[c-nsp] RPKI extended-community RFC8097

Robert Raszuk robert at raszuk.net
Sat Apr 18 07:20:58 EDT 2020


Right Saku - the filtering is best to be done on the ASBRs facing eBGP.

However in some topologies you may not have all paths on all ASBRs and
there you need to validate on all BGP speakers (or at least RRs). If you do
have all external paths on all ASBRs - case solved - leave IBGP alone.

Using BGP predefined ext communities is one way to enable origin validation
on all your routers. Then if you do you may want to enable or disable
invalid paths to be best path eligible. By default they would not be part
of best path.

If you like to only deprefer them I am marking them with local pref and do
not need to touch any of the IBGP routers.

I guess this is a bit bigger discussion what are you really using origin
validation for.

Thx,
R.



On Sat, Apr 18, 2020 at 1:03 PM Saku Ytti <saku at ytti.fi> wrote:

> On Sat, 18 Apr 2020 at 13:47, Antonio Prado via cisco-nsp
> <cisco-nsp at puck.nether.net> wrote:
>
> > If not, can you elaborate on the reasons?
>
> I read this question as you think carrying the information in iBGP is
> the norm, I view it as an exception. I'm not sure why you'd want to do
> that, so I'm curious to hear what is your use-case for needing it.
>
> --
>   ++ytti
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list