[Community bleaching on edge] RTBH no_export
jwbensley at gmail.com
Sun Feb 10 09:16:42 UTC 2019
On Wed, 6 Feb 2019 at 13:55, <adamv0025 at netconsultings.com> wrote:
> Hi folks,
> This “RTBH no_export” thread made me wonder what is the latest view on BGP community bleaching at the edge (in/out).
> Anyone filtering extended RT communities inbound on NOSes that accept extended communities by default? Yeah about that…
I think Junos is an example of a NOS that advertises extended BGP
communities by default (and accepts them without scrubbing). It seems
"not ideal" to me (by which I mean there could be potential for BGP
NLRIs to be processed in an undesired way). However, I think that
ext-comm information sent in NLRI UPDATES over an AFI/SAFI 1/1 or 2/1
session aren't processed.
I haven't got the time to lab this right now but, I guess one question
would be if (for example) a CPE sends a BGP UPDATE over an 1/1 or 2/1
session into a PE inside a VRF, with ext comm attached, when the
UPDATE is advertised to another PE over a 1/128 or 2/128 session will
that remote PE process the ext-comm value the CPE sent to the initial
PE in the 1/1 or 2/1 session? What if that CPE was in instead a
transit or peering partner and you're running an Internet-in-a-VRF
design, can anyone on the Internet send routes into your edge PE and,
with the correct ext-comm, have them importing into another L3 VPN?
More information about the NANOG