'RPKI-tested-only' will store all routes that encounter a 'validation-state' test in the inbound route policy. In that case, when an RPKI server updates a VRP to the router, it can re-run the inbound policy from the stored route and not require a refresh request to be sent. This option saves memory if you use a coarse filter in the route-policy before the validation test. For example, you use a peer-locking filter to drop peer routes from your customers before they hit the validation-state test. Then a massive route leak won't chew up soft-reconfiguration memory. If a validation-state test drops a route and that route is not stored by soft-reconfiguration, then when the RPKI server updates any VRP, the router needs to send a route-refresh request. 'RPKI-dropped-only' causes the dropped routes to be stored. This will prevent the unnecessary route-refreshes described above. It does not prevent all route-refreshes, but uses significantly less memory than 'RPKI-tested-only' Regards, Jakob. -----Original Message----- From: Saku Ytti <saku@ytti.fi> Sent: Friday, May 13, 2022 12:36 AM To: Jakob Heitz (jheitz) <jheitz@cisco.com> Cc: nanog@nanog.org Subject: Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) On Fri, 13 May 2022 at 00:44, Jakob Heitz (jheitz) via NANOG <nanog@nanog.org> wrote:
RPKI-dropped-only Saves a copy of only the routes dropped by an RPKI validation-state test in neighbor-in route-policy.
RPKI-tested-only Saves a copy of only the routes tested in an RPKI validation-state test in neighbor-in route-policy.
What does this mean? If any term refers to validation-state, the route gets stored? Eg. if validation-state is valid then pass else drop a) Would 'RPKI-dropped-only' store everything or nothing? b) Would 'RPKI-tested-only' store everything? -- ++ytti