nanog mailing list archives
Re: nLayer IP transit
From: Saku Ytti <saku () ytti fi>
Date: Thu, 1 Aug 2013 10:55:04 +0300
On (2013-08-01 11:35 +0400), Alexandre Snarskii wrote:
You can match flow actions by extended communities and not accept
actions you do not like. For example, to permit only "discard" action
you can match
community flow_discard members traffic-rate:*:0;
Or am I missing something ?
No you're not missing anything. This is what I implied with 'likely', I feel validation check should guarantee eBGP safety as most operators won't deploy additional security via manual config, because issue isn't mentioned in RFC or vendor docs. -- ++ytti
Current thread:
- nLayer IP transit Mark Tees (Jul 31)
- Re: nLayer IP transit Patrick W. Gilmore (Jul 31)
- Re: nLayer IP transit Saku Ytti (Jul 31)
- Re: nLayer IP transit Alexandre Snarskii (Aug 01)
- Re: nLayer IP transit Saku Ytti (Aug 01)
- Re: nLayer IP transit Alexandre Snarskii (Aug 01)
- Re: nLayer IP transit Richard A Steenbergen (Aug 01)
- Re: nLayer IP transit Mark Tees (Aug 01)
- Re: nLayer IP transit Richard A Steenbergen (Aug 02)
- Re: nLayer IP transit Mark Tees (Aug 01)