[190120] in North American Network Operators' Group
RPKI implementation
daemon@ATHENA.MIT.EDU (Jakob Heitz (jheitz))
Thu Jun 16 03:24:14 2016
X-Original-To: nanog@nanog.org
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Thu, 16 Jun 2016 07:24:09 +0000
Errors-To: nanog-bounces@nanog.org
During the RPKI presentation there was a question about
resilience of the router if the RPKI cache loses connectivity.
The IOS-XR implementation allows multiple caches to be configured.
When a cache loses connectivity, the entries from that cache
are purged after a time interval. Default is 60 seconds and it is configura=
ble.
A lookup of a prefix that is not loaded will return not-found.
5 seconds after the latest RPKI database update,
a refresh request is sent to each neighbor, provided that the neighbor eith=
er:
- dropped any received route due to a policy that contains validation-state=
, or
- received a route, the validation state of which changed.
If soft reconfiguration inbound is configured, then the refresh is avoided,
because the received paths are stored.
Thanks,
Jakob.
