BGP: Disallow AS Sets by default (documentation)

The documentation needed to be updated as well to be consistent
with the code.

Related to #248.

diff --git a/doc/bird.sgml b/doc/bird.sgml
index 8c70e485c24653028e6c6909d146911b7c230896..76943fe727729098bb24c51fcd5313e95552a29d 100644 (file)
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -3283,14 +3283,15 @@ protocol bgp [<name>] {
        other means. Default: 0 (no local AS number allowed).
 
        <tag><label id="bgp-allow-as-sets">allow as sets <m/switch/</tag>
-       AS path attribute received with BGP routes may contain not only
-       sequences of AS numbers, but also sets of AS numbers. These rarely used
-       artifacts are results of inter-AS route aggregation. AS sets are
-       deprecated (<rfc id="6472">), and likely to be rejected in the future,
-       as they complicate security features like RPKI validation. When this
-       option is disabled, then received AS paths with AS sets are rejected as
-       malformed and corresponding BGP updates are treated as withdraws.
-       Default: on.
+       Historically, AS path attribute received with BGP routes may have
+       contained not only sequences of AS numbers, but also sets of AS numbers.
+       These rarely used artifacts were results of inter-AS route aggregation.
+       AS sets are deprecated (<rfc id="6472">, <rfc id="9774">) and AS paths
+       containing them (or AS confed sets) are considered malformed.
+       Corresponding BGP updates are therefore treated as withdraws.
+        When this option is enabled, then received AS paths containing these
+        deprecated AS sets or AS confed sets are accepted.
+       Default: off (since 2.18 and 3.2).
 
        <tag><label id="bgp-enforce-first-as">enforce first as <m/switch/</tag>
        Routes received from an EBGP neighbor are generally expected to have the