>> 3. So the ability to remove the B to E link from the possible paths >> available to reach A, enforcable by D, is actually a new feature in BGP. > > i don't think so, it's a 'feature' of bgp in general, isn't it? not 'new'.
Not advertising something already exists --telling a remote AS that the advertisement shouldn't exist because of policy is something you can't do in BGP today, and hence is a new feature. Of course, I don't quite believe that these signatures won't be used to enforce NO_EXPORT along the way, either --it's much to simple to implement, was included in the original proposal, is still being discussed in private, etc. IMHO, we always fall back to the same point --wanting to enforce policy without telling anyone what that policy is. BGP is designed to tell people how to get from point A to point B, not whether or not this particular path is only available to people who qualify under carpool rules. Break the problem into two pieces: 1. What paths exist. 2. What policies exist. And I think it becomes tractable, with the real ability to trade off between hiding policy, etc. As it is, we're trying to trade off fundamental security against hiding policy --which is always going to leave us spinning around in circles. There may be ways to tell people what is in violation of your policy without telling them what that policy is, but so far we've not found that solution, nor have we even spent time thinking through and defining that sort of problem. Russ _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
