Expiration for ROA tables until when the VRP is valid?
Ondrej Zajicek
santiago at crfreenet.org
Tue Mar 7 12:52:16 CET 2023
On Tue, Mar 07, 2023 at 01:01:36AM +0100, Robert Scheck wrote:
> On Sun, 19 Sep 2021, Robert Scheck wrote:
> > rpki-client recently implemented the "expires" instruction for roa-sets
> > that OpenBGPD provides [1][2]. As of writing, BIRD does not seem to have
> > something similar...any chance for it? From my understanding this only
> > applies to included ROA files with VRP, not to RTR.
> >
> > [1] https://man.openbsd.org/bgpd.conf#roa-set
> > [2] https://github.com/rpki-client/rpki-client-openbsd/commit/7bf63da6ec80f37bd72dbab99a5a71cee5707dc2
>
> Please let me kindly repeat my initial question from about 1.5 years ago:
> Is there any chance for getting this feature into BIRD, too? Job provided
> some more details and insights as part of the original thread:
>
> - https://bird.network.cz/pipermail/bird-users/2021-September/015725.html
> - https://bird.network.cz/pipermail/bird-users/2021-September/015726.html
Hi
I completely missed/forgot about this. If i understand it correctly,
it is relevant just for static ROA records? I assume these expiration
records are based on wall-clock time instead of relative time?
It is a question whether we should handle expiration of such static routes
properly / dynamically, or just a one-time check during reconfiguration.
That would be order of magnitude simpler, but it is also a thing that
could be done by a trivial script preprocessing the included config file
with static ROA records.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list