BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

adamv0025 at netconsultings.com adamv0025 at netconsultings.com
Wed Sep 9 14:07:57 UTC 2020


> Chriztoffer Hansen via NANOG
> Sent: Wednesday, September 9, 2020 1:29 PM
> 
> On Wed, 9 Sep 2020 at 06:25, Mark Tinka via NANOG <nanog at nanog.org>
> wrote:
> > It's not unlike trusting your customers to send you FlowSpec 
> > instructions. No issues technically, but do you want to do it?
> 
> Why not? As a service offering, it makes total sense.
> 
> Thou, generally I agree with you. Trust, but verify any received 
> announcement conforms to a base-set of expectations. Discard non- 
> conforming.
> 
Yeah right, like you all are limiting max length of as_path, dropping boggon ASNs, or limiting max number of communities or striping unused/unsupported attributes on ingress to your AS...
Or otherwise test what happens to your border edge (or internet-plane route-reflectors/ iBGP infrastructure for that matter) if exposed to these.

adam




More information about the NANOG mailing list