North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Route Reflector architecture and how to get small customer blocks in to BGP?
On Sun, Jan 28, 2007 at 10:59:50AM -0700, Danny McPherson wrote: [snip] > o If you're going to use redistribution - or not - ensure that all > external advertisement policies require explicit match of advertise > communities and default is to deny This should be just good security policy. I think of it as a network-level instance of "that which is not expressly permitted is denied" which everyone applies for services on their hosts, right :-) Cheers, Joe -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
|