where was my white knight....

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Nov 8 21:32:48 UTC 2011


On Tue, 08 Nov 2011 20:51:00 GMT, Nick Hilliard said:

> I understand what the manual says (actually, i read it).  I'm just curious
> as to how this is going to work in real life.  Let's say you have a router
> cold boot with a bunch of ibgp peers, a transit or two and an rpki cache
> which is located on a non-connected network 

Anybody who puts their rpki cache someplace that isn't accessible until they
get the rpki initialized gets what they deserve. Once you realize this, the
rest of the "what do we do for routing until it comes up" concern trolling in
the rest of that paragraph becomes pretty easy to sort out...

> You could argue to have a local cache in every pop but may not be feasible
> either - a cache will require storage with a high write life-cycle (i.e.
> forget about using lots of types of flash), and you cannot be guaranteed
> that this is going to be available on a router.

Caching just enough to validate the routes you need to get to a more capable
rpki server shouldn't have a high write life-cycle.  Heck, you could just manually
configure a host route pointing to the rpki server...

And it would hardly be the first time that people have been unable to deploy
feature XYZ because it wouldn't fit in the flash on older boxes still in
production.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20111108/0c33517c/attachment.sig>


More information about the NANOG mailing list