Way to store ROA info so we can accept but view?
Job Snijders
job at fastly.com
Mon May 30 17:09:36 CEST 2022
Hi Dan,
On Mon, 30 May 2022 at 17:00, Dan Mahoney <danm at prime.gushi.org> wrote:
> For my own point of view, we’re currently accepting all routes, even
> invalid.
>
> We’re using a BGP community so that when we sync things back to our
> central collector (which is just for research, like a looking glass) so we
> can send a report that says “at this site we got NN routes, YY invalid”.
>
> The community is not used in any way to make any decisions (on the fly
> decisions, I mean), nor is it passed on to any neighbors that route
> anything (only the collector).
>
That’s a decent approach, setting it up like you describe reduces the “BGP
churn blast radius” merely to your collector instance.
But my question about the user-defined attribute was that I’d like to be
> able to do more drill-down on the node itself. I’m seeing evidence where
> some of our peers claim to be rejecting RPKI invalid, but seem to be
> passing them on to us.
>
Something to consider, in any sufficiently large-sized network, the
likeliness of them propagating a (low) number of RPKI-invalid routes is
high. More details about how that could happen are here:
https://mailman.nanog.org/pipermail/nanog/2021-April/213346.html
Kind regards,
Job
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20220530/3d009e92/attachment.htm>
More information about the Bird-users
mailing list