As I understand it we finally have a semi route based solution where only one TS will be used for 0.0.0.0/0 and then use an eBGP session with the remote VPN peer over a tunnel subnet allowing for routing of local and autoVPN subnets to external networks.
The only disturbing thing I found with this is that the local MX will advertise ALL local VPN enabled networks in addition to the AutoVPN received iBGP routes which basically means your entire enterprise... and also inbound you will receive all the routes the peer sends you. Since BGP is a trust based system...
Question 1: Are there plans to make in and outbound filtering of routes available per BGP session? Question 2: Does this work seamless with VPN subnet translation? Question 3: Is there a way to filter outbound or inbound packets over the IPsec VPN? Question 4: When will we finally have the ability to just use static route based VPN's and control which local subnets we announce to which peer? Both route based and policy based.
