[prev in list] [next in list] [prev in thread] [next in thread]
List: afnog
Subject: Re: [afnog] How to convince providers to take the sane option....
From: Mark Tinka <mark.tinka () seacom ! mu>
Date: 2014-05-15 6:47:51
Message-ID: 201405150847.51554.mark.tinka () seacom ! mu
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Thursday, May 15, 2014 08:23:07 AM Andrew Alston wrote:
> A lot of people don't like to disclose the communities
> they use as it gives information about network
> engineering, but this is relatively easily solved, match
> it in your announcement map and then strip it before
> announcement if you feel the need.
Or better yet, against a routing policy on an eBGP session,
first "delete" all BGP communities that have internal
significance, and then allow (or match exactly, if you're
anal) the communities you expect from eBGP peers.
Not disclosing BGP communities does not help, because when
you're using communities with your customers (in either
direction of the BGP session), you will send BGP communities
to them. They (and anyone else) can see them :-).
There are enough tools in modern router software that
obscurity should not be a solution.
Mark.
["signature.asc" (application/pgp-signature)]
_______________________________________________
afnog mailing list
http://afnog.org/mailman/listinfo/afnog
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic