Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s)

Mark Tinka mark at
Sat May 14 05:32:15 UTC 2022

On 5/13/22 23:16, Jakob Heitz (jheitz) via NANOG wrote:

> 'RPKI-tested-only' will store all routes that encounter a 'validation-state' test
> in the inbound route policy. In that case, when an RPKI server updates a VRP to the
> router, it can re-run the inbound policy from the stored route and not require a
> refresh request to be sent.
> This option saves memory if you use a coarse filter in the route-policy before
> the validation test. For example, you use a peer-locking filter to drop peer
> routes from your customers before they hit the validation-state test. Then
> a massive route leak won't chew up soft-reconfiguration memory.
> If a validation-state test drops a route and that route is not stored by
> soft-reconfiguration, then when the RPKI server updates any VRP, the router
> needs to send a route-refresh request.
> 'RPKI-dropped-only' causes the dropped routes to be stored. This will prevent
> the unnecessary route-refreshes described above. It does not prevent all
> route-refreshes, but uses significantly less memory than 'RPKI-tested-only'

Jakob, thank you and your team for quickly implementing this. It is most 

I hope someone from the IOS XE team is working on it, too :-).


More information about the NANOG mailing list