Expiration for ROA tables until when the VRP is valid?
Job Snijders
job at fastly.com
Tue Mar 7 01:17:55 CET 2023
On Tue, Mar 07, 2023 at 01:01:36AM +0100, Robert Scheck wrote:
> On Sun, 19 Sep 2021, Robert Scheck wrote:
> > rpki-client recently implemented the "expires" instruction for roa-sets
> > that OpenBGPD provides [1][2]. As of writing, BIRD does not seem to have
> > something similar...any chance for it? From my understanding this only
> > applies to included ROA files with VRP, not to RTR.
> >
> > [1] https://man.openbsd.org/bgpd.conf#roa-set
> > [2] https://github.com/rpki-client/rpki-client-openbsd/commit/7bf63da6ec80f37bd72dbab99a5a71cee5707dc2
>
> Please let me kindly repeat my initial question from about 1.5 years ago:
> Is there any chance for getting this feature into BIRD, too? Job provided
> some more details and insights as part of the original thread:
>
> - https://bird.network.cz/pipermail/bird-users/2021-September/015725.html
> - https://bird.network.cz/pipermail/bird-users/2021-September/015726.html
Related, RPKI-To-Router implementation StayRTR recently received support
for honoring configured expiration timers for individual RPKI VRPs. [1]
When the expiration moment (noted as a unix timestamp) of a given RPKI
ROA/VRP has arrived, the StayRTR daemon will emit RTR Withdraws towards its
clients for that ROA/VRP.
Indeed, OpenBGPD (when loading VRPs from on-disk configuration) also
supports similar functionality, which has proven to make various
deployment scenarios less prone to faults in configuration pipelines.
I'd love it if BIRD also allows operators to specify the expiration
moment of a given ROA/VRP in the on-disk configuration through a
keyword + timestamp.
Kind regards,
Job
[1]: https://github.com/bgp/stayrtr/commit/13659dd27e1b792dd2a7b9f439ef0a4159d862d9
More information about the Bird-users
mailing list