Hi, On Tue, Oct 07, 2014 at 11:47:08AM -0400, Justin M. Streiner wrote: > Better to let BGP do what it does in a relatively unfettered way. [..] > Don't make the routing policies any more complicated than they need to be, > especially if someone who is less familiar with them will be expected to > troubleshoot connectivity issues at 3 AM.
This is good advice, and cannot be said often enough.
Most important is "filter what you accept from downstream" (ONLY what
is documented in a proper way - RIPE DB over here, reasonable IRRs
if they exist elsewhere), combined with "filter what you announce to
upstream and peers" (only yours + customer).
For all the rest, BGP will usually do the right thing - but can be
tricked into unstable configurations which need lots of time to tweak
and massage, so you really do not want to go there.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
pgpe9FYiBuzXz.pgp
Description: PGP signature
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
