BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'
mark.tinka at seacom.com
Wed Sep 9 07:28:04 UTC 2020
On 9/Sep/20 09:15, Robert Raszuk wrote:
> On last point yes. The entire idea behind flow spec is to work
> inter-as to mitigate DDoS as close to a source as possible.
Indeed, that is the original intention. Any reason why we don't see it
happening in this way, today?
> And as far as wide they just let you structure your community in a
> common way. It is both to customers or to others as you choose.
> Nothing there is about trust. It is all about mechanics how you pass
> embedded instructions.
Again, no technical or mechanical limitations at all with trying to get
this done. What I am saying is that the element of trust gets in the
way, for better or worse.
But while on the OP's intent - if you were to provide communities to
peers to signal forwarding in your network, you can simply publish those
communities on your web site. They don't need to follow any standard. At
the same time, if the industry were to agree on standard communities to
signal typical forwarding decisions within our networks, those would
work too, and I dare say that operators would publish them on their web
sites either way, for the avoidance of doubt. Moreover, anyone
implementing those communities would probably double-check with the
intended operator to make sure that what they are going to signal as
an-agreed global standard is supported and will work.
Just like how solar PV inverters are meant to disconnect from the grid
in the case of a utility outage, line workers will still, as a matter of
course, always check the line to see if it's live or not, before
performing any repairs. That line workers can simply trust that PV
inverters are doing the right thing in the event of a grid failure is
not practical. Checking to see if the line is live does not impose any
inconvenience on standard operating procedures.
So if we are able to provide support for remote signaling of forwarding
within our networks to off-net peers via communities, be it with
standard or dis-aggregated community values, either facility is
available and technically feasible today. The better question to ask
would be why this hasn't taken shape outside of provider-customer
More information about the NANOG