Way to store ROA info so we can accept but view?
Dan Mahoney
danm at prime.gushi.org
Mon May 30 14:15:23 CEST 2022
> On May 30, 2022, at 8:04 AM, Douglas Fischer <fischerdouglas at gmail.com> wrote:
>
> That made me curious...
>
> "Note: REALLY DONT store the validation state inside a bgp_community or bgp_large_community or bgp_ext_community variables. It can cause CPU & memory overload resulting in convergence performance issues."
>
> Why that ( CPU & memory overload ) would happen?
> Why is that different from a lookup against a Prefix List?
Prefix lists are on-device only. As are the attributes I was asking about. Communities...aren't.
Unless you're insanely careful to strip them, these are passed along to peers and cause reconvegence issues and recalculation issues down the chain.
"It is considered harmful to manipulate BGP Path Attributes (for example LOCAL_PREF or COMMUNITY) based on the RPKI Origin Validation state. Making BGP Path Attributes dependent on RPKI Validation states introduces needless brittleness in the global routing system as explained here. Additionally, the use of RFC 8097 is STRONGLY ABSOLUTELY NOT RECOMMENDED. RFC 8097 has caused issues for multi-vendor network operators."
(Since this is a plain text mail, I'll expand that link)
https://mailarchive.ietf.org/arch/msg/sidrops/dwQi9lgYKRVctdlMAHhtgYkzhSM/
-Dan
More information about the Bird-users
mailing list