random idea: constraint communities
Alan Barrett
apb at cequrux.com
Fri Jun 15 16:00:14 UTC 2001
On Fri, 15 Jun 2001, Sean M. Doran wrote:
> In order to solve Geoff's "action-at-a-distance" problem wrt leaked
> longer prefixes, I was wondering if anyone could sanity-check an idea
> that occurred to me in the shower today.
>
> Well-known-community-PREFIX: 65535. Suffix=ASN to which we DO NOT ANNOUNCE
> 65534. ASN to which we DO ANNOUNCE
Looks sane to me.
> The problem here is what happens if a router which does not
> constrain reannouncement hears the NLRI because it is in an AS
> explicitly listed with a 65534-prefixed community. (i.e., a
> "leak")
I would worry more about leaks that involve deletion of the community
attributes. If the community attributes are not deleted, then other
ASes that receive the route, but can tell that they should not have
received it, can simply drop it.
Big leaks (affecting many routes) are likely to be found and fixed
soon, but small leaks acould easily go undetected for a long time.
Small leaks might not be a serious a problem.
You can sometimes tell (by comparing the AS-path with the list of
DO-ANNOUNCE communities) that some particular neighbour should be the
end of the line. you can tell that, you can turn on the no-export
community in your announcements to that neighbour. This might reduce
the number of leaks.
--apb (Alan Barrett)
More information about the Ptomaine
mailing list