>> The situation of having in(valid) and notfound routes simultaneous >> for a prefix also arises when a router is not doing its own origin-AS >> check but is relying on neighboring IBGP speakers (all within the same AS):
>don't do that I was not proposing it. I was merely referring to the following from draft-ietf-sidr-origin-validation-signaling-04: If the router is configured to support the extensions defined in this draft, it SHOULD attach the origin validation state extended community to BGP UPDATE messages sent to IBGP peers by mapping the computed validation state in the last octet of the extended community. Similarly on the receiving IBGP speakers, the validation state of an IBGP route SHOULD be derived directly from the last octet of the extended community, if present. It appears the origin-validation-signaling draft expired as of August 18. I am not aware if it is being pursued still or put aside. Sriram _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
