Relaxed handling of OTC attribute

Maria Matejka maria.matejka at nic.cz
Fri Jun 13 00:50:49 CEST 2025 

Hello André,

there is no such feature you are looking for.

The rest of this message is my personal speculation which I may just later say strict no-no-no-never to after discussing with the rest of the team.

I'm thinking about a controversial approach, kinda disgusting, kinda blasphemy, a configuration knob which you could set in BGP channel (if implemented), e.g. like this

    import invalid;

and then you would get all routes including the bad ones, just marked with another attribute like "invalidity reason" which could be probably even displayable in the table. These routes would stay rejected even if you call "accept" on them by mistake.

Or, if you wanna go really messy, you could

    import invalid allow accept;

and you already probably know what happens. That's very cursed though and there will be certain people yelling at me for even thinking about this.

Obviously you need import keep filtered for all this to work well.

I'm absolutely unknown whether this sacrilegious abomination ever gets even slightly more thoughts on our side… but simply by looking at your email, this may be something you may probably theoretically like to go for.

Happy routing!
Maria


On June 12, 2025 3:33:37 PM GMT+02:00, "André Grüneberg" <andre.grueneberg at bcix.de> wrote:
>Hi Bird team,
>
>We are currently evaluating the implementation of RFC9234 for our IXP route
>servers. Looking at it naively, one just needs to set local role rs_server
>in the protocol. And indeed, routes from peers will be rejected and this is
>logged.
>
>Instead of just logging, we would really like to apply our "blame and
>shame" policy, i.e. make the invalid routes (in our case, anything with an
>OTC set) visible in our looking glass (similar to RPKI invalids). To do so,
>we'd need the "ineligible" routes to be imported into the main table,
>tagged in a sensible way.
>
>I understand that RFC9234 section 5 mandates that the behaviour wrt OTC
>attribute handling shall not be configurable by the operator. But
>ineligible does not require the route to be invisible (see section 3).
>
>Would it be possible to implement a more relaxed behaviour by allowing the
>import of ineligible routes (but never export)?
>
>Our current alternative is to avoid using BGP roles capability, but only
>implement OTC handling in filters.
>
>Thanks and best wishes,
>André
>-- 
>André Grüneberg, Managing Director
>andre.grueneberg at bcix.de
>+49 30 2332195 42
>
>BCIX Management GmbH
>Albrechtstr. 110
>12103 Berlin
>Germany
>
>Geschäftsführer/Managing Directors: Jens Lietzmann, André Grüneberg
>Handelsregister: Amtsgericht Charlottenburg, HRB 143581 B

-- 
Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20250613/b91b40b8/attachment.htm>

More information about the Bird-users mailing list