1::1/128 + 2::2/128 - GRH Anomalies Delta (2012-08-17)
Daniel Roesen
dr at cluenet.de
Fri Aug 17 14:27:53 CEST 2012
On Fri, Aug 17, 2012 at 12:43:32PM +0100, Nick Hilliard wrote:
> - put in an implicit deny for all bgp sessions without an explicit filter
> on them
XR does that for EBGP:
"External BGP (eBGP) neighbors must have an inbound and an outbound
policy configured. If no policy is configured, no routes will be
accepted from the neighbor, nor will any routes be advertised to it.
This added security measure ensures that routes cannot accidentally be
accepted or advertised in the case where a configuration error results
in the intended policy being rejected.
This enforcement affects only eBGP neighbors (neighbors in a different
autonomous system than this networking device). For internal BGP (iBGP)
neighbors (neighbors in the same autonomous system), all routes will be
accepted or advertised if there is no policy."
Best regards,
Daniel
--
CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0
More information about the ipv6-ops
mailing list