> it doesnt appear to function as raszuk described.
Let me point out that heasley is looking at completely different knob
which has nothing to do with replace as path policy extension.
The correct pointer is: http://goo.gl/xVToJ
Rgs,
R.
Wed, Mar 28, 2012 at 05:00:43PM +0000, Murphy, Sandra:
Replacing ASs in the AS_PATH sounds like a behavior you would want the security
protections to prohibit. It would enable attacks.
Can you explain how you would distinguish legitimate uses of this feature?
I've not used this feature, but from cisco's documentation, it doesnt appear
to function as raszuk described.
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t11/feature/guide/gtbgpdas.html
if local-as is configured for a peer(-group), ie: if configured to peer as
a different AS than your own, such as for merging two ASes or changing your
ASN, then:
"The replace-as keyword is used to prepend only the local autonomous-system number
(as configured with the ip-address argument) to the AS_PATH attribute. The
autonomous-system number from the local BGP routing process is not prepended."
though I think that is unclear, I interpret it to mean that if my ASN is 1
and, I peer as ASN 2 with ebgp peer 3, then a route received from AS 3 will
have the path [2 3], but if configured with replace-as, it will be [3].
I do not believe that the feature allows the arbitrary replacement of AS path
elements.
--Sandy
________________________________________
From: sidr-boun...@ietf.org [sidr-boun...@ietf.org] on behalf of Robert Raszuk
[rob...@raszuk.net]
Sent: Wednesday, March 28, 2012 12:43 PM
To: Christopher Morrow
Cc: i...@ietf.org List; Paul Jakma; sidr wg list
Subject: Re: [sidr] [Idr] AS_SET depreciation (RFC6472) and BGP multipath
Are we going to freeze any AS_PATH modifications by operator's policy too ?
I mentioned replace-as which all major vendors support. There can be more
knobs like this coming in the future.
replace as i think is dealt with .... sign again and pcount=0 and move along.
replace-as allows to replace any arbitrary match of list of ASes in the
AS_PATH by your own AS. Does not need to be the last one.
I don't think SIDR has a solution to deal with such policy.
Best regards,
R.
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
_______________________________________________
Idr mailing list
i...@ietf.org
https://www.ietf.org/mailman/listinfo/idr
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
