for local rtbh
>> 9999:8888 for local + remote rtbh
>>
>> I didn't have much reason for selecting 9999 other than it was easy
>> to identify visually. And obviously, I have safe-guards to not leak
>> those communities into other networks.
>
> I would recommend against using other public ASNs for internal signalling,
> ASN part should be considered property of given ASN. AS9999 might want to
> use 9999 to signal particular source where route was learned and your
> customer might want to do TE with it. Now you must delete them on ingress
> and rob your customers of this possibility.
IMO, any reasonable routing policy would reset all BGP communities on
ingress (and MEDs for that matter), whether from a customer or peer,
as transiting stuff that has varying semantic interpretations, unknown
propagation scope, or relying on others to act on non-mandatory
not-well-known communities that may not even be propagated in some
BGP configurations as a matter of default behavior, is a simple recipe
for nondeterministic behavior, more senseless path attribute tuples in
the global routing system, resulting in less efficient BGP update packing,
and may even result in security issues.
And customer ingress policy can always be crafted to accommodate the
upstream special handling policies for RFC1998+ functions, as well as
source and destination-based RTBH and other capabilities, across one
or more ISPs, even if they vary.
There have been some spirited discussions on the specification of
more well-known communities for functions related to this and other
applications in various IETF working groups, from IDR and GROW to
OPSEC and L3VPN, for those interested in having a gander...
-danny
More information about the NANOG
mailing list