Hi Ron, > Ron Grant wrote : > Sorry, your humour is completely evading me tonight. Can you explain?
No worries, I understand it's hard to get sometimes. Long story made short : - I'm running an experimental BGP blacklist: http://arneill-py.sacramento.ca.us/cbbc/ - Basically, it's a route server; the next-hop I announce is 192.0.2.1, which struck me to be the most widely used blackhole route. - The sources are multiple and diverse. - Not unlike other BGP blacklists, I will (conditions) accept prefixes with the correct BGP community, which happens to be ASN:666. - I have nothing to do with the meaning some will see in the 666 part; I was not the one who invented it. - For reference : to my knowledge, the first public reference in using 666 as the BGP blacklist community dates back to September 2004 : https://tools.ietf.org/rfc/rfc3882.txt - Not trying to pretend I am innocent, I was in the room in the IETF meeting when we voted that the 6bone deprecation date would be 6/6/6. - This is not an April fool's joke. - Back to BGP : it has been suggested earlier on that the CBBC should announce various communities, instead of the original 65532:666; that would allow subscribers to ignore potentially undesirable/incompatible/controversial sources. I agreed. - Some of the potential sources and actual CBBC subscribers have a 4-byte ASN number, possibly because they could not obtain a 2-byte one. - The propagation mechanism should allow for 4-byte-ASN:666 as well as 2-byte-ASN:666. The comments below are Cisco-oriented, YMMV. - Therefore, the need for a 4-byte ASN equivalent to the good old "ip bgp-community new-format" arose. - That would be 2-byte-ASN:666 - Since there is no such thing as 4-byte-ASN:666, the logic suggested that the proper way to do it would be something along the lines of SoO:4-byte-ASN:666, does not accept multiple entries. - Here we go : instead of trying to use SoO:ASN:Comm which is very stubborn animal and refuses multiple entries as well as the "additive" thing, instead I use RT:ASN:Comm which solves the problem you are having : give me the multiple-ASN version of BGP the 2-byte-ASN flavor communities we used for ages for 4-byte-ASNs. - It configures AND propagates. See below. > sincerely interested in what you're trying to say. I am a Sith Lord known as Darth Numerous. Being the devil himself on top of it does not hurt me :P Are you, uh, looking for a job as an apprentice to the Dark Side ? Michel. route-map RM-EXABGP permit 10 description IPv4 filter learned from iBGP peer set extcommunity rt 4200000000:1111 4200065532:666 4200065532:667 set ip next-hop 192.0.2.1 cisco1841-michel#sh ip bgp 1.9.79.191 BGP routing table entry for 1.9.79.191/32, version 4 Paths: (1 available, best #1, table default) Advertised to update-groups: 40 Local 192.0.2.1 from 192.168.222.3 (192.168.222.3) Origin IGP, localpref 100, weight 1, valid, internal, best Community: 65532:666 65532:667 Extended Community: RT:4200000000:1111 RT:4200065532:666 RT:4200065532:667 _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
