Large communities indicating RPKI VALID status
Daniel Suchy
danny at danysek.cz
Sat Apr 27 08:18:18 CEST 2024
There's internet draft describing in detail, why it's not a good idea to
store RPKI validation state inside community variables at all..
https://www.ietf.org/archive/id/draft-ietf-sidrops-avoid-rpki-state-in-bgp-00.html
- Daniel
On 4/27/24 5:05 AM, Nigel Kukard via Bird-users wrote:
> Hi all,
>
> I was busy reading
> https://bgpfilterguide.nlnog.net/guides/reject_invalids/ and noticed the
> following text...
>
> Note: REALLY DONT store the validation state inside a bgp_community or
> bgp_large_community or bgp_ext_community variables. It can cause CPU &
> memory overload resulting in convergence performance issues.
>
> I was wondering if this is still an issue and if it would still be a bad
> idea to indicate that RPKI was VALID using communities on multiple full
> BGP feeds?
>
> Is anyone doing this at present? are you seeing significant load?
>
> Kind Regards
> Nigel
>
More information about the Bird-users
mailing list