[c-nsp] MPLS L3VPN w/ OSPF PE-CE
Peter Rathlev
peter at rathlev.dk
Tue Jun 23 17:47:47 EDT 2009
On Tue, 2009-06-23 at 15:51 +0200, Manu Chao wrote:
> DN bit is not part of OSPF v2 rfc then the "MUST" is the "DEFAULT"
Some devices might think that the "unused, reserved for future use" bit
should actually be interpreted as "must be 0". I vaguely remember e.g.
PIX devices doing this for some "unused" bits somewhere in some
protocol. It would IMO be a violation of the RFC if anything were to
reset the DN bit, but RFC 4576 section 5 explicitly mentions this as a
security consideration. My worry was that some devices might
inadverently do this.
> Why not just using RT to control your L3VPN? Do you need DN bit?
I'm worried about the part the traverses the customer OSPF network. RT
doesn't propagate through the customer network.
As far as I can find out it seems like this always "just works", so I'll
put my worries to rest for now. :-)
Regards,
Peter
More information about the cisco-nsp
mailing list