This is an old revision of the document!
RPKI Notes
Refer to RPKI-Based Policy Without Route Refresh for context.
Basically BGP implementations should/must not send a route refresh when receiving updated RPKI data, and are recommended instead to retain the prefix marked as invalid should the future RPKI state change.
Also presented at RIPE 83 for additional background and context.
It has been noted by several operators that their Cisco routers implementing ROV were bombarding peers with Route Refresh requests. This is challenging for those routers which are “control plane challenged” and can be construed as a denial of service on those peering routers.
ROV
The following table documents ROV behaviours on receipt of updated RPKI information from validators.
Implementation | Adj-RIB-In | ROV behaviour | Notes |
---|---|---|---|
Cisco IOS-XE | No | VRP update triggers a route-refresh | Workaround is to turn on “soft-reconfiguration in” |
Cisco IOS-XR | No | VRP update triggers a route-refresh | Workaround is to turn on “soft-reconfiguration in” |
Juniper JunOS | Default | VRP update handled locally | Adj-RIB-In can be turned off by “set protocol bgp group keep none” as described here |
Bird 2.0.8 | ? | handles VRP updates locally | “rpki reload on” is default in 2.0.8 as described here |
Arista EOS | Default | VRP updated handled locally | Adj-RIB-In can be turned off |
FRR 8.1 | ? | ? | ? |