Hi Ivan, Thanks for this (very) quick reply :)
But what happens regarding the inbound filters on the peer? I mean, this peer knows that the local AS is not a transit provider for these prefixes and so, it should wait for an empty AS path, no? The sentence "Network administrators SHOULD NOT advertise prefixes with a nonempty AS path unless either they intend to provide transit for these prefixes or they are originated these prefixes." would not be simply more correct? Thanks again! Best regards, JMC. 2015-05-12 19:31 GMT+02:00 Ivan Pepelnjak <[email protected]>: > Local AS (the AS of the BGP speaker) is inserted in the BGP AS path > attribute after the path has been filtered by the outgoing filters. The > local filters will thus NOT see device’s own AS in the AS path, the > neighbor receiving the update will. > > Hope this helps, > > Ivan Pepelnjak > www.ipSpace.net <http://www.ipspace.net/> / blog.ipSpace.net > <http://blog.ipspace.net/> > Need a quick expert advice? Try ExpertExpress ( > www.ipspace.net/ExpertExpress) > > On 12 May 2015 at 19:19:44 , Jean-Michel Combes ( > [email protected]) wrote: > > Hi, > > I am reading this RFC and I have a question about this paragraph (p19, > Section 9): > "Network administrators SHOULD NOT advertise prefixes with a nonempty AS > path unless they intend to provide transit for these prefixes." > > What about prefixes being originated by a network? > > IMHO, if the announcements for such prefixes are compliant with this > requirement (i.e., AS path is empty as the prefixes are not transited but > originated), there should be an issue with the previous requirement: > "Network administrators SHOULD NOT accept prefixes when the first AS > number in the AS path is not the one of the peer's unless the peering is > done toward a BGP route server [17 > <https://tools.ietf.org/html/rfc7454#ref-17>] (for example, on an IXP) > with transparent AS path handling. In that case, this verification needs to > be deactivated, as the first AS number will be the one of an IXP member, > whereas the peer AS number will be the one of the BGP route server." > > Am I wrong? Did I miss something? > > Thanks in advance for your reply. > > Best regards, > > JMC. > >
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
