[c-nsp] IP SLA?

Mark Tinka mark.tinka at seacom.mu
Sun Mar 29 16:31:59 EDT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 29/Mar/15 10:44, Gert Doering wrote:
>
> EIGRP can be filtered just as well as BGP, and has much nicer convergence
> properties. 

I have no experience with EIGRP, so I won't even try :-)...


>
>
> OSPF would theoretically be unviable ("all link-state routers need to
> agree on any garbage anyone injects") but since IOS actually does support
> incoming filters on OSPF routes, it also works.
>
> Don't forget to put up the filters, you really don't want the customer to
> inject arbitrary things into your routing...
>
> Also, do not make the customer part of your "normal" IGP - set up a
dedicated
> instance of whatever protocol you decide on for "talking to
customers", and
> carefully redistribute from there to your core routing protocol.

Link state IGP's don't filter well because, well, you can't really
filter LSA's (OSPF) or LSP's (IS-IS). You can filter the NLRI those
LSA's/LSP's carry, but you can't really filter the LSA's/LSP's themselves.

The problem with this then becomes a potential issue if a customer
running an IGP with you injects a troublesome LSA/LSP into your network.

Mark.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJVGGE/AAoJEGcZuYTeKm+G93gP/jA2Q/jo/vA+ppekp/KU1sYu
EUgX1XbSo3nOHWMz8dkEaQklABH+n9bv2mFmkbEuJHqdGc0lP4Ihhck9XV+oF/HU
8rmNdgUft4/ojTHQTnSr1KX6deqCnyw62DtKpCv4Y4jaj86oIw+boM8pKGorqmYE
/9S5VgCIKvAEX2756GAMT7txd2gZrwWfQDzmCitV9XUn2r1rFPB3vtWcFtyKgFEI
pDfMm41xP0w+g9sqpY7hzetmGlpOcB/VkMG4260T5l0zICMhwlMw+mnqOi9d3HLN
AK5f2pqYCPLK7ePkxrl41o8qaA1pUHA2TZD5A5bxeMuHVSwDt2hkWw6L8mCW9MO+
BcNTIghN6faAVFnPypkKxlMw4MHN3T8ISZ5OMA4JddDGAEEdY96blNG0dMmgBNvk
f374AqYM7BHQ8u0Gj2+99YZbigJrrCHJQh/WPveNPeWysxO5SyATjiNKyq5C/WtO
yTpX6crsf8IQSA2IPG1e7SesMJuAVwXIqTgWErHs8mcfMaeth1X9QO7WWL+LMpgi
kltGUbb6BuwKLR5u3kLvEkm/LNGhtd0IZeaAk4fgm5fdNfKsLK4RNtNfKFMqG5sw
EA4v4iAM7vOz13YEb7DVknR9xbLrzWOeSHDEHrzS3gEeaeqLXJ1881dFxtWB99vb
CmFnXiZqeBwAGPoIwfwb
=QBcy
-----END PGP SIGNATURE-----



More information about the cisco-nsp mailing list