where was my white knight....

Nick Hilliard nick at foobar.org
Wed Nov 9 11:43:10 UTC 2011


On 09/11/2011 03:14, Randy Bush wrote:
> once again, 
>   o when you have no connection to a cache or no covering roa for a
>     a prefix, the result is specified as NotFound
>   o we recommend you route on NotFound
> 
> so the result is the same as today.

Well no, not really because when the cache becomes reachable again, you
need to revalidate everything which got a NotFound.  This will cause extra
bgp churn where revalidation caused a local policy change.

Even if you have a local cache, this will still cause problems due to the
problem you summarised in draft-ietf-sidr-origin-ops, section 6:

"Like the DNS, the global RPKI presents only a loosely consistent view,
depending on timing, updating, fetching, etc.  Thus, one cache or router
may have different data about a particular prefix than another cache or
router.  There is no 'fix' for this, it is the nature of distributed data
with distributed caches."

Local caches may miss updates due to interior unreachability.  Routers will
not revalidate after cache updates.  So this loosely consistent view will
propagate into your routers' bgp views.  Do I really want this?  Or, more
to the point, is a perpetually inconsistent bgp network view better or
worse than the occasional more serious reachability problem that rpki is
attempting to solve?  This isn't clear to me.

>> Until this happens, there will be no connectivity from the router to
>> the cache
> 
> false

Not false in the scenario I described.  Please read what I said, not what
your straw man whispers in your ear. :-)

Nick





More information about the NANOG mailing list