On 7/26/21 14:20, Lukas Tribus wrote:
Some specific failure scenarios are currently being addressed, but this doesn't make monitoring optional:
rpki-client 7.1 emits a new per VRP attribute: expires, which makes it possible for RTR servers to stop considering outdated VRP's: https://github.com/rpki-client/rpki-client-openbsd/commit/9e48b3b6ad416f40ac...
stayrtr (a gortr fork), will consider this attribute in the future: https://github.com/bgp/stayrtr/issues/3
I was just about to cite these two as improving this particular issue in upcoming releases. I am running RPKI-Client + StayRTR, alongside Fort, and yes, while monitoring should be standard, improvements in the validation and RTR objectives will also go a long way in mitigating these issues. What's quickly happening in this space is that not all validators and RTR servers are going to made equal. There are a number of options currently available (both deprecated and current), but I expect that we may settle on just a handful, as experience increases. And in what remains, I anticipate that they will be bolstered to consider these very problems. Mark.