[c-nsp] Upgrade issue for Cisco Security Advisory: IPv6 Crafted
Packet
Zacchello Marco
Marco.Zacchello at netengineering.it
Sun Aug 21 05:45:31 EDT 2005
Thanks Dave for your help, then I opened a case with cisco Tac, and here is the answer of the Cisco Engineer:
[...]
Yes, this is intended change. It is BGP CLI migration process, as you said it is much like how BGP configuration changed when MPLS VPNs were introduced. Sorry this change worried you, I really hope it is the last change with BGP CLI (and since introduction of address families there were 3 of them).
But in the end this is to streamline configuration and make it more intuitive. The problem with 'old' style was that due to day-0 limitation all peer-group configuration was limited to one address family. That is, you have had to create peer group in each address family (you did that by 'activate' command) and join neighbor to the peer group specifically in each address family. This is not nice at all!
'New' style configuration requires IP address to be associated with peer group only once (for this reason commands 'neighbor <IP> peer-group <name>' have disappeared from configuration); peer group is always active in address family as long as at least one member of the group is active in address family (for this reason command 'neighbor <group-name> activate' are gone). Each BGP neighbor may or may not participate on all address families configured on the router. So for each neighbor IP address each address family must be explicitly activated. Effectively, new configuration tells exactly the same thing as has been configured before but it conforms to new rules. Note that new configuration is using less commands than before, so in big BGP configurations it is easier to understand configuration.
[...]
Marco
marco.zacchello at netengineering.it
Net Engineering S.p.A.
Web site: www.netengineering.it
******************* DISCLAIMER *******************************
Le informazioni contenute in questa comunicazione e gli eventuali documenti allegati hanno carattere confidenziale e sono ad uso esclusivo del destinatario. Nel caso questa comunicazione Vi sia pervenuta per errore, Vi informiamo che la sua diffusione e riproduzione è contraria alla legge e preghiamo di darci prontamente avviso e di cancellare quanto ricevuto. Grazie.
This e-mail message and any files transmitted with it contain confidential information intended only for the person(s) to whom it is addressed. If you are not the intended recipient, you are hereby notified that any use or distribution of this e-mail is strictly prohibited: please notify the sender and delete the original message. Thank you.
More information about the cisco-nsp
mailing list