Internet2 Network Security SIG

["Dale W. Carder" <>]

The same thinking exists in the openconfig models from what I can tell
as well:  https://github.com/openconfig/public/issues/141

(If you're using openconfig, feel free to pile on ;-)

Dale


Thus spake Jeff Bartig 
()
 on Wed, May 23, 2018 at 09:50:49PM -0500:
> Hi John,
> 
> Yes, I would be supportive of these features.  I'd prioritize the back
> reference feature higher, since it is something that isn't possible today,
> while GTSM is possible, but not as easy as it could be.
> 
> Jeff
> 
> On 5/18/18, 11:47 AM, John Kristoff wrote:
> > Friends,
> > 
> > You may remember last year I solicited support for an enhancement
> > request to harden the NTP daemon on Junos.  This request has been filed
> > with Juniper.
> > 
> > I'm thinking of two more I'd like to submit and am wondering if there
> > would again be support from this community.  These are:
> > 
> > * enhanced GTSM support for BGP sessions
> > 
> >    Utilizing GTSM for BGP peering sessions is not often used, because it
> >    it is not enabled by default and it requires non-trivial firewall
> >    filters to actually enforce.
> > 
> >    Perhaps add a min-ttl setting under protocols bgp?  Should the value
> >    of 255 be the default so future generations can use a min-ttl setting?
> > 
> > * backreferences in AS path regular expressions
> > 
> >    Cisco provides this feature and I have at least one use-case for it.
> >    I'd like to be able to match an as-path that contains some number of
> >    repeated ASNs (prepending) in order to apply a particular policy
> >    (e.g. adjust LOCAL_PREF or reject the announcement altogether).
> > 
> > I'm curious if anyone here would find these two enhancements desirable
> > and if you'd be willing to sign on to a request to Juniper in support.
> > 
> > John
> 
> -- 
> Jeff Bartig
> Interconnection Architect
> Internet2 AS11164 <http://as11164.peeringdb.com/> / AS11537
> +1-608-616-9908
>