[j-nsp] bgp maxas-limit - JUNOS equivalent ???
Masood Ahmad Shah
masood at nexlinx.net.pk
Fri Feb 20 12:46:14 EST 2009
I agreed with something Jared said. You never know whom you are going to
connect next to (Cisco :)).
Save yourself n Save Others
Regards,
Masood
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Jared Mauch
Sent: Friday, February 20, 2009 10:34 PM
To: Richard A Steenbergen
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] bgp maxas-limit - JUNOS equivalent ???
On Feb 20, 2009, at 12:13 PM, Richard A Steenbergen wrote:
> On Fri, Feb 20, 2009 at 02:21:24PM +0100, david.roy at orange-
> ftgroup.com wrote:
>>
>> Hi,
>>
>> You can do it via a policy like this :
>>
>> Here MAX AS PATH equal to 20.
>
> Don't get too overzealous here. From my perspective I currently see
> over
> 160 prefixes with as-path >= 20, so blocking them would break
> legitimate
> announcements for no good reason. There was nothing out-of-spec or
> invalid about the > 255 as-path, it was purely an implementation bug
> on
> vendor C's part.
I really feel the need to echo this, if you have a cisco device that
reset the bgp session as a result of this (technically) valid AS-PATH
you need to be careful to not suppress valid routes and isolate your
network from part of the world. Perhaps you don't care, but having
seen people not update bogon prefix lists, I fear the same here if not
well maintained. You really should manage your IOS code as necessary
and not add these config bits until you know when you're removing them.
- Jared
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list