On Sat, 15 Jun 2019, Filip Hruska wrote:
In other words, if I have an upstream that uses 6939 for transit, I'm free to permanently prepend 6939 to stop propagation to that network? Isn't using a community that says "do not export to 6939" a better and much cleaner solution?
Sure, unless/until that doesn't work. In the case I recall where I used as-path poisoning, we were multihomed to two NSPs. For TE purposes, we'd been advertising a couple of more specifics to NSP1 with community strings to limit propagation. One day, NSP2 went from being a peer of NSP1 to a customer of NSP1. Generally, if a network even has customer usable propagation limiting community support, it's only applicable to their peers, not customers. So, when the peering relationship between NSP1 & NSP2 changed, our TE became less effective because NSP2 started receiving the more specifics from NSP1. The fix was to add NSP2's AS to the more specifics sent to NSP1...and to eventually get another transit provider.
You will have to explain that to SpamHaus and other organizations who are in the business (literally) of blacklisting all upstreams of "rogue" networks.
I think they have enough clue to notice "screwy as-paths". ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________