[afnog] How to convince providers to take the sane option....
Mark Tinka
mark.tinka at seacom.mu
Thu May 15 06:47:51 UTC 2014
On Thursday, May 15, 2014 08:23:07 AM Andrew Alston wrote:
> A lot of people don't like to disclose the communities
> they use as it gives information about network
> engineering, but this is relatively easily solved, match
> it in your announcement map and then strip it before
> announcement if you feel the need.
Or better yet, against a routing policy on an eBGP session,
first "delete" all BGP communities that have internal
significance, and then allow (or match exactly, if you're
anal) the communities you expect from eBGP peers.
Not disclosing BGP communities does not help, because when
you're using communities with your customers (in either
direction of the BGP session), you will send BGP communities
to them. They (and anyone else) can see them :-).
There are enough tools in modern router software that
obscurity should not be a solution.
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://afnog.org/pipermail/afnog/attachments/20140515/cf2af0d8/attachment-0001.sig>
More information about the afnog
mailing list