27 Mar
2015
27 Mar
'15
6:10 a.m.
On 27/Mar/15 12:03, Job Snijders wrote:
Sure, but even that might not always prevent the fake paths from leaking to your eBGP neighbors. For instance, not too long ago there was this bug:
"Routes learned with the no-export community from an iBGP neighbor are being advertised to eBGP neighbors. This may occur on Cisco ASR 9000 Series Aggregation Services Routers." (don't remember BugID)
In other words: it can happen to the best of us.
Your upstream could also re-write any BGP communities you attach to your BGP updates; so unless co-ordinated, there is no real guarantee a NO_EXPORT community will be maintained/honoured within your upstream's network. Mark.