Gyan, Section 5.3 and 5.4 cover GRT option and 5.3 using RFC 5549 next hop > encoding. In this case using GRT transport underlay layer now carry’s the > customer routes and that is what Warren and Andrew concern is as far as BGP > leaks. >
I would have the same concern so would VPN customers. No one is selling L2 or L3 VPN service to them distributing their reachability in the global routing table. They can do that all by themselves and there is lot's of really solid tools or products to do that already without being locked to a single telco. So when GRT is used the same edge filtering protection mechanisms used > today for MPLS and SR-MPLS would apply to SRv6 for GRT use case. > Not possible. It is not about filtering ... it is all about using globally routable SAFI vs private SAFIs to distribute customer's reachability, IMO that should still be OTT only. I don’t think we are saying 5.3 or 5.4 should not be allowed but just to > tighten up verbiage as far securing the domain. > BGP filtering or policy is in hands of many people. As has been proven you can not tighten them strong enough not to leak. The only natural way to tighten them is to use different plane to distribute private information what in this context means at least different BGP SAFI. So no - I do not agree with your observations. However I am for providing overlay reachability over global IPv6 Internet to interconnect customer sites. But routing within those sites should not be traversing Internet routers and using SAFI 1. Rgs, Robert.
_______________________________________________ BESS mailing list BESS@ietf.org https://www.ietf.org/mailman/listinfo/bess