[146305] in North American Network Operators' Group
Re: where was my white knight....
daemon@ATHENA.MIT.EDU (Randy Bush)
Tue Nov 8 22:14:53 2011
Date: Wed, 09 Nov 2011 04:14:35 +0100
From: Randy Bush <randy@psg.com>
To: Nick Hilliard <nick@foobar.org>
In-Reply-To: <4EB99634.7060803@foobar.org>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> I understand what the manual says (actually, i read it).
cheating!!!!
> I'm just curious as to how this is going to work in real life. Let's
> say you have a router cold boot with a bunch of ibgp peers, a transit
> or two and an rpki cache which is located on a non-connected network -
> e.g. small transit pop / AS boundary scenario. The cache is not
> necessarily going to be reachable until it sees an update for its
> connected network.
once again,
o when you have no connection to a cache or no covering roa for a
a prefix, the result is specified as NotFound
o we recommend you route on NotFound
so the result is the same as today.
> Until this happens, there will be no connectivity from the router to
> the cache
false
> Look, i understand that you're designing rpki <-> interactivity such that
> things will at least work in some fashion when your routers lose sight of
> their rpki caches. The problem is that this approach weakens rpki's
> strengths - e.g. the ability to help stop youtube-like incidents from
> recurring by ignoring invalid prefix injection.
you can't have you cake and eat it to. you can not detect invalid
originations until you have the data to do so.
randy
