[j-nsp] mx-class units now advertisement management interface networks in BGP
Jo Rhett
jrhett at netconsonance.com
Thu Sep 27 18:37:17 EDT 2012
On Sep 27, 2012, at 1:21 PM, Kevin Wormington wrote:
> I haven't tested this but I think:
>
> term term1 {
> from {
> protocol [ direct static ];
> interface fxp0.0;
> }
> then reject;
> }
Nice, thanks.
> In our policies we explicitly allow prefixes we want in BGP and deny everything else by default so it's not really an issue. In my experience that is pretty much standard practice for BGP...otherwise you could accidentally leak all sorts of nasty things.
Externally of course we do. I'm not in love with the way iBGP was set up here, but they apparently wanted "all routes everything" kind of internal sharing. Obviously however it's much better to share "everything I will route a packet to", of which fxp0 doesn't qualify.
--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.
More information about the juniper-nsp
mailing list