On Jun 10, 2013, at 2:22 PM, Patrick W. Gilmore <[email protected]> wrote:
> Is it enough to keep the standard? Or should the standard have a specific
> carve out, e.g. for stub networks only, not allowing islands to provide
> transit. Just a straw man.
For the moment I'm not going to make a statement one way or another if this
should be enshrined in an RFC or not...
I would like to be able to apply a route map to "allow as in" behavior:
ip prefix-list SPECIAL permit 192.168.0.0/24
!
route-map SAFETY permit 10
match ip prefix-list SPECIAL
set community no-export
!
router bgp XXX
neighbor a.b.c.d allowas-in route-map SAFETY
This is a belt and suspenders approach; first you can limit this behavior to
only the netblocks you use at other locations, and be extra safe by marking
them no-export on the way in. Implementation should be easy, anything that
would normally be rejected as an AS-Path loop gets fed into the route-map
instead.
This would mitigate almost all of the bad effects I can think of that can
happen when the network and/or its upstreams fail to properly apply filters and
all the sudden there are a lot more routes "looping" than should be, and no
mechanism to stop them anymore! :)
--
Leo Bicknell - [email protected] - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
