On Wed, 6 Feb 2019 at 13:55, <adamv0025@netconsultings.com> wrote:
Hi folks,
This “RTBH no_export” thread made me wonder what is the latest view on BGP community bleaching at the edge (in/out).
Anyone filtering extended RT communities inbound on NOSes that accept extended communities by default? Yeah about that…
Hi Adam, I think Junos is an example of a NOS that advertises extended BGP communities by default (and accepts them without scrubbing). It seems "not ideal" to me (by which I mean there could be potential for BGP NLRIs to be processed in an undesired way). However, I think that ext-comm information sent in NLRI UPDATES over an AFI/SAFI 1/1 or 2/1 session aren't processed. I haven't got the time to lab this right now but, I guess one question would be if (for example) a CPE sends a BGP UPDATE over an 1/1 or 2/1 session into a PE inside a VRF, with ext comm attached, when the UPDATE is advertised to another PE over a 1/128 or 2/128 session will that remote PE process the ext-comm value the CPE sent to the initial PE in the 1/1 or 2/1 session? What if that CPE was in instead a transit or peering partner and you're running an Internet-in-a-VRF design, can anyone on the Internet send routes into your edge PE and, with the correct ext-comm, have them importing into another L3 VPN? Cheers, James.