On 09/11/2011 03:14, Randy Bush wrote:
once again, o when you have no connection to a cache or no covering roa for a a prefix, the result is specified as NotFound o we recommend you route on NotFound
so the result is the same as today.
Well no, not really because when the cache becomes reachable again, you need to revalidate everything which got a NotFound. This will cause extra bgp churn where revalidation caused a local policy change. Even if you have a local cache, this will still cause problems due to the problem you summarised in draft-ietf-sidr-origin-ops, section 6: "Like the DNS, the global RPKI presents only a loosely consistent view, depending on timing, updating, fetching, etc. Thus, one cache or router may have different data about a particular prefix than another cache or router. There is no 'fix' for this, it is the nature of distributed data with distributed caches." Local caches may miss updates due to interior unreachability. Routers will not revalidate after cache updates. So this loosely consistent view will propagate into your routers' bgp views. Do I really want this? Or, more to the point, is a perpetually inconsistent bgp network view better or worse than the occasional more serious reachability problem that rpki is attempting to solve? This isn't clear to me.
Until this happens, there will be no connectivity from the router to the cache
false
Not false in the scenario I described. Please read what I said, not what your straw man whispers in your ear. :-) Nick