During the RPKI presentation there was a question about resilience of the router if the RPKI cache loses connectivity. The IOS-XR implementation allows multiple caches to be configured. When a cache loses connectivity, the entries from that cache are purged after a time interval. Default is 60 seconds and it is configurable. A lookup of a prefix that is not loaded will return not-found. 5 seconds after the latest RPKI database update, a refresh request is sent to each neighbor, provided that the neighbor either: - dropped any received route due to a policy that contains validation-state, or - received a route, the validation state of which changed. If soft reconfiguration inbound is configured, then the refresh is avoided, because the received paths are stored. Thanks, Jakob.
That is also configurable.
When a cache loses connectivity, the entries from that cache are purged after a time interval. Default is 60 seconds why not the poll interval for that cache server?
i am aware of that. my point was that cache purge default might better be set to cache refresh interval than 60 secs. randy
i am aware of that. my point was that cache purge default might better be set to cache refresh interval than 60 secs.
I would agree with (and in fact, prefer) this protocol.
i remembered wrongly RFC6810 A client SHOULD delete the data from a cache when it has been unable to refresh from that cache for a configurable timer value. The default for that value is twice the polling period for that cache. randy
On 18/Jun/16 13:10, Randy Bush wrote:
i remembered wrongly
RFC6810
A client SHOULD delete the data from a cache when it has been unable to refresh from that cache for a configurable timer value. The default for that value is twice the polling period for that cache.
I suppose that is alright since, in a redundant scenario, the data from the remaining cache that (hopefully) still has a live RTR session will continue to be valid. In single cache scenarios, waiting for some time after the cache has disappeared is akin to standard BGP session keepalive protocols. However, several vendors have implemented protocol enhancements to immediately drop BGP sessions that have failed, rather than wait for the Hold timer to expire. I see value in that, and perhaps it might make sense for an RPKI implementation to support the same where it is more important for the RPKI data to be as current as possible. Mark.
In single cache scenarios, waiting for some time after the cache has disappeared is akin to standard BGP session keepalive protocols. However, several vendors have implemented protocol enhancements to immediately drop BGP sessions that have failed, rather than wait for the Hold timer to expire. I see value in that, and perhaps it might make sense for an RPKI implementation to support the same where it is more important for the RPKI data to be as current as possible.
6810 A client MAY drop the data from a particular cache when it is fully in sync with one or more other caches. A client SHOULD delete the data from a cache when it has been unable to refresh from that cache for a configurable timer value. The default for that value is twice the polling period for that cache. If a client loses connectivity to a cache it is using, or otherwise decides to switch to a new cache, it SHOULD retain the data from the previous cache until it has a full set of data from one or more other caches. Note that this may already be true at the point of connection loss if the client has connections to more than one cache.
participants (3)
-
Jakob Heitz (jheitz)
-
Mark Tinka
-
Randy Bush