On Tue, 16 Jun 2020 at 07:51, Mike Leber via NANOG <nanog@nanog.org> wrote: Hey,
These prefix filters are updated automatically both through a system of daily updates and real time updates to prevent RPKI INVALID routes from being carried in our routing table.
What does real time mean in this context? Does it mean exactly 0s leak of INVALID, or 99% less than 30s? Or how do you define it? I'm trying to think of an ideal way to do this in Junos which does a few second ephemeral config commits. I could have an always-on SSH session to each device to amortise login time, but even then if I can do this cycle in 5s, I'd have to wait for BGP propagation delay in DFZ, which is measured in minutes not seconds. So my definition of real time here would be 99% <5min. -- ++ytti