[c-nsp] RPKI extended-community RFC8097
Mark Tinka
mark.tinka at seacom.mu
Sat Apr 18 21:01:41 EDT 2020
On 18/Apr/20 16:05, Job Snijders wrote:
> And this comes on top of XE's lack of RFC 8212 compliance! The default
> settings on those Cisco IOS XE boxes really seem to set their owners up
> for failure.
>
> These devices - without explicit manual workarounds - will leak full BGP
> tables, loop traffic around, drop it on the floor, and attempt to take
> the rest of the Internet down with them, all in one go! thisisfine.jpg
>
> I wish IOS XE was more like Cisco IOS XR in this regard: XR provides
> clever visual clues if no policies are attached to an EBGP neighbor, and
> by default XR won't import or export BGP routes on EBGP sessions. This
> is a much safer approach to internet routing, probably has prevented a
> good many incidents. XR also doesn't require fiddling with communities
> to get RPKI OV going.
It's like they are two totally different companies, isn't it :-).
Who'da thunk it...
Mark.
More information about the cisco-nsp
mailing list