17 Dec
2019
17 Dec
'19
5:45 p.m.
On 18/Dec/19 00:35, Randy Bush wrote:
and how does that work out at scale when roa changes need previous bgp to be run against them?
If I'm honest, not something I've studied in great detail. For the moment, we are running RPKI on IOS XE boxes that are doing just peering. We have not had any routing issues on those, and I do know of a few networks that had fat-fingered their ROA's that led them to get dropped on our end due to being Invalid. The issue cleared up after they fixed their error, and there was no manual intervention needed on these routers. The customer edge is where we shall be dropping Invalids on this code base on a much larger scale. Notes to take; plenty... Mark.