SOVC - BGp RPKI

• Previous message (by thread): SOVC - BGp RPKI
• Next message (by thread): SOVC - BGp RPKI
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'd be curious to know why it thinks that the S is "Stale".  I don't 
suppose it cites its sources?

Compton, Rich via NANOG wrote:
>
> ChatGPT says:
>
> SOVC in the context of RPKI (Resource Public Key Infrastructure) on a 
> Cisco router stands for "Stale Origin Validation Cache". RPKI is a 
> security framework designed to secure the Internet's routing 
> infrastructure, primarily through route origin validation. It ensures 
> that the Internet number resources (like IP addresses and AS numbers) 
> are used by the legitimate owners or authorized AS (Autonomous System).
>
> In RPKI, Route Origin Authorizations (ROAs) are used to define which 
> AS is authorized to announce a specific IP address block. Network 
> devices, like Cisco routers, use these ROAs to validate the 
> authenticity of BGP (Border Gateway Protocol) route announcements.
>
> The term "stale" in SOVC refers to a situation where the router's 
> RPKI-to-Router protocol client has lost its connection to the RPKI 
> server, or when the RPKI cache data is outdated and not refreshed for 
> some reason. This can happen due to network issues, configuration 
> errors, or problems with the RPKI server itself. When the RPKI cache 
> is stale, the router cannot reliably validate BGP route announcements 
> against the latest ROA data, potentially affecting routing decisions.
>
> In a network security context, maintaining an up-to-date RPKI cache is 
> crucial for ensuring that the network only accepts legitimate routing 
> announcements, thereby reducing the risk of routing hijacks or 
> misconfigurations. As a network security engineer, managing and 
> monitoring the RPKI status on routers is an important aspect of 
> ensuring network security and integrity.
>
> I see it mentioned in this doc:
>
> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-15-s-book/irg-origin-as.pdf
>
> *From: *NANOG <nanog-bounces+rich_compton=comcast.com at nanog.org> on 
> behalf of Mohammad Khalil <eng.mssk at gmail.com>
> *Date: *Wednesday, January 31, 2024 at 10:35 AM
> *To: *NANOG list <nanog at nanog.org>
> *Subject: *SOVC - BGp RPKI
>
> Greetings Am have tried to find out what is the abbreviation for SOVC 
> with no luck. #sh bgp ipv4 unicast rpki servers  BGP SOVC neighbor is 
> X. X. X. 47/323 connected to port 323 Anyone have encountered this? 
> Thanks! ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍
>
> Greetings
>
> Am have tried to find out what is the abbreviation for SOVC with no luck.
>
> #sh bgp ipv4 unicast rpki servers
>
> BGP SOVC neighbor is X.X.X.47/323 connected to port 323
>
> Anyone have encountered this?
>
> Thanks!
>

• Previous message (by thread): SOVC - BGp RPKI
• Next message (by thread): SOVC - BGp RPKI
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]