nLayer IP transit
saku at ytti.fi
Thu Aug 1 07:55:04 UTC 2013
On (2013-08-01 11:35 +0400), Alexandre Snarskii wrote:
> You can match flow actions by extended communities and not accept
> actions you do not like. For example, to permit only "discard" action
> you can match
> community flow_discard members traffic-rate:*:0;
> Or am I missing something ?
No you're not missing anything. This is what I implied with 'likely', I
feel validation check should guarantee eBGP safety as most operators won't
deploy additional security via manual config, because issue isn't mentioned
in RFC or vendor docs.
More information about the NANOG