>>
>> If that is the case, having a set of policy objects expressing AS
>> relationship should do the same
>> thing and more with less overhead? (yes, I know that data integrity becomes
>> an issue, but data
>> integrity is always an issue.)
I was deliberately keeping away from participating
> If that is the case, having a set of policy objects expressing AS
> relationship should do the same thing and more with less overhead?
real policy is per prefix, customer, peer, and things disgustingly more
complex, with complications of backdoor relationships, ibgp policies to
implement regiona
On Mon, Feb 28, 2011 at 11:28 PM, Andrew Lange
wrote:
>
> If that is the case, having a set of policy objects expressing AS
> relationship should do the same
> thing and more with less overhead? (yes, I know that data integrity becomes
> an issue, but data
> integrity is always an issue.)
if y
John,
To reply to my own message, after reading through the rest of this chain.
Is all we're trying to do here is to establish a "custodial chain" of a route
to prevent some ill-behaving AS in the middle attempting to hijack a route,
effectively by pretending that the source AS is behind it, s
Geoff,
My reasoning is that without a specific policy statement, such as "B should
be announcing this route, signed A", then we can demonstrate that B did
announce it, but not if B should have announced it. With that policy object
then we can construct the route filter to check that not onl
Sriram,
Why would you accept a route de-aggregated by an upstream? If signed
route-object says AS_A owns and announces only the route 1.2.3.0/20 and I'm
seeing 1.2.3.0/21 from AS_B, the route filter should be configured not to
accept more specifics. If AS_A wants to de-aggregate, it can spli
John,
But wouldn't a record of an existing announcement also show that AS_B did in
fact announce which of AS_A's routes and in what form? Why does it need to be
signed if all we want to do is record what happened? Perhaps I'm missing
something
Andrew
On Feb 24, 2011, at 5:27 AM, John G.