On 25 Sep 2017, at 16:45, Paul Wouters wrote:
This document basically states that people doing network maintenance
so often
make mistakes that leak into the global BGP table, that it would be a
good idea
to just firewall all the BGP traffic going out of your network edge as
a
preventive measure. It's a sad state of software/firmware that an
external
firewalling process is deemed necessary to properly (re)configure BGP.
Hi Paul,
I am afraid you have got the wrong end of the stick here. This technique
is intended for IXP and other L2 operators, not those who operate BGP
speakers / IP networks. It is a workaround to unwanted blackholing of
traffic as a result of the dataplane being broken whilst waiting for BGP
holdtimers to expire - nothing to do with actual BGP route policy.
I gave a presentation earlier this year at the UK Network Operators
Forum which attempts to explain this
https://indico.uknof.org.uk/event/39/contribution/8
Regards,
Will