Right Saku - the filtering is best to be done on the ASBRs facing eBGP. However in some topologies you may not have all paths on all ASBRs and there you need to validate on all BGP speakers (or at least RRs). If you do have all external paths on all ASBRs - case solved - leave IBGP alone.
Using BGP predefined ext communities is one way to enable origin validation on all your routers. Then if you do you may want to enable or disable invalid paths to be best path eligible. By default they would not be part of best path. If you like to only deprefer them I am marking them with local pref and do not need to touch any of the IBGP routers. I guess this is a bit bigger discussion what are you really using origin validation for. Thx, R. On Sat, Apr 18, 2020 at 1:03 PM Saku Ytti <[email protected]> wrote: > On Sat, 18 Apr 2020 at 13:47, Antonio Prado via cisco-nsp > <[email protected]> wrote: > > > If not, can you elaborate on the reasons? > > I read this question as you think carrying the information in iBGP is > the norm, I view it as an exception. I'm not sure why you'd want to do > that, so I'm curious to hear what is your use-case for needing it. > > -- > ++ytti > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
