![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: [Community bleaching on edge] RTBH no_export
From: James Bensley <jwbensley () gmail com>
Date: Sun, 10 Feb 2019 09:16:42 +0000
On Wed, 6 Feb 2019 at 13:55, <adamv0025 () netconsultings com> wrote:
Hi folks, This “RTBH no_export” thread made me wonder what is the latest view on BGP community bleaching at the edge (in/out). Anyone filtering extended RT communities inbound on NOSes that accept extended communities by default? Yeah about that…
Hi Adam, I think Junos is an example of a NOS that advertises extended BGP communities by default (and accepts them without scrubbing). It seems "not ideal" to me (by which I mean there could be potential for BGP NLRIs to be processed in an undesired way). However, I think that ext-comm information sent in NLRI UPDATES over an AFI/SAFI 1/1 or 2/1 session aren't processed. I haven't got the time to lab this right now but, I guess one question would be if (for example) a CPE sends a BGP UPDATE over an 1/1 or 2/1 session into a PE inside a VRF, with ext comm attached, when the UPDATE is advertised to another PE over a 1/128 or 2/128 session will that remote PE process the ext-comm value the CPE sent to the initial PE in the 1/1 or 2/1 session? What if that CPE was in instead a transit or peering partner and you're running an Internet-in-a-VRF design, can anyone on the Internet send routes into your edge PE and, with the correct ext-comm, have them importing into another L3 VPN? Cheers, James.
Current thread:
- [Community bleaching on edge] RTBH no_export adamv0025 (Feb 06)
- Re: [Community bleaching on edge] RTBH no_export Job Snijders (Feb 06)
- Re: [Community bleaching on edge] RTBH no_export James Bensley (Feb 10)