Relaxed handling of OTC attribute

[Erin Shepherd]

On Thu, 12 Jun 2025, at 15:33, André Grüneberg wrote:
> Hi Bird team,
> 
> We are currently evaluating the implementation of RFC9234 for our IXP route servers. Looking at it naively, one just needs to set local role rs_server in the protocol. And indeed, routes from peers will be rejected and this is logged.
> 
> Instead of just logging, we would really like to apply our "blame and shame" policy, i.e. make the invalid routes (in our case, anything with an OTC set) visible in our looking glass (similar to RPKI invalids). To do so, we'd need the "ineligible" routes to be imported into the main table, tagged in a sensible way.
>
> I understand that RFC9234 section 5 mandates that the behaviour wrt OTC attribute handling shall not be configurable by the operator. But ineligible does not require the route to be invisible (see section 3).

Does "import keep filtered on" preserve these routes (when viewed with "show route filtered")? (Now, I think that leaves questions around identifying the reason why a route was filtered etc. But that might be [the start of] an approach)

Now, I admit that swicthing to that for all filtering reasons probably involves quite a bunch of changes to the bird configs that IXPs use today, which is definitely a bit unnerving. 
 
> Would it be possible to implement a more relaxed behaviour by allowing the import of ineligible routes (but never export)?
> 
> Our current alternative is to avoid using BGP roles capability, but only implement OTC handling in filters.

A disadvantage of that, of course, is that you lose peer role checking (although peers supporting roles are very rare today - despite having run with OTC support enabled ourselves for a couple of years now, we have only one bilat on BCIX which advertises role support towards us)

- Erin