<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 4/29/24 19:33, Job Snijders wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAMFGGcAKEk19C9Mke3hOQCYhPUdH6PLyqcWW_ssHh9zfO0tw6w@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div>On Mon, 29 Apr 2024 at 21:27, Nigel Kukard via Bird-users
<<a href="mailto:bird-users@network.cz"
moz-do-not-send="true" class="moz-txt-link-freetext">bird-users@network.cz</a>>
wrote:<br>
</div>
<div>
<div class="gmail_quote">
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div>Hi there Richard,</div>
<div><br>
</div>
<div>On 4/29/24 19:14, Richard Laager wrote:<br>
</div>
<blockquote type="cite">
<pre>Perhaps I am naive, but I assumed one would validate RPKI on the eBGP edge and simply reject INVALID routes.
Why would one want to accept INVALID at all?
If we agree one would reject INVALID, then what is left to tag?</pre>
</blockquote>
<p>For my specific use case I wanted to add a community
for VALID and UNKNOWN. I'm going to look into the
non-transitive extended communities to see how this
works out.</p>
</div>
</blockquote>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">Sure, but why add such communities? It reduces
performance and doesn’t add security benefits.</div>
<div dir="auto"><br>
</div>
<div dir="auto">OTOH - it can satisfy curiosity about where
traffic is flowing - then again, using a traffic analyser
like pmacct or Kentik helps offer insight how much traffic
is going to Valid vs Not-Found destinations, without the
need to add any communities.</div>
<div dir="auto"><br>
</div>
<div dir="auto">I’m not saying you shouldn’t pursue adding a
few non-transitive extended communities here and there for
your use case; just that generally speaking, operators
probably should not apply different policies for Valid and
Not-Found states. </div>
<br>
</div>
</div>
</blockquote>
<p>Well, basically to summarize, I have quite a number of edges. My
filtering occurs on the edges, including filtering of INVALID. I'm
using bird to gather all prefixes from all routers using add-paths
so I can easily do searches on my dashboard and graphically map
paths to destinations and visually see other possible paths that
are not best path. As my filtering occurs on the edge I don't have
a way on my dashboard to see if the prefix was VALID or UNKNOWN.</p>
<p>I thought it would be something useful to see so I can color the
routes that are VALID in a dark green or have a small green box
with [RPKI VALID] in it next to the prefix. But I certainly see
the points raised.<br>
</p>
<p>It's not used for anything more than analysis and visual display.</p>
<p>I'm looking into pmacct and Opensearch to see if I can get
Netflow/IPFIX data to help with insight into traffic flows
(slightly different to visually seeing possible traffic paths).
I'm very new to Elasticseach and Opensearch though and would
appreciate if anyone has any recommendations of opensource
platforms I can use to give me some info from Netflow/IPFIX data
I'd really appreciate it.</p>
<p>I did check out Kentik and Elastiflow, but my network is small
and doesn't really have the income to support a paid product right
now if I can achieve reasonable results with other options.<br>
</p>
<p>-N<br>
</p>
</body>
</html>