RPKI validation troubles

[Julien Sansonnens]

Hi everybody,

I'm using bird 2.0.7 and experience some troubles with RPKI validation.

here is my config (relevant parts only):

roa6 table r6;
protocol rpki validator {
roa6 { table r6; };
remote "XXXXXX" port 8282;
}

protocol bgp XXXX{
ipv6 {
import keep filtered;
import filter {
if ( roa_check( r6, net, bgp_path.last ) = ROA_INVALID ) then {
 reject;
}
else
.......

I know that ROA support is still incomplete in BIRD. So I specified a
connection delay for my BGP peers to wait for the r6 table to be filled.
I thought my filter was working fine, and this morning I noticed that there
were some invalid routes in my table.
However, the status of these routes does not vary, they have not changed
from valid to invalid, they have been invalid for years. It's not their
status that has changed, it's my filters that suddenly don't work anymore
(on some pairs only).
Have you ever had this problem ?
So, I take advantage of asking if the next version of BIRD will include
more complete ROA support?

cheers, julien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20201127/c70e51b0/attachment.htm>