roa_check not re-evaluating after roa table update
Stefan Plug
spl at ecix.net
Fri Jun 9 13:17:08 CEST 2017
Hi guys,
Bird 1.6.3
Just testing about with the RPKI roa_check and it seems that my routes are not being re-evaluated after a "configure" when my roa table is updated.
I do this check during the import phase so the routes are already in the table once I update the roa table.
simple check example:
roa table roa_table {
roa 200.0.0.0/24 max 24 as 1340;
}
if (roa_check( roa_table, net, bgp_path.last)) = ROA_INVALID then {
if hardFilterRPKI > 0 then {
return false;
}
else {
return true;
}
}
Now I update the config to:
roa table roa_table {
roa 200.0.0.0/24 max 24 as 1340;
roa 200.0.0.0/24 max 24 as 1339;
}
When I now reconfigure BIRD this makes no changes at all. If I restart BIRD and thus the routes get re-sent then they do both get through the check as
expected. when adding/deleting roa entries using the command line I see the same behaviour.
Do note when I change the "hardFilterRPKI" which decides to actually filter or not, then the routes DO get re-evaluated like they should.
Can anyone else also confirm this behaviour? Am I doing something wrong?
Stefan
More information about the Bird-users
mailing list