On Tue, Nov 11, 2014 at 1:17 AM, Mark Tinka <mark.ti...@seacom.mu> wrote: > Hello all. > > In operating RPKI on Cisco IOS and IOS XE devices, we note > that this vendor is deliberately making BGP best path > decisions based on RPKI state of a route without the > explicit input of operator-based routing policy.
ro-ro-shaggy... that seems like a poor plan. > > So in addition to the normal (i.e., historically known) BGP > best path decision process, the presence of an RTR session > causes this vendor to, by default, add RPKI state to the BGP > best path decision process when there does not exist a > routing policy initiated by the operator to do so. oh.. that's super not cool. > > This is in violation of RFC 6811, Section 2, which clearly > states: > > "An implementation MUST NOT exclude a route from the > Adj-RIB-In or from consideration in the decision > process as a side effect of its validation state, > unless explicitly configured to do so." > > Official documentation from the vendor confirms this default > behaviour as well: > > http://tinyurl.com/pqpjmen > <sad panda> > While the vendor provides knobs to disable this default > behaviour, operators could generally miss this information. > And given that there is no clear reason why a "normally" > best path would be rejected on grounds of RPKI state not > initiated by the operator, this is a hard problem to > troubleshoot, even with prior (working) knowledge of RPKI. > sorry :( > Cheers, > > Mark. > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr > _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr