Version 2.0.0-pre1
Wilco Baan Hofman
wilco at baanhofman.nl
Tue May 2 12:56:00 CEST 2017
On 01/05/17 17:27, joel jaeggli wrote:
> On 5/1/17 8:12 AM, Charles van Niman wrote:
>> I would also support this change.
>>
>> Currently, on software that doesn't have this policy, I feel my only
>> safe action is to install sessions disabled, ensure that an import and
>> export filter is in place, and only then enable a session. Avoiding this
>> action, and following draft-ietf-grow-bgp-reject makes this more
>> convenient and safer for all I feel. There is something to be said for
>> the disruption of default behavior change, but I think a major point
>> release is one of the best opportunities to do this.
> In general I find it necessary to template safe by default import/export
> policy,and then apply more progressive policy, irrespective of platform.
>
> given that the minimal policy neccessary to over-ride a safe by default
> import policy is something like:
>
> accept;
>
> that seems like a pretty low bar.
>
I agree, and a major bump is the perfect time to do it!
If necessary, converting existing configuration is also simple, the
upgrade script can check for the presence of an import policy, if it's
not there, then accept all is assumed, an explicit policy can be added
for it during the upgrade.
-- Wilco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20170502/8ef3bfa4/attachment.asc>
More information about the Bird-users
mailing list