Hi,
I'm saying I would *LIKE* to, not that it's possible today. The ASBR is advertising the labels to be used _towards it_ over the bgp session to the other AS so _it_ knows what labels are valid and what it should accept on ingress from the other AS. A feature implementing this as an ACL just doesn't currently exist. URPF is relevant in the sense that originally it wasn't available and people who cared did ingress spoof acls by hand. I don't want to do things by hand, automating is the key. Infrastructure ACLs similarly protect your network on the edges. My point was that these were features people did not have before but once they became available some people have been using them to their satisfaction. Kaj :) > From: Daniel Holme <[email protected]> > Date: Thu, 10 Sep 2009 02:50:19 -0700 > To: Daniel Holme <[email protected]>, Kaj Niemi <[email protected]> > Cc: <[email protected]>, Francisco <[email protected]>, > <[email protected]> > Subject: RE: [OSL | CCIE_SP] Inter-AS VPN Option B and send-label > > However (and I'm sorry for the spam), I don't fully understand how URPF > or interface ACL is relevant on an interface used for inter-AS VPN. URPF > will just do a lookup for IPv4 packets, which would be the directly > connected neighbour and not any VPN prefixes as they are essentially > label switched by CEF. > > To be clear, we are talking here about option-B where there is a VPNv4 > BGP session on a link between two SP. NHS option sends traffic across > the path with one label (VPN) and send-label option uses two labels > (IPv4, VPN). > > Are you saying that you can configure an iACL permitting the VPN routes > and the ACL will filter labelled packets? This isn't something I've > tried before, I've only filtered in the control-plane. > > Obviously, there is no LDP here so label filtering there isn't an > option.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
