BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Mark Tinka mark.tinka at
Wed Sep 9 04:25:33 UTC 2020

On 8/Sep/20 20:15, Robert Raszuk wrote:

> This does not require any more trust for say directly connected peers
> more then today when you publish communities on the web page.

I'd tend to disagree.

Trusting your direct peer to not send you default or to have a 24/7 NOC
to handle connectivity issues is not the same level of trust I'd afford
them to send me a community that told my network what to announce to my
other eBGP neighbors or not.

Of course, I am probably less trusting than most, so I'm not
recommending anyone follow my advice :-).

> It is not about opening up your network. It is about expressing your
> policy in a common way in the exact say amount as you would open up
> your network today.

I can express my policy, publicly. But I can also indicate who has the
power to implement that expression on my side.

> Notice that in addition to common types there is equal amount of
> space left for operator's define types. It is just that the structure
> of community can take number of arguments used during execution -
> that's all.

That is all good and well, and works beautifully within an operator's
network, which is the point of the capability.

Extending that to non-customer networks is not technically impossible.
It's just a question of trust.

It's not unlike trusting your customers to send you FlowSpec
instructions. No issues technically, but do you want to do it?


More information about the NANOG mailing list