Hello, this is due to the RPKI table being empty on startup. As a workaround, I suggest having bgp sessions with delayed start.
The problem is also that bird doesn't reevaluate affected routes after ROA has changed. This is going to be fixed in near future, yet now the best thing to do is probably to reload the affected bgp protocols manually every time bird gets some updates from the RPKI protocol. Maria On 11/11/19 12:43 AM, Brooks Swinnerton wrote: > Hello, > > I have RPKI validation working correctly, but it seems that when BIRD first > starts it does not reject invalid RPKI routes. If I run `reload in > <protocol>` everything works great. > > I suspect this is some sort of race condition in 2.0.7. Has anyone else come > across this?
smime.p7s
Description: S/MIME Cryptographic Signature
