Bird 2.0.8 - Automatic RPKI reload behaviour

[Ondrej Zajicek]

On Wed, Oct 27, 2021 at 06:53:20AM +0200, Tiago Felipe Goncalves wrote:
> Hello,
> 
> >From Bird doc:
> "BIRD offers crude automatic re-validating of affected routes after RPKI update, see option rpki reload.
> ...
> In contrast to to other filter operators, this status for the same route may change as the content of ROA tables changes. When this option is active, BIRD activates automatic reload of affected channels whenever ROA tables are updated (after a short settle time)."
> 
> I sincerely expected that the automatic reload would be triggered after an event (RPKI RTR session flapping/changing state) or if the specific ROA changes (not any ROA changes).
> For small deployments, the extra load wouldn't be an issue, but I have deployments with 3k active clients/neighbours, and the extra load concerns me to use this function in production.
> 
> If possible, could you please help me to understand if this is the expected behaviour for the automatic RPKI reload?

Hello

We currently cannot track which routes were affected by change of RPKI,
therefore we trigger reload of a channel that uses RPKI after any ROA
change. The reload is internal only (e.g. from import table to regular
table) so it is only computational load of evaluating filters, not real
BGP reload/refeed.

We plan to improve it in the future, but as people done this (triggering
full reload after any RPKI change) using external scripts anyways, we
think tha offering current crude form is useful.

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."