[c-nsp] IPv6 - Using link-local addresses for BGP Peering
Gert Doering
gert at greenie.muc.de
Thu Mar 15 18:44:48 EDT 2012
Hi,
On Thu, Mar 15, 2012 at 02:18:05PM -0400, Justin M. Streiner wrote:
> General tips:
> 1. Have good contact info for the people at the other end of that link,
> and make sure they have good contact for you/your technical people.
> 2. Don't bother with MD5 encryption unless you're on a public fabric, like
> an exchange point (even then, somewhat iffy). For the most part, that has
> been a solution in search of a problem.
> 3. Tell the other provider what prefixes you will announce and what you
> need to accept (full routes? default-only? default+customer?, some other
> mix?), and write your announce/accept policies accordingly.
3a: document the prefix set in a reasonable IRR DB so other people
can build strong ingress filters from it.
"Reasonable" depends on your location, but "something that will not let
just about anybody put in route6: objects for parts of your address space".
> 4. Consider setting a sane outbound max-prefix filter, to act as a circuit
> breaker to shut the session down if something goes horribly wrong and your
> router tries to re-feed the whole IPv6 table to your neighbor. Remeber to
> adjust the max-prefix value as the number of prefixes you announce
> changes.
> 5. Aggregate wherever possible. Be nice to your neighbors' routers :)
Amend :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20120315/eb170005/attachment.sig>
More information about the cisco-nsp
mailing list