Hi, > On XE and Classic: > 1. you can only preform validation on eBGP-received routes; > 2. any iBGP-received route will get marked "Valid" unless it has a 8097 > extcomm to the contrary; and > 2. bestpath selection will prefer "Valid" to "Unknown", at the first- > step in the selection process. > > Thus, without 8097 extcomms to mark validation status, you get a > forwarding loop for every prefix that a) you learn at two-or-more ASBRs > and b) has no covering ROA. > That's the majority of the DFZ table for any multihomed AS.
Thanks for the warning! Sander
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
