On 13/Jan/20 21:53, Jakob Heitz (jheitz) wrote:
Mark,
Thanks for bringing this up again. I remember this from nearly 3 years ago when Randy brought it up. A bug was filed, but it disappeared in the woodwork. I have now given it the high priority tag that it should have had initially. Sorry about the mess up.
Many thanks, Jakob, for bumping this. Much appreciated, as I was dreading running this through my account team :-). Most grateful if you can keep us (or me, whichever you prefer) posted on the progress of this fix. I am willing to test code to verify things.
In the meantime, you may be able to signal the validation state in iBGP once it is validated at the network edge. For an iBGP neighbor, use a configuration like this: neighbor 192.0.2.1 announce rpki state
So the majority of our peering and customer edge lives on Juniper. We don't run RPKI on our (Cisco) route reflectors either. So considering that this issue affects only 2 of our customers, we don't feel it justifies enabling this feature across the backbone for the moment, as a lot more testing and care would be needed, which I cannot currently dedicate time to given the only benefit would be to fix 2 non-Ethernet customers. But again, I am more than happy to help support the fixing of this bug in IOS and IOS XE, and would be okay to test when you're ready. Thanks. Mark.