[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

nLayer IP transit

Subject: nLayer IP transit
From: saku at ytti.fi (Saku Ytti)
Date: Thu, 1 Aug 2013 10:55:04 +0300
In-reply-to: <[email protected]>
References: <CAJrnVYaD+u9CCtbUA9bK-XpXoca7FzR+EV950qaeUfSxq5Ye+A@mail.gmail.com> <[email protected]> <[email protected]>

On (2013-08-01 11:35 +0400), Alexandre Snarskii wrote:

> You can match flow actions by extended communities and not accept
> actions you do not like. For example, to permit only "discard" action
> you can match 
> 
>     community flow_discard members traffic-rate:*:0;
> 
> Or am I missing something ? 

No you're not missing anything. This is what I implied with 'likely', I
feel validation check should guarantee eBGP safety as most operators won't
deploy additional security via manual config, because issue isn't mentioned
in RFC or vendor docs.

-- 
  ++ytti

References:
- nLayer IP transit
  - From: marktees at gmail.com (Mark Tees)
- nLayer IP transit
  - From: saku at ytti.fi (Saku Ytti)
- nLayer IP transit
  - From: snar at snar.spb.ru (Alexandre Snarskii)

Prev by Date: nLayer IP transit
Next by Date: BGP related question
Previous by thread: nLayer IP transit
Next by thread: nLayer IP transit
Index(es):
- Date
- Thread