Dear Baldur, On Wed, Jun 17, 2020 at 01:42:36PM +0200, Baldur Norddahl wrote:
Lets say someone makes an announcement that creates a RPKI invalid and it is determined to be a mistake. They then go back and add ROA objects to fix the problem. With this reactive RPKI approach then continue to block the route because filters where already generated and pushed out to routers? Or in other words, if the system can insert the filter in less than 60 seconds, how long does it take to get rid of the filter again when someone publish valid a ROA ?
What you describe here is what I'd call a "Garbage Collection" process. Garbage collection has to happen periodically. Probably not slower than once an hour. See the following link for an attempt to document that type of aspect of RPKI ROV deployments: https://tools.ietf.org/html/draft-ietf-sidrops-rpki-rov-timing-00.html Maybe HE can comment on their current timers? Kind regards, Job