Ah, when you filter the label you filter them based on the IP prefix right?
I thought you were talking about filtering the actual label value (I wasn't sure how you would achieve that tbh), which would have changed upon reload. In that case, sure! :-) --Dan > -----Original Message----- > From: Kaj Niemi [mailto:[email protected]] > Sent: 10 September 2009 10:21 > To: Daniel Holme > Cc: [email protected]; Francisco; [email protected]; Jo > Knight; Bryan Bartik > Subject: Re: [OSL | CCIE_SP] Inter-AS VPN Option B and send-label > > I would prefer to. > > For quite a while ago people did ingress spoof acls by hand (or by script) - > those that did them at all. Once urpf came along people kind of stopped > doing that because the way urpf is implemented is that it's automatic. Still > doesn't mean the whole world uses urpf or even spoof acls in 2009 but those > that use them tend to believe that they're effective. Similarly iACLs > protect your network if you bother to implement them. Why wouldn't I want to > filter on labels if I had the choice? IF implemented properly it should be > one more option under the interface config and that's that. > > The other side reloading their box isn't a problem as I'd filter on ingress > ;-) > > > > Kaj > > > > > From: Daniel Holme <[email protected]> > > Date: Thu, 10 Sep 2009 01:59:38 -0700 > > To: Kaj Niemi <[email protected]> > > Cc: <[email protected]>, Francisco <[email protected]>, > > <[email protected]>, Jo Knight <[email protected]>, Bryan Bartik > > <[email protected]> > > Subject: RE: [OSL | CCIE_SP] Inter-AS VPN Option B and send-label > > > > Would you perform label filtering from a foreign AS with which you were > > doing inter-AS VPN option B. > > > > What if they reloaded their box and changed all their labels? This email has been scanned for all viruses. Please consider the environment before printing this email. The content of this email and any attachment is private and may be privileged. If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised. If you have received this email in error please notify the sender by email and delete this message and any attachments immediately. Nothing in this email shall bind the Company or any of its subsidiaries or businesses in any contract or obligation, unless we have specifically agreed to be bound. KCOM Group PLC is a public limited company incorporated in England and Wales, company number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE. 118288 - KCOM UK Directory Enquiries. Calls will cost no more than 49p connection + 14p per minute including VAT from a KC or BT landline. Call charges from mobiles and other networks may vary. If you are calling from a mobile you will now receive your requested number via text message. You will not be charged for the text message. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
