Large communities indicating RPKI VALID status
Ondrej Zajicek
santiago at crfreenet.org
Sat Apr 27 15:00:45 CEST 2024
On Sat, Apr 27, 2024 at 08:18:18AM +0200, Daniel Suchy via Bird-users wrote:
> There's internet draft describing in detail, why it's not a good idea to
> store RPKI validation state inside community variables at all..
>
> https://www.ietf.org/archive/id/draft-ietf-sidrops-avoid-rpki-state-in-bgp-00.html
Well, note that this draft is primarily about not announcing validation
state in transitive attributes to the whole internet. But there are good
reasons for having validation state in non-transitive BGP attributes (or
communities properly filtered out on AS egress). Validating RPKI and
marking routes at AS ingress ensures that all routers within AS have
consistent routing state and thus avoiding routing loops.
Unfortunately large communities do not have transitive flag like
extended ones, so perhaps it would make sense to use extended community
for this purpose. Or perhaps there should be well-known extended
community for that ...
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list