[c-nsp] IOS XR / advertise best-external

Lukas Tribus luky-37 at hotmail.com
Fri Jun 5 10:29:06 EDT 2015

>> If I do not want load-sharing here, I am supposed to use labelled next-hops,
>> so router sending prefixes *to* me can steer whether they want to use
>> the "best-external" path or not.
>> To me this sounds like total bullshit...
> It is indeed!
> Don't let them get away with that.

Its sad that those kinds of things happen, especially if we are talking about

What I usually do in those cases: throw all of the available documentation at
them, quoting specific notes and examples, etc.

If thats not enough I show them the implementation of the feature on one or
more different platforms/BU implementations that work fine. Fortunately (in
this case), most BU and platform implement the same feature differently,
often even within OS families, so you can pick the correct implementation
and show it to them.

This moves the fight from "BU vs customer" to "BU vs BU", thus removing
the psychological barrier in their heads that the customer is the enemy.

If that fails, or you are unable to replicate correct behavior on any
platforms, I suggest you imagine yourself a scenario where the particular
behavior can be a security problem (this is not as difficult as it sounds
if you think about it) and report it to PSIRT.

PSIRT usually at least tries to see the bigger picture and doesn't have
the "nobody reported this for years, so you're wrong" prejudice, although
they don't really have any power within Cisco.

Stopping the BU to look for excuses and to really start thinking about
the issue at hand is a very difficult task. This also becomes more
difficult, as more and more BU's are outsourced or moved very far away
(which also creates some language and cultural barriers).

It helps a bit coming at the BU from all fronts, like your SE, PSIRT, and
other BU's, but in the end they do what they like, therefor, your best bet
is to work them slowly. Asking them to fix a bug right away often seems
like asking for sex on a first date ...




More information about the cisco-nsp mailing list