Moin, > I'm curious where the recommendation to scrub all inbound and > outbound extended BGP communities comes from. This advice seems > overly strict to me.
Additional feedback from a discussion during RIPE87; Basic reasoning is 'while we are at it', i.e., indeed in an intention to rather be overly strict (with the general "local considerations may overrule this" provision that exists throughout the document). > As you wrote, not setting a higher LOCAL_PREF for routes received > over IXPs goes against common business practice. Also, it is not > really security-related advice. I don't think it belongs in this > document. I would disagree based on two points: - The scope of the document explicitly also considers 'reliability', not only 'direct' security. - Explicitly stating this has been the single most requested change throughout a variety of channels, in person, and operator groups. Also, from a more security-related perspective, setting a higher pref and not resetting it based on GSHUT makes ddos prevention more challenging if you want to stir traffic via other paths (of course, you can always widthdraw the path). Then again, though, the document aims at 'best practices', i.e., technically ideal, and not a documentation of current business practices. With best regards, Tobias -- Dr.-Ing. Tobias Fiebig T +31 616 80 98 99 M [email protected] _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
