> Note that routers do not perform prefix origin validation (compute > the validation state as defined in [I-D.ietf-sidr-pfx-validate]) > for IBGP learnt routes.
that is opposite of 6811 and running code When a BGP speaker receives an UPDATE from a neighbor, it SHOULD perform a lookup as described above for each of the Routes in the UPDATE message. The lookup SHOULD also be applied to routes that are redistributed into BGP from another source, such as another protocol or a locally defined static route. > In a network where all edge routers are capable and configured to > perform prefix origin validation on EBGP learnt routes it should not > be necessary to perform that function also on IBGP learnt routes internal router A has a nail-up for prefix P which it gates to ibgp. it is not (yet) validation capable, so does not realize it was fat fingered and does not own P. it announces ibgp to B, a border router within the AS which is validation enabled. you want B to catch the fat finger and not propagate it to a neighbor whose noc then calls you to tell you that you have net bad breath. validation of routes locally originated and those heard via ibgp is good sanitation. randy _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
