Date:Tue, 12 May 2015 22:43:52 +0200
From: Gert Doering<[email protected]>
To: Jean-Michel Combes<[email protected]>
Cc:"[email protected]" <[email protected]>, Ivan Pepelnjak<[email protected]>
Subject: Re: [OPSEC] [Opsec] RFC7454: clarification about AS-Path
Filtering
Message-ID:<[email protected]>
Content-Type: text/plain; charset="us-ascii"
Hi,
On Tue, May 12, 2015 at 07:47:18PM +0200, Jean-Michel Combes wrote:
> The sentence "Network administrators SHOULD NOT advertise prefixes with a
> nonempty AS path unless either they intend to provide transit for these
> prefixes or they are originated these prefixes." would not be simply more
> correct?
Advertising your own prefixes is actually matched by filtering on the
path ^$ in Cisco regex speak - read: "the empty path".
So, it is a slightly complicated way to formulate the thing, but it is
correct - a nonempty path means "transit for other ASes", and the empty
path is "yourself". On outbound.
Your peer, on inbound, won't see an empty path of course.
Gert Doering
-- NetMaster
-- have you enabled IPv6 on something today...? SpaceNet AG Vorstand:
Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A.
Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49
(0)89/32356-444 USt-IdNr.: DE813185279
Unless you're intentionally performing AS prepending on prefixes you are
originating.
But I guess that exception should be obvious for most people who
configure up BGP.
_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec
