On (2013-08-01 11:35 +0400), Alexandre Snarskii wrote: > You can match flow actions by extended communities and not accept > actions you do not like. For example, to permit only "discard" action > you can match > > community flow_discard members traffic-rate:*:0; > > Or am I missing something ?
No you're not missing anything. This is what I implied with 'likely', I feel validation check should guarantee eBGP safety as most operators won't deploy additional security via manual config, because issue isn't mentioned in RFC or vendor docs. -- ++ytti
