BIRD 2 does not re-validate RPKI status?
Tim Bruijnzeels
tim at nlnetlabs.nl
Mon Jun 24 10:33:32 CEST 2019
Hi,
Quite right, Sorry about that, I missed it as I scanned the documentation - and landed on the example config..
Great to hear it's high on your roadmap :)
Tim
> On 21 Jun 2019, at 10:53, Maria Jan Matejka <jan.matejka at nic.cz> wrote:
>
> Hello!
>
> On 6/21/19 9:09 AM, Tim Bruijnzeels wrote:
>> I am not sure if this is an artefact of my set-up, or a missing feature / bug in Bird.
>
> Yes, it is a documented missing feature in Bird, see the RPKI chapter in documentation:
>
> You can validate routes (RFC 6483) using
> function <cf/roa_check()/ in filter and set it as import filter at the BGP
> protocol. BIRD should re-validate all of affected routes after RPKI update by
> RFC 6811, but we don't support it yet! You can use a BIRD's client command
> <cf>reload in <m/bgp_protocol_name/</cf> for manual call of revalidation of all
> routes.
>
>> [...]
>>
>> According to RFC6811 affected prefixes MUST be re-validated when the cache has changes:
>> https://tools.ietf.org/html/rfc6811#section-4
>>
>> My work-around was to restart the sessions with peers and this forced re-validation. But it is not the best solution. I also loose all the routes temporarily.
>
> Use
> reload in <protocolname>
> after ROA is changed.
>
>> Is this a local issue? Did I miss something in my set-up? Or is this expected behaviour in Bird? If so, is supporting re-validation on the roadmap?
>
> Yes, it is even partially done, anyway it needed some internal structural changes
> inside BIRD. We know about it and we consider it better to have limited ROA support
> instead of having nothing.
>
> This is one of the hottest features to be done ASAP.
>
> Maria
> developer of BIRD
>
More information about the Bird-users
mailing list