On Mar 11, 2008, at 12:19 PM, Jeffrey Haas wrote: > > Not to mention it's influence on one's "security metric". > > (Fake config to drive point.) > > route-map set-security-pref 10 > match ta-map bad-rir > set security-pref 1000 > exit > route-map set-security-pref 20 > # Default > set security-pref 10 > exit > > This stuff will undoubtedly influence route selection. Just like > everything else that affects route selection, there will be knobs. > This > doesn't worry me.
I would note that today policies are only applied when a route is processed upon receipt, not when the policy alone is modified. Therefore, modification of such a policy would require the associated route announcement to be re-advertised (either via BGP route refresh or more memory consuming soft reconfiguration functions, or by reseting a session or actually bouncing the route itself). I.e., changes in status from good to bad based on policy would require re-announcement of the prefix in question if not performed by a security extension to BGP itself. -danny _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
