Way to store ROA info so we can accept but view?
Job Snijders
job at fastly.com
Mon May 30 14:52:21 CEST 2022
Hi Douglas,
On Mon, May 30, 2022 at 09:38:44AM -0300, Douglas Fischer wrote:
> On the point of view of day-to-day operations, keep the rejected routes and
> tag then with communities to be presented and interpreted on a Looking
> Glass is very pedagogic to Transit Customers that asks:
> "Why my routes are being rejected?"
>
> Actually, I try to do that(tag with internal communities) with good or bad
> for every check that I do... Ex.:
> - Prefix Bogons
> - ASN Bogons
> - Tier 1 Free
> - RPKI
Rejecting a route *and* tagging it with a community is not what causes
problems: because you are *rejecting* the route (for example because
bogon, or rpki-invalid), there is no routing churn problem further
downstream.
The problem Dan Mahoney writes about is when you attach a BGP community
to "valid" or "not-found" routes: if your validator/RTR server ever has
some kind of issue (for example when it crashes), all "valid" routes
would flip to "not-found" state, causing BGP churn for 37%+ of routes in
a full table view. Of course, after the crashed validator restarts
(comes back online), those hundreds of thousands of routes *again*
require new BGP UPDATE messages to remove the "not-found" and attach the
"valid" community.
In short:
* Reject RPKI-invalid routes (optionally using the BIRD trick to attach
a community to a rejected route)
* Do NOT attach communities to routes that are "valid" or "not-found"
merely because they are valid/not-found.
Does the above description make sense?
Kind regards,
Job
More information about the Bird-users
mailing list