I'd be curious to know why it thinks that the S is "Stale". I don't
suppose it cites its sources?
Compton, Rich via NANOG wrote:
>
> ChatGPT says:
>
> SOVC in the context of RPKI (Resource Public Key Infrastructure) on a
> Cisco router stands for "Stale Origin Validation Cache". RPKI is a
> security framework designed to secure the Internet's routing
> infrastructure, primarily through route origin validation. It ensures
> that the Internet number resources (like IP addresses and AS numbers)
> are used by the legitimate owners or authorized AS (Autonomous System).
>
> In RPKI, Route Origin Authorizations (ROAs) are used to define which
> AS is authorized to announce a specific IP address block. Network
> devices, like Cisco routers, use these ROAs to validate the
> authenticity of BGP (Border Gateway Protocol) route announcements.
>
> The term "stale" in SOVC refers to a situation where the router's
> RPKI-to-Router protocol client has lost its connection to the RPKI
> server, or when the RPKI cache data is outdated and not refreshed for
> some reason. This can happen due to network issues, configuration
> errors, or problems with the RPKI server itself. When the RPKI cache
> is stale, the router cannot reliably validate BGP route announcements
> against the latest ROA data, potentially affecting routing decisions.
>
> In a network security context, maintaining an up-to-date RPKI cache is
> crucial for ensuring that the network only accepts legitimate routing
> announcements, thereby reducing the risk of routing hijacks or
> misconfigurations. As a network security engineer, managing and
> monitoring the RPKI status on routers is an important aspect of
> ensuring network security and integrity.
>
> I see it mentioned in this doc:
>
> https://urldefense.com/v3/__https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-15-s-book/irg-origin-as.pdf__;!!CQl3mcHX2A!EB5iIYDDpnRMSM7Gjvy11sMoEsjEDlXtTpfipi4l735bx04IY-dD73vWGCbiDZvoRR6kTse35whqa8dH1cN_Ya9j$
>
> *From: *NANOG <nanog-bounces+rich_compton=comcast.com@nanog.org> on
> behalf of Mohammad Khalil <eng.mssk@gmail.com>
> *Date: *Wednesday, January 31, 2024 at 10:35 AM
> *To: *NANOG list <nanog@nanog.org>
> *Subject: *SOVC - BGp RPKI
>
> Greetings Am have tried to find out what is the abbreviation for SOVC
> with no luck. #sh bgp ipv4 unicast rpki servers BGP SOVC neighbor is
> X. X. X. 47/323 connected to port 323 Anyone have encountered this?
> Thanks!
>
> Greetings
>
> Am have tried to find out what is the abbreviation for SOVC with no luck.
>
> #sh bgp ipv4 unicast rpki servers
>
> BGP SOVC neighbor is X.X.X.47/323 connected to port 323
>
> Anyone have encountered this?
>
> Thanks!
>