Hi Erin,

On Thu, 12 Jun 2025 at 16:16, Erin Shepherd <bird-users@erinshepherd.net> wrote:

> Instead of just logging, we would really like to apply our "blame and shame" policy, i.e. make the invalid routes (in our case, anything with an OTC set) visible in our looking glass (similar to RPKI invalids). To do so, we'd need the "ineligible" routes to be imported into the main table, tagged in a sensible way.
> I understand that RFC9234 section 5 mandates that the behaviour wrt OTC attribute handling shall not be configurable by the operator. But ineligible does not require the route to be invisible (see section 3).
Does "import keep filtered on" preserve these routes (when viewed with "show route filtered")? (Now, I think that leaves questions around identifying the reason why a route was filtered etc. But that might be [the start of] an approach)

Looking at the code (calling WITHDRAW()) I couldn't find any interaction with 'import keep filtered'.

> Our current alternative is to avoid using BGP roles capability, but only implement OTC handling in filters.
A disadvantage of that, of course, is that you lose peer role checking (although peers supporting roles are very rare today - despite having run with OTC support enabled ourselves for a couple of years now, we have only one bilat on BCIX which advertises role support towards us)

Indeed, I'd miss the role validation in the session. Having thought about it, I am missing to see the advantage of that.

For proper handling of the OTC I need to know my role -- and I do, I am rs_server.

Provided the other side implements RFC9234 and has a local role set, we can look at the consequences of them setting their local role incorrectly:

- rs_client (as should be): they do not set OTC -> we will accept, we set OTC -> they will accept

- peer: they set OTC -> we will drop, we set OTC -> they will accept

- provider: they set OTC -> we will drop, we set OTC -> they will drop

- customer: they do not set OTC -> we will accept routes as expected, we set OTC -> they will accept

- rs_server: they set OTC -> we will drop, we set OTC -> they will drop

A misconfiguration of their role may cause routes not to be accepted, but since we are always flagging with OTC on export, we will not create additional route leaks. I'd call that fail-safe?!

As a reference: OpenBGPd 7.8+ distinguishes between setting the local role (and thus implementing OTC handling) and announcing the BGP roles capability.

André

André Grüneberg, Managing Director
andre.grueneberg@bcix.de

+49 30 2332195 42

BCIX Management GmbH
Albrechtstr. 110
12103 Berlin
Germany

Geschäftsführer/Managing Directors: Jens Lietzmann, André Grüneberg
Handelsregister: Amtsgericht Charlottenburg, HRB 143581 B