where was my white knight....
Randy Bush
randy at psg.com
Wed Nov 9 03:14:35 UTC 2011
> I understand what the manual says (actually, i read it).
cheating!!!!
> I'm just curious as to how this is going to work in real life. Let's
> say you have a router cold boot with a bunch of ibgp peers, a transit
> or two and an rpki cache which is located on a non-connected network -
> e.g. small transit pop / AS boundary scenario. The cache is not
> necessarily going to be reachable until it sees an update for its
> connected network.
once again,
o when you have no connection to a cache or no covering roa for a
a prefix, the result is specified as NotFound
o we recommend you route on NotFound
so the result is the same as today.
> Until this happens, there will be no connectivity from the router to
> the cache
false
> Look, i understand that you're designing rpki <-> interactivity such that
> things will at least work in some fashion when your routers lose sight of
> their rpki caches. The problem is that this approach weakens rpki's
> strengths - e.g. the ability to help stop youtube-like incidents from
> recurring by ignoring invalid prefix injection.
you can't have you cake and eat it to. you can not detect invalid
originations until you have the data to do so.
randy
More information about the NANOG
mailing list