<div dir="ltr">That made me curious...<br><br>"Note: REALLY DONT store the validation state inside a bgp_community or bgp_large_community or bgp_ext_community variables. It can cause CPU & memory overload resulting in convergence performance issues."<br><br>Why that ( CPU & memory overload ) would happen?<br>Why is that different from a lookup against a Prefix List?</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em sáb., 28 de mai. de 2022 às 09:57, Dan Mahoney (Gushi) <<a href="mailto:danm@prime.gushi.org">danm@prime.gushi.org</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hey all,<br>
<br>
We're using RPKI in testing at the day job, and for a given route, it <br>
seems the best we can do is apply a community to it so we can see that <br>
it's invalid.<br>
<br>
A howto I've found says that this is a bad idea and can cause problems. <br>
(<a href="https://bgpfilterguide.nlnog.net/guides/reject_invalids/" rel="noreferrer" target="_blank">https://bgpfilterguide.nlnog.net/guides/reject_invalids/</a>)<br>
<br>
When you look at routes with something like "show route all", there's no <br>
field for the RPKI status or the ASes for which ROAs are allowed.<br>
<br>
So, the questions here is:<br>
<br>
1) My understanding of the way RPKI-RTR works is that it's basically <br>
handed a tuple of prefix and AS, and RTR says "valid", "invalid", or <br>
"unknown". It feels like to check for AS 0 ROAs, we'd basically have to <br>
do two lookups for each route that's otherwise invalid, which feels <br>
inefficient. Is there a better way?<br>
<br>
2) Can the output of "show route" be extended to include user defined <br>
fields, or are we locked into what's there?<br>
<br>
3) If not, we're limited to adding communities or MEDs or local prefs or <br>
something like that, which is a hack, but at least gives us some info we <br>
can view. Is that a dangerous trade off?<br>
<br>
-Dan<br>
<br>
-- <br>
<br>
--------Dan Mahoney--------<br>
Techie, Sysadmin, WebGeek<br>
Gushi on efnet/undernet IRC<br>
FB: <a href="http://fb.com/DanielMahoneyIV" rel="noreferrer" target="_blank">fb.com/DanielMahoneyIV</a><br>
LI: <a href="http://linkedin.com/in/gushi" rel="noreferrer" target="_blank">linkedin.com/in/gushi</a><br>
Site: <a href="http://www.gushi.org" rel="noreferrer" target="_blank">http://www.gushi.org</a><br>
---------------------------<br>
<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr">Douglas Fernando Fischer<br>Engº de Controle e Automação<br><div style="padding:0px;margin-left:0px;margin-top:0px;overflow:hidden;color:black;text-align:left;line-height:130%;font-family:"courier new",monospace"></div></div></div>