[6bone] no-export community not being honored
John Fraizer
tvo@EnterZone.Net
Sat, 3 Aug 2002 02:04:07 -0400 (EDT)
People not honoring "no-export" when redistributing routes:
109 announces 2002::/16 tagged with the "no-export" well-known community.
109
3ffe:c00:8023:4::1 from 3ffe:c00:8023:4::1 (128.107.240.254)
(fe80::806b:f0fe)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: no-export
Last update: Fri Aug 2 23:13:51 2002
The problem is, it appears that many people wipe this out, probably with "set community
none" or "set community nnnn:nnnn" without the "additive" modifier.
Here are a few examples of folks redistributing 109's "no-export" tagged route:
6175 109
3ffe:2900:d:e::1 from 3ffe:2900:d:e::1 (208.19.223.30)
(fe80::d013:df1e)
Origin IGP, metric 0, localpref 100, valid, external
Last update: Sat Aug 3 00:10:51 2002
6342 109 (history entry)
2001:750:E::5 from 2001:750:E::5 (200.33.111.6)
Origin IGP, localpref 100, external
Dampinfo: penalty 10785, flapped 459 times in 15:32:04
33 109
3FFE:1200:1002:1::81 from 3FFE:1200:1002:1::81 (204.123.18.254)
Origin IGP, localpref 100, valid, external
I know... Someone is going to say "This is the 6bone. We're
experimenting. We're learning."
OK. Here is a lesson: When you receive a prefix that has no-export
tagged, you don't export it. If you're running a route-map that clears
communities, it might be a good idea to NOT clear the
(local-AS|no-advertise|no-export) community. It's being set by the origin
AS for a reason.
---
John Fraizer | High-Security Datacenter Services |
EnterZone, Inc | Dedicated circuits 64k - 155M OC3 |
http://www.enterzone.net/ | Virtual, Dedicated, Colocation |